Date: Sun, 21 Mar 1999 13:39:30 -0600 From: Chris Csanady <cc@137.org> To: Julian Elischer <julian@whistle.com> Cc: Chris Csanady <cc@137.org>, freebsd-net@FreeBSD.ORG Subject: Re: Integrating the NetBSD PFIL hooks.. Message-ID: <19990321193930.19005C3@friley-185-205.res.iastate.edu> In-Reply-To: Your message of "Fri, 19 Mar 1999 17:36:29 PST." <36F2FB9D.2C67412E@whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Chris Csanady wrote: >> >> What would it take for us to intergrate NetBSD's PFIL hooks? It is >> hard to do much work in the current network stack with so much of >> the mess that currently exists. At the very least, ip_input.c and >> ip_output.c would be much cleaner with this mechanism. >> >> I'm just wondering what needs to be done, and if it is possible. >> Ipfilter would already support this, but how about ipfw, dummynet, >> divert and such? Would the authors of the respective code be >> willing to help out with the necessary changes? >> >> Chris Csanady >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-net" in the body of the message > >Certainly >though I haven't looked.. >It certainly looks like it could use some cleaning.. It's suffering >from 'evolutionary changes'. > >We at whistle have to take a lot of the blame. >We implemented 'divert' sockets after a suggestion from >one of the CSRG guys. (forget his name.. the Kieth that was >not a Bostic) > >The divert functionality adds a lot of possibilities but it has its >tentacles all over the place. The 'fwd' option of ipfw has a few >tentacles reaching as far as tcp_input. Hmm, I didn't realize that divert was so far reaching. The NetBSD PFIL stuff basically only provides for input and output hooks at a single point as far as I can see. (in ip_input and ip_output) It seems like it would be simple to extend the interface to do both fragments and reassembled packets at the IP layer though. What is the minimum in terms of filtering points that must exist? Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990321193930.19005C3>