From owner-freebsd-net@freebsd.org  Sun Aug 18 12:24:37 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 251ACC62D6
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sun, 18 Aug 2019 12:24:37 +0000 (UTC)
 (envelope-from andywhite@gmail.com)
Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com
 [IPv6:2607:f8b0:4864:20::d43])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46BGTJ4Wvfz4V0K;
 Sun, 18 Aug 2019 12:24:36 +0000 (UTC)
 (envelope-from andywhite@gmail.com)
Received: by mail-io1-xd43.google.com with SMTP id 18so15162516ioe.10;
 Sun, 18 Aug 2019 05:24:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=BMH6gLLlAq4S70chkY4COooXH+BCKcG9v4Fb3VPKyh0=;
 b=MyXL3CbezM8Cq1KyGp2uBELP7JAewx2qCE6fqkWS/yjGjda5MbLSOhMcetkbEOg35M
 FeI1QX0CPCIrl9f/wvVivVFkNC+k18KikdUYp2TsJxOoXDV3R1zfqnrBNfiu5V081EC3
 38C4CzqxJ7JIiDhPRZ24BGhR3FCODxPseBIPKJNj3sUzOf+PjpJy/d03DAWnAfCydzDs
 G5SAjdirmjGI92Lg9WAjRdD9nDufviNIk5loSZdyyKaB3fupJ36uZaSRS/ODuzP0ibVv
 +JjAWyptjtdacSO7k9HK1HmTpMojkUvfHC94egNgOsfhjuqpaN+5K+PuFuuVRKvlAfUv
 rvUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=BMH6gLLlAq4S70chkY4COooXH+BCKcG9v4Fb3VPKyh0=;
 b=pu0On38muisra+UoqRdcWkEoEEQ1TKexRqaSdyCVcEiXv/YkgkoNBT84OQqBMyw5Wk
 J4IBzP1puaw4l6Gar4L8JDrZ4c5edgZ1T0FBib8Ie083B+4b3mxLYaAEEiAI7tys7vxF
 6ddnHqIfALE7/nMulXI92qufw7DbAcUCdh8/BvwUF6E0yV4L6jGkXkKV2u0IBfd6l5NA
 3aVJhNubfZcaAnCAQcoPUjNQuv6eKeAGuLFjtjNCwNK+3fFCD4pmezMK8pkH7KgNE7MN
 K7i5KSqcUK0aMoPR0whSS224Vc37R1Fz945mHwB587doFEClBonuOCcQkdkiu2UuwbPe
 Je/g==
X-Gm-Message-State: APjAAAU3Wub1mkumda56rh23RKkELHhwvoEaqo+uSsBZSl3pI0Ziq5lu
 iIXKg1+rF5FIC3GjYma2Mpjzc6440bz4ukDsIqTByjH9
X-Google-Smtp-Source: APXvYqzrbd9HJlrS4jT+oUkOvtfSkS+HRvYq62RBTwM5g9+hKVQeB2WqdoXsHfbNGIUphVC6+MtyKXE7LpJwABKIh9Q=
X-Received: by 2002:a6b:730f:: with SMTP id e15mr5997083ioh.74.1566131075826; 
 Sun, 18 Aug 2019 05:24:35 -0700 (PDT)
MIME-Version: 1.0
References: <CAOZMOUFfzoVj2mtOHcQRpkrjU+02-kik+Nt7m0_oELUW=H=RXg@mail.gmail.com>
 <20190817215151.GA8888@vega.codepro.be>
 <20190818093346.jjxdjkd5twzfg56c@hal9000.home.meka.rs>
In-Reply-To: <20190818093346.jjxdjkd5twzfg56c@hal9000.home.meka.rs>
From: Andrew White <andywhite@gmail.com>
Date: Sun, 18 Aug 2019 13:24:23 +0100
Message-ID: <CAOZMOUFObR2oJGAH37Ct0uY0rtu4Qav4ot2aR9di-BrdzpsR1A@mail.gmail.com>
Subject: Re: pf (rules and nat) + (ipfw + dummynet)
To: =?UTF-8?B?R29yYW4gTWVracSH?= <meka@tilda.center>
Cc: Kristof Provost <kp@freebsd.org>, freebsd-net@freebsd.org
X-Rspamd-Queue-Id: 46BGTJ4Wvfz4V0K
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=MyXL3Cbe;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of andywhite@gmail.com designates
 2607:f8b0:4864:20::d43 as permitted sender) smtp.mailfrom=andywhite@gmail.com
X-Spamd-Result: default: False [-3.99 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 IP_SCORE(0.00)[ip: (2.08), ipnet: 2607:f8b0::/32(-2.95), asn: 15169(-2.38),
 country: US(-0.05)]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 TO_DN_SOME(0.00)[]; IP_SCORE_FREEMAIL(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[3.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; NEURAL_HAM_SHORT(-0.99)[-0.986,0];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2019 12:24:37 -0000

Best of luck with this endeavor !

A very quick scan of that patch seems to include a lot more changes to ipfw
than I would expect, perhaps other bug fixes or feature changes that are
unrelated ?  It also reads like it defines new pf rule actions, so I
imagine you configure pf by setting the rule action to be dnpipe or
something similar.  mac OS seems to use an anchor type called
dummynet-anchor fwiw.

If this works in pfsense, perhaps the developers there would assist getting
their patches into freebsd so they don't have to maintain them outside of
freebsd source.

Andrew

On Sun, Aug 18, 2019 at 10:33 AM Goran Meki=C4=87 <meka@tilda.center> wrote=
:

> Hello,
>
> If I knew we almost made it compile and boot (with dummynet, pf and pflog
> loaded),
> I would postpone the previous email. :o)
>
> The code I'm working on is
> https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0.
> It is nothing more than releng/12.0 branch into which I copied parts of
> PFSense
> code until it started working. I still don't know how to test it, as I'm
> not
> sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw
> pipe list" to show the pipes without ipfw module loaded. Once loaded,
> ipfw lets you manage dummynet. What I do for now is load ipfw, set the
> pipes, unload ipfw.
>
> If anyone knows how to configure pf.conf so that it passes everything
> it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and
> create /sbin/dnctl so we don't have to depend on IPFW at all, but I
> would like it to start working like this, first.
>
> My concerns about this patch is that it changes IPFW, too. I don't know
> if the following link is visible if you're not logged into github, but
> it shows the difference between releng/12.0 and this branch:
>
> https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/=
pf+dummynet/12.0?expand=3D1
>
> Anyway, my priority is to make it work somehow, then clean it up, port
> to -CURRENT and only then write dnctl.
>
> As always, all help is more than welcome as this is my first kernel
> development task ever.
>
> Regards,
> meka
>