Date: Fri, 10 Sep 2004 11:40:26 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Andre Oppermann <andre@freebsd.org> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw2 for IPV6 Message-ID: <20040910184026.GA24220@odin.ac.hmc.edu> In-Reply-To: <413B9CC5.21E7B776@freebsd.org> References: <20040903215137.GA26762@odin.ac.hmc.edu> <413B9CC5.21E7B776@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 06, 2004 at 01:09:57AM +0200, Andre Oppermann wrote: > Brooks Davis wrote: > >=20 > > I'm working on updating the IPFW2 for IPv6 patch Luigi posted back in > > April. I've got it partially working with pfil, but I've run into some > > issues with linklocal addresses and dummynet6. Inbound rules work fine, > > but output rules do not because the route struct is not carried in to > > the pfil hook and thus the output interface is lost. >=20 > You are supposed to give the output interface as an argument to pfil_run_ > hooks(). Doesn't that sufficise? I've been thinking about this and I think the problme is that we need to pass the route in to ip6_output in the link local address case. I think we can generate it in dummynet (at least I hope we can), but I need to figure that out. I'm going to read some more code today and I've got the Design and Implementaiton book coming next week. At this point it's probably the best doc around since no one has updated TCP/IP Illustrated v2 yet (I'd love to see a new version based on FreeBSD 6). > I guess the best thing is to involve <gnn@neville-neil.org> into this. > He's cutting his teeth on the IPv6 code and this is probably something > he can give some insights. I'm talking to him (rwatson noticed my branch and pointed him to it). > PS: What about ipfw6? Robert wants to kill it off so we don't have to lock it. As Luigi says, it's redundent once ipfw support IPv6. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBQfUaXY6L6fI4GtQRAmKXAJwI9Cq1BqTK0gf/Eklz12A9SS3WAACghA6p fXgvzmVZ80sXQeCCgnxX+SM= =LIcO -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040910184026.GA24220>