From owner-freebsd-net@FreeBSD.ORG Wed Jan 14 13:02:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5086516A4CE for ; Wed, 14 Jan 2004 13:02:30 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3293743D31 for ; Wed, 14 Jan 2004 13:02:29 -0800 (PST) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i0EL2TAF087411 for ; Wed, 14 Jan 2004 13:02:29 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i0EL2TU7087410 for net@freebsd.org; Wed, 14 Jan 2004 13:02:29 -0800 (PST) (envelope-from rizzo) Date: Wed, 14 Jan 2004 13:02:29 -0800 From: Luigi Rizzo To: net@freebsd.org Message-ID: <20040114130229.B86000@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Subject: [rizzo@icir.org: Request for review: ipfw2 for IPV6] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 21:02:30 -0000 just a note that i posted this to the ipfw list -- please look at the ipfw list for the actual patch cheers luigi ----- Forwarded message from Luigi Rizzo ----- Date: Wed, 14 Jan 2004 13:01:22 -0800 From: Luigi Rizzo Subject: Request for review: ipfw2 for IPV6 To: ipfw@freebsd.org Hi, I am attaching some very experimental (and only partly functional) code to use ipfw2/dummynet with IPV6. THIS IS NOT RECOMMENDED FOR REGULAR USE, JUST FOR EVALUATION. The code has been developed by two students of mine, Mariano Tortoriello and Raffaele De Lorenzo, and I only revised it briefly. I think the overall architecture is reasonably close to the final one, although there are some optimizations and changes to improve compatibility with other kernel options. We would really appreciate testing by someone who is a kernel programmer who has access to ipv6 network and some knowledge of the ipv6 code, and thus can give advice on how to improve this code, and possibly suggest fixes for the trivial bugs that are there. Installation instructions: + the patch is based on 4.9_RELEASE + move just above your src/ directory and do a gzcat ipfw6.040114a.diff.gz | patch + install the patched copy of netinet/ip_dummynet.h and ip_fw2.h into /usr/include/netinet + add the IPFIREWALL and IPFW2 options in the kernel, together with the IPV6 options (no IPV6FIREWALL) + rebuild and reinstall the kernel and /sbin/ipfw, remember to use "make -DIPFW2" for the latter At this point you should be able to use ipv6 addresses in ipfw instruction, the new option "ipv6" which only matches ipv6 packets. The system _will_ panic if you are trying to use dummynet on output packets, the reasons of the panic are still to investigate. Dummynet on the input path seems to work, as well as on layer2. There might be other bugs, which I would be happy to hear about as i only did very limited testing. cheers luigi ----- End forwarded message -----