Unified rc.firewall ipfw me/me6 issue
Hajimu UMEMOTO
ume at freebsd.org
Sun Jan 17 08:43:11 UTC 2010
Hi,
>>>>> On Sun, 10 Jan 2010 19:52:32 +0100
>>>>> Luigi Rizzo <rizzo at iet.unipi.it> said:
rizzo> We only need one 'me' option that matches v4 and v6, because the
rizzo> other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
rizzo> cost (the code for 'me' only scans the list corresponding to the
rizzo> actual address family of the packet). I would actually vote for
rizzo> removing the 'me6' microinstruction from the kernel, and implement
rizzo> it in /sbin/ipfw by generating 'ip6 me'.
rizzo> Feel free to commit the change yourself.
Thank you. I've committed 1st patch and 3rd patch.
I think it is better removing the 'me6' microinstruction from the
kernel, and implement it in /sbin/ipfw by generating 'ip6 me'.
However, it seems to me that /sbin/ipfw is not designed to generate
two microinstructions (ip6 me) per one 'me6' easily.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
More information about the freebsd-current
mailing list