From owner-freebsd-net@FreeBSD.ORG Wed Apr 30 00:31:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5FD337B401; Wed, 30 Apr 2003 00:31:34 -0700 (PDT) Received: from mx.nsu.ru (mx.nsu.ru [212.192.164.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA83143F85; Wed, 30 Apr 2003 00:31:33 -0700 (PDT) (envelope-from fjoe@iclub.nsu.ru) Received: from mail by mx.nsu.ru with drweb-scanned (Exim 3.36 #1 (Debian)) id 19Am64-0004zr-00; Wed, 30 Apr 2003 14:33:44 +0700 Received: from iclub.nsu.ru ([193.124.215.97] ident=root) by mx.nsu.ru with esmtp (Exim 3.36 #1 (Debian)) id 19Am5s-0004vW-00; Wed, 30 Apr 2003 14:33:32 +0700 Received: from iclub.nsu.ru (fjoe@localhost [127.0.0.1]) by iclub.nsu.ru (8.12.9/8.12.9) with ESMTP id h3U7VGud039720; Wed, 30 Apr 2003 14:31:16 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Received: (from fjoe@localhost) by iclub.nsu.ru (8.12.9/8.12.9/Submit) id h3U7VEBZ039719; Wed, 30 Apr 2003 14:31:15 +0700 (NSS) Date: Wed, 30 Apr 2003 14:31:14 +0700 From: Max Khon To: Ruslan Ermilov Message-ID: <20030430143114.A38982@iclub.nsu.ru> References: <20030430023640.A22257@iclub.nsu.ru> <20030429200529.GA71528@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20030429200529.GA71528@sunbay.com>; from ru@freebsd.org on Tue, Apr 29, 2003 at 11:05:29PM +0300 X-Envelope-To: ru@freebsd.org, freebsd-net@freebsd.org X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.11.1.4 X-Spam-Status: No, hits=-34.6 required=5.0 tests=BOGOFILTER_TEST_PASS,EMAIL_ATTRIBUTION,IN_REP_TO, QUOTED_EMAIL_TEXT,QUOTE_TWICE_1,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: freebsd-net@freebsd.org Subject: Re: IPDIVERT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2003 07:31:35 -0000 hi, there! On Tue, Apr 29, 2003 at 11:05:29PM +0300, Ruslan Ermilov wrote: > > I have a suggestion to build GENERIC and ipfw.ko with IPDIVERT by default > > or change IPDIVERT to NOIPDIVERT and build boot kernels with NOIPDIVERT. > > The main goal is to allow to use NAT with stock kernels and ipfw.ko. > > > > Comments? > > > Only if you succeed in making the ipdivert.ko module: IPDIVERT is not > modularized currently, contrary to IPFIREWALL. What it means basically > is that you will have to change lot of ``#ifdef IPDIVERT'' to > ``if (IPDIVERT_LOADED)'', like with the IPFW_LOADED. I think this is > worth doing. AFAIK there is no possibility to add IPPROTO_DIVERT dynamically to inetsw[]. Some fields of 'struct ipq' are under #ifdef IPDIVERT as well. ipfw code under #ifdef IPDIVERT are just `case' labels and strings in printf's (like "ipdivert enabled"). In other words is it really worth splitting ipdivert into separate .ko module? Changing IPDIVERT to NOIPDIVERT will be cleaner in my opinion. /fjoe