Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 Oct 2010 14:16:57 -0300
From:      Eduardo Meyer <dudu.meyer@gmail.com>
To:        Brandon Gooch <jamesbrandongooch@gmail.com>
Cc:        ipfw@freebsd.org
Subject:   Re: layer2 ipfw 'fwd' support
Message-ID:  <AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com>
In-Reply-To: <AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com>
References:  <AANLkTi=wHkmfDmoPrKN1SRcE9m=1_5iieAd85hQNWHs1@mail.gmail.com> <AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 

On Mon, Oct 4, 2010 at 2:02 PM, Brandon Gooch
<jamesbrandongooch@gmail.com> wrote:
> On Mon, Oct 4, 2010 at 9:44 AM, Eduardo Meyer <dudu.meyer@gmail.com> wrote:
>> Hello,
>>
>> In the past I have used this patch by Luigi Rizzo, which helped me well.
>>
>> http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-September/000526.html
>>
>> I tried with a friend to port it to -STABLE, but we were not able to
>> find out what has replaced mt_tag. Also on ip_input.c we dirty hacked
>> to following piece of code:
>>
>> #ifdef IPFIREWALL_FORWARD
>>        if (m->m_flags & M_FASTFWD_OURS) {
>>                m->m_flags &= ~M_FASTFWD_OURS;
>>                goto pass; /* XXX was 'ours' - SHOULD WE MODIFY IT HERE */
>>        }
>>        if ((dchg = (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL)) != 0) {
>>                /*
>>                 * Directly ship the packet on.  This allows forwarding
>>                 * packets originally destined to us to some other directly
>>                 * connected host.
>>                 */
>>                ip_forward(m, dchg);
>>                return;
>>        }
>> #endif /* IPFIREWALL_FORWARD */
>>
>> And this is something we are not sure if its correct.
>>
>> So my very obvious question is:
>>
>> Does anyone has a recent version of this patch to share?
>>
>> Can anyone familiar with ipfw source code help me with that?
>>
>
> I'm certainly not an expert, but I wonder if the patch your referring
> to is still required? Can you provide more detail about your
> particular application?
>
> -Brandon

Yes, its still required since ipfw fwd ignores layer2 frames.

The application is the very same: squid. I mean, Lusca in fact (squid fork).

Thank you for your interest.

-- 
===========
Eduardo Meyer
pessoal: dudu.meyer@gmail.com
profissional: ddm.farmaciap@saude.gov.br
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR>