Date: Fri, 19 Oct 2012 16:18:43 +0400 From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: Andre Oppermann <oppermann@networx.ch> Cc: ipfw@freebsd.org, net@freebsd.org Subject: Re: [RFC] Enabling IPFIREWALL_FORWARD in run-time Message-ID: <50814523.2070002@FreeBSD.org> In-Reply-To: <50814166.1000602@networx.ch> References: <508138A4.5030901@FreeBSD.org> <50814166.1000602@networx.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC2F9C7A14662BA4A777BD6AB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 19.10.2012 16:02, Andre Oppermann wrote:>> http://people.freebsd.org/~ae/pfil_forward.diff >> >> Also we have done some tests with the ixia traffic generator connected= >> via 10G network adapter. Tests have show that there is no visible >> difference, and there is no visible performance degradation. >> >> Any objections? > > No objection as such. However I don't entirely agree with the > naming of pfil_forward. The functionality is specific to IPFW > and TCP, it's doing transparent interjected termination of tcp > connections on the local host while keeping the original IP > addresses and port numbers visible in netstat output. > > So it's a feature of IPFW/IP and should be fitted in there for > sysctl name and .h files instead of pfil. Actually it can be used not only by ipfw. We already have net.inet.ip.forwarding and net.inet6.ip6.forwarding variables, and placing it into net.inet.ip.fw is undesirable, because we can have kernel without ipfw. So, i decided to choose pfil, because it could not work without pfil. --=20 WBR, Andrey V. Elsukov --------------enigC2F9C7A14662BA4A777BD6AB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJQgUUqAAoJEAHF6gQQyKF6pyMIAILQkM9tSI6KL5bdG7qotu/Q ulM49kdqP6eHNGt2FMCy634r6uM7HNPK0oY3cZq9acxbUFXf/es8PViz/ELCFmcL V1BUAoDj2J6PBx4n1oGNf+efV9J/s/7YHLj93RH1hgFWVOIOoPdzlyhm/bIs5Dz2 HQ7Nw92GfMCIFREEcZZ55H5ai9xUJoP4BOYDrJ/za9I/XpxTTzqoGUrEJFJUKJP9 ASArYTggA5UrESKTMg/WV2/pIlmwkfEtgAjzAkjweeUi4N3T6QRjY8w8lbz7aZn0 GOq60Ia6cmmrwDZkmTmJ9NJGNKQ7yRlheprcLh9pmoWPEKpgZedcYeDcTLkrprk= =fWAC -----END PGP SIGNATURE----- --------------enigC2F9C7A14662BA4A777BD6AB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50814523.2070002>