Date: Tue, 29 Apr 2003 13:33:02 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Clement Laforet <sheepkiller@cultdeadsheep.org> Cc: freebsd-net@freebsd.org Subject: Re: IPDIVERT Message-ID: <Pine.BSF.4.21.0304291329330.54094-100000@InterJet.elischer.org> In-Reply-To: <20030429221554.4eea1145.sheepkiller@cultdeadsheep.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 Apr 2003, Clement Laforet wrote: > On Wed, 30 Apr 2003 02:36:41 +0700 > Max Khon <fjoe@iclub.nsu.ru> wrote: > > > hi, there! > Hi, Max ! > > > I have a suggestion to build GENERIC and ipfw.ko with IPDIVERT by > > default or change IPDIVERT to NOIPDIVERT and build boot kernels with > > NOIPDIVERT. The main goal is to allow to use NAT with stock kernels > > and ipfw.ko. > > > > Comments? IPDIVERT was written when it became clear that there were userland applications that wanted to 'fiddle' with packets in transit. It was written when one of the CSRG guys said that there was too much in the kernel already and that a way to do such fiddling outside the kernel might be useful. NAT is only just one such app. we also had code to do encryption for example. > > yes, but I don't know if I'm right :p > IPDIVERT isn't designed to be manageable by ipfw. > I (mis)read the kernel IP source few day ago (I'm playing with > libalias) and that's what I understood : > IPDIVERT is a way to reinject IP packets into the IP stack. It > seems to be a big workaround for users who wished NAT than a real > solution. ipfw only add a flag "to be diverted" to packets. > IPDIVERT is a big workaround, libalias is a very big workaround ;) > Considering that NAT'ing using natd/libalias/divert is not very clean > way of doing NAT, why should it be in the GENERIC kernel ? > > however, it sould be easy to build it as module. > > regards, > > clem > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0304291329330.54094-100000>