On Fri, 22 Dec 2000, Julian Elischer wrote:
>
> Netgraph was designed to be a link-level patch-pannel within ONE machine..
> I guess you might be able to use it to bridge between two networks
> that are on different machines... but....
>
Having successfully used a combination of vtund, if_tap and ng_bridge to
link together two remote networks, I can both vouch for the effectiveness
of the technique and suggest immediately that it could be better done by
eliminating if_tap from the equation and instead plumbing vtund to deal
with netgraph sockets directly. vtund could then make the bridge node,
attach two hooks to an interface's upper and lower hooks, then a third
from the bridge straight out to vtund.
Someone of an even more ambitious bent could even go so far as to add
encryption nodes to netgraph (hacky MPPC style doesn't qualify) and hook
the bridge up through an encryption node directly to a ksocket, thus
making the entire critical path of a remote bridge stay entirely in the
kernel. No more nasty context switching. :-)
Perhaps mpd could even be made smart enough to do the bridge-over-ppp
thing that Ascend made so popular? Then do that over
TCP? bridge-over-ppp-over-tcp? :-)
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
