Date: Sun, 18 Aug 2019 13:24:23 +0100 From: Andrew White <andywhite@gmail.com> To: =?UTF-8?B?R29yYW4gTWVracSH?= <meka@tilda.center> Cc: Kristof Provost <kp@freebsd.org>, freebsd-net@freebsd.org Subject: Re: pf (rules and nat) + (ipfw + dummynet) Message-ID: <CAOZMOUFObR2oJGAH37Ct0uY0rtu4Qav4ot2aR9di-BrdzpsR1A@mail.gmail.com> In-Reply-To: <20190818093346.jjxdjkd5twzfg56c@hal9000.home.meka.rs> References: <CAOZMOUFfzoVj2mtOHcQRpkrjU%2B02-kik%2BNt7m0_oELUW=H=RXg@mail.gmail.com> <20190817215151.GA8888@vega.codepro.be> <20190818093346.jjxdjkd5twzfg56c@hal9000.home.meka.rs>
next in thread | previous in thread | raw e-mail | index | archive | help
Best of luck with this endeavor ! A very quick scan of that patch seems to include a lot more changes to ipfw than I would expect, perhaps other bug fixes or feature changes that are unrelated ? It also reads like it defines new pf rule actions, so I imagine you configure pf by setting the rule action to be dnpipe or something similar. mac OS seems to use an anchor type called dummynet-anchor fwiw. If this works in pfsense, perhaps the developers there would assist getting their patches into freebsd so they don't have to maintain them outside of freebsd source. Andrew On Sun, Aug 18, 2019 at 10:33 AM Goran Meki=C4=87 <meka@tilda.center> wrote= : > Hello, > > If I knew we almost made it compile and boot (with dummynet, pf and pflog > loaded), > I would postpone the previous email. :o) > > The code I'm working on is > https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0. > It is nothing more than releng/12.0 branch into which I copied parts of > PFSense > code until it started working. I still don't know how to test it, as I'm > not > sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw > pipe list" to show the pipes without ipfw module loaded. Once loaded, > ipfw lets you manage dummynet. What I do for now is load ipfw, set the > pipes, unload ipfw. > > If anyone knows how to configure pf.conf so that it passes everything > it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and > create /sbin/dnctl so we don't have to depend on IPFW at all, but I > would like it to start working like this, first. > > My concerns about this patch is that it changes IPFW, too. I don't know > if the following link is visible if you're not logged into github, but > it shows the difference between releng/12.0 and this branch: > > https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/= pf+dummynet/12.0?expand=3D1 > > Anyway, my priority is to make it work somehow, then clean it up, port > to -CURRENT and only then write dnctl. > > As always, all help is more than welcome as this is my first kernel > development task ever. > > Regards, > meka >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOZMOUFObR2oJGAH37Ct0uY0rtu4Qav4ot2aR9di-BrdzpsR1A>