Date: Mon, 4 Oct 2010 16:18:17 -0300 From: Eduardo Meyer <dudu.meyer@gmail.com> To: Julian Elischer <julian@freebsd.org> Cc: Brandon Gooch <jamesbrandongooch@gmail.com>, ipfw@freebsd.org, Adrian Chadd <adrian@ucc.gu.uwa.edu.au> Subject: Re: layer2 ipfw 'fwd' support Message-ID: <AANLkTikExTKMWvvDwn=rVUSqwz6UeVXi8WOSsHROQYq%2B@mail.gmail.com> In-Reply-To: <4CAA1E7B.1020107@freebsd.org> References: <AANLkTi=wHkmfDmoPrKN1SRcE9m=1_5iieAd85hQNWHs1@mail.gmail.com> <AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com> <AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com> <4CAA1E7B.1020107@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 4, 2010 at 3:35 PM, Julian Elischer <julian@freebsd.org> wrote: > On 10/4/10 10:16 AM, Eduardo Meyer wrote: >> >> On Mon, Oct 4, 2010 at 2:02 PM, Brandon Gooch >> <jamesbrandongooch@gmail.com> wrote: >>> >>> On Mon, Oct 4, 2010 at 9:44 AM, Eduardo Meyer<dudu.meyer@gmail.com> >>> wrote: >>>> >>>> Hello, >>>> >>>> In the past I have used this patch by Luigi Rizzo, which helped me well. >>>> >>>> >>>> http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-September/000526.html >>>> >>>> I tried with a friend to port it to -STABLE, but we were not able to >>>> find out what has replaced mt_tag. Also on ip_input.c we dirty hacked >>>> to following piece of code: >>>> >>>> #ifdef IPFIREWALL_FORWARD >>>> if (m->m_flags& M_FASTFWD_OURS) { >>>> m->m_flags&= ~M_FASTFWD_OURS; >>>> goto pass; /* XXX was 'ours' - SHOULD WE MODIFY IT HERE >>>> */ >>>> } >>>> if ((dchg = (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL)) >>>> != 0) { >>>> /* >>>> * Directly ship the packet on. This allows forwarding >>>> * packets originally destined to us to some other >>>> directly >>>> * connected host. >>>> */ >>>> ip_forward(m, dchg); >>>> return; >>>> } >>>> #endif /* IPFIREWALL_FORWARD */ >>>> >>>> And this is something we are not sure if its correct. >>>> >>>> So my very obvious question is: >>>> >>>> Does anyone has a recent version of this patch to share? >>>> >>>> Can anyone familiar with ipfw source code help me with that? >>>> >>> I'm certainly not an expert, but I wonder if the patch your referring >>> to is still required? Can you provide more detail about your >>> particular application? >>> >>> -Brandon >> >> Yes, its still required since ipfw fwd ignores layer2 frames. >> >> The application is the very same: squid. I mean, Lusca in fact (squid >> fork). >> >> Thank you for your interest. > > Cisco/Ironport have a patch that does this.. > I had permission to bring it back when I worked there but never got it > committed. > > Adrian, was it part of the set I gave you? Hello Elischer, Was this made public? I hope Chadd has some good news. In fact I tent to use with Lusca in tproxy mode. I bet this is the only missing piece of software. -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikExTKMWvvDwn=rVUSqwz6UeVXi8WOSsHROQYq%2B>