From owner-freebsd-net@FreeBSD.ORG Wed May 10 07:27:49 2006 Return-Path: <owner-freebsd-net@FreeBSD.ORG> X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B4EF16A416 for <freebsd-net@freebsd.org>; Wed, 10 May 2006 07:27:49 +0000 (UTC) (envelope-from ozkan@mersin.edu.tr) Received: from mail.mersin.edu.tr (mail.mersin.edu.tr [193.255.128.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0085E43D68 for <freebsd-net@freebsd.org>; Wed, 10 May 2006 07:27:37 +0000 (GMT) (envelope-from ozkan@mersin.edu.tr) Received: from localhost (localhost.mersin.edu.tr [127.0.0.1]) by mail.mersin.edu.tr (Postfix) with ESMTP id 336B747E4E for <freebsd-net@freebsd.org>; Wed, 10 May 2006 10:27:36 +0300 (EEST) Received: from mail.mersin.edu.tr ([127.0.0.1]) by localhost (mail.mersin.edu.tr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 66167-05 for <freebsd-net@freebsd.org>; Wed, 10 May 2006 10:27:22 +0300 (EEST) Received: from [10.0.2.1] (unknown [10.0.2.1]) by mail.mersin.edu.tr (Postfix) with ESMTP id 7F3CB47E8C for <freebsd-net@freebsd.org>; Wed, 10 May 2006 10:27:22 +0300 (EEST) Received: from (10.0.2.1) by webshield.mersin.edu.tr via smtp id 5446_ef0ffad6_dff5_11da_851c_001143d1ee6d; Wed, 10 May 2006 10:23:53 +0300 Message-ID: <446195E3.8080903@mersin.edu.tr> Date: Wed, 10 May 2006 10:27:31 +0300 From: =?ISO-8859-9?Q?=D6zkan_KIRIK?= <ozkan@mersin.edu.tr> User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050927) X-Accept-Language: tr-TR, tr, en-US, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4460FF4E.10305@ifi.unicamp.br> <44610333.6070806@elischer.org> <4461830E.8070207@yandex.ru> <20060509231457.B67417@xorpc.icir.org> In-Reply-To: <20060509231457.B67417@xorpc.icir.org> Content-Type: text/plain; charset=ISO-8859-9; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at mersin.edu.tr Subject: Re: ipfw divert with layer2 (if_bridge) packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net> List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 10 May 2006 07:27:49 -0000 hi, i have a question about these similar problems with bridging. i use if_bridge on a FreeBSD 6.1 Box. ipfw doesn't support fwd rules via bridge. So that i had to use pf for transparent proxying. but pf doesnt work like fwd. pf makes nat (rdr) on packets, so that proxy software can't find the original destination address. Once up on a time, someone wrote a patch for FreeBSD 4.x, to make fwd action work with Bridge. What about if_bridge? does that patch works on FreeBSD 6.X? If not, can it be ported to 6.x? i think fwd action likes abit to divert action. If divert action works, i think fwd could be work. what you think about this subject? yours sincerely Ozkan KIRIK Luigi Rizzo yazmış: >On Wed, May 10, 2006 at 10:07:10AM +0400, Andrey V. Elsukov wrote: > > >>Julian Elischer wrote: >> >> >>>I have changes that make it work in 4.x but they will not apply to 5.x >>>or later.. >>>Luigi also has some changes that allow it.. >>> >>> >>I can try porting an older patches which allow this. >>Is there a chance for including this feature into base system? >> >> > >sorry if i missed the earlier part of the thread... > >the earlier patches i posted (for 4.x) had a race problem because L2 >packets would be processed with the wrong spl mask leading to >possible corruption in the socket buffer. >A fix for that involves sending divert packets to the ipintrq >so they could be reprocessed with the correct masks. > >Probably 6.x does not have the same problem as the locking there >is different. So in that case it might just be a case of adapting >the patch to compile. > > cheers > luigi >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > >