From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 20:30:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA9D916A5B5 for ; Thu, 27 Jul 2006 20:30:44 +0000 (UTC) (envelope-from csjp@FreeBSD.org) Received: from ems01.seccuris.com (ems01.seccuris.com [204.112.0.35]) by mx1.FreeBSD.org (Postfix) with SMTP id BA8B643D49 for ; Thu, 27 Jul 2006 20:30:41 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: (qmail 15865 invoked by uid 86); 27 Jul 2006 20:43:07 -0000 Received: from unknown (HELO ?127.0.0.1?) (204.112.0.40) by ems01.seccuris.com with SMTP; 27 Jul 2006 20:43:07 -0000 Message-ID: <44C92278.5000901@FreeBSD.org> Date: Thu, 27 Jul 2006 15:30:48 -0500 From: "Christian S.J. Peron" User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530) MIME-Version: 1.0 To: Max Laier References: <44C7B5E2.5080001@elischer.org> <200607271346.12491.max@love2party.net> In-Reply-To: <200607271346.12491.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, andre@freebsd.org, Julian Elischer Subject: Re: [patch] RFC: allow divert from layer 2 ipfw (e.g. bridge) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 20:30:44 -0000 Max Laier wrote: > On Wednesday 26 July 2006 20:35, Julian Elischer wrote: > >> This code is running on quite a few systems but in a very limited >> environment that may not test all possibilities.. >> >> Does anyone have comments or suggestions as to changes that I might make >> for checkin into generic FreeBSD? It was originally written for 4.x but >> with 6.x in mind. >> It is now running on 6.1 and seems to be ok so far. >> >> Certainly I am interested in hearing from Robert and Luigi and I am >> particularly interested in >> what people think on how this will handle locking/SMP difficulies. >> > > Instead of putting more special processing to every L2-entry point in the > system, I'd prefer if we could finally get round to L2 pfil hooks. That > would make it much easier to add such functionality in a common hook function > and use it everywhere. > > I agree with Max here, I think it's time we look at getting together pfil hooks for layer 2. I would be interested in doing the leg work here if you guys are willing to review it. -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer FreeBSD Security Team