From owner-freebsd-pf@FreeBSD.ORG Mon Jun 13 16:51:36 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C20FC16A481; Mon, 13 Jun 2005 16:51:36 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 764C143D48; Mon, 13 Jun 2005 16:51:36 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id 1128C252625; Mon, 13 Jun 2005 17:51:32 +0100 (BST) From: "Greg Hennessy" Date: Mon, 13 Jun 2005 17:52:07 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcVwNYZgvIjqXNn4Sf6OufHbb/Qv9wAAc+WA In-Reply-To: <7c8f2792050613090040c924c3@mail.gmail.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 Message-Id: <20050613165202.51063DA@gw2.local.net> Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: RE: Carp Suppression X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jun 2005 16:51:38 -0000 > The reason we are using CARP on a PLIP interface is to allow > us to have redundant connections between 2 transparent > bridging firewalls. CARP is not going to work with a layer 2 firewall. > Instead of sending packets over our network, we isolate them > onto a PLIP interface and crossover interface. That not going to work on a point to point connection, the other party cannot see the carp traffic. never mind the overhead that running plip puts on a system, a length of baling twine would make for a better physical transport. > We then use > ifstaded to monitor the carp interfaces and shut down > bridging on one of the machines. Spanning tree is a no brainer for such a setup, pfsync takes care of the rest. http://www.seattlecentral.edu/~dmartin/docs/bridge.html Greg > > I will refrain from submitting any code to the community in > the future. > > On 6/13/05, Yar Tikhiy wrote: > > On Mon, Jun 13, 2005 at 10:10:54AM -0400, Josh Kayse wrote: > > > One last comment, > > > > > > I managed to fix it so that carp runs on the plip > interface by adding: > > > ifp->if_flags = LINK_STATE_UP; > > > > > > Here is the diff: > > > > > > diff -Nur /usr.orig/src/sys/dev/ppbus/if_plip.c > /usr/src/sys/dev/ppbus/if_plip.c > > > --- /usr.orig/src/sys/dev/ppbus/if_plip.c Wed Sep > 15 11:14:18 2004 > > > +++ /usr/src/sys/dev/ppbus/if_plip.c Mon Jun 13 10:05:56 2005 > > > @@ -359,6 +359,7 @@ > > > > > > ppb_wctr(ppbus, IRQENABLE); > > > ifp->if_flags |= IFF_RUNNING; > > > + ifp->if_flags = LINK_STATE_UP; > > > } > > > break; > > > > I'm afraid you're totally wrong here. > > > > First, I can't see how CARP is supposed to work on a PLIP > interface or > > any point-to-point interface at all. CARP is for broadcast > > interfaces, such as Ethernet or FDDI, which do ARP. You > seem to miss > > the point. > > > > Second, you can't store an arbitrary value into a variable or field > > and expect the things to work right. LINK_STATE_UP simply > is not for > > ifp->if_flags. Please make yourself familiar with the basics of > > computer programming before offering your patches to the community. > > > > -- > > Yar > > > > > -- > Joshua Kayse > Computer Engineering > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > >