Date: Sun, 17 Jan 2010 17:42:58 +0900 From: Hajimu UMEMOTO <ume@freebsd.org> To: Luigi Rizzo <rizzo@iet.unipi.it> Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, David Horn <dhorn2000@gmail.com>, freebsd-ipfw@freebsd.org Subject: Re: Unified rc.firewall ipfw me/me6 issue Message-ID: <ygeiqb1w299.wl%ume@mahoroba.org> In-Reply-To: <20100110185232.GA27907@onelab2.iet.unipi.it> References: <25ff90d60912162320y286e37a0ufeb64397716d8c18@mail.gmail.com> <ygek4wmyp3j.wl%ume@mahoroba.org> <25ff90d60912180612y2b1f64fbw34b4d7f648762087@mail.gmail.com> <yged42c4770.wl%ume@mahoroba.org> <25ff90d61001021736p7b695197q104f4a7769b51b71@mail.gmail.com> <yge8wc5u872.wl%ume@mahoroba.org> <20100110185232.GA27907@onelab2.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
>>>>> On Sun, 10 Jan 2010 19:52:32 +0100
>>>>> Luigi Rizzo <rizzo@iet.unipi.it> said:
rizzo> We only need one 'me' option that matches v4 and v6, because the
rizzo> other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
rizzo> cost (the code for 'me' only scans the list corresponding to the
rizzo> actual address family of the packet). I would actually vote for
rizzo> removing the 'me6' microinstruction from the kernel, and implement
rizzo> it in /sbin/ipfw by generating 'ip6 me'.
rizzo> Feel free to commit the change yourself.
Thank you. I've committed 1st patch and 3rd patch.
I think it is better removing the 'me6' microinstruction from the
kernel, and implement it in /sbin/ipfw by generating 'ip6 me'.
However, it seems to me that /sbin/ipfw is not designed to generate
two microinstructions (ip6 me) per one 'me6' easily.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ygeiqb1w299.wl%ume>