From owner-freebsd-sparc64@FreeBSD.ORG Tue Aug 3 02:42:50 2004 Return-Path: Delivered-To: freebsd-sparc64@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D30016A4CE for ; Tue, 3 Aug 2004 02:42:50 +0000 (GMT) Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBF2F43D66 for ; Tue, 3 Aug 2004 02:42:49 +0000 (GMT) (envelope-from yongari@kt-is.co.kr) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i732fhAh044187 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 3 Aug 2004 11:41:44 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i732gciH004698 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 Aug 2004 11:42:38 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.10/8.12.10/Submit) id i732gbBK004697; Tue, 3 Aug 2004 11:42:37 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Date: Tue, 3 Aug 2004 11:42:37 +0900 From: Pyun YongHyeon To: Roderick van Domburg Message-ID: <20040803024237.GA4564@kt-is.co.kr> References: <410E3C0F.20403@student.utwente.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <410E3C0F.20403@student.utwente.nl> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) cc: freebsd-sparc64@freebsd.org Subject: Re: Does ip6fw work for you on sparc64? X-BeenThere: freebsd-sparc64@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: yongari@kt-is.co.kr List-Id: Porting FreeBSD to the Sparc List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Aug 2004 02:42:50 -0000 On Mon, Aug 02, 2004 at 03:05:19PM +0200, Roderick van Domburg wrote: > Hello everybody, > > Does ip6fw work for any sparc64 owners? It hasn't been working correctly > for me for as long as I can remember. Behavior is very erratic: allow > ipv6 works, but allow {tcp|udp} doesn't. Such rules do show up in the > traffic counter, but really don't allow any traffic passing it at all. > I have no experience on ip6fw(i386/sparc64). Hence don't know current ip6fw status on sparc64. However if you can live with other solutions, I'd like to recommend pf. Though not in FreeBSD sparc64, pf was heavily tested on sparc64 and IPv6 environments in OpenBSD. The only drawback of pf against ipfw is operations in bridged environments. State tracking, one of the most powerful feature of pf, doesn't work in bridged environments. This is not pf's fault. ATM, our bridge(4) doesn't allow pf/ipf see outgoing packets in bridge environmets. (hence ipf can't create state too.) Just making stateful inspection for pf/ipf is trivial one but I want more complete patch for bridge(4) in order to have pf's IP reassemble capability work in bridged setup. If my memory serve right, the last consensus with Luigi was "fix after ipfw's pfil conversion". Best regards, Pyun YongHyeon -- Pyun YongHyeon