08.02.2011 20:03, Julian Elischer wrote:
08.02.2011 19:08, rozhuk...@gmail.com wrote:
Did you try ng_ether + ng_ksocket?
It can translate Ethernet frames incapsulated to udp to user space
receiver.
The idea is catch packets from firewall (ng_ipfw, ng_nat was mentioned
by mistake) and pass them to user space module that do some processing
and puts back the packets into firewall (for rules with `diverted'
keyword).
yes, however did you try the ipfw netgraph keyword and the ng_ipfw node?
I have also been wondering it it might not make sense to simpply
replavce the diver code with
a netgraph equivalent.. Using the ng_ipfw node one can almost do it with
no changes as it is.
I've tried ng_socket+ng_ipfw. It gets incoming packets, but outgoing
packets drops because of a tag having lost after leaving kernel space.
It looks like a magic can be done with ng_tag node, but really I could
not tame it.
It works now for IPv4 with `divert' and doesn't with IPv6.
yes, I'm pondering the right fix for that..
I'm first to test it please :)
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
