On Tuesday 28 June 2005 12:27, Jeremie Le Hen wrote: > > Wouldn't a more general approach be better. e.g. a way to "tag" a packet > > before it is sent to divert and a matching tag-lookup that can do further > > action. This would make it very easy to do all kinds of stuff that needs > > to know the original address instead of the translated one while avoiding > > code duplication. > > Having the possibility to tag a packet would be worth indeed. But I > think that Milan wants to bring network stack virtualization in > newer release of FreeBSD IIUC. This would be, IMO, a great improvement > of FreeBSD networking, although I'm pretty sure this would make Netgraph > people react a bit ;-). >
Yes, yes, no :) Packet tagging and action based on tags are possibilities worth to have. Yes, I would like to have virtualization. Actually this could be seen as generalized packet tagging (similar to MPLS technology, only internal, but could be extended as well...) And I see no reason why netgraph people should react - having both virtual stacks AND netgraph is really powerfull combination. > > pf does something along these lines in case you are looking for > > references. > > Would it be possible to share this tag among pf and ipfw ? > ... and ipf as well :) AFAIR main objections against Marko Zec's patch were its based on 4-RELEASE and not CURRENT/HEAD, and its 'monolithic' non-modular approach. Other than those, virtualization philosophy is great and we should adopt it IMHO. Our lovely daemon gains even more power :) Milan _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
