From owner-freebsd-net@FreeBSD.ORG Wed Feb 19 04:57:05 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E4511B10 for ; Wed, 19 Feb 2014 04:57:05 +0000 (UTC) Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5891017B3 for ; Wed, 19 Feb 2014 04:57:05 +0000 (UTC) Received: by mail-lb0-f178.google.com with SMTP id u14so13147837lbd.9 for ; Tue, 18 Feb 2014 20:57:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=5NvOtwWCfl67bLoXoFk/Zhm79pc3pZalMFzHNH/cfBI=; b=CdTz2UP8RyrjG1XFv6mXA1EYUbqh4ASe3hWVKNN/3kd0jt1QiOuE5n9ZJXWZvjsXhX sFPjvREiQPRFNKEFT/yjVfJezxSaxLgfOpwwdU3QNTL2F0nZfcq8QrgfvpgkypHnz/oo hIQ9qBxEja0CSjVErvENzjC/vYz36Z5ygaoIJAp+WVQSxiJWHIvclOh04GJY+N7bmEiT DKNpd2frqIIIDuShKuZAk353hnQCm5LEZICM1m3BZBmDrlIKwsFnig1AUizbAnkaxQpd bzAWFj11cyidKSNY1ndwHTSGbkNlyDYWwakGC3HMRUwFvicm2KwA04eNzb5iYt9yQNMn rGDQ== MIME-Version: 1.0 X-Received: by 10.112.17.65 with SMTP id m1mr164439lbd.46.1392785822780; Tue, 18 Feb 2014 20:57:02 -0800 (PST) Sender: rizzo.unipi@gmail.com Received: by 10.115.4.162 with HTTP; Tue, 18 Feb 2014 20:57:02 -0800 (PST) In-Reply-To: <1392711455.632249224.68nv9a9s@frv34.fwdcdn.com> References: <1392661063.244494415.kh0fdlsv@frv34.fwdcdn.com> <20140217185832.GB41267@onelab2.iet.unipi.it> <530273BF.5020303@sentex.net> <20140217205213.GC42021@onelab2.iet.unipi.it> <1392711455.632249224.68nv9a9s@frv34.fwdcdn.com> Date: Tue, 18 Feb 2014 20:57:02 -0800 X-Google-Sender-Auth: ED8xrNX2TtZVchb_NwBgF9UcMKM Message-ID: Subject: Re: Re[2]: netmap, VALE and netmap pipes From: Luigi Rizzo To: wishmaster Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Feb 2014 04:57:06 -0000 On Tue, Feb 18, 2014 at 1:04 AM, wishmaster wrote: > > > > --- Original message --- > From: "Luigi Rizzo" > Date: 17 February 2014, 22:50:02 > > > > > On Mon, Feb 17, 2014 at 03:40:31PM -0500, Mike Tancsa wrote: > > > On 2/17/2014 1:58 PM, Luigi Rizzo wrote: > > > > On Mon, Feb 17, 2014 at 08:36:06PM +0200, wishmaster wrote: > > > >> > > > >> Thanks, prof. Luigi. > > > >> > > > >> As for me, netmap-ipfw is especially interesting. Would you like > add some examples for userspace bundle of ipfw and dummynet. Because not > all clear in README-file. > > > >> > > > >> E.g. I have classic router with 2 interfaces igb > > > > > > > > replace the "vale" ports with "netmap:igb0" and "netmap"igb1" > > > > and off you go. > > > > > > Apart from the man pages, is there a repository of documentation and > > > examples somewhere ? > > > > not really. but apart from the plumbing into the interfaces, > > this is just the FreeBSD/head ipfw code with obvious features > > disabled (e.g. there is no access to local sockets or address > > lists or routing tables so things like 'me', 'uid xx', 'verrpath' > > do not work). > > Thus it is unable to use kipfw/dummynet in situation with multiple > external interfaces due to > no access to routing tables? > actually the routing is done by a router, a firewall just filters. So you could use this kipfw in a transparent firewall bridge, or in front of the host stack on a machine you want to protect. And for the rest, my original email continued like this: --> And it could definitely be improved to work on more interfaces, --> become multithreaded etc, but this is an exercise that i hope --> someone else will take over. cheers luigi -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+-------------------------------