Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Aug 2004 01:46:13 +0200
From:      Andre Oppermann <andre@freebsd.org>
To:        Sam Leffler <sam@errno.com>
Cc:        cvs-src@FreeBSD.org
Subject:   Re: cvs commit: src/sys/conf files options src/sys/modules/ipfw  Makefile  src/sys/net bridge.c src/sys/netgraph ng_bridge.c  src/sys/netinet  ip_divert.c ip_dummynet.c ip_dummynet.h ip_fastfwd.c  ip_fw.h ip_fw2.c  ip_fw_pfil.c ip_input.c ip_output.c ...
Message-ID:  <412298C5.4D5D1A48@freebsd.org>
References:  <200408172205.i7HM5sDs087606@repoman.freebsd.org> <200408180122.28379.max@love2party.net> <41229617.CB69E0BE@freebsd.org> <200408171640.31631.sam@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Sam Leffler wrote:
> 
> On Tuesday 17 August 2004 04:34 pm, Andre Oppermann wrote:
> > Max Laier wrote:
> > > On Wednesday 18 August 2004 00:05, Andre Oppermann wrote:
> > > > andre       2004-08-17 22:05:54 UTC
> > > >
> > > >   FreeBSD src repository
> > > >
> > > >   Modified files:
> > > >     sys/conf             files options
> > > >     sys/modules/ipfw     Makefile
> > > >     sys/net              bridge.c
> > > >     sys/netgraph         ng_bridge.c
> > > >     sys/netinet          ip_divert.c ip_dummynet.c ip_dummynet.h
> > > >                          ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c
> > > >                          ip_output.c ip_var.h raw_ip.c tcp_input.c
> > > >                          tcp_sack.c
> > > >     sys/sys              mbuf.h
> > > >   Added files:
> > > >     sys/netinet          ip_fw_pfil.c
> > > >   Log:
> > > >   Convert ipfw to use PFIL_HOOKS.
> > >
> > > Excellent!!! Great!!!! Thank you!!!
> > >
> > > I don't like the hack to bridge.c, but that's marked XXX so I guess you
> > > don't either. I hope we can clean this up for RELENG_5_3, though.
> >
> > No, I don't like it at all.  I have some code ready but did not have time
> > to test it before code freeze.  What I want to do is a PFIL_HOOK with
> > protocol AF_ETHER which gives you the full layer2 header in the packet.
> > What the packet filter does with it is up its implementation.  For example
> > it might ignore everthing but IP packets or provide ether header matching
> > functionality or such.
> >
> > I think we (mlaier and me) could cook this up within a week.  Though I'm
> > not sure much RE is going to like this kind of changes at this time.
> 
> My original version of this work added several new pfil hooks for stuff like
> this.

Do you have your orginal work still somewhere around to have a look at?
I'd like to avoid to re-invent the wheel if possible. ;-)

-- 
Andre

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?412298C5.4D5D1A48>