[email@example.com: Request for review: ipfw2 for IPV6]
rizzo at icir.org
Wed Jan 14 13:02:30 PST 2004
just a note that i posted this to the ipfw list -- please
look at the ipfw list for the actual patch
----- Forwarded message from Luigi Rizzo <rizzo at icir.org> -----
Date: Wed, 14 Jan 2004 13:01:22 -0800
From: Luigi Rizzo <rizzo at icir.org>
Subject: Request for review: ipfw2 for IPV6
To: ipfw at freebsd.org
I am attaching some very experimental (and only partly functional)
code to use ipfw2/dummynet with IPV6.
THIS IS NOT RECOMMENDED FOR REGULAR USE, JUST FOR EVALUATION.
The code has been developed by two students of mine, Mariano
Tortoriello and Raffaele De Lorenzo, and I only revised it briefly.
I think the overall architecture is reasonably close to the final
one, although there are some optimizations and changes to improve
compatibility with other kernel options.
We would really appreciate testing by someone who is a kernel programmer
who has access to ipv6 network and some knowledge of the ipv6 code,
and thus can give advice on how to improve this code, and possibly
suggest fixes for the trivial bugs that are there.
+ the patch is based on 4.9_RELEASE
+ move just above your src/ directory and do a
gzcat ipfw6.040114a.diff.gz | patch
+ install the patched copy of netinet/ip_dummynet.h and ip_fw2.h
+ add the IPFIREWALL and IPFW2 options in the kernel, together with the
IPV6 options (no IPV6FIREWALL)
+ rebuild and reinstall the kernel and /sbin/ipfw, remember
to use "make -DIPFW2" for the latter
At this point you should be able to use ipv6 addresses in ipfw
instruction, the new option "ipv6" which only matches ipv6
The system _will_ panic if you are trying to use dummynet on
output packets, the reasons of the panic are still to investigate.
Dummynet on the input path seems to work, as well as on layer2.
There might be other bugs, which I would be happy to hear about
as i only did very limited testing.
----- End forwarded message -----
More information about the freebsd-net