Date: Thu, 16 Sep 2004 03:48:16 -0000 From: Pyun YongHyeon <yongari@kt-is.co.kr> To: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: Bridging? Message-ID: <20030829083706.GD12809@kt-is.co.kr> In-Reply-To: <20030829080440.GB12809@kt-is.co.kr> References: <200308262103.12394.alan@precisionautobody.com> <200308262247.46254.alan@precisionautobody.com> <01a901c36cee$09bd6810$01000001@max900> <200308271625.05235.alan@precisionautobody.com> <025801c36cfa$3e756290$01000001@max900> <1062074062.31217.14.camel@quark.avioc.org> <20030829032218.GB11397@kt-is.co.kr> <20030829080440.GB12809@kt-is.co.kr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 29, 2003 at 05:04:40PM +0900, To pf4freebsd@freelists.org wrote:
> On Fri, Aug 29, 2003 at 12:22:18PM +0900, To pf4freebsd@freelists.org wrote:
> > On Thu, Aug 28, 2003 at 08:15:45AM -0500, Brandon Weisz wrote:
> > > Max,
> > > I tested your patch with basically the same setup as Alan. I'm using
> > > the pf port, not sure if I should be testing with 1.62.
> > >
> > If your system is -current you should use latest version
> > (not in ports tree).
> >
> > > The quick and dirty is I didn't see any of the debug messages from
> > > bridge.c.diff in the dmesg.
> > >
> > The debugging message may show up on your CONSOLE. If you do not
> > see any messages such as 'START, TRUE, calling' on your console,
> > it means pf does not work on bridge setup. However I don't think
> > so because bridge code supports PFIL_HOOKS and ipfilter also
> > relys on this feature.(But I can't sure 'cause I don't even use
> > bridge at all.)
> >
> I have tried bridge(4) with kernel module on -current. No luck.
> I can't believe this so I have tried ipf. It did not work too.
> There must be a bug in bridge(4) code itself.
> At present it seems that there is no way to use pf or ipf
> (which uses PFIL_HOOK) on bridge setup with/without assigning
> a IP address.
> Is there anyone using ipf on bridge setup?
>
This happens when I use bridge kernel module. You may need
'options BRIDGE' in your kernel or patch /sys/modules/bridge/
Makefile to include PFIL_HOOKS code.
--- Makefile Fri Aug 29 17:33:00 2003
+++ Makefile.OK Fri Aug 29 17:33:23 2003
@@ -3,5 +3,6 @@
.PATH: ${.CURDIR}/../../net
KMOD= bridge
SRCS= bridge.c
+CFLAGS+= DPFIL_HOOKS
.include <bsd.kmod.mk>
However I have received a LOR due to our recent addition of
lock.(not yet released). I believe we should fix this LOR first
because it is more serious.
Regards,
Pyun YongHyeon
--
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>;
KTIS, Inc. +82-2-597-0600
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030829083706.GD12809>