Date: Wed, 30 Apr 2003 14:31:14 +0700 From: Max Khon <fjoe@iclub.nsu.ru> To: Ruslan Ermilov <ru@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: IPDIVERT Message-ID: <20030430143114.A38982@iclub.nsu.ru> In-Reply-To: <20030429200529.GA71528@sunbay.com>; from ru@freebsd.org on Tue, Apr 29, 2003 at 11:05:29PM %2B0300 References: <20030430023640.A22257@iclub.nsu.ru> <20030429200529.GA71528@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, there! On Tue, Apr 29, 2003 at 11:05:29PM +0300, Ruslan Ermilov wrote: > > I have a suggestion to build GENERIC and ipfw.ko with IPDIVERT by default > > or change IPDIVERT to NOIPDIVERT and build boot kernels with NOIPDIVERT. > > The main goal is to allow to use NAT with stock kernels and ipfw.ko. > > > > Comments? > > > Only if you succeed in making the ipdivert.ko module: IPDIVERT is not > modularized currently, contrary to IPFIREWALL. What it means basically > is that you will have to change lot of ``#ifdef IPDIVERT'' to > ``if (IPDIVERT_LOADED)'', like with the IPFW_LOADED. I think this is > worth doing. AFAIK there is no possibility to add IPPROTO_DIVERT dynamically to inetsw[]. Some fields of 'struct ipq' are under #ifdef IPDIVERT as well. ipfw code under #ifdef IPDIVERT are just `case' labels and strings in printf's (like "ipdivert enabled"). In other words is it really worth splitting ipdivert into separate .ko module? Changing IPDIVERT to NOIPDIVERT will be cleaner in my opinion. /fjoe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430143114.A38982>