Date: Mon, 4 Oct 2010 14:16:57 -0300 From: Eduardo Meyer <dudu.meyer@gmail.com> To: Brandon Gooch <jamesbrandongooch@gmail.com> Cc: ipfw@freebsd.org Subject: Re: layer2 ipfw 'fwd' support Message-ID: <AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com> In-Reply-To: <AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com> References: <AANLkTi=wHkmfDmoPrKN1SRcE9m=1_5iieAd85hQNWHs1@mail.gmail.com> <AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 4, 2010 at 2:02 PM, Brandon Gooch <jamesbrandongooch@gmail.com> wrote: > On Mon, Oct 4, 2010 at 9:44 AM, Eduardo Meyer <dudu.meyer@gmail.com> wrot= e: >> Hello, >> >> In the past I have used this patch by Luigi Rizzo, which helped me well. >> >> http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-September/000526.ht= ml >> >> I tried with a friend to port it to -STABLE, but we were not able to >> find out what has replaced mt_tag. Also on ip_input.c we dirty hacked >> to following piece of code: >> >> #ifdef IPFIREWALL_FORWARD >> =A0 =A0 =A0 =A0if (m->m_flags & M_FASTFWD_OURS) { >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0m->m_flags &=3D ~M_FASTFWD_OURS; >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0goto pass; /* XXX was 'ours' - SHOULD WE = MODIFY IT HERE */ >> =A0 =A0 =A0 =A0} >> =A0 =A0 =A0 =A0if ((dchg =3D (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) = !=3D NULL)) !=3D 0) { >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/* >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * Directly ship the packet on. =A0This a= llows forwarding >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * packets originally destined to us to s= ome other directly >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * connected host. >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 */ >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ip_forward(m, dchg); >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return; >> =A0 =A0 =A0 =A0} >> #endif /* IPFIREWALL_FORWARD */ >> >> And this is something we are not sure if its correct. >> >> So my very obvious question is: >> >> Does anyone has a recent version of this patch to share? >> >> Can anyone familiar with ipfw source code help me with that? >> > > I'm certainly not an expert, but I wonder if the patch your referring > to is still required? Can you provide more detail about your > particular application? > > -Brandon Yes, its still required since ipfw fwd ignores layer2 frames. The application is the very same: squid. I mean, Lusca in fact (squid fork)= . Thank you for your interest. --=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR>