Date: Tue, 02 Jan 2001 06:53:37 -0800 From: Julian Elischer <julian@elischer.org> To: Wes Peters <wes@softweyr.com> Cc: "C. Stephen Gunn" <csg@waterspout.com>, "freebsd-net@FreeBSD.ORG" <freebsd-net@FreeBSD.ORG> Subject: Re: Problems with VLAN and natd. Message-ID: <3A51EB71.8286709E@elischer.org> References: <200101020501.AAA58976@tsunami.waterspout.com> <3A517429.91B2F251@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wes Peters wrote: > > "C. Stephen Gunn" wrote: > > > > On Sun, 31 Dec 2000 19:54:19 PST, Julian Elischer wrote: > > > > > > The current VLAN (and Ethernet) implementaiton in FreeBSD needs work. > > > > FreeBSD should should handle multiple ethernet encapsulations on > > > > the same physical interface, and relay packets to/from some subordinate > > > > interface. This support would factor-out the need for current > > > > work-arounds like if_vlan, and if_ef, and perhaps even if_tap. > > > > > > sounds like a perfect use for netgraph.. > > > > I've thought about this, and and a migation to netgraph would > > require significant changes to how FreeBSD handles Ethernet (and > > other IEEE 802) interfaces. > > > > For example, you would no longer simply ``ifconfig xl'', but > > associate a netgraph link-layer node on top of the xl interface, > > and a netgraph interface node on top of the link-layer node, which > > would function (mostly) like xl does now. > > > > Netgraph is an excellent technology. While your comment makes > > sense, there are several issues that will need to be addressed. > > For instance, the current ARP implementation in FreeBSD is > > entangled with the generic ethernet code. > > Under netgraph, it would be just another protocol in a netgraph node, > and could be added to (and removed from) the interface as needed. That > would be interesting from the standpoint of a secure system over which > you wanted to control the ARP entries. Being able to simply turn off > dynamic ARP has been discussed often, but never really acted upon. > > Doing link-layer encapsulation modules is really not very difficult. > I've written pretty much the full complement, covering ethernet (10, > 100, and 1000), FDDI/CDDI, token ring, ATM, and Frame Relay. (Chuck, > I can identify that protocol in 20 instructions.) Under netgraph it's a real SNAP (I can't believe I said that) > > > I'm afraid to even contemplate the POLA and backward compatability > > issues involved. > > Why would we need to violate POLA? The obvious default would be to > extend ifconfig to configure the new protocol types, and to assume > EthII framing unless explicitly specified. send only new protocols out to netgraph.. no POLA to break. > > > If this discussion is non-casual, we should eventually migrate > > it over to -arch. > > Perhaps so. If someone does the work to move EthII into netgraph, I can > certainly contribute a SNAP/LLC module, and maybe even extensions to > ifconfig so you can use it. ;^) have a look at the ng_ether node. > > -- > "Where am I, and what am I doing in this handbasket?" > > Wes Peters Softweyr LLC > wes@softweyr.com http://softweyr.com/ -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000 ---> X_.---._/ from Perth, presently in: Budapest v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A51EB71.8286709E>