Date: Thu, 16 Sep 2004 03:49:46 -0000 From: "Max Laier" <max@love2party.net> To: <pf4freebsd@freelists.org> Subject: [pf4freebsd] Re: Bridging 2nd try and call for testers Message-ID: <009001c3715b$d5840eb0$01000001@max900> References: <200308262103.12394.alan@precisionautobody.com> <200308262247.46254.alan@precisionautobody.com> <01a901c36cee$09bd6810$01000001@max900> <200308271625.05235.alan@precisionautobody.com> <025801c36cfa$3e756290$01000001@max900> <1062074062.31217.14.camel@quark.avioc.org> <01ad01c370ab$a55b2bc0$01000001@max900> <1062509878.337.18.camel@quark.avioc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > and try again to get pf running. Remember to set net.link.ether.bridge_ipf: > > 1 This time it should at least see some packets ... or get a panic, not sure > > about it ;) > > > > Excellent. My initial pass/block tests were successful. > > I will continue testing with a more realistic ruleset, however this is > quite promising. We came to the same conclusion, discovered some other problems and bring a new version of pf_freebsd to fix these issues: Version 1.64: http://pf4freebsd.love2party.net/pf_freebsd_1.64.tar.gz MD5 (pf_freebsd_1.64.tar.gz) = f198908a8d691617aa16aa047de7be03 If you are running version 1.63 and don't need bridge support there is no real need to update unless you often do kldload/unload on pf and have seen page faults in connection with that (There is a possible race on MOD_UNLOAD, which most likely does not cause trouble, but is fixed now). If you run versions prior 1.63 updateing is recommend! To get bridge working with pf you have to take a look into the newly created patches directory. There you'll find a patch to src/sys/net/bridge.c running against RELENG_5_1 and HEAD which are the same (RCS 1.67). You have to do the following: $patch /usr/src/sys/net/bridge.c < pf_freebsd_1.64/patches/bridge.c.patch rebuild your kernel with at least the following options: "options BRIDGE", "options PFIL_HOOKS", "options INET" reboot to the new kernel and set syctl "net.link.ether.bridge_ipf" to a non-zero value. Further information about this and comming patches can be found in patches/README. Things in there are for testing purpose and will be send-pr once we are certain that is helps and works. Thank you for further feedback on the issue, Max
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009001c3715b$d5840eb0$01000001>