From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 4 17:16:59 2010 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 629691065674 for ; Mon, 4 Oct 2010 17:16:59 +0000 (UTC) (envelope-from dudu.meyer@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id E92738FC12 for ; Mon, 4 Oct 2010 17:16:58 +0000 (UTC) Received: by fxm9 with SMTP id 9so4434473fxm.13 for ; Mon, 04 Oct 2010 10:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=o4tjvawDpSDIHD/dIZBHIxP2QuYkNPP2buVobdWpJ/Q=; b=fxBj4w8BjrIf4/lr8JCIWslgxeIqOpiKKXnQy1OcSqrHDqilP0Cnwi8gPKjlPYvfKD Jh6mR+InChfLAcJspctx5zR6fTUzm989B+mxyqnaGZTMPdmQQLqnfzJt0O41wZ+VhIVq 5MQ/GaNKWkiZlfCKfoiwuswjPGD1aJ/mfI4vg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=qmHd1MJnLh8ja4UKI++Mda6/e9PhCiW6OqdPcvIvXdkuQ0yr54rGvD7xIxBq7jk4/f DSnkM5IZQzrX89QxJTmSt1WoyvBVQkSHftgouw7J7F444HV6hJLrsHa9d3yNuoKkpMjz zkQEjdQvtg2BxOpIUQJS12IB+54Fg5x/m/rGk= MIME-Version: 1.0 Received: by 10.223.110.73 with SMTP id m9mr9381150fap.60.1286212617580; Mon, 04 Oct 2010 10:16:57 -0700 (PDT) Received: by 10.223.35.203 with HTTP; Mon, 4 Oct 2010 10:16:57 -0700 (PDT) In-Reply-To: References: Date: Mon, 4 Oct 2010 14:16:57 -0300 Message-ID: From: Eduardo Meyer To: Brandon Gooch Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: ipfw@freebsd.org Subject: Re: layer2 ipfw 'fwd' support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2010 17:16:59 -0000 On Mon, Oct 4, 2010 at 2:02 PM, Brandon Gooch wrote: > On Mon, Oct 4, 2010 at 9:44 AM, Eduardo Meyer wrot= e: >> Hello, >> >> In the past I have used this patch by Luigi Rizzo, which helped me well. >> >> http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-September/000526.ht= ml >> >> I tried with a friend to port it to -STABLE, but we were not able to >> find out what has replaced mt_tag. Also on ip_input.c we dirty hacked >> to following piece of code: >> >> #ifdef IPFIREWALL_FORWARD >> =A0 =A0 =A0 =A0if (m->m_flags & M_FASTFWD_OURS) { >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0m->m_flags &=3D ~M_FASTFWD_OURS; >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0goto pass; /* XXX was 'ours' - SHOULD WE = MODIFY IT HERE */ >> =A0 =A0 =A0 =A0} >> =A0 =A0 =A0 =A0if ((dchg =3D (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) = !=3D NULL)) !=3D 0) { >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/* >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * Directly ship the packet on. =A0This a= llows forwarding >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * packets originally destined to us to s= ome other directly >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * connected host. >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 */ >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ip_forward(m, dchg); >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return; >> =A0 =A0 =A0 =A0} >> #endif /* IPFIREWALL_FORWARD */ >> >> And this is something we are not sure if its correct. >> >> So my very obvious question is: >> >> Does anyone has a recent version of this patch to share? >> >> Can anyone familiar with ipfw source code help me with that? >> > > I'm certainly not an expert, but I wonder if the patch your referring > to is still required? Can you provide more detail about your > particular application? > > -Brandon Yes, its still required since ipfw fwd ignores layer2 frames. The application is the very same: squid. I mean, Lusca in fact (squid fork)= . Thank you for your interest. --=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br