From owner-freebsd-net@FreeBSD.ORG Tue Apr 29 13:33:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BF5E37B401 for ; Tue, 29 Apr 2003 13:33:07 -0700 (PDT) Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF62C43F93 for ; Tue, 29 Apr 2003 13:33:04 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by sccrmhc03.attbi.com (sccrmhc03) with ESMTP id <2003042920330300300fo6hhe>; Tue, 29 Apr 2003 20:33:03 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id NAA55373; Tue, 29 Apr 2003 13:33:03 -0700 (PDT) Date: Tue, 29 Apr 2003 13:33:02 -0700 (PDT) From: Julian Elischer To: Clement Laforet In-Reply-To: <20030429221554.4eea1145.sheepkiller@cultdeadsheep.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: IPDIVERT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2003 20:33:07 -0000 On Tue, 29 Apr 2003, Clement Laforet wrote: > On Wed, 30 Apr 2003 02:36:41 +0700 > Max Khon wrote: > > > hi, there! > Hi, Max ! > > > I have a suggestion to build GENERIC and ipfw.ko with IPDIVERT by > > default or change IPDIVERT to NOIPDIVERT and build boot kernels with > > NOIPDIVERT. The main goal is to allow to use NAT with stock kernels > > and ipfw.ko. > > > > Comments? IPDIVERT was written when it became clear that there were userland applications that wanted to 'fiddle' with packets in transit. It was written when one of the CSRG guys said that there was too much in the kernel already and that a way to do such fiddling outside the kernel might be useful. NAT is only just one such app. we also had code to do encryption for example. > > yes, but I don't know if I'm right :p > IPDIVERT isn't designed to be manageable by ipfw. > I (mis)read the kernel IP source few day ago (I'm playing with > libalias) and that's what I understood : > IPDIVERT is a way to reinject IP packets into the IP stack. It > seems to be a big workaround for users who wished NAT than a real > solution. ipfw only add a flag "to be diverted" to packets. > IPDIVERT is a big workaround, libalias is a very big workaround ;) > Considering that NAT'ing using natd/libalias/divert is not very clean > way of doing NAT, why should it be in the GENERIC kernel ? > > however, it sould be easy to build it as module. > > regards, > > clem > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >