From owner-freebsd-net@FreeBSD.ORG Mon May 2 09:15:38 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F08A416A4CE for ; Mon, 2 May 2005 09:15:38 +0000 (GMT) Received: from 62-15-211-153.inversas.jazztel.es (62-15-211-153.inversas.jazztel.es [62.15.211.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D6F843D39 for ; Mon, 2 May 2005 09:15:37 +0000 (GMT) (envelope-from josemi@freebsd.jazztel.es) Received: from redesjm.local (orion.redesjm.local [192.168.254.16]) j429FXZZ002605; Mon, 2 May 2005 11:15:33 +0200 (CEST) (envelope-from josemi@redesjm.local) Received: from localhost (localhost [[UNIX: localhost]]) by redesjm.local (8.13.3/8.13.3/Submit) id j429FPMT001045; Mon, 2 May 2005 11:15:25 +0200 (CEST) (envelope-from josemi@redesjm.local) From: Jose M Rodriguez To: "Giovanni P. Tirloni" Date: Mon, 2 May 2005 11:15:24 +0200 User-Agent: KMail/1.8 References: <200504300906.12464.josemi@redesjm.local> <42759857.8080104@tirloni.org> In-Reply-To: <42759857.8080104@tirloni.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200505021115.25397.josemi@redesjm.local> X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-3; AVE: 6.30.0.7; VDF: 6.30.0.116; host: antares.redesjm.local) cc: net@freebsd.org Subject: Re: enable dummynet from /etc/rc.d X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 09:15:39 -0000 El Lunes, 2 de Mayo de 2005 05:02, Giovanni P. Tirloni escribi=F3: > Jose M Rodriguez wrote: > > Hi, > > > > This is FreeBSD-5.4 RC3 > > > > I'm working in a replacement rc.firewall script and found no > > /etc/rc.d method to launch dummynet (load module). > > > > Right now, dummynet is kernel based, but I want this be able to > > work from stock kernel (ipfw, ipfw6, dummynet from modules). > > > > I missed some rc.conf var or rc.d/ module? > > > > If this will be added, maybe /etc/rc.d/ipfw the right place? > > > > And what about firewall_dummynet for the controlling knob? > > It seems like a good idea. > > IMHO, you should create a 'dummynet' script in /etc/rc.d that > required ipfw (using rcorder(8)) keywords). And a dummynet_enable > option would make sense. > I can't see any need of and aditional dummynet script. I'm not running=20 and aditional daemon (like the natd case), only loading a prerequired=20 module when needed. > But how would you integrate with the ipfw rules ? You can kldload > ipfw and load ipfw rules, then kldload dummynet.. but what about the > dummynet rules order in this case ? > I can't see this point. ipfw rules are loaded from etc/rc.d/ipfw=20 sourcing $firewall-script. The kernel must have dummynet functionality (in kernel or from module)=20 before this is done if there're plans to use dummynet. This is allready done for the ipfw module here. > Your idea of changing /etc/rc.d/ipfw makes sense but, again, we've > the rules order problem and how that script is going to guess what > rules (dummynet) we don't want to load.. I Think this kind of functionality is diffrent. You're suppoused to define firewall_dummynet=3D"YES" when you're using=20 dummynet in $firewall-script. But it's to you put the rules here by other means. You can allways add=20 in /etc/rc.conf: firewall_script=3D"/etc/rc.firewall.local" and checkyesno $firewall_dummynet before do dummynet rules. =2D- josemi