On 1/24/13 10:16 AM, Jake Guffey wrote:
Hi:
I am working on a network appliance based on FreeBSD, IPFW, and Suricata. In
the scenario that I'm developing for, I need to divert packets sent over a
layer 2 bridge for IPS processing. After reinjection, IPFW passes this traffic
back to FreeBSD for layer 3 forwarding. I would like to get this working for
layer 2 forwarding across the bridge interface(s) involved.
I saw
http://freebsd.1045724.n5.nabble.com/patch-RFC-allow-divert-from-layer-2-ipfw-e-g-bridge-td4008335.html
from quite some time ago (2006), and that one of the responders said that he
didn't want to commit layer 2 diversion support before layer 2 packet filtering
hooks were put in place. To my understanding (please correct me if I'm wrong),
the pfil hooks he was referring to are in place now.
hithere..
The original code you refer to was written by Ironport (now cisco)
after lookign at similar code bu imimic (then ironport, now cisco :-))
for use in their
web filter appliance.
It did work well, however I'm not in that field any more so I can't
justify work time in getting it up to date..
Nor o I have access any more to test machines that I can test the
result with.
It may be worth asking Doug Ambrisko what the current version of the
code looks like.. We had permission to
give it back (hense the email) but it never got put into the tree.
Is there something I can do to help make this happen? I am very rusty with C
and will probably not be much help coding, but anything else, I'd be glad to
do. I suppose that I could give coding this support a shot, with (likely) a bit
of hand-holding from you.
The company that I work for has allocated budget for consulting, so I would be
glad to help fund development if that's an issue.
Thanks,
Jake Guffey
Network Security Engineer
eProtex
Network medical device security
5451 Lakeview Parkway S Drive
Indianapolis, Indiana 46268, USA
Mobile: 317-220-7100
[email protected]
www.eprotex.com
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
