pf (rules and nat) + (ipfw + dummynet)

Andrew White andywhite at gmail.com
Sun Aug 18 12:24:37 UTC 2019 

Best of luck with this endeavor !

A very quick scan of that patch seems to include a lot more changes to ipfw
than I would expect, perhaps other bug fixes or feature changes that are
unrelated ?  It also reads like it defines new pf rule actions, so I
imagine you configure pf by setting the rule action to be dnpipe or
something similar.  mac OS seems to use an anchor type called
dummynet-anchor fwiw.

If this works in pfsense, perhaps the developers there would assist getting
their patches into freebsd so they don't have to maintain them outside of
freebsd source.

Andrew

On Sun, Aug 18, 2019 at 10:33 AM Goran Mekić <meka at tilda.center> wrote:

> Hello,
>
> If I knew we almost made it compile and boot (with dummynet, pf and pflog
> loaded),
> I would postpone the previous email. :o)
>
> The code I'm working on is
> https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0.
> It is nothing more than releng/12.0 branch into which I copied parts of
> PFSense
> code until it started working. I still don't know how to test it, as I'm
> not
> sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw
> pipe list" to show the pipes without ipfw module loaded. Once loaded,
> ipfw lets you manage dummynet. What I do for now is load ipfw, set the
> pipes, unload ipfw.
>
> If anyone knows how to configure pf.conf so that it passes everything
> it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and
> create /sbin/dnctl so we don't have to depend on IPFW at all, but I
> would like it to start working like this, first.
>
> My concerns about this patch is that it changes IPFW, too. I don't know
> if the following link is visible if you're not logged into github, but
> it shows the difference between releng/12.0 and this branch:
>
> https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/pf+dummynet/12.0?expand=1
>
> Anyway, my priority is to make it work somehow, then clean it up, port
> to -CURRENT and only then write dnctl.
>
> As always, all help is more than welcome as this is my first kernel
> development task ever.
>
> Regards,
> meka
>

More information about the freebsd-net mailing list