David Malone writes:
> > Compile your kernel with options NETGRAPH and then each Ethernet
> > interface is a netgraph node. Take control of it by connecting
> > to the "divert" hook.
>
> I was trying to figure out if it is possible to route stuff out on
> a particular interface based on source address using netgraph. At
> the moment we have an NFS server which pretends to be two machines
> on the same subnet. To get this to work we're using a small hack
> in the ipfw divert code. I looked at the netgraph man pages and
> reckoned it might be possible to do somthing like:
>
> fxp0
> /
> ng0 -> bpf
> \
> fxp1
>
> then ifconfig ng0 up with both IP addresses and use the bpf to
> determine which ethernet card to transmit it on. However, I don't
> think this will work. First 'cos arp stuff will probably be broken
> and second because ng0 is a point to point device and won't correctly
> encapsulate packets for ethernet.
You're right that that won't work .. you'd be sending raw IP
frames on the wire without 14 byte Ethernet headers.
> Am I correct in thinking that this isn't currently possible with the
> net graph nodes currently available?
I think so.. you would have to write a new new node type to add/strip
the headers at least.
That brings up a good point though.. the ng_iface(8) node type
should allow it to configured as a non-point-to-point interface.
Ah.. just looked at if_tun.c which does this.. it's trivial.
I'll probably check something in after 4.0 then.
But even with that change you'd need an add/strip headers thing.
In fact, that's another node type I want to write.. just a simple
thing that adds & strips headers off packets... or this could be
folded into the BPF node type (a BPF program returns a length,
after all).
-Archie
___________________________________________________________________________
Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
