From owner-freebsd-current@FreeBSD.ORG Sat Apr 17 08:37:07 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B5F916A4CE; Sat, 17 Apr 2004 08:37:07 -0700 (PDT) Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CCF443D1F; Sat, 17 Apr 2004 08:37:07 -0700 (PDT) (envelope-from bmah@tomcat.kitchenlab.org) Received: from tomcat.kitchenlab.org (adsl-64-142-31-107.sonic.net [64.142.31.107]) by a.mail.sonic.net (8.12.11/8.12.11) with ESMTP id i3HFaVIe030243 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sat, 17 Apr 2004 08:36:31 -0700 Received: from tomcat.kitchenlab.org (localhost.kitchenlab.org [127.0.0.1]) i3HFaVpA006386; Sat, 17 Apr 2004 08:36:31 -0700 (PDT) (envelope-from bmah@tomcat.kitchenlab.org) Message-Id: <200404171536.i3HFaVpA006386@tomcat.kitchenlab.org> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: Julian Elischer In-Reply-To: References: Comments: In-reply-to Julian Elischer message dated "Sat, 17 Apr 2004 00:30:33 -0700." From: bmah@freebsd.org (Bruce A. Mah) X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-220121241P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sat, 17 Apr 2004 08:36:31 -0700 Sender: bmah@tomcat.kitchenlab.org cc: "Bruce A. Mah" cc: current@freebsd.org Subject: Re: RFC: ported NetBSD if_bridge X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bmah@freebsd.org List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2004 15:37:07 -0000 --==_Exmh_-220121241P Content-Type: text/plain; charset=us-ascii If memory serves me right, Julian Elischer wrote: > > 1. ng_bridge(4) doesn't do spanning tree. Neither does bridge(4). > > WHICH spanning tree? Spanning tree is a generic term.. > Are you refering to a particular implimentation of something that uses > spanning tree algorythms? Someone else beat me to this but I was under the impression that if_bridge supported the spanning tree protocol/algorithm used by Ethernet switches. > > 2. A problem that I saw was that ng_bridge(4) didn't interact very well > > with IPFilter...specifically, I recall that IPFilter rules had no effect > > on bridged packets. This was a problem when I was trying to add > > filtered bridging to m0n0wall...the maintainer and I eventually switched > > to using bridge(4)-style bridging after resolving a few other problems. > > There is a ipfw type netgraph module floating around somewhere that you > can link in with ng_bridge to get a much more flexible arangement > should that be needed. Of course it could do with some work.... Thanks. In this case, it wasn't needed. I actually thought about writing an "ng_ipf" node but before I figured out how to do it, I realized the source of the problems we had been having with bridge(4) and came up with a workaround. Cheers, Bruce. --==_Exmh_-220121241P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: Exmh version 2.5+ 20020506 iD8DBQFAgU7/2MoxcVugUsMRAsWXAJ4p4upvEjSlxUx9UTmnWf2nrMYTGgCgyIVF MoRldVfXTKy+EFr72/d9wvM= =1gHW -----END PGP SIGNATURE----- --==_Exmh_-220121241P--