On Mon, Jun 14, 2004 at 10:48:34AM -0400, James Housley wrote: J> For testing of a product I would like to be able to modify or even drop J> packets based on their content. What I have in mind is forcing the J> packets through a firewall that would redirect all packet to a netgraph J> node that would either pass unchanged, drop or change the contents to J> assist in testing some corner cases in the code.
To pass traffic from ipfw to netgraph and back in you need divert rule and ng_ksocket listening on divert socket. J> 1) is this something doable with netgraph, I believe it is. J> J> 2) what might be a good place to start? Have done some searching, but J> haven't found any example code I thought I could start from. see /usr/src/sys/netgraph/ng_sample.c and article http://www.daemonnews.org/200003/netgraph.html -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
