From owner-freebsd-net Tue May 1 13:53:23 2001 Delivered-To: freebsd-net@freebsd.org Received: from rgmail.regenstrief.org (rgmail.regenstrief.org [134.68.31.197]) by hub.freebsd.org (Postfix) with ESMTP id 36F0937B422 for ; Tue, 1 May 2001 13:53:21 -0700 (PDT) (envelope-from gunther@aurora.regenstrief.org) Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38]) by rgmail.regenstrief.org (8.11.0/8.8.7) with ESMTP id f41KwDX28740; Tue, 1 May 2001 15:58:13 -0500 Message-ID: <3AEF2232.19CEE240@aurora.regenstrief.org> Date: Tue, 01 May 2001 20:53:06 +0000 From: Gunther Schadow Organization: Regenstrief Institute for Health Care X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Luigi Rizzo Cc: snap-users@kame.net, freebsd-net@FreeBSD.ORG, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp Subject: Re: The future of ALTQ, IPsec & IPFILTER playing together ... References: <200105012011.WAA26915@info.iet.unipi.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Luigi Rizzo wrote: > > Instead I will have to revert back from IPFILTER to IPFW (FreeBSD) > > so that I can use DUMMYNET instead of ALTQ. > > This leaves me with having to add a TOS-based filtering into > > IPFW. Cross my fingers and it will work :-/ > > i still fail to see why you hate so much this solution > as it seems to do what you need (actually i'd probably use the WFQ > feature of dummynet, and let the application set the TOS bits...) because the only filtering package that will ever have a chance to be consolidated with KAME's SPD rules and ALTQ's classifier will be IPFILTER; because IPFILTER is available accross all *BSDs; because IPFILTER is (arguably) more secure (though less powerful in its NAT rules.) I am really tempted to go back to IPFW, but I value future rejoining with KAME and a flexibility in choice of underlying *BSDs more than the convenience of IPFW. May be it's a mistake. If it is, the world (not just myself) should move towards IPFW on all BSDs. Luigi, if you hack IPFW into all *BSDs and if you submit the code to the CVS control of the KAME folks, may be IPFW could become the point of consolidation of the SPD and ALTQ classifier rules. I would cheer that effort! regards, -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message