Date: Mon, 01 Jan 2001 23:24:41 -0700 From: Wes Peters <wes@softweyr.com> To: "C. Stephen Gunn" <csg@waterspout.com> Cc: Julian Elischer <julian@elischer.org>, "freebsd-net@FreeBSD.ORG" <freebsd-net@FreeBSD.ORG> Subject: Re: Problems with VLAN and natd. Message-ID: <3A517429.91B2F251@softweyr.com> References: <200101020501.AAA58976@tsunami.waterspout.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"C. Stephen Gunn" wrote:
>
> On Sun, 31 Dec 2000 19:54:19 PST, Julian Elischer wrote:
>
> > > The current VLAN (and Ethernet) implementaiton in FreeBSD needs work.
> > > FreeBSD should should handle multiple ethernet encapsulations on
> > > the same physical interface, and relay packets to/from some subordinate
> > > interface. This support would factor-out the need for current
> > > work-arounds like if_vlan, and if_ef, and perhaps even if_tap.
> >
> > sounds like a perfect use for netgraph..
>
> I've thought about this, and and a migation to netgraph would
> require significant changes to how FreeBSD handles Ethernet (and
> other IEEE 802) interfaces.
>
> For example, you would no longer simply ``ifconfig xl'', but
> associate a netgraph link-layer node on top of the xl interface,
> and a netgraph interface node on top of the link-layer node, which
> would function (mostly) like xl does now.
>
> Netgraph is an excellent technology. While your comment makes
> sense, there are several issues that will need to be addressed.
> For instance, the current ARP implementation in FreeBSD is
> entangled with the generic ethernet code.
Under netgraph, it would be just another protocol in a netgraph node,
and could be added to (and removed from) the interface as needed. That
would be interesting from the standpoint of a secure system over which
you wanted to control the ARP entries. Being able to simply turn off
dynamic ARP has been discussed often, but never really acted upon.
Doing link-layer encapsulation modules is really not very difficult.
I've written pretty much the full complement, covering ethernet (10,
100, and 1000), FDDI/CDDI, token ring, ATM, and Frame Relay. (Chuck,
I can identify that protocol in 20 instructions.)
> I'm afraid to even contemplate the POLA and backward compatability
> issues involved.
Why would we need to violate POLA? The obvious default would be to
extend ifconfig to configure the new protocol types, and to assume
EthII framing unless explicitly specified.
> If this discussion is non-casual, we should eventually migrate
> it over to -arch.
Perhaps so. If someone does the work to move EthII into netgraph, I can
certainly contribute a SNAP/LLC module, and maybe even extensions to
ifconfig so you can use it. ;^)
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A517429.91B2F251>