Date: Mon, 04 Oct 2010 11:35:39 -0700 From: Julian Elischer <julian@freebsd.org> To: Eduardo Meyer <dudu.meyer@gmail.com> Cc: Brandon Gooch <jamesbrandongooch@gmail.com>, ipfw@freebsd.org, Adrian Chadd <adrian@ucc.gu.uwa.edu.au> Subject: Re: layer2 ipfw 'fwd' support Message-ID: <4CAA1E7B.1020107@freebsd.org> In-Reply-To: <AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com> References: <AANLkTi=wHkmfDmoPrKN1SRcE9m=1_5iieAd85hQNWHs1@mail.gmail.com> <AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com> <AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/4/10 10:16 AM, Eduardo Meyer wrote: > On Mon, Oct 4, 2010 at 2:02 PM, Brandon Gooch > <jamesbrandongooch@gmail.com> wrote: >> On Mon, Oct 4, 2010 at 9:44 AM, Eduardo Meyer<dudu.meyer@gmail.com> wrote: >>> Hello, >>> >>> In the past I have used this patch by Luigi Rizzo, which helped me well. >>> >>> http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-September/000526.html >>> >>> I tried with a friend to port it to -STABLE, but we were not able to >>> find out what has replaced mt_tag. Also on ip_input.c we dirty hacked >>> to following piece of code: >>> >>> #ifdef IPFIREWALL_FORWARD >>> if (m->m_flags& M_FASTFWD_OURS) { >>> m->m_flags&= ~M_FASTFWD_OURS; >>> goto pass; /* XXX was 'ours' - SHOULD WE MODIFY IT HERE */ >>> } >>> if ((dchg = (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL)) != 0) { >>> /* >>> * Directly ship the packet on. This allows forwarding >>> * packets originally destined to us to some other directly >>> * connected host. >>> */ >>> ip_forward(m, dchg); >>> return; >>> } >>> #endif /* IPFIREWALL_FORWARD */ >>> >>> And this is something we are not sure if its correct. >>> >>> So my very obvious question is: >>> >>> Does anyone has a recent version of this patch to share? >>> >>> Can anyone familiar with ipfw source code help me with that? >>> >> I'm certainly not an expert, but I wonder if the patch your referring >> to is still required? Can you provide more detail about your >> particular application? >> >> -Brandon > Yes, its still required since ipfw fwd ignores layer2 frames. > > The application is the very same: squid. I mean, Lusca in fact (squid fork). > > Thank you for your interest. Cisco/Ironport have a patch that does this.. I had permission to bring it back when I worked there but never got it committed. Adrian, was it part of the set I gave you?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CAA1E7B.1020107>