08.02.2011 21:47, rozhuk...@gmail.com пишет:
-----Original Message-----
From: Sergey Matveychuk [mailto:s...@freebsd.org]
Sent: Wednesday, February 09, 2011 12:53 AM
To: rozhuk...@gmail.com
Cc: freebsd-net@freebsd.org
Subject: Re: divert rewrite
08.02.2011 19:08, rozhuk...@gmail.com wrote:
Did you try ng_ether + ng_ksocket?
It can translate Ethernet frames incapsulated to udp to user space
receiver.
The idea is catch packets from firewall (ng_ipfw, ng_nat was mentioned
by mistake) and pass them to user space module that do some processing
and puts back the packets into firewall (for rules with `diverted'
keyword).
It works now for IPv4 with `divert' and doesn't with IPv6.
I know how divert works, google: uTPControl ;)
Its simple for developmet, stable, but uses many CPU.
With ng_ether + ng_ksocket you can send custom Ethernet frames.
There is some node that can filter traffic, for IPv6 you need allow 1 or 2
ethernet types to pass.
I know. But I've written a module for conjunction with ipfw. It makes a
decision by some criteria to pass a traffic or to block it.
Administrators in our nets decide what kind traffic to pass to my module
(mostly TCP SYN and few UDP) in their firewalls.
So a conjection with ipfw is the goal.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
