On 1/30/12 4:01 AM, Ermal Luçi wrote:
Hello,
from needs on pfSense a patch for allowing multiple intances of
ipfw(4) in kernel to co-exist was developed.
It can be found here
https://raw.github.com/bsdperimeter/pfsense-tools/master/patches/RELENG_9_0/CP_multi_instance_ipfw.diff
It is used in conjuction with this tool
https://raw.github.com/bsdperimeter/pfsense-tools/master/pfPorts/ipfw_context/files/ipfw_context.c
It allows creation of contextes/instances and assignment of specific
interfaces to specific contexts/instances.
Surely i know that this is not the best way to implement generically
but it gets the job done for us as it is, read below.
What i would like to know is if there is interest to see such
functionality in FreeBSD?
I am asking first to see if there is some consensus about this as a
feature, needed or not!
If interest is shown i will transform the patch to allow:
- ipfw(8) to manage the contextes create/destroy
- ipfw(8) to manage interface membership. Closing the race of two
parallell clients modifying different contextes.
There is another design choice to be made about storing the membership
of interfaces into contexts/instances, but i do not see that as
blocking.
It is quite handy feature, which can be exploited even to scale on SMP
machines by extending it to bind a specific instance(with its
interaces) to a specific CPU/core?!
for this I use multiple vimages, but just as there is room for
multiplt routing tables AND vimage,
there is probably room for multiple firewalls AND vimage.
this is a bit more in the iptables direction I guess.
Comments/Feedback expected,
Ermal
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
