Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Aug 2004 16:40:31 -0700
From:      Sam Leffler <sam@errno.com>
To:        Andre Oppermann <andre@FreeBSD.org>
Cc:        cvs-src@FreeBSD.org
Subject:   Re: cvs commit: src/sys/conf files options src/sys/modules/ipfw Makefile  src/sys/net bridge.c src/sys/netgraph ng_bridge.c src/sys/netinet  ip_divert.c ip_dummynet.c ip_dummynet.h ip_fastfwd.c ip_fw.h ip_fw2.c  ip_fw_pfil.c ip_input.c ip_output.c ...
Message-ID:  <200408171640.31631.sam@errno.com>
In-Reply-To: <41229617.CB69E0BE@freebsd.org>
References:  <200408172205.i7HM5sDs087606@repoman.freebsd.org> <200408180122.28379.max@love2party.net> <41229617.CB69E0BE@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tuesday 17 August 2004 04:34 pm, Andre Oppermann wrote:
> Max Laier wrote:
> > On Wednesday 18 August 2004 00:05, Andre Oppermann wrote:
> > > andre       2004-08-17 22:05:54 UTC
> > >
> > >   FreeBSD src repository
> > >
> > >   Modified files:
> > >     sys/conf             files options
> > >     sys/modules/ipfw     Makefile
> > >     sys/net              bridge.c
> > >     sys/netgraph         ng_bridge.c
> > >     sys/netinet          ip_divert.c ip_dummynet.c ip_dummynet.h
> > >                          ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c
> > >                          ip_output.c ip_var.h raw_ip.c tcp_input.c
> > >                          tcp_sack.c
> > >     sys/sys              mbuf.h
> > >   Added files:
> > >     sys/netinet          ip_fw_pfil.c
> > >   Log:
> > >   Convert ipfw to use PFIL_HOOKS.
> >
> > Excellent!!! Great!!!! Thank you!!!
> >
> > I don't like the hack to bridge.c, but that's marked XXX so I guess you
> > don't either. I hope we can clean this up for RELENG_5_3, though.
>
> No, I don't like it at all.  I have some code ready but did not have time
> to test it before code freeze.  What I want to do is a PFIL_HOOK with
> protocol AF_ETHER which gives you the full layer2 header in the packet.
> What the packet filter does with it is up its implementation.  For example
> it might ignore everthing but IP packets or provide ether header matching
> functionality or such.
>
> I think we (mlaier and me) could cook this up within a week.  Though I'm
> not sure much RE is going to like this kind of changes at this time.

My original version of this work added several new pfil hooks for stuff like 
this.

	Sam

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408171640.31631.sam>