[PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility)

Joao Barros joao.barros at gmail.com
Sun Jun 11 22:30:19 UTC 2006 

On 6/11/06, Vadim Goncharov <vadim_nuclight at mail.ru> wrote:
> 11.06.06 @ 22:36 Joao Barros wrote:
>
> Original message is at:
> http://lists.freebsd.org/pipermail/freebsd-current/2006-June/063821.html
>
> > I'm very interested in this, great work! :-)
> > I can't load the kld on my Sun Sparc, I think I messed up ld yesterday
> > trying to patch for a bug that show's in firefox and mozilla. It
> > compiles, just doesn't run. As soon as I have it up and running I'll
> > give you feedback.
>
> Umm, that's a kernel module, it shouldn't have any relations with ld. What
> diagnostics has it said on failed load?

ultra5# make
Warning: Object directory not changed from original /root/ng_tag
@ -> /usr/src/sys
machine -> /usr/src/sys/sparc64/include
touch opt_netgraph.h
cc -O2 -pipe -g -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE
-nostdinc -I-  -I/root/ng_tag -I. -I@ -I@/contrib/altq -I@/../include
-I/usr/include -finline-limit=15000 -fno-common  -mcmodel=medlow
-msoft-float -ffreestanding -Wall -Wredundant-decls -Wnested-externs
-Wstrict-prototypes  -Wmissing-prototypes -Wpointer-arith -Winline
-Wcast-qual  -fformat-extensions -std=c99 -c ng_tag.c
ld  -d -warn-common -r -d -o ng_tag.kld ng_tag.o
touch export_syms
awk -f /sys/conf/kmod_syms.awk ng_tag.kld  export_syms | xargs -J%
objcopy % ng_tag.kld
ld -Bshareable  -d -warn-common -o ng_tag.ko ng_tag.kld
objcopy --strip-debug ng_tag.ko
ultra5# kldload ./ng_tag.kld
kldload: can't load ./ng_tag.kld: Exec format error
ultra5# file ng_tag.kld
ng_tag.kld: ELF 64-bit MSB relocatable, SPARC V9, version 1 (FreeBSD),
not stripped

>
> > Have you tested it with pf? If so can you give me some examples?
>
> No, it wasn't tested with pf. The problem with pf is that pf compiles all
> the rules at the time, so exact tags representation can change each time
> (for this reason ipfw tags were made incompatible with pf), and you must
> that values to supply them to . However, if you find a method how to
> obtain tag values info from in-kernel pf structures, you'll be able to use
> it with pf. It doesn't support well integration with netgraph, though.
>
> Another option is to use ipfw - it supports pf's altq(4) shaping, if that
> is all you need.
>
> > I'm particularly interested in this for doing packed shaping, especially
> > on P2P.
>
> Yes, I'm also looking for possibility of shaping, but I can't test (no
> resources) it currently. Also, as it seems non-trivial on current ipfw
> dynamic rules implementation, I don't know if shaping will work at all.

I'm not a ipfw user, but if this were to be possible it would be very nice :-)

-- 
Joao Barros

More information about the freebsd-current mailing list