From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 23:22:03 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 41A2116A421 for ; Tue, 31 Jul 2007 23:22:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outL.internet-mail-service.net (outL.internet-mail-service.net [216.240.47.235]) by mx1.freebsd.org (Postfix) with ESMTP id 2264313C49D for ; Tue, 31 Jul 2007 23:22:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Tue, 31 Jul 2007 16:22:01 -0700 Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id ED9F9125AED; Tue, 31 Jul 2007 16:22:00 -0700 (PDT) Message-ID: <46AFC441.2070502@elischer.org> Date: Tue, 31 Jul 2007 16:22:41 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: "Bruce M. Simpson" References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> <20070731204156.GA7614@sub> <46AFB6C9.20401@incunabulum.net> In-Reply-To: <46AFB6C9.20401@incunabulum.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, rwatson@freebsd.org, "Christian S.J. Peron" Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 23:22:03 -0000 Bruce M. Simpson wrote: > Christian S.J. Peron wrote: >>> I can't think of a reason why a user would wish to supply any >>> multicast socket options to a divert socket, other than the 'small' >>> ones, i.e. IP_MULTICAST_TTL/IF/LOOP/VIF. >>> >> >> Why would these options ever be set on the divert socket itself though? >> To me it would make sense if these options were set on the network >> socket that originally sent the multicast packet itself. >> > They shouldn't be necessary, however I can foresee situations where > someone might well want to redirect multicast datagrams traversing an > IPPROTO_DIVERT socket, by using these socket options. [Recall that > FreeBSD's IPv4 stack currently uses the destination address as the sole > primary key for lookups in the forwarding information base's radix trie.] > > This is however very unlikely, so my last suggestion, that multicast > options be deprecated or forbidden for IPPROTO_DIVERT sockets, stands. Originally we wanted a way to be able to inject any kind of ip packet that could be generated, because the aim was to allow a user agent to do arbitrary processing on packets. however to be really correct, a divert injection should occur at teh position of the firewall where diversion occurs but there is no way to do that and anyhow they need to get some of the internal state added to them before they get there, so puting them in via ip_output seemed the way to go. I've never had much to do with multicast, so I'm not sure if it makes sense to inject there, but if you wanted to divert multicast packets and change them slightly, and then reinject them, it would be a blow to discover that you couldn't. > > Kind regards > BMS > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"