From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 19 12:18:56 2012 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 64A37E39; Fri, 19 Oct 2012 12:18:56 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [8.8.178.136]) by mx2.freebsd.org (Postfix) with ESMTP id 232A43B4F7F; Fri, 19 Oct 2012 12:18:54 +0000 (UTC) Message-ID: <50814523.2070002@FreeBSD.org> Date: Fri, 19 Oct 2012 16:18:43 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:15.0) Gecko/20121010 Thunderbird/15.0.1 MIME-Version: 1.0 To: Andre Oppermann Subject: Re: [RFC] Enabling IPFIREWALL_FORWARD in run-time References: <508138A4.5030901@FreeBSD.org> <50814166.1000602@networx.ch> In-Reply-To: <50814166.1000602@networx.ch> X-Enigmail-Version: 1.4.3 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC2F9C7A14662BA4A777BD6AB" Cc: ipfw@freebsd.org, net@freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Oct 2012 12:18:56 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC2F9C7A14662BA4A777BD6AB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 19.10.2012 16:02, Andre Oppermann wrote:>> http://people.freebsd.org/~ae/pfil_forward.diff >> >> Also we have done some tests with the ixia traffic generator connected= >> via 10G network adapter. Tests have show that there is no visible >> difference, and there is no visible performance degradation. >> >> Any objections? > > No objection as such. However I don't entirely agree with the > naming of pfil_forward. The functionality is specific to IPFW > and TCP, it's doing transparent interjected termination of tcp > connections on the local host while keeping the original IP > addresses and port numbers visible in netstat output. > > So it's a feature of IPFW/IP and should be fitted in there for > sysctl name and .h files instead of pfil. Actually it can be used not only by ipfw. We already have net.inet.ip.forwarding and net.inet6.ip6.forwarding variables, and placing it into net.inet.ip.fw is undesirable, because we can have kernel without ipfw. So, i decided to choose pfil, because it could not work without pfil. --=20 WBR, Andrey V. Elsukov --------------enigC2F9C7A14662BA4A777BD6AB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJQgUUqAAoJEAHF6gQQyKF6pyMIAILQkM9tSI6KL5bdG7qotu/Q ulM49kdqP6eHNGt2FMCy634r6uM7HNPK0oY3cZq9acxbUFXf/es8PViz/ELCFmcL V1BUAoDj2J6PBx4n1oGNf+efV9J/s/7YHLj93RH1hgFWVOIOoPdzlyhm/bIs5Dz2 HQ7Nw92GfMCIFREEcZZ55H5ai9xUJoP4BOYDrJ/za9I/XpxTTzqoGUrEJFJUKJP9 ASArYTggA5UrESKTMg/WV2/pIlmwkfEtgAjzAkjweeUi4N3T6QRjY8w8lbz7aZn0 GOq60Ia6cmmrwDZkmTmJ9NJGNKQ7yRlheprcLh9pmoWPEKpgZedcYeDcTLkrprk= =fWAC -----END PGP SIGNATURE----- --------------enigC2F9C7A14662BA4A777BD6AB--