From owner-freebsd-pf@FreeBSD.ORG Tue Jun 14 10:16:10 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAC6016A41C; Tue, 14 Jun 2005 10:16:10 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FD5C43D48; Tue, 14 Jun 2005 10:16:09 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.3/8.13.3) with ESMTP id j5EAG7Qd003141; Tue, 14 Jun 2005 14:16:07 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.3/8.13.3/Submit) id j5EAG6mU003136; Tue, 14 Jun 2005 14:16:06 +0400 (MSD) (envelope-from yar) Date: Tue, 14 Jun 2005 14:16:05 +0400 From: Yar Tikhiy To: Josh Kayse Message-ID: <20050614101605.GB470@comp.chem.msu.su> References: <7c8f2792050610090049064e11@mail.gmail.com> <7c8f279205061116021f55e8da@mail.gmail.com> <7c8f279205061307103b1782f4@mail.gmail.com> <20050613153550.GA54388@comp.chem.msu.su> <7c8f2792050613090040c924c3@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7c8f2792050613090040c924c3@mail.gmail.com> User-Agent: Mutt/1.5.9i Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Carp Suppression X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2005 10:16:10 -0000 On Mon, Jun 13, 2005 at 12:00:36PM -0400, Josh Kayse wrote: > Definitely a typo on my part. It should be > ifp->if_link_state = LINK_STATE_UP > > The reason we are using CARP on a PLIP interface is to allow us to > have redundant connections between 2 transparent bridging firewalls. > Instead of sending packets over our network, we isolate them onto a > PLIP interface and crossover interface. We then use ifstaded to > monitor the carp interfaces and shut down bridging on one of the > machines. This point alone is interesting. FreeBSD doesn't seem to track link state on most non-MII interfaces yet, including SLIP, PPP, and PLIP. Doing so on interfaces that support a sort of keep-alives would be easy though. In theory, were real link state support available on such interfaces, you would be able to run ifstated on them directly. However, the whole design of your network looks like a hack to me. Why not to use conventional IP routing together with pfsync and CARP on the main network segments? > I will refrain from submitting any code to the community in the future. IMHO refraining from the submission of _untested_ code would suffice ;-) -- Yar