From owner-freebsd-net@FreeBSD.ORG Mon Jan 30 12:01:15 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F549106568B for ; Mon, 30 Jan 2012 12:01:15 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id D2E1A8FC23 for ; Mon, 30 Jan 2012 12:01:14 +0000 (UTC) Received: by iaeo4 with SMTP id o4so8601258iae.13 for ; Mon, 30 Jan 2012 04:01:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=FeHYu7d1tTjWpxmtUJ1WScN0I/NkCXD358qLaAITq5g=; b=lbEfpNIMtSUC0SGOCkdOSBMVC/7Vdg4WS7MzKA8lDGQ2yKxXvDSmH0vntXjJfOt50U LTGBWsqNP4XE7aZaddG3Gj1xy5fPgKhSJLRMr3fZJuSai4Ss7oDysSDTpKaTmSYepB9G jGOq9C/BPfjzS3y1nhv7YDqOZQq8Wxstf3Mj0= MIME-Version: 1.0 Received: by 10.50.189.194 with SMTP id gk2mr18027409igc.0.1327924873243; Mon, 30 Jan 2012 04:01:13 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.231.134.198 with HTTP; Mon, 30 Jan 2012 04:01:13 -0800 (PST) Date: Mon, 30 Jan 2012 13:01:13 +0100 X-Google-Sender-Auth: fR_g5CNymvbpIxq5T0sM5ysdytQ Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: freebsd-net , freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: Subject: [PATCH] multiple instances of ipfw(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2012 12:01:15 -0000 Hello, from needs on pfSense a patch for allowing multiple intances of ipfw(4) in kernel to co-exist was developed. It can be found here https://raw.github.com/bsdperimeter/pfsense-tools/master/patches/RELENG_9_0/CP_multi_instance_ipfw.diff It is used in conjuction with this tool https://raw.github.com/bsdperimeter/pfsense-tools/master/pfPorts/ipfw_context/files/ipfw_context.c It allows creation of contextes/instances and assignment of specific interfaces to specific contexts/instances. Surely i know that this is not the best way to implement generically but it gets the job done for us as it is, read below. What i would like to know is if there is interest to see such functionality in FreeBSD? I am asking first to see if there is some consensus about this as a feature, needed or not! If interest is shown i will transform the patch to allow: - ipfw(8) to manage the contextes create/destroy - ipfw(8) to manage interface membership. Closing the race of two parallell clients modifying different contextes. There is another design choice to be made about storing the membership of interfaces into contexts/instances, but i do not see that as blocking. It is quite handy feature, which can be exploited even to scale on SMP machines by extending it to bind a specific instance(with its interaces) to a specific CPU/core?! Comments/Feedback expected, Ermal