From owner-freebsd-net@FreeBSD.ORG  Tue Apr 29 13:14:44 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DA13E37B401
	for <freebsd-net@freebsd.org>; Tue, 29 Apr 2003 13:14:44 -0700 (PDT)
Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 49F8F43FA3
	for <freebsd-net@freebsd.org>; Tue, 29 Apr 2003 13:14:42 -0700 (PDT)
	(envelope-from sheepkiller@cultdeadsheep.org)
Received: (qmail 26468 invoked from network); 29 Apr 2003 20:14:39 -0000
Received: from unknown (HELO lucifer.cultdeadsheep.org) (192.168.0.2)
  by goofy.cultdeadsheep.org with SMTP; 29 Apr 2003 20:14:39 -0000
Date: Tue, 29 Apr 2003 22:15:54 +0200
From: Clement Laforet <sheepkiller@cultdeadsheep.org>
To: Max Khon <fjoe@iclub.nsu.ru>
Message-Id: <20030429221554.4eea1145.sheepkiller@cultdeadsheep.org>
In-Reply-To: <20030430023640.A22257@iclub.nsu.ru>
References: <20030430023640.A22257@iclub.nsu.ru>
Organization: tH3 cUlt 0f tH3 d3@d sH33p
X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i386-portbld-freebsd4.8)
X-Face: ._cVVRDn#-2((lnfi^P7CoD4htI$4+#G/G)!w|,}H5yK~%(3-C.JlEYbOjJGFwJkt*7N^%z
	jYeu[;}]}F"3}l5R'l"X0HbvT^D\Q&%deCo)MayY`);TO
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: freebsd-net@freebsd.org
Subject: Re: IPDIVERT
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2003 20:14:45 -0000

On Wed, 30 Apr 2003 02:36:41 +0700
Max Khon <fjoe@iclub.nsu.ru> wrote:

> hi, there!
Hi, Max !

> I have a suggestion to build GENERIC and ipfw.ko with IPDIVERT by
> default or change IPDIVERT to NOIPDIVERT and build boot kernels with
> NOIPDIVERT. The main goal is to allow to use NAT with stock kernels
> and ipfw.ko.
> 
> Comments?

yes, but I don't know if I'm right :p
IPDIVERT isn't designed to be manageable by ipfw.
I (mis)read the kernel IP source few day ago (I'm playing with
libalias) and that's what I understood : 
IPDIVERT is a way to reinject IP packets into the IP stack. It
seems to be a big workaround for users who wished NAT than a real
solution. ipfw only add a flag "to be diverted" to packets.
IPDIVERT is a big workaround, libalias is a very big workaround ;)
Considering that NAT'ing using natd/libalias/divert is not very clean
way of doing NAT, why should it be in the GENERIC kernel ?

however, it sould be easy to build it as module.

regards,

clem