Date: Wed, 21 Jun 2006 11:41:04 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: freebsd-net@freebsd.org, Julian Elischer <julian@elischer.org>, freebsd-ipfw@freebsd.org Subject: Re: [fbsd] [patch] ipfw packet tagging Message-ID: <20060621094104.GB7019@obiwan.tataz.chchile.org> In-Reply-To: <44618B0A.60504@yandex.ru> References: <44618B0A.60504@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Andrey, On Wed, May 10, 2006 at 10:41:14AM +0400, Andrey V. Elsukov wrote: > Hi, All! > > I have written a small patch for a packets > tagging with ipfw. > > The description of OpenBSD packet tagging is here: > http://www.openbsd.org/faq/pf/tagging.html > > An IPFW tags is not compatible with PF tags. > > This feature can be usable with some netgraph modules. > We can create a netgraph node that marks packets with some tags > and use this node with other nodes. IPFW can detect and filter > packets with tags. > > Also we can mark packets before NAT and detect tagged packets > after translation. > NAT based on divert sockets do not allow this, but i think > ng_nat can.. > > Patches can be found here: > http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ Looking at the patch lets me see that you are using the generic mbuf tags. This means the tag should be available along the packet's trip through the kernel. Would it be possible to slightly modify the routing code in order to make those tags a routing criteria ? Julian Elischer also has a neat patch that modifies the ipfw table but he hasn't provided it so far [1]. [1] http://lists.freebsd.org/pipermail/freebsd-net/2006-May/010563.html Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060621094104.GB7019>