ipfw2 for IPV6
Brooks Davis
brooks at one-eyed-alien.net
Fri Sep 10 11:40:20 PDT 2004
On Mon, Sep 06, 2004 at 01:09:57AM +0200, Andre Oppermann wrote:
> Brooks Davis wrote:
> >
> > I'm working on updating the IPFW2 for IPv6 patch Luigi posted back in
> > April. I've got it partially working with pfil, but I've run into some
> > issues with linklocal addresses and dummynet6. Inbound rules work fine,
> > but output rules do not because the route struct is not carried in to
> > the pfil hook and thus the output interface is lost.
>
> You are supposed to give the output interface as an argument to pfil_run_
> hooks(). Doesn't that sufficise?
I've been thinking about this and I think the problme is that we need
to pass the route in to ip6_output in the link local address case. I
think we can generate it in dummynet (at least I hope we can), but I
need to figure that out. I'm going to read some more code today and
I've got the Design and Implementaiton book coming next week. At this
point it's probably the best doc around since no one has updated TCP/IP
Illustrated v2 yet (I'd love to see a new version based on FreeBSD 6).
> I guess the best thing is to involve <gnn at neville-neil.org> into this.
> He's cutting his teeth on the IPv6 code and this is probably something
> he can give some insights.
I'm talking to him (rwatson noticed my branch and pointed him to it).
> PS: What about ipfw6?
Robert wants to kill it off so we don't have to lock it. As Luigi says,
it's redundent once ipfw support IPv6.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20040910/59dc51e7/attachment.bin
More information about the freebsd-ipfw
mailing list