change packets with IPFW divert
Ian Smith
smithi at nimnet.asn.au
Tue Oct 18 16:04:05 UTC 2016
On Tue, 18 Oct 2016 14:21:50 +0000, Shawn Bakhtiar wrote:
> On Oct 18, 2016, at 6:49 AM, Samira Nazari <nazari.s11 at gmail.com<mailto:nazari.s11 at gmail.com>> wrote:
> > Hello every one,
> > When we diverte packets to the specified port with "IPFW divert" ,
> > we can change it and re-sent to the kernel?
> Not sure what you mean by change it but:
>
> "Divert sockets are similar to raw IP sockets, except that they can
> be bound to a specific divert port via the bind(2) system call. The
> IP address in the bind is ignored; only the port number is
> significant. A divert socket bound to a divert port will receive all
> packets diverted to that port by some (here unspecified) kernel
> mechanism(s). Packets may also be written to a divert port, in which
> case they re-enter kernel IP packet processing."
>
> -- SRC: https://www.freebsd.org/cgi/man.cgi?query=divert&sektion=4&apropos=0&manpath=FreeBSD+10.3-RELEASE+and+Ports
Apart from divert(4), most likely the best example is the natd(8) code,
which modifies packet source or destination addresses and (maybe) ports.
Ignoring the NAT processing - or not, as appropriate - the way natd uses
divert sockets both to receive packets from ipfw and later (perhaps) to
reinject them for further processing should show clearly how it's done.
cheers, Ian
More information about the freebsd-ipfw
mailing list