RFC: ported NetBSD if_bridge

Mark Nipper nipsy at tamu.edu
Sat Apr 17 01:18:38 PDT 2004

On 17 Apr 2004, Julian Elischer wrote:
> that means I need an ng_ether node, an ng_etf, a ng_bridge, an
> ng_ksocket and an ng_socket..
> plug plug plug... done...
> and if there isn't a node to do what you want..
> cd /sys/netgraph
> cp ng_sample.c ng_mytype.c
> vi mytype.c
> [hack hack]
> submit back to tree....

	I absolutely agree with everything else you said except
this.  :)  I think it is a little presumptuous to tell every user
to sit down and knock out their own module if an ng module does
not already exist for what they are trying to do.  Sure, ng_bpf
exists, but does it do what say Snort does without additional
programming (yes, I know, bad example!).  Hence the problem with
a lot of ng related tasks; coding is never too far from the realm
of possibility.

	Which, incidentally, was why I chose OpenBSD over FreeBSD
for the Snort box/firewall I was working on.  The bridge
manipulations made perfect sense the first time I looked at them
and PF did everything it could normally do (including the
redirects to localhost), even over a bridged interface.  I even
ended up in a debate with a die hard FreeBSD'er who was mumbling
about whipping up some code to provide similar functionality with
ng.  And I was like great, then go code it!  I'll just start
implementing this other solution now which already works and
required no coding on my part, which admittedly, is not my strong
suit.  Needless to say, I was finished first.

	Blah.  umount soapbox.  I hate to waste the devlopers'
time with silly e-mail too!  :)

