Nick Sayer wrote:
>
> On Fri, 22 Dec 2000, Julian Elischer wrote:
> >
> > Netgraph was designed to be a link-level patch-pannel within ONE machine..
> > I guess you might be able to use it to bridge between two networks
> > that are on different machines... but....
> >
>
> Having successfully used a combination of vtund, if_tap and ng_bridge to
> link together two remote networks, I can both vouch for the effectiveness
> of the technique and suggest immediately that it could be better done by
> eliminating if_tap from the equation and instead plumbing vtund to deal
> with netgraph sockets directly. vtund could then make the bridge node,
> attach two hooks to an interface's upper and lower hooks, then a third
> from the bridge straight out to vtund.
what exactly is your contiguration?
(what are the commands you use to set it up?)
>
> Someone of an even more ambitious bent could even go so far as to add
> encryption nodes to netgraph (hacky MPPC style doesn't qualify) and hook
> the bridge up through an encryption node directly to a ksocket, thus
> making the entire critical path of a remote bridge stay entirely in the
> kernel. No more nasty context switching. :-)
>
> Perhaps mpd could even be made smart enough to do the bridge-over-ppp
> thing that Ascend made so popular? Then do that over
> TCP? bridge-over-ppp-over-tcp? :-)
>
Bridge over troubled waters?
Bridge over the river Kwai?
sounds doable..
with ipsec, you could aloready do this with a ipsec ksocket node I think.
--
__--_|\ Julian Elischer
/ \ [EMAIL PROTECTED]
( OZ ) World tour 2000
---> X_.---._/ from Perth, presently in: Budapest
v
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
