Date: Tue, 29 Apr 2003 22:15:54 +0200 From: Clement Laforet <sheepkiller@cultdeadsheep.org> To: Max Khon <fjoe@iclub.nsu.ru> Cc: freebsd-net@freebsd.org Subject: Re: IPDIVERT Message-ID: <20030429221554.4eea1145.sheepkiller@cultdeadsheep.org> In-Reply-To: <20030430023640.A22257@iclub.nsu.ru> References: <20030430023640.A22257@iclub.nsu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Apr 2003 02:36:41 +0700 Max Khon <fjoe@iclub.nsu.ru> wrote: > hi, there! Hi, Max ! > I have a suggestion to build GENERIC and ipfw.ko with IPDIVERT by > default or change IPDIVERT to NOIPDIVERT and build boot kernels with > NOIPDIVERT. The main goal is to allow to use NAT with stock kernels > and ipfw.ko. > > Comments? yes, but I don't know if I'm right :p IPDIVERT isn't designed to be manageable by ipfw. I (mis)read the kernel IP source few day ago (I'm playing with libalias) and that's what I understood : IPDIVERT is a way to reinject IP packets into the IP stack. It seems to be a big workaround for users who wished NAT than a real solution. ipfw only add a flag "to be diverted" to packets. IPDIVERT is a big workaround, libalias is a very big workaround ;) Considering that NAT'ing using natd/libalias/divert is not very clean way of doing NAT, why should it be in the GENERIC kernel ? however, it sould be easy to build it as module. regards, clem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030429221554.4eea1145.sheepkiller>