Date: Tue, 12 Jan 1999 07:48:55 +1100 (EST) From: Darren Reed <darrenr@reed.wattle.id.au> To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman) Cc: committers@FreeBSD.ORG Subject: Re: loading IPFW before interfaces are up. Message-ID: <199901112048.HAA18823@avalon.reed.wattle.id.au> In-Reply-To: <199901111946.OAA15004@khavrinen.lcs.mit.edu> from "Garrett Wollman" at Jan 11, 99 02:46:08 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some email I received from Garrett Wollman, sie wrote: > > In a lot of these cases, it makes more sense to create some sort of > configuration file which can be loaded by the boot loader. (In > particular, I'd like to see the IPFW goop compiled into a BPF program > and then loaded by the boot loader so that it is already configured > before interfaces are brought up. This would have saved a lot of pain > a year ago...) I don't think you can do better than load rules (whatever they are) which assume that interfaces will be assigned an IP address. I suspect that what you're referring to is that if you load rules that refer to an interface before the interface is up that they don't actually ever refer to the interface because it isn't found when loaded. I don't see how this can change by using BPF, the problem is that there's no notification from the kernel to `whatever' that a new interface has been given an IP address. That is, I assume IPFW allows you to load rules for an interface even if it's not there (IP Filter does at least but they're not going to match anything). With Solaris, using STREAMS, an appropriately configured device sits between the ethernet driver and the kernel's IP stack, and it receives all the communication messages between the two (such as interface up/down). What you need here is some sort of `event' handling where IPFW can say "I'm interested in interface up/down events" and the kernel will forward it some information on such events at the relevant time. Given such notification, you could also choose to look at all the rules currently loaded and `activate/deactivate' those for an interface. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901112048.HAA18823>