Date: Fri, 13 Aug 2004 23:48:54 +0200 From: Andre Oppermann <andre@freebsd.org> To: freebsd-current@freebsd.org Subject: Updated ipfw to pfil_hooks patch Message-ID: <411D3746.7030308@freebsd.org>
next in thread | raw e-mail | index | archive | help
I've put a fresh diff of my current work of converting ipfw to use the pfil_hooks API to grab its fresh packet food. http://www.nrg4u.com/freebsd/ipfw-pfilhooks-and-more-20040813.diff The code is approaching finalization but is not yet there. No need for syntactic nitpicking yet. State of the diff: o Normal IPFW packet filter firewalling works fine - STABLE o IPDIVERT works fine - STABLE o DUMMYNET works fine - STABLE o IPFORWARD works for forwarding to local sockets on the ip_input and ip_output path' - TESTING o IPFORWARD works for forwarding to remote addresses only on the ip_output path -TESTING o Layer 2 IPFW for ethernet in/out and bridging does not work in the patch What remains to be done: o General code polishing around the core functions which are already cleaned up o Undo the removal of the Layer2 and bridge hooks and continue to invoke IPFW the old way for the moment (does not hurt) o Fix IPFORWARD to remote to work on ip_input path too o Undo the move of all IP options functions to their own source file o Make IPDIVERT a loadable kernel module (later) My goal is to get this stuff into 5.3R before the code freeze. ---------------------------------------------------------------------------------- Anyone wanting to give the patch a try, feel free to do so and report back the problems or success stories! (Except for Layer2/bridging IPFW which does not work in the above patch). ---------------------------------------------------------------------------------- -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411D3746.7030308>