RFC: ported NetBSD if_bridge
Bruce A. Mah
bmah at freebsd.org
Sat Apr 17 08:37:07 PDT 2004
If memory serves me right, Julian Elischer wrote:
> > 1. ng_bridge(4) doesn't do spanning tree. Neither does bridge(4).
>
> WHICH spanning tree? Spanning tree is a generic term..
> Are you refering to a particular implimentation of something that uses
> spanning tree algorythms?
Someone else beat me to this but I was under the impression that
if_bridge supported the spanning tree protocol/algorithm used by
Ethernet switches.
> > 2. A problem that I saw was that ng_bridge(4) didn't interact very well
> > with IPFilter...specifically, I recall that IPFilter rules had no effect
> > on bridged packets. This was a problem when I was trying to add
> > filtered bridging to m0n0wall...the maintainer and I eventually switched
> > to using bridge(4)-style bridging after resolving a few other problems.
>
> There is a ipfw type netgraph module floating around somewhere that you
> can link in with ng_bridge to get a much more flexible arangement
> should that be needed. Of course it could do with some work....
Thanks. In this case, it wasn't needed. I actually thought about
writing an "ng_ipf" node but before I figured out how to do it, I
realized the source of the problems we had been having with bridge(4)
and came up with a workaround.
Cheers,
Bruce.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 223 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040417/0fdf9f3d/attachment.bin
More information about the freebsd-current
mailing list