[Redirected to -net]
On Thu, Mar 15, 2001 at 09:48:24PM -0600, Nick Rogness wrote:
>
> Just to be sure I have it right. When the kernel diverts the packet to
> natd, via ipfw:
>
> 1) kernel sends packet to natd
> 2) natd read() the packet
> 3) natd screws with it (changes dest addr,etc)
> 4) natd write() the packet
> 5) kernel reinjects the packet back into the firewall
>
> That's what I could get out of divert(4) and some of the natd source.
> Bare with me...I'm a novice programmer.
>
> Is this correct?
>
Pretty much correct.
1) kernel sends packet to divert socket
2) natd reads from divert socket
3) natd screws with it
4) natd writes the packet to divert socket; the packet
is treated as a completely new entity
5) divert socket's output routine reinjects the packet
back "into the normal kernel IP packet processing", not into
firewall
<PS>
Such questions are best answered on -net
</PS>
Cheers,
--
Ruslan Ermilov Oracle Developer/DBA,
[EMAIL PROTECTED] Sunbay Software AG,
[EMAIL PROTECTED] FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
