From owner-freebsd-ipfw@FreeBSD.ORG  Sun Jan 10 19:54:18 2010
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0DA5A106568B;
	Sun, 10 Jan 2010 19:54:18 +0000 (UTC)
	(envelope-from qing.li@bluecoat.com)
Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28])
	by mx1.freebsd.org (Postfix) with ESMTP id 34C4E8FC1C;
	Sun, 10 Jan 2010 19:54:16 +0000 (UTC)
Received: from bcs-mail03.internal.cacheflow.com ([10.2.2.95])
	by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id o0AJefGA028050;
	Sun, 10 Jan 2010 11:40:42 -0800 (PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 10 Jan 2010 11:40:34 -0800
Message-ID: <B583FBF374231F4A89607B4D08578A4306488F99@bcs-mail03.internal.cacheflow.com>
In-Reply-To: <20100110185232.GA27907@onelab2.iet.unipi.it>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Unified rc.firewall ipfw me/me6 issue
Thread-Index: AcqSJSaXOe/YiAX5TAqjTGXen62l7AAB4P+Q
References: <25ff90d60912162320y286e37a0ufeb64397716d8c18@mail.gmail.com><ygek4wmyp3j.wl%ume@mahoroba.org><25ff90d60912180612y2b1f64fbw34b4d7f648762087@mail.gmail.com><yged42c4770.wl%ume@mahoroba.org><25ff90d61001021736p7b695197q104f4a7769b51b71@mail.gmail.com><yge8wc5u872.wl%ume@mahoroba.org>
	<20100110185232.GA27907@onelab2.iet.unipi.it>
From: "Li, Qing" <qing.li@bluecoat.com>
To: "Luigi Rizzo" <rizzo@iet.unipi.it>, "Hajimu UMEMOTO" <ume@freebsd.org>
Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org,
	David Horn <dhorn2000@gmail.com>, freebsd-ipfw@freebsd.org
Subject: RE: Unified rc.firewall ipfw me/me6 issue
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jan 2010 19:54:18 -0000

>=20
> We only need one 'me' option that matches v4 and v6, because the
> other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
> cost (the code for 'me' only scans the list corresponding to the
> actual address family of the packet).  I would actually vote for
> removing the 'me6' microinstruction from the kernel, and implement
> it in /sbin/ipfw by generating 'ip6 me'.
>=20

	I agree with Luigi.

	-- Qing