From owner-freebsd-current  Mon Jan 24 20: 4: 4 2000
Delivered-To: freebsd-current@freebsd.org
Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99])
	by hub.freebsd.org (Postfix) with ESMTP id 92224152F0
	for <current@FreeBSD.ORG>; Mon, 24 Jan 2000 20:04:02 -0800 (PST)
	(envelope-from winter@jurai.net)
Received: from localhost (winter@localhost)
	by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id XAA66170;
	Mon, 24 Jan 2000 23:03:59 -0500 (EST)
Date: Mon, 24 Jan 2000 23:03:59 -0500 (EST)
From: "Matthew N. Dodd" <winter@jurai.net>
To: Alfred Perlstein <bright@wintelcom.net>
Cc: current@FreeBSD.ORG
Subject: Re: sys/net/bridge.c IPFIREWALL & DUMMYNET?  WTF?
In-Reply-To: <20000124190641.R26520@fw.wintelcom.net>
Message-ID: <Pine.BSF.4.21.0001242303160.462-100000@sasami.jurai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 24 Jan 2000, Alfred Perlstein wrote:
> I'm not sure what your proposing, if it's removing BRIDGE support from
> the kernel, I'd have to object.  BRIDGE enables me to run a transparent
> firewall without worrying about routing issues, just drop a machine
> with BRIDGE and IPFIREWALL in between two points and everything is ok.
> 
> However enable a DIVERT socket, and it all goes to hell last i checked.
> 
> Anyhow, can you clarify?

Take a look at the code in question.  There has got to be a better
solution than duplicating packet-unrolling code that makes bad assumptions
about mbuf layouts.

-- 
| Matthew N. Dodd  | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD  |
| winter@jurai.net |       2 x '84 Volvo 245DL        | ix86,sparc,pmax |
| http://www.jurai.net/~winter | This Space For Rent  | ISO8802.5 4ever |



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message