Date: Tue, 18 Jan 2005 14:27:47 -0800 From: Julian Elischer <julian@elischer.org> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) Message-ID: <41ED8D63.8090205@elischer.org> In-Reply-To: <20050118183558.GA15150@odin.ac.hmc.edu> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Brooks Davis wrote: >On Mon, Jan 17, 2005 at 11:06:10PM +0300, Gleb Smirnoff wrote: > > >> Dear collegues, >> >>here is quite a simple node for direct interaction between ipfw(4) >>and netgraph(4). It is going to be more effective and error-prone >>than a complicated construction around divert socket and ng_ksocket[1]. >> >> >> firstly.. I was thinking that there are several good ways to mesh the ipfw/divert/netgraph stuff. Firstly there is the possibility of making the ipfw stuff a netgraph node itself.. (yes I know there is such a node (based on ipfw-1) out there.) then as for getting stuff out of ipfw, maybe divert itself could be changed to be a netgraph method. In this way, you'd open netgtraph sockets instead of divert sockets. Alternatively there could be a possibility where netgraph could open hooks of a particular number and that would be the equivalant of openning a divert hook of that number.. Looks good but I'm not convinced that it needs a whole new keyword of we tap in through the divert mechanism.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41ED8D63.8090205>