Date: Mon, 13 Jun 2005 17:52:07 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: RE: Carp Suppression Message-ID: <20050613165202.51063DA@gw2.local.net> In-Reply-To: <7c8f2792050613090040c924c3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The reason we are using CARP on a PLIP interface is to allow > us to have redundant connections between 2 transparent > bridging firewalls. CARP is not going to work with a layer 2 firewall. > Instead of sending packets over our network, we isolate them > onto a PLIP interface and crossover interface. That not going to work on a point to point connection, the other party cannot see the carp traffic. never mind the overhead that running plip puts on a system, a length of baling twine would make for a better physical transport. > We then use > ifstaded to monitor the carp interfaces and shut down > bridging on one of the machines. Spanning tree is a no brainer for such a setup, pfsync takes care of the rest. http://www.seattlecentral.edu/~dmartin/docs/bridge.html Greg > > I will refrain from submitting any code to the community in > the future. > > On 6/13/05, Yar Tikhiy <yar@comp.chem.msu.su> wrote: > > On Mon, Jun 13, 2005 at 10:10:54AM -0400, Josh Kayse wrote: > > > One last comment, > > > > > > I managed to fix it so that carp runs on the plip > interface by adding: > > > ifp->if_flags = LINK_STATE_UP; > > > > > > Here is the diff: > > > > > > diff -Nur /usr.orig/src/sys/dev/ppbus/if_plip.c > /usr/src/sys/dev/ppbus/if_plip.c > > > --- /usr.orig/src/sys/dev/ppbus/if_plip.c Wed Sep > 15 11:14:18 2004 > > > +++ /usr/src/sys/dev/ppbus/if_plip.c Mon Jun 13 10:05:56 2005 > > > @@ -359,6 +359,7 @@ > > > > > > ppb_wctr(ppbus, IRQENABLE); > > > ifp->if_flags |= IFF_RUNNING; > > > + ifp->if_flags = LINK_STATE_UP; > > > } > > > break; > > > > I'm afraid you're totally wrong here. > > > > First, I can't see how CARP is supposed to work on a PLIP > interface or > > any point-to-point interface at all. CARP is for broadcast > > interfaces, such as Ethernet or FDDI, which do ARP. You > seem to miss > > the point. > > > > Second, you can't store an arbitrary value into a variable or field > > and expect the things to work right. LINK_STATE_UP simply > is not for > > ifp->if_flags. Please make yourself familiar with the basics of > > computer programming before offering your patches to the community. > > > > -- > > Yar > > > > > -- > Joshua Kayse > Computer Engineering > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050613165202.51063DA>