Re: Unified rc.firewall ipfw me/me6 issue

From: Hajimu UMEMOTO <ume_at_freebsd.org>
Date: Sun, 17 Jan 2010 17:42:58 +0900
Hi,

>>>>> On Sun, 10 Jan 2010 19:52:32 +0100
>>>>> Luigi Rizzo <rizzo_at_iet.unipi.it> said:

rizzo> We only need one 'me' option that matches v4 and v6, because the
rizzo> other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
rizzo> cost (the code for 'me' only scans the list corresponding to the
rizzo> actual address family of the packet).  I would actually vote for
rizzo> removing the 'me6' microinstruction from the kernel, and implement
rizzo> it in /sbin/ipfw by generating 'ip6 me'.

rizzo> Feel free to commit the change yourself.

Thank you.  I've committed 1st patch and 3rd patch.
I think it is better removing the 'me6' microinstruction from the
kernel, and implement it in /sbin/ipfw by generating 'ip6 me'.
However, it seems to me that /sbin/ipfw is not designed to generate
two microinstructions (ip6 me) per one 'me6' easily.

Sincerely,

--
Hajimu UMEMOTO _at_ Internet Mutual Aid Society Yokohama, Japan
ume_at_mahoroba.org  ume_at_{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Received on Sun Jan 17 2010 - 07:43:11 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:00 UTC