Date: Tue, 31 Jul 2007 17:37:13 -0700 From: Julian Elischer <julian@elischer.org> To: "Christian S.J. Peron" <csjp@FreeBSD.org> Cc: freebsd-net@freebsd.org, "Bruce M. Simpson" <bms@incunabulum.net>, rwatson@freebsd.org Subject: Re: divert and deadlock issues Message-ID: <46AFD5B9.4080602@elischer.org> In-Reply-To: <20070801001908.GA8822@sub> References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> <20070731204156.GA7614@sub> <46AFB6C9.20401@incunabulum.net> <46AFC441.2070502@elischer.org> <20070801001908.GA8822@sub>
next in thread | previous in thread | raw e-mail | index | archive | help
Christian S.J. Peron wrote: > On Tue, Jul 31, 2007 at 04:22:41PM -0700, Julian Elischer wrote: > [..] >> Originally we wanted a way to be able to inject any kind of >> ip packet that could be generated, because the aim was to >> allow a user agent to do arbitrary processing on packets. however >> to be really correct, a divert injection should occur at teh position of >> the firewall >> where diversion occurs but there is no way to do that and anyhow they need >> to get some of the internal state added to them before they get there, so >> puting them in via ip_output seemed the way to go. >> >> I've never had much to do with multicast, so I'm not sure if it makes sense >> to inject there, but if you wanted to divert multicast packets >> and change them slightly, and then reinject them, it would be a blow >> to discover that you couldn't. > > Well, it's still the intent to keep the ability to divert and re-inject > multicast packets. This change would basically say: "You cant specify > multicast options via the divert socket". Which in practice doesn't > happen anyway (where I looked). > > I dont think we should be specifying multicast options on divert sockets. > It's not the right place to be manipulating multicast parameters. Multicast > parameters should be set on the sockets that originally transmitted or > received the packets. I dont think divert falls into this category. > ok if you can divert out a multicast packet, fix something in it, and then reinject it, and have it DTRT then that's fine.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46AFD5B9.4080602>