From owner-freebsd-ipfw@FreeBSD.ORG Sun Jan 17 08:43:11 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B6031065670; Sun, 17 Jan 2010 08:43:11 +0000 (UTC) (envelope-from ume@mahoroba.org) Received: from asuka.mahoroba.org (ent.mahoroba.org [IPv6:2001:2f0:104:8010::1]) by mx1.freebsd.org (Postfix) with ESMTP id DFEA08FC0A; Sun, 17 Jan 2010 08:43:10 +0000 (UTC) Received: from ameno.mahoroba.org (IDENT:FtH3TfvlSs8sXnP80Tu14nV2B5V1nscVZlycY21hbP2FvblZEVx/XX+84VORYyCK@ameno.mahoroba.org [IPv6:2001:2f0:104:8010:20a:79ff:fe69:ee6b]) (user=ume mech=CRAM-MD5 bits=0) by asuka.mahoroba.org (8.14.3/8.14.3) with ESMTP/inet6 id o0H8gweH013376 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 17 Jan 2010 17:43:01 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Sun, 17 Jan 2010 17:42:58 +0900 Message-ID: From: Hajimu UMEMOTO To: Luigi Rizzo In-Reply-To: <20100110185232.GA27907@onelab2.iet.unipi.it> References: <25ff90d60912162320y286e37a0ufeb64397716d8c18@mail.gmail.com> <25ff90d60912180612y2b1f64fbw34b4d7f648762087@mail.gmail.com> <25ff90d61001021736p7b695197q104f4a7769b51b71@mail.gmail.com> <20100110185232.GA27907@onelab2.iet.unipi.it> User-Agent: xcite1.58> Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?ISO-2022-JP-2?B?R29qGyQoRCtXGyhC?=) APEL/10.7 Emacs/23.1 (i386-portbld-freebsd8.0) MULE/6.0 (HANACHIRUSATO) X-Operating-System: FreeBSD 8.0-RELEASE-p2 X-PGP-Key: http://www.imasy.or.jp/~ume/publickey.asc X-PGP-Fingerprint: 1F00 0B9E 2164 70FC 6DC5 BF5F 04E9 F086 BF90 71FE Organization: Internet Mutual Aid Society, YOKOHAMA MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (asuka.mahoroba.org [IPv6:2001:2f0:104:8010::1]); Sun, 17 Jan 2010 17:43:01 +0900 (JST) X-Virus-Scanned: clamav-milter 0.95.3 at asuka.mahoroba.org X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on asuka.mahoroba.org Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, David Horn , freebsd-ipfw@freebsd.org Subject: Re: Unified rc.firewall ipfw me/me6 issue X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jan 2010 08:43:11 -0000 Hi, >>>>> On Sun, 10 Jan 2010 19:52:32 +0100 >>>>> Luigi Rizzo said: rizzo> We only need one 'me' option that matches v4 and v6, because the rizzo> other two can be implemented as 'ip4 me' and 'ip6 me' at no extra rizzo> cost (the code for 'me' only scans the list corresponding to the rizzo> actual address family of the packet). I would actually vote for rizzo> removing the 'me6' microinstruction from the kernel, and implement rizzo> it in /sbin/ipfw by generating 'ip6 me'. rizzo> Feel free to commit the change yourself. Thank you. I've committed 1st patch and 3rd patch. I think it is better removing the 'me6' microinstruction from the kernel, and implement it in /sbin/ipfw by generating 'ip6 me'. However, it seems to me that /sbin/ipfw is not designed to generate two microinstructions (ip6 me) per one 'me6' easily. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/