Date: Wed, 14 Jan 2004 13:02:29 -0800 From: Luigi Rizzo <rizzo@icir.org> To: net@freebsd.org Subject: [rizzo@icir.org: Request for review: ipfw2 for IPV6] Message-ID: <20040114130229.B86000@xorpc.icir.org>
next in thread | raw e-mail | index | archive | help
just a note that i posted this to the ipfw list -- please
look at the ipfw list for the actual patch
cheers
luigi
----- Forwarded message from Luigi Rizzo <rizzo@icir.org> -----
Date: Wed, 14 Jan 2004 13:01:22 -0800
From: Luigi Rizzo <rizzo@icir.org>
Subject: Request for review: ipfw2 for IPV6
To: ipfw@freebsd.org
Hi,
I am attaching some very experimental (and only partly functional)
code to use ipfw2/dummynet with IPV6.
THIS IS NOT RECOMMENDED FOR REGULAR USE, JUST FOR EVALUATION.
The code has been developed by two students of mine, Mariano
Tortoriello and Raffaele De Lorenzo, and I only revised it briefly.
I think the overall architecture is reasonably close to the final
one, although there are some optimizations and changes to improve
compatibility with other kernel options.
We would really appreciate testing by someone who is a kernel programmer
who has access to ipv6 network and some knowledge of the ipv6 code,
and thus can give advice on how to improve this code, and possibly
suggest fixes for the trivial bugs that are there.
Installation instructions:
+ the patch is based on 4.9_RELEASE
+ move just above your src/ directory and do a
gzcat ipfw6.040114a.diff.gz | patch
+ install the patched copy of netinet/ip_dummynet.h and ip_fw2.h
into /usr/include/netinet
+ add the IPFIREWALL and IPFW2 options in the kernel, together with the
IPV6 options (no IPV6FIREWALL)
+ rebuild and reinstall the kernel and /sbin/ipfw, remember
to use "make -DIPFW2" for the latter
At this point you should be able to use ipv6 addresses in ipfw
instruction, the new option "ipv6" which only matches ipv6
packets.
The system _will_ panic if you are trying to use dummynet on
output packets, the reasons of the panic are still to investigate.
Dummynet on the input path seems to work, as well as on layer2.
There might be other bugs, which I would be happy to hear about
as i only did very limited testing.
cheers
luigi
----- End forwarded message -----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040114130229.B86000>