From owner-freebsd-current@FreeBSD.ORG Sat Apr 17 00:30:37 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97F7016A4CE for ; Sat, 17 Apr 2004 00:30:37 -0700 (PDT) Received: from ops.tamu.edu (ops.TAMU.EDU [165.91.250.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6ED8343D45 for ; Sat, 17 Apr 2004 00:30:37 -0700 (PDT) (envelope-from nipsy@ops.tamu.edu) Received: from nipsy by ops.tamu.edu with local (Exim 4.30; FreeBSD) id 1BEkGU-0004tU-2R; Sat, 17 Apr 2004 02:29:26 -0500 Date: Sat, 17 Apr 2004 02:29:25 -0500 From: Mark Nipper To: Julian Elischer Message-ID: <20040417072925.GA77469@ops.tamu.edu> References: <20040417035758.GA66806@kate.fud.org.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.5.1i Sender: Mark Nipper cc: current@freebsd.org Subject: Re: RFC: ported NetBSD if_bridge X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2004 07:30:37 -0000 On 17 Apr 2004, Julian Elischer wrote: > On Sat, 17 Apr 2004, Andrew Thompson wrote: > > I have ported over the bridging code from NetBSD and am looking for feedback. > > My main question is, 'do people want this in the tree?' > > > > The benefits over the current bridge are: > > * ability to manage the bridge table > > * spanning tree support > > * the snazzy brconfig utility > > * clonable pseudo-interface (is that a benefit?) > > Do we need THREE bridging systems? > If you need features you culd probably add them pretty easily to one or > the other of the existing bridging modules.. I was going to refrain from responding, but now I feel it necessary. If for no other reason, with the addition of pf (another fantastic OpenBSD contribution) to the base FreeBSD system, it actually seemed to make a lot of sense to import some of their other network code. All you'd need now is ALTQ and you're in business! :) Seriously though. IPFW and IPF are both options. Now PF is also an option. Someone else pointed out that ng_bridge was not too happy acting as a bridged firewall and last time I tried using the base bridge options, both IPFW and IPF had serious limitations. If the integration between PF and this OpenBSD bridge code stays the same as it is in OpenBSD natively, it could only be a good thing for FreeBSD to finally be able to act as a full fledged, bridged firewall. I had gone with OpenBSD for a Snort project acting as an invisible bridged firewall over FreeBSD for this very reason. And as I mentioned earlier, if you throw in ALTQ, you could add some pretty intelligent, transparent shapers/firewalls/sniffers to your network. Plus you'd ideally get the SMPng boost in FreeBSD that isn't presnet in OpenBSD [yet, since SMP is being worked on finally in OpenBSD]. Just my two cents worth. I think the more options the better, especially if all the features come along with it. -- Mark Nipper e-contacts: Computing and Information Services nipsy@tamu.edu Texas A&M University http://ops.tamu.edu/nipsy/ College Station, TX 77843-3142 AIM/Yahoo: texasnipsy ICQ: 66971617 (979)575-3193 MSN: nipsy@tamu.edu -----BEGIN GEEK CODE BLOCK----- GG/IT d- s++:+ a- C++$ UBL+++$ P--->+++ L+++$ E--- W++ N+ o K++ w(---) O++ M V(--) PS+++(+) PE(--) Y+ PGP++(+) t 5 X R tv b+++ DI+(++) D+ G e h r++ y+(**) ------END GEEK CODE BLOCK------ ---begin random quote of the moment--- The ships hung in the sky in much the same way that bricks don't. -- Douglas Adams ----end random quote of the moment----