Date: Sun, 28 May 2000 20:10:29 -0700 From: Julian Elischer <julian@elischer.org> To: Dave Preece <dave.preece@kbgroup.co.nz> Cc: freebsd-hackers@freebsd.org Subject: Re: Re-inserting packets into firewall. Message-ID: <3931DFA5.2781E494@elischer.org> References: <67B808B0DD93D211ABEE0000B498356B2B4E92@internet.kbgroup.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Dave Preece wrote:
>
> I'm having a go at writing a 'component' in the firewall chain. The
> component may, or may not, readdress the packet and therefore
> I need to drop
> it back into the chain at the next rule.
this is how ipdivert should work..
If you reinsert the packet and use the same sockaddr that you received,
it should insert the packet at the first rule number GREATER THAN the
rule that diverted it. The rule number of diversion is stored in
the 'port' field of the sockaddr.
>
> Should be simple.
>
> So I've written some test code just to scoop up packets and drop them back
> in unaltered using sendto. Doesn't seem to work though, it scoops up the
> packets fine, and upon resending them they aren't being passed to the next
> rule. Also so tried with net.inet.ip.fw.one_pass as both 1 and 0, with
> little difference.
no idea about pass1 etc. it's added since I last looked at it,
>
> Any ideas? I have loads of FM's to R, but can't seem to get much divert
> socket specific stuff - pointers would be appreciated. Hmm, shall hit the
> books and ip_fw.c some more.
man 4 divert from memory..
also look at the natd program
>
> Thanks,
> Dave
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000
---> X_.---._/ presently in: Perth
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3931DFA5.2781E494>