From owner-freebsd-pf@FreeBSD.ORG Thu Feb 26 08:24:03 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FD25106564A for ; Thu, 26 Feb 2009 08:24:03 +0000 (UTC) (envelope-from tom@uffner.com) Received: from eris.uffner.com (eris.uffner.com [207.245.121.212]) by mx1.freebsd.org (Postfix) with ESMTP id D6FCF8FC1B for ; Thu, 26 Feb 2009 08:24:02 +0000 (UTC) (envelope-from tom@uffner.com) Received: from xiombarg.uffner.com (static-71-162-143-94.phlapa.fios.verizon.net [71.162.143.94]) (authenticated bits=0) by eris.uffner.com (8.14.3/8.14.3) with ESMTP id n1Q8Nr0m042660 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Thu, 26 Feb 2009 03:24:02 -0500 (EST) (envelope-from tom@uffner.com) Message-ID: <49A65199.9080305@uffner.com> Date: Thu, 26 Feb 2009 03:23:53 -0500 From: Tom Uffner User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.19) Gecko/20090125 SeaMonkey/1.1.14 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <49913D89.8010801@uffner.com> In-Reply-To: <49913D89.8010801@uffner.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.94.2/9045/Wed Feb 25 00:28:30 2009 on eris.uffner.com X-Virus-Status: Clean Subject: Re: status of carpdev? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2009 08:24:03 -0000 Tom Uffner wrote: > what happened with the effort to port "ifconfig ... carpdev ..." to > FreeBSD? > > the last messages mentioning it were posted a bit more than a year ago. > if i remember correctly, there was a patch for IPv4 only. it was considered > Beta test quality and a few people were using it. but since then i have not > seen it mentioned anywhere, and nothing has been committed. > > what is the status, and is there a usable patch for 7.1? answering my own question, sort of... the most recent incarnation of Max's carpdev patch that I can find is http://docs.freebsd.org/cgi/mid.cgi?200712091835.33608.max it applies almost cleanly to recent RELENG_7 - there are rejects in one file, but they are pretty obvious and easy to fix. but building a kernel fails in sys/netinet/ip_carp.c: cc1: warnings being treated as errors /usr/src/sys/netinet/ip_carp.c: In function 'carp_setroute': /usr/src/sys/netinet/ip_carp.c:394: warning: assignment from incompatible pointer type *** Error code 1 this is due to the multiple routing table changes, and the break most likely occurred here: ---------------------------- revision 1.120.2.4 date: 2008/07/24 01:13:22; author: julian; state: Exp; lines: +355 -95 SVN rev 180774 on 2008-07-24 01:13:22Z by julian MFC an ABI compatible implementation of Multiple routing tables. See the commit message for http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/route.c version 1.129 (svn change # 178888) for more info. Obtained from: Ironport (Cisco Systems) ---------------------------- so, no. there is not a usable patch for 7.1. I am not very familiar with the implications of this change. Is it feasable to just ignore it and use row 0 of rt_tables[][] ? Or do I need to do something more sophisticated? what are the chances of getting this patch updated, or even better, completed & committed? i have neither the time nor the knowledge to attempt to code the IPv6 bits, but I would be willing to test (for IPv4) on a production firewall pair, and maybe try v6 on a test network. tom