Updated ipfw to pfil_hooks patch
Andre Oppermann
andre at freebsd.org
Fri Aug 13 14:48:58 PDT 2004
I've put a fresh diff of my current work of converting ipfw to use the
pfil_hooks API to grab its fresh packet food.
http://www.nrg4u.com/freebsd/ipfw-pfilhooks-and-more-20040813.diff
The code is approaching finalization but is not yet there. No need for
syntactic nitpicking yet.
State of the diff:
o Normal IPFW packet filter firewalling works fine - STABLE
o IPDIVERT works fine - STABLE
o DUMMYNET works fine - STABLE
o IPFORWARD works for forwarding to local sockets on the ip_input and ip_output
path' - TESTING
o IPFORWARD works for forwarding to remote addresses only on the ip_output path
-TESTING
o Layer 2 IPFW for ethernet in/out and bridging does not work in the patch
What remains to be done:
o General code polishing around the core functions which are already cleaned up
o Undo the removal of the Layer2 and bridge hooks and continue to invoke IPFW the
old way for the moment (does not hurt)
o Fix IPFORWARD to remote to work on ip_input path too
o Undo the move of all IP options functions to their own source file
o Make IPDIVERT a loadable kernel module (later)
My goal is to get this stuff into 5.3R before the code freeze.
----------------------------------------------------------------------------------
Anyone wanting to give the patch a try, feel free to do so and report back the
problems or success stories! (Except for Layer2/bridging IPFW which does not work
in the above patch).
----------------------------------------------------------------------------------
--
Andre
More information about the freebsd-current
mailing list