Date: Sun, 11 Jun 2006 23:30:44 -0500 From: "Jeremy Messenger" <mezz7@cox.net> To: "Joao Barros" <joao.barros@gmail.com> Cc: Vadim Goncharov <vadim_nuclight@mail.ru>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) Message-ID: <op.ta0mtifx9aq2h7@mezz.mezzweb.com> In-Reply-To: <70e8236f0606111530i5ec5cd7eh7230ac76f466f1d@mail.gmail.com> References: <optax2g7jq4fjv08@nuclight.avtf.net> <70e8236f0606110836j38f7ca33wa3058eaecf386fb5@mail.gmail.com> <optazz26kn17d6mn@nuclight.avtf.net> <70e8236f0606111530i5ec5cd7eh7230ac76f466f1d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 11 Jun 2006 17:30:16 -0500, Joao Barros <joao.barros@gmail.com> wrote: > On 6/11/06, Vadim Goncharov <vadim_nuclight@mail.ru> wrote: >> 11.06.06 @ 22:36 Joao Barros wrote: >> >> Original message is at: >> http://lists.freebsd.org/pipermail/freebsd-current/2006-June/063821.html >> >> > I'm very interested in this, great work! :-) >> > I can't load the kld on my Sun Sparc, I think I messed up ld yesterday >> > trying to patch for a bug that show's in firefox and mozilla. It >> > compiles, just doesn't run. As soon as I have it up and running I'll >> > give you feedback. >> >> Umm, that's a kernel module, it shouldn't have any relations with ld. >> What >> diagnostics has it said on failed load? > > ultra5# make > Warning: Object directory not changed from original /root/ng_tag > @ -> /usr/src/sys > machine -> /usr/src/sys/sparc64/include > touch opt_netgraph.h > cc -O2 -pipe -g -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE > -nostdinc -I- -I/root/ng_tag -I. -I@ -I@/contrib/altq -I@/../include > -I/usr/include -finline-limit=15000 -fno-common -mcmodel=medlow > -msoft-float -ffreestanding -Wall -Wredundant-decls -Wnested-externs > -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline > -Wcast-qual -fformat-extensions -std=c99 -c ng_tag.c > ld -d -warn-common -r -d -o ng_tag.kld ng_tag.o > touch export_syms > awk -f /sys/conf/kmod_syms.awk ng_tag.kld export_syms | xargs -J% > objcopy % ng_tag.kld > ld -Bshareable -d -warn-common -o ng_tag.ko ng_tag.kld > objcopy --strip-debug ng_tag.ko > ultra5# kldload ./ng_tag.kld > kldload: can't load ./ng_tag.kld: Exec format error > ultra5# file ng_tag.kld > ng_tag.kld: ELF 64-bit MSB relocatable, SPARC V9, version 1 (FreeBSD), > not stripped > >> >> > Have you tested it with pf? If so can you give me some examples? >> >> No, it wasn't tested with pf. The problem with pf is that pf compiles >> all >> the rules at the time, so exact tags representation can change each time >> (for this reason ipfw tags were made incompatible with pf), and you must >> that values to supply them to . However, if you find a method how to >> obtain tag values info from in-kernel pf structures, you'll be able to >> use >> it with pf. It doesn't support well integration with netgraph, though. >> >> Another option is to use ipfw - it supports pf's altq(4) shaping, if >> that >> is all you need. >> >> > I'm particularly interested in this for doing packed shaping, >> especially >> > on P2P. >> >> Yes, I'm also looking for possibility of shaping, but I can't test (no >> resources) it currently. Also, as it seems non-trivial on current ipfw >> dynamic rules implementation, I don't know if shaping will work at all. > > I'm not a ipfw user, but if this were to be possible it would be very > nice :-) If one of you are insteresting to help Bill Marquette with PF with Layer 7 stuff, then check this URL. It has a patch too. http://hitormiss.ucsecurity.com/index.php/2006/01/29/layer-7-queueing/ Cheers, Mezz -- mezz7@cox.net - mezz@FreeBSD.org FreeBSD GNOME Team http://www.FreeBSD.org/gnome/ - gnome@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.ta0mtifx9aq2h7>