Date: Wed, 29 Jan 1997 12:16:41 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: terry@lambert.org (Terry Lambert) Cc: archie@whistle.com, terry@lambert.org, ari.suutari@ps.carel.fi, brian@awfulhak.demon.co.uk, hackers@freebsd.org, cmott@srv.net Subject: Re: ipdivert & masqd Message-ID: <199701292016.MAA24360@bubba.whistle.com> In-Reply-To: <199701291947.MAA12629@phaeton.artisoft.com> from Terry Lambert at "Jan 29, 97 12:47:25 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > Can I get a quick sanity check on something... the divert code is > > > > programmed under the assumption that ip_input() and ip_output() > > > > can never sleep (ie., no other packet can be treated before the > > > > function returns). This is true, right? > > > > > > For the divert handler, you mean? Yes. > > > > Then I don't understand how ip_divert_ignore can ever be incorrectly > > set (ie., non-zero)... if you look at ip_divert.c, you see the only > > place that it is ever set to a non-zero value is before the outgoing > > packet is delivered, via a call to ether ip_input() or ip_output() > > (in the function div_output()). Then it gets reset to zero after > > either of these functions returns. > > > > Am I missing some subtlety in there? > > [ ... ] > > Actually, I think it's so the outbound packet doesn't get redivirted > by that particular handler, but you *can* chain handlers. For instance, > say I wanted to chain a cleanwall, a firewall, and a IP proxy server > and they were all in seperate divert modules. Right! That is the purpose of this ip_divert_ignore hack -- for loop avoidance. It allows you to send a packet back out via the divert socket and simultaneously say "Don't divert *this* packet back into *this* socket". The theory was that this loop avoidance was working too well, and seemed to be applying to packets other than the one that it was supposed to. What I'm trying to prove to myself is that this can't be happening. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701292016.MAA24360>