From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 4 17:02:49 2010 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 118F3106564A for ; Mon, 4 Oct 2010 17:02:49 +0000 (UTC) (envelope-from jamesbrandongooch@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 266738FC0C for ; Mon, 4 Oct 2010 17:02:47 +0000 (UTC) Received: by wyb29 with SMTP id 29so4462149wyb.13 for ; Mon, 04 Oct 2010 10:02:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=BHjQbh6gjUdOFVE+vd+Eb2xtXhQwMfxPxbSxdZSpDmc=; b=gcpu1cN4c1v4b/1w898ix42Dwaf19EQkqJdz83jnXsp0vpgiDsqxT567E/YAFiUL5+ A5CiAPGHG4zn5IRIvH1ApSS58ofLF27A/7FedibkTkZMTE38H8CjuaB5blnCV7dq9flt +JEObwgjtLGiBX1a1sNlngt2N+hmgOWt/pMxw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=TlqklZSgKzTPR5Fh8Xz2g1lcTnYrXcRIbKWTOxwigMFuhFwM9tP3RlKvoI+meTBldj WVgs3mcBWh0m6MJdZvOEQyzXoG3xZWoMncjNLX2HUMXeP46HOjNdFGJ3gCxuCypEtKJw spkCHS4gAb76FoNX00fqa8+FNO/FSs/Yxo3A4= MIME-Version: 1.0 Received: by 10.216.23.129 with SMTP id v1mr5538217wev.49.1286211766876; Mon, 04 Oct 2010 10:02:46 -0700 (PDT) Received: by 10.216.133.133 with HTTP; Mon, 4 Oct 2010 10:02:12 -0700 (PDT) In-Reply-To: References: Date: Mon, 4 Oct 2010 12:02:12 -0500 Message-ID: From: Brandon Gooch To: Eduardo Meyer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: ipfw@freebsd.org Subject: Re: layer2 ipfw 'fwd' support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2010 17:02:49 -0000 On Mon, Oct 4, 2010 at 9:44 AM, Eduardo Meyer wrote: > Hello, > > In the past I have used this patch by Luigi Rizzo, which helped me well. > > http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-September/000526.htm= l > > I tried with a friend to port it to -STABLE, but we were not able to > find out what has replaced mt_tag. Also on ip_input.c we dirty hacked > to following piece of code: > > #ifdef IPFIREWALL_FORWARD > =A0 =A0 =A0 =A0if (m->m_flags & M_FASTFWD_OURS) { > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0m->m_flags &=3D ~M_FASTFWD_OURS; > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0goto pass; /* XXX was 'ours' - SHOULD WE M= ODIFY IT HERE */ > =A0 =A0 =A0 =A0} > =A0 =A0 =A0 =A0if ((dchg =3D (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != =3D NULL)) !=3D 0) { > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/* > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * Directly ship the packet on. =A0This al= lows forwarding > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * packets originally destined to us to so= me other directly > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * connected host. > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 */ > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ip_forward(m, dchg); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return; > =A0 =A0 =A0 =A0} > #endif /* IPFIREWALL_FORWARD */ > > And this is something we are not sure if its correct. > > So my very obvious question is: > > Does anyone has a recent version of this patch to share? > > Can anyone familiar with ipfw source code help me with that? > I'm certainly not an expert, but I wonder if the patch your referring to is still required? Can you provide more detail about your particular application? -Brandon