pf (rules and nat) + (ipfw + dummynet)
Goran Mekić
meka at tilda.center
Sun Aug 18 09:33:54 UTC 2019
Hello,
If I knew we almost made it compile and boot (with dummynet, pf and pflog loaded),
I would postpone the previous email. :o)
The code I'm working on is https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0.
It is nothing more than releng/12.0 branch into which I copied parts of PFSense
code until it started working. I still don't know how to test it, as I'm not
sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw
pipe list" to show the pipes without ipfw module loaded. Once loaded,
ipfw lets you manage dummynet. What I do for now is load ipfw, set the
pipes, unload ipfw.
If anyone knows how to configure pf.conf so that it passes everything
it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and
create /sbin/dnctl so we don't have to depend on IPFW at all, but I
would like it to start working like this, first.
My concerns about this patch is that it changes IPFW, too. I don't know
if the following link is visible if you're not logged into github, but
it shows the difference between releng/12.0 and this branch:
https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/pf+dummynet/12.0?expand=1
Anyway, my priority is to make it work somehow, then clean it up, port
to -CURRENT and only then write dnctl.
As always, all help is more than welcome as this is my first kernel
development task ever.
Regards,
meka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20190818/3d6778c9/attachment.sig>
More information about the freebsd-net
mailing list