Got Margaret's invitation to dinner. I'm not sure if Dalma has responded yet, but we'd be delighted.. have to let Dalma look in her diary though..
On Thu, 8 Nov 2001, Archie Cobbs wrote: > Crist J. Clark writes: > > The issue may be that you wish to make a decision on the packet in > > later rules. For example, someone might wish to 'tee' all traffic to > > and from a certain machine to some unspecified traffic monitoring > > program listening on the divert socket. However, all of the traffic > > too and from that IP address may or may not be allowed by the security > > policy. With 'tee' as it exists, one cannot catch _all_ of the traffic > > (whether or not allowed by policy) and still apply policy. > > Yes, this is how 'tee' should work. It was really hard to do at the > time for some reason that I can't recall... I think because the > interface between ip_input.c and ip_fw.c doesn't handle one packet > splitting into two packets like that.. but maybe things have > gotten better since then. > > -Archie > > __________________________________________________________________________ > Archie Cobbs * Packet Design * http://www.packetdesign.com > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
