[TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

Julian Elischer julian at elischer.org
Sun Jul 3 01:04:05 GMT 2005

Brooks Davis wrote:

>On Mon, Jan 17, 2005 at 11:06:10PM +0300, Gleb Smirnoff wrote:
>>  Dear collegues,
>>here is quite a simple node for direct interaction between ipfw(4)
>>and netgraph(4). It is going to be more effective and error-prone
>>than a complicated construction around divert socket and ng_ksocket[1].   

firstly.. I was thinking that there are several good ways to mesh the 

Firstly there is the possibility of making the ipfw stuff a netgraph 
node itself..
(yes I know there is such a node (based on ipfw-1) out there.)
then as for getting stuff out of ipfw, maybe divert itself could be 
changed to be
a netgraph method. In this way, you'd open netgtraph sockets instead of 
divert sockets.

Alternatively there could be a possibility where netgraph could open 
hooks of a particular number
and that would be the equivalant of openning a divert hook of that number..

Looks good but I'm not convinced that it needs a whole new keyword of we 
tap in
through the divert mechanism.

freebsd-current at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list