From owner-freebsd-net@freebsd.org  Sun Aug 18 09:33:54 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 544E2C2276
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sun, 18 Aug 2019 09:33:54 +0000 (UTC)
 (envelope-from meka@tilda.center)
Received: from mail.tilda.center (srv02.tilda.center [199.247.21.11])
 by mx1.freebsd.org (Postfix) with ESMTP id 46BBhJ14ztz4LNT;
 Sun, 18 Aug 2019 09:33:51 +0000 (UTC)
 (envelope-from meka@tilda.center)
Received: from hal9000.home.meka.rs (109-92-168-5.dynamic.isp.telekom.rs
 [109.92.168.5])
 by mail.tilda.center (Postfix) with ESMTPSA id 4BE7B11509;
 Sun, 18 Aug 2019 11:33:47 +0200 (CEST)
Date: Sun, 18 Aug 2019 11:33:46 +0200
From: Goran =?utf-8?B?TWVracSH?= <meka@tilda.center>
To: Kristof Provost <kp@freebsd.org>
Cc: Andrew White <andywhite@gmail.com>, freebsd-net@freebsd.org
Subject: Re: pf (rules and nat) + (ipfw + dummynet)
Message-ID: <20190818093346.jjxdjkd5twzfg56c@hal9000.home.meka.rs>
References: <CAOZMOUFfzoVj2mtOHcQRpkrjU+02-kik+Nt7m0_oELUW=H=RXg@mail.gmail.com>
 <20190817215151.GA8888@vega.codepro.be>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="so4xkoxivalzwhgs"
Content-Disposition: inline
In-Reply-To: <20190817215151.GA8888@vega.codepro.be>
User-Agent: NeoMutt/20180716
X-Rspamd-Queue-Id: 46BBhJ14ztz4LNT
X-Spamd-Bar: --------
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of meka@tilda.center designates
 199.247.21.11 as permitted sender) smtp.mailfrom=meka@tilda.center
X-Spamd-Result: default: False [-8.22 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 DMARC_NA(0.00)[tilda.center]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 NEURAL_HAM_SHORT(-0.97)[-0.967,0]; SIGNED_PGP(-2.00)[];
 RCVD_NO_TLS_LAST(0.10)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[5.168.92.109.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.10]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 ASN(0.00)[asn:20473, ipnet:199.247.16.0/21, country:US];
 FREEMAIL_CC(0.00)[gmail.com];
 IP_SCORE(-2.95)[ip: (-9.67), ipnet: 199.247.16.0/21(-4.78), asn: 20473(-0.26),
 country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2019 09:33:54 -0000


--so4xkoxivalzwhgs
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

Hello,

If I knew we almost made it compile and boot (with dummynet, pf and pflog loaded),
I would postpone the previous email. :o)

The code I'm working on is https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0.
It is nothing more than releng/12.0 branch into which I copied parts of PFSense
code until it started working. I still don't know how to test it, as I'm not
sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw
pipe list" to show the pipes without ipfw module loaded. Once loaded,
ipfw lets you manage dummynet. What I do for now is load ipfw, set the
pipes, unload ipfw.

If anyone knows how to configure pf.conf so that it passes everything
it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and
create /sbin/dnctl so we don't have to depend on IPFW at all, but I
would like it to start working like this, first.

My concerns about this patch is that it changes IPFW, too. I don't know
if the following link is visible if you're not logged into github, but
it shows the difference between releng/12.0 and this branch:
https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/pf+dummynet/12.0?expand=1

Anyway, my priority is to make it work somehow, then clean it up, port
to -CURRENT and only then write dnctl.

As always, all help is more than welcome as this is my first kernel
development task ever.

Regards,
meka

--so4xkoxivalzwhgs
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAl1ZG3cACgkQWj1Tknov
rLbKwg//X/TrVim8rNYRIJEM9x/+YZzXiUq1g/dGff21+QuE5WWAlvO92mx2GosY
49wl7NTWc1RFkDrATpg6lhyvxxjGtGNPhAtgfiQ5M18O5WaXOGt8nEnMQgPctkpK
7Agrx0c8R9QMqD3Ts6HNVZC9Sb87m9S2RH7KGydm8fuONaoRjrCpYHZ7WHC8Qkkg
hED3v3QsTkp+4gPFkYr1dOo2fZOD2ZmJ5jeUnTzeB7A6lIdmpccnNQ8PH8NIWEu6
kEyxyTrIvKj9jcwTBJRqoug6ZBdcgKUCwhjX3LFJZH/LQsdBK75c9pnC7BBucfrC
69bdZ+Dd0c2VR0zDwMIMbkda6DA7NnpJHmjLDzoBLdT5uy/RGTKSUSFDn+y39Ue8
/wP2FTMIzTFAxpxR6p/OjjD+5mkzOeFoR0sNu6qf4DIr3SYePXHjj72XFBeeg89Y
VuTkZFVpQY/OawVWAVEnHmhpF/6IFUnqgqmo4qtmF66sBkrH7AMVwXjSTcFeOEbK
j4Rh/guJNKAvqeBN2mZ+V5r33pKkW+2iwNIv9uMqdp+m8S+K0g/E4BaiEiQMxOx0
rTgD7vKVDPP1jO2Qy9Bk06BYLUGuATFkA80O0bpwV6b8BKhidhbufmA8Ld7A7zYB
2vTvtm+NserSjMBBof31s/cS5UVvEamrVZiCJWx+xtQupw6rBns=
=D5AB
-----END PGP SIGNATURE-----

--so4xkoxivalzwhgs--