From owner-cvs-src@FreeBSD.ORG Tue Aug 17 23:34:46 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0375C16A4CE for ; Tue, 17 Aug 2004 23:34:46 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37C1443D31 for ; Tue, 17 Aug 2004 23:34:45 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 1729 invoked from network); 17 Aug 2004 23:34:44 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 17 Aug 2004 23:34:44 -0000 Message-ID: <41229617.CB69E0BE@freebsd.org> Date: Wed, 18 Aug 2004 01:34:47 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Max Laier References: <200408172205.i7HM5sDs087606@repoman.freebsd.org> <200408180122.28379.max@love2party.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf files options src/sys/modules/ipfwMakefile src/sys/net bridge.c src/sys/netgraph ng_bridge.c src/sys/netinet ip_fw_pfil.c ip_input.c ip_output.c ... X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Aug 2004 23:34:46 -0000 Max Laier wrote: > > On Wednesday 18 August 2004 00:05, Andre Oppermann wrote: > > andre 2004-08-17 22:05:54 UTC > > > > FreeBSD src repository > > > > Modified files: > > sys/conf files options > > sys/modules/ipfw Makefile > > sys/net bridge.c > > sys/netgraph ng_bridge.c > > sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h > > ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c > > ip_output.c ip_var.h raw_ip.c tcp_input.c > > tcp_sack.c > > sys/sys mbuf.h > > Added files: > > sys/netinet ip_fw_pfil.c > > Log: > > Convert ipfw to use PFIL_HOOKS. > > Excellent!!! Great!!!! Thank you!!! > > I don't like the hack to bridge.c, but that's marked XXX so I guess you don't > either. I hope we can clean this up for RELENG_5_3, though. No, I don't like it at all. I have some code ready but did not have time to test it before code freeze. What I want to do is a PFIL_HOOK with protocol AF_ETHER which gives you the full layer2 header in the packet. What the packet filter does with it is up its implementation. For example it might ignore everthing but IP packets or provide ether header matching functionality or such. I think we (mlaier and me) could cook this up within a week. Though I'm not sure much RE is going to like this kind of changes at this time. -- Andre