From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 11 22:30:19 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0739416A478 for ; Sun, 11 Jun 2006 22:30:19 +0000 (UTC) (envelope-from joao.barros@gmail.com) Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 316B743D4C for ; Sun, 11 Jun 2006 22:30:17 +0000 (GMT) (envelope-from joao.barros@gmail.com) Received: by wx-out-0102.google.com with SMTP id i31so810848wxd for ; Sun, 11 Jun 2006 15:30:16 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uT/hS15Lafsp+iWe7oaHe4R3KV1FU7FlhPpsfvQEIx8LtCK9MWEc2H/t0l13kNCl2VDe1SmRenO6WDxmRMk56PCAdgNztESwPyynWNOjjGXo9Jpp59T9xtllvzQ6kmeQ/tPgg+o0ESrbEY3o8HJnqd5pq/YlenuwVc9PUkzUNiY= Received: by 10.70.8.2 with SMTP id 2mr5859431wxh; Sun, 11 Jun 2006 15:30:16 -0700 (PDT) Received: by 10.70.108.17 with HTTP; Sun, 11 Jun 2006 15:30:16 -0700 (PDT) Message-ID: <70e8236f0606111530i5ec5cd7eh7230ac76f466f1d@mail.gmail.com> Date: Sun, 11 Jun 2006 23:30:16 +0100 From: "Joao Barros" To: "Vadim Goncharov" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <70e8236f0606110836j38f7ca33wa3058eaecf386fb5@mail.gmail.com> Cc: freebsd-isp@freebsd.org, "freebsd-net@freebsd.org" , "freebsd-current@freebsd.org" , "freebsd-ipfw@freebsd.org" Subject: Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2006 22:30:19 -0000 On 6/11/06, Vadim Goncharov wrote: > 11.06.06 @ 22:36 Joao Barros wrote: > > Original message is at: > http://lists.freebsd.org/pipermail/freebsd-current/2006-June/063821.html > > > I'm very interested in this, great work! :-) > > I can't load the kld on my Sun Sparc, I think I messed up ld yesterday > > trying to patch for a bug that show's in firefox and mozilla. It > > compiles, just doesn't run. As soon as I have it up and running I'll > > give you feedback. > > Umm, that's a kernel module, it shouldn't have any relations with ld. What > diagnostics has it said on failed load? ultra5# make Warning: Object directory not changed from original /root/ng_tag @ -> /usr/src/sys machine -> /usr/src/sys/sparc64/include touch opt_netgraph.h cc -O2 -pipe -g -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I- -I/root/ng_tag -I. -I@ -I@/contrib/altq -I@/../include -I/usr/include -finline-limit=15000 -fno-common -mcmodel=medlow -msoft-float -ffreestanding -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -c ng_tag.c ld -d -warn-common -r -d -o ng_tag.kld ng_tag.o touch export_syms awk -f /sys/conf/kmod_syms.awk ng_tag.kld export_syms | xargs -J% objcopy % ng_tag.kld ld -Bshareable -d -warn-common -o ng_tag.ko ng_tag.kld objcopy --strip-debug ng_tag.ko ultra5# kldload ./ng_tag.kld kldload: can't load ./ng_tag.kld: Exec format error ultra5# file ng_tag.kld ng_tag.kld: ELF 64-bit MSB relocatable, SPARC V9, version 1 (FreeBSD), not stripped > > > Have you tested it with pf? If so can you give me some examples? > > No, it wasn't tested with pf. The problem with pf is that pf compiles all > the rules at the time, so exact tags representation can change each time > (for this reason ipfw tags were made incompatible with pf), and you must > that values to supply them to . However, if you find a method how to > obtain tag values info from in-kernel pf structures, you'll be able to use > it with pf. It doesn't support well integration with netgraph, though. > > Another option is to use ipfw - it supports pf's altq(4) shaping, if that > is all you need. > > > I'm particularly interested in this for doing packed shaping, especially > > on P2P. > > Yes, I'm also looking for possibility of shaping, but I can't test (no > resources) it currently. Also, as it seems non-trivial on current ipfw > dynamic rules implementation, I don't know if shaping will work at all. I'm not a ipfw user, but if this were to be possible it would be very nice :-) -- Joao Barros