From owner-freebsd-ipfw@FreeBSD.ORG  Fri Dec  7 10:14:59 2012
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id BDA17D8
 for <freebsd-ipfw@freebsd.org>; Fri,  7 Dec 2012 10:14:59 +0000 (UTC)
 (envelope-from luigi@onelab2.iet.unipi.it)
Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238])
 by mx1.freebsd.org (Postfix) with ESMTP id 74C9E8FC12
 for <freebsd-ipfw@freebsd.org>; Fri,  7 Dec 2012 10:14:57 +0000 (UTC)
Received: by onelab2.iet.unipi.it (Postfix, from userid 275)
 id 56D127300A; Fri,  7 Dec 2012 11:06:56 +0100 (CET)
Date: Fri, 7 Dec 2012 11:06:56 +0100
From: Luigi Rizzo <rizzo@iet.unipi.it>
To: "Finlayson, James" <jmfinla@lps.umd.edu>
Subject: Re: Linux ipfw sysctl equivalents
Message-ID: <20121207100656.GB32402@onelab2.iet.unipi.it>
References: <3E9C7E247905FE44A1556F1E7B959E7604C4D23768@cec-exch.cec.lps.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3E9C7E247905FE44A1556F1E7B959E7604C4D23768@cec-exch.cec.lps.gov>
User-Agent: Mutt/1.4.2.3i
Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 10:14:59 -0000

On Thu, Dec 06, 2012 at 10:03:00AM -0500, Finlayson, James wrote:
> Hi,
> I'm trying to build a dummynet box on linux (Centos 6.3).   I have a bridge created that properly forwards packets, however I cannot seem to alter their behavior with ipfw pipes.  I've used dummynet on FreeBSD without issue, but I can't seem to find a Linux equivalent to the following two sysctl commands that will allow me to send bridged packets through ipfw.
> 
>      net.link.ether.ipfw: 0
>              Controls whether layer-2 packets are passed to ipfw.  Default is
>              no.
> 
>      net.link.bridge.ipfw: 0
>              Controls whether bridged packets are passed to ipfw.  Default is
>              no.

there is no equivalent, the dummynet version on linux only works
at layer3 (attached to the pfilter hooks). Probably it can be
made to work at a lower layer but i am not sure how.

Other FreeBSD sysctl are remapped to /sys/module/ipfw_mod/parameters/*
and accessible with regular filesystem read/write calls

cheers
luigi