From owner-freebsd-current@FreeBSD.ORG Sat Apr 17 01:18:38 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADC6316A4CE for ; Sat, 17 Apr 2004 01:18:38 -0700 (PDT) Received: from ops.tamu.edu (ops.TAMU.EDU [165.91.250.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73CBD43D53 for ; Sat, 17 Apr 2004 01:18:38 -0700 (PDT) (envelope-from nipsy@ops.tamu.edu) Received: from nipsy by ops.tamu.edu with local (Exim 4.30; FreeBSD) id 1BEl1C-0005Go-9u; Sat, 17 Apr 2004 03:17:42 -0500 Date: Sat, 17 Apr 2004 03:17:42 -0500 From: Mark Nipper To: Julian Elischer Message-ID: <20040417081741.GA87909@ops.tamu.edu> References: <20040417074543.GB77469@ops.tamu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.5.1i Sender: Mark Nipper cc: Mark Nipper cc: current@freebsd.org Subject: Re: RFC: ported NetBSD if_bridge X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2004 08:18:38 -0000 On 17 Apr 2004, Julian Elischer wrote: > that means I need an ng_ether node, an ng_etf, a ng_bridge, an > ng_ksocket and an ng_socket.. > plug plug plug... done... > and if there isn't a node to do what you want.. > > cd /sys/netgraph > cp ng_sample.c ng_mytype.c > vi mytype.c > [hack hack] > > submit back to tree.... I absolutely agree with everything else you said except this. :) I think it is a little presumptuous to tell every user to sit down and knock out their own module if an ng module does not already exist for what they are trying to do. Sure, ng_bpf exists, but does it do what say Snort does without additional programming (yes, I know, bad example!). Hence the problem with a lot of ng related tasks; coding is never too far from the realm of possibility. Which, incidentally, was why I chose OpenBSD over FreeBSD for the Snort box/firewall I was working on. The bridge manipulations made perfect sense the first time I looked at them and PF did everything it could normally do (including the redirects to localhost), even over a bridged interface. I even ended up in a debate with a die hard FreeBSD'er who was mumbling about whipping up some code to provide similar functionality with ng. And I was like great, then go code it! I'll just start implementing this other solution now which already works and required no coding on my part, which admittedly, is not my strong suit. Needless to say, I was finished first. Blah. umount soapbox. I hate to waste the devlopers' time with silly e-mail too! :) -- Mark Nipper e-contacts: Computing and Information Services nipsy@tamu.edu Texas A&M University http://ops.tamu.edu/nipsy/ College Station, TX 77843-3142 AIM/Yahoo: texasnipsy ICQ: 66971617 (979)575-3193 MSN: nipsy@tamu.edu -----BEGIN GEEK CODE BLOCK----- GG/IT d- s++:+ a- C++$ UBL+++$ P--->+++ L+++$ E--- W++ N+ o K++ w(---) O++ M V(--) PS+++(+) PE(--) Y+ PGP++(+) t 5 X R tv b+++ DI+(++) D+ G e h r++ y+(**) ------END GEEK CODE BLOCK------ ---begin random quote of the moment--- When I die, I want to peacefully die in my sleep, like my grandfather did, not screaming like the passengers in his car did! ----end random quote of the moment----