I've put a fresh diff of my current work of converting ipfw to use the pfil_hooks API to grab its fresh packet food. http://www.nrg4u.com/freebsd/ipfw-pfilhooks-and-more-20040813.diff The code is approaching finalization but is not yet there. No need for syntactic nitpicking yet. State of the diff: o Normal IPFW packet filter firewalling works fine - STABLE o IPDIVERT works fine - STABLE o DUMMYNET works fine - STABLE o IPFORWARD works for forwarding to local sockets on the ip_input and ip_output path' - TESTING o IPFORWARD works for forwarding to remote addresses only on the ip_output path -TESTING o Layer 2 IPFW for ethernet in/out and bridging does not work in the patch What remains to be done: o General code polishing around the core functions which are already cleaned up o Undo the removal of the Layer2 and bridge hooks and continue to invoke IPFW the old way for the moment (does not hurt) o Fix IPFORWARD to remote to work on ip_input path too o Undo the move of all IP options functions to their own source file o Make IPDIVERT a loadable kernel module (later) My goal is to get this stuff into 5.3R before the code freeze. ---------------------------------------------------------------------------------- Anyone wanting to give the patch a try, feel free to do so and report back the problems or success stories! (Except for Layer2/bridging IPFW which does not work in the above patch). ---------------------------------------------------------------------------------- -- AndreReceived on Fri Aug 13 2004 - 19:48:57 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:06 UTC