On 1/24/13 10:37 AM, Julian Elischer wrote:
On 1/24/13 10:16 AM, Jake Guffey wrote:
Hi:
I am working on a network appliance based on FreeBSD, IPFW, and
Suricata. In the scenario that I'm developing for, I need to divert
packets sent over a layer 2 bridge for IPS processing. After
reinjection, IPFW passes this traffic back to FreeBSD for layer 3
forwarding. I would like to get this working for layer 2 forwarding
across the bridge interface(s) involved.
I saw
http://freebsd.1045724.n5.nabble.com/patch-RFC-allow-divert-from-layer-2-ipfw-e-g-bridge-td4008335.html
from quite some time ago (2006), and that one of the responders
said that he didn't want to commit layer 2 diversion support before
layer 2 packet filtering hooks were put in place. To my
understanding (please correct me if I'm wrong), the pfil hooks he
was referring to are in place now.
hithere..
The original code you refer to was written by Ironport (now cisco)
after lookign at similar code bu imimic (then ironport, now cisco
:-)) for use in their
web filter appliance.
It did work well, however I'm not in that field any more so I can't
justify work time in getting it up to date..
Nor o I have access any more to test machines that I can test the
result with.
It may be worth asking Doug Ambrisko what the current version of
the code looks like.. We had permission to
give it back (hense the email) but it never got put into the tree.
I will add that I think the original code was written for the "old"
bridge code and not if_bridge.
Is there something I can do to help make this happen? I am very
rusty with C and will probably not be much help coding, but
anything else, I'd be glad to do. I suppose that I could give
coding this support a shot, with (likely) a bit of hand-holding
from you.
The company that I work for has allocated budget for consulting, so
I would be glad to help fund development if that's an issue.
Thanks,
Jake Guffey
Network Security Engineer
eProtex
Network medical device security
5451 Lakeview Parkway S Drive
Indianapolis, Indiana 46268, USA
Mobile: 317-220-7100
[email protected]
www.eprotex.com
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to
"[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
