Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

Gleb, as long as you have done enuogh work to evaluate other options (as you have,) I have no objection to you committing your original idea. Brooks Davis wrote: On Thu, Jan 20, 2005 at 04:45:53PM +0300, Gleb Smirnoff wrote: Julian, On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wr

Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

On Thu, Jan 20, 2005 at 04:45:53PM +0300, Gleb Smirnoff wrote: > Julian, > > On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: > J> I'm not sure they do two different things.. Each represents a place to > J> send packets. > J> If each active divert socket number had a pointer to

Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

Julian, On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: J> I'm not sure they do two different things.. Each represents a place to J> send packets. J> If each active divert socket number had a pointer to the module to which it J> was attached then you could divert to either in

Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: J> If each active divert socket number had a pointer to the module to which it J> was attached then you could divert to either in-kernel netgraph targets or J> to userland socket based targets. Currently of you divert to a divert J>

Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

Gleb Smirnoff wrote: On Tue, Jan 18, 2005 at 02:27:47PM -0800, Julian Elischer wrote: J> firstly.. I was thinking that there are several good ways to mesh the J> ipfw/divert/netgraph J> stuff. J> J> Firstly there is the possibility of making the ipfw stuff a netgraph J> node itself.. Yes, but t

Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

On Tue, Jan 18, 2005 at 02:27:47PM -0800, Julian Elischer wrote: J> firstly.. I was thinking that there are several good ways to mesh the J> ipfw/divert/netgraph J> stuff. J> J> Firstly there is the possibility of making the ipfw stuff a netgraph J> node itself.. Yes, but this is a separate nod

Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

On Tue, Jan 18, 2005 at 02:27:47PM -0800, Julian Elischer wrote: > > Looks good but I'm not convinced that it needs a whole new keyword of > we tap in through the divert mechanism. FWIW, keywords are very cheap and generally quite clean in ipfw2. I'd be more concerned in ipfw1. -- Brooks pgpT

Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

Brooks Davis wrote: On Mon, Jan 17, 2005 at 11:06:10PM +0300, Gleb Smirnoff wrote: Dear collegues, here is quite a simple node for direct interaction between ipfw(4) and netgraph(4). It is going to be more effective and error-prone than a complicated construction around divert socket and ng_ks

Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

On Mon, Jan 17, 2005 at 11:06:10PM +0300, Gleb Smirnoff wrote: > Dear collegues, > > here is quite a simple node for direct interaction between ipfw(4) > and netgraph(4). It is going to be more effective and error-prone > than a complicated construction around divert socket and ng_ksocket[1].

[TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

Dear collegues, here is quite a simple node for direct interaction between ipfw(4) and netgraph(4). It is going to be more effective and error-prone than a complicated construction around divert socket and ng_ksocket[1]. The semantics of node operation are quite simple. There is one node per