Brooks Davis wrote:
On Mon, Jan 17, 2005 at 11:06:10PM +0300, Gleb Smirnoff wrote:
Dear collegues,
here is quite a simple node for direct interaction between ipfw(4)
and netgraph(4). It is going to be more effective and error-prone
than a complicated construction around divert socket and ng_ksocket[1].
firstly.. I was thinking that there are several good ways to mesh the ipfw/divert/netgraph
stuff.
Firstly there is the possibility of making the ipfw stuff a netgraph node itself..
(yes I know there is such a node (based on ipfw-1) out there.)
then as for getting stuff out of ipfw, maybe divert itself could be changed to be
a netgraph method. In this way, you'd open netgtraph sockets instead of divert sockets.
Alternatively there could be a possibility where netgraph could open hooks of a particular number
and that would be the equivalant of openning a divert hook of that number..
Looks good but I'm not convinced that it needs a whole new keyword of we tap in
through the divert mechanism.
_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
