From owner-freebsd-ipfw@FreeBSD.ORG  Mon Oct  4 19:18:21 2010
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D111B106564A
	for <ipfw@freebsd.org>; Mon,  4 Oct 2010 19:18:21 +0000 (UTC)
	(envelope-from dudu.meyer@gmail.com)
Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com
	[209.85.215.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 5F8598FC0C
	for <ipfw@freebsd.org>; Mon,  4 Oct 2010 19:18:20 +0000 (UTC)
Received: by eyx24 with SMTP id 24so2579809eyx.13
	for <multiple recipients>; Mon, 04 Oct 2010 12:18:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:in-reply-to
	:references:date:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=8AdkQplO39HCOeVB4gV06REiXgYUaB0YCU9bWYAmcFo=;
	b=Jf35jKEKhzISOh7BMK5psfhn4a+5d0ou7emM7pQ3ohlI7AAgT+hJQuK/PLbi/CrnVb
	lbYtj/bzBTPaIspq1g8LnvTcTmcnGjxybRASpusF0848CObDLCN4dTV0WKepx1DuvpAF
	9gSqOF4Q7NyflBpiIlvIzYyN0QQRuW5T/+ErA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	b=W4+0hCdPjR8KBUWIhtM/uDEqO2vA3DPeUqNvl1GqjpDzq/A4vosI5GKpN3M6k2moHu
	yWRn0wQvAiyypOQQdVM9q9zzEltKKZRWvhvw7VmoRssfkQAElz3/zS2bbmMJ70VNLNgn
	yRmMX1nHHC5owuzUX+iA+1grtt9nEQb29fRvI=
MIME-Version: 1.0
Received: by 10.223.126.15 with SMTP id a15mr9530750fas.67.1286219897581; Mon,
	04 Oct 2010 12:18:17 -0700 (PDT)
Received: by 10.223.35.203 with HTTP; Mon, 4 Oct 2010 12:18:17 -0700 (PDT)
In-Reply-To: <4CAA1E7B.1020107@freebsd.org>
References: <AANLkTi=wHkmfDmoPrKN1SRcE9m=1_5iieAd85hQNWHs1@mail.gmail.com>
	<AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com>
	<AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com>
	<4CAA1E7B.1020107@freebsd.org>
Date: Mon, 4 Oct 2010 16:18:17 -0300
Message-ID: <AANLkTikExTKMWvvDwn=rVUSqwz6UeVXi8WOSsHROQYq+@mail.gmail.com>
From: Eduardo Meyer <dudu.meyer@gmail.com>
To: Julian Elischer <julian@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: Brandon Gooch <jamesbrandongooch@gmail.com>, ipfw@freebsd.org,
	Adrian Chadd <adrian@ucc.gu.uwa.edu.au>
Subject: Re: layer2 ipfw 'fwd' support
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Oct 2010 19:18:22 -0000

On Mon, Oct 4, 2010 at 3:35 PM, Julian Elischer <julian@freebsd.org> wrote:
> =A0On 10/4/10 10:16 AM, Eduardo Meyer wrote:
>>
>> On Mon, Oct 4, 2010 at 2:02 PM, Brandon Gooch
>> <jamesbrandongooch@gmail.com> =A0wrote:
>>>
>>> On Mon, Oct 4, 2010 at 9:44 AM, Eduardo Meyer<dudu.meyer@gmail.com>
>>> =A0wrote:
>>>>
>>>> Hello,
>>>>
>>>> In the past I have used this patch by Luigi Rizzo, which helped me wel=
l.
>>>>
>>>>
>>>> http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-September/000526.=
html
>>>>
>>>> I tried with a friend to port it to -STABLE, but we were not able to
>>>> find out what has replaced mt_tag. Also on ip_input.c we dirty hacked
>>>> to following piece of code:
>>>>
>>>> #ifdef IPFIREWALL_FORWARD
>>>> =A0 =A0 =A0 =A0if (m->m_flags& =A0M_FASTFWD_OURS) {
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0m->m_flags&=3D ~M_FASTFWD_OURS;
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0goto pass; /* XXX was 'ours' - SHOULD W=
E MODIFY IT HERE
>>>> */
>>>> =A0 =A0 =A0 =A0}
>>>> =A0 =A0 =A0 =A0if ((dchg =3D (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL=
) !=3D NULL))
>>>> !=3D 0) {
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/*
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * Directly ship the packet on. =A0This=
 allows forwarding
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * packets originally destined to us to=
 some other
>>>> directly
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 * connected host.
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 */
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ip_forward(m, dchg);
>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
>>>> =A0 =A0 =A0 =A0}
>>>> #endif /* IPFIREWALL_FORWARD */
>>>>
>>>> And this is something we are not sure if its correct.
>>>>
>>>> So my very obvious question is:
>>>>
>>>> Does anyone has a recent version of this patch to share?
>>>>
>>>> Can anyone familiar with ipfw source code help me with that?
>>>>
>>> I'm certainly not an expert, but I wonder if the patch your referring
>>> to is still required? Can you provide more detail about your
>>> particular application?
>>>
>>> -Brandon
>>
>> Yes, its still required since ipfw fwd ignores layer2 frames.
>>
>> The application is the very same: squid. I mean, Lusca in fact (squid
>> fork).
>>
>> Thank you for your interest.
>
> Cisco/Ironport have a patch that does this..
> I had permission to bring it back when I worked there but never got it
> committed.
>
> Adrian, was it part of the set I gave you?

Hello Elischer,

Was this made public?

I hope Chadd has some good news. In fact I tent to use with Lusca in
tproxy mode. I bet this is the only missing piece of software.

--=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Eduardo Meyer
pessoal: dudu.meyer@gmail.com
profissional: ddm.farmaciap@saude.gov.br