At 11:40 PM 5/31/2016, Rui Paulo wrote:
On Tue, 2016-05-31 at 11:55 -0600, Brett Glass wrote:
> Everyone:
>
> Just built a kernel today, and realized that for years I have hadÂ
> to integrate MPPC compression/encryption (see man page ng_mppc(4))Â
> for PPP/L2TP/PPTP manually,
code base. Could a committer with access to that part of
the tree please import the files mppc.h, mppcc.c, and mppcd.c into
/sys/net so there's no need to find and fetch them every time?
--Brett Glass
___
freebsd-net@freebsd.org mailing
True. But I can patch and build my own kernels (and also the
Chapter 8 utility) and then submit my patches to the core
developers once I've tested them. It's starting to sound as if this
would be the best thing to do. I have not analyzed the IPFW code
before, so it'd re
ch
to the kernel, I'd like to try doing this and then submit a patch
to add the feature if it works.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
ber.) If X was not specified, it'd be
assumed to be unity -- both for backward compatibility and in
keeping with POLA.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send a
capacity of the pipe is still the
same. What I want to do is have the pipe, not the queue, weight the
upstream traffic twice as heavily.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To
possible to inject them into the same pipe in such a
way that some packets will count more toward the pipe's bandwidth
limit than others. Any ideas on how I can implement this? Willing
to code if I must, but don't want to reinvent the wheel.
--Brett Glass
__
m JMicron in it.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
At 05:27 PM 9/16/2014, Chris Hill wrote:
On Tue, 16 Sep 2014, Brett Glass wrote:
So, what is the best solution? I cannot throw out the machine, and
because I am using a VLAN switch to multiplex the port to three LANs
I do not want to reduce the speed to 100 Mbps. Ideas?
The man page
So, what is the best solution? I cannot throw out the machine, and
because I am using a VLAN switch to multiplex the port to three LANs
I do not want to reduce the speed to 100 Mbps. Ideas?
--Brett Glass
At 02:37 AM 9/16/2014, Yonghyeon PYUN wrote:
On Mon, Sep 15, 2014 at 08:19:37AM -0600
hat's on the motherboard of this Asus. So, I need to find a way to
make it work.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
DOWN
Sep 13 12:50:04 testbed kernel: jme0_3: link state
changed to DOWN
Sep 13 12:50:43 testbed kernel: jme0: link state changed to UP
...
The problem didn't seem to occur with the bundled Linux distro. Has
anyone else seen this problem? Know of a fix?
--B
ackets than re0 (the parent). Weird.
Do not have experience with pf, so do not know if it would do
better, but IPFW certainly has something broken. Help in figuring
out what to propose as a patch would be MUCH appreciated.
--Brett Glass
___
freebsd-n
layer2 xmit re0_1
Maybe I am missing something (as I often do), but this seems just plain wrong.
What gives? Help in interpreting these results would be much appreciated.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freeb
le is processed, is not being executed at boot
time. Have reproduced the same problem on 8.x machines as well. All
have custom, IPv4-only kernels. What might be wrong?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/lis
ht be causing the problem?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
t may have missed it.)
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
I just received a handful of USB Ethernet NICs whose primary chip
says "SUPEREAL" on it. I've installed one on a Windows machine, and
the computer identifies it as having the Supereal SR9600 chip on
it. Is there support for this chip in any of the BSDs?
At 07:42 PM 2/12/2010, Luiz Otavio O Souza wrote:
The "-S" tries to remove the entry first, but it fails because it
doesn't exist.
As far as I can tell, the -S option doesn't cause the command to
fail if no routing table entry already exists. It just deletes any
route that does exist.
Also
P.S. -- It occurs to me that perhaps adding the word "only" at the
end of the command string used by mpd 5.3 might help. Should I try this?
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, s
This patch seems to have had a positive effect on ppp(8)/PoPToP,
though more testing is needed. However, It appears that mpd uses
arp(8) rather than the socket interface to set up proxy ARP. Here's
the code (from the file iface.c in mpd 5.3):
if (Enabled(&iface->options, IFACE_CONF_PROXY))
At 07:03 PM 2/12/2010, Li, Qing wrote:
Luiz Otavio and I have been discussing offline about an issue with
the file /usr.sbin/ppp/arp.c in the past week or so. The ARP related
code in arp.c was missing a flag bit called "RTF_LLDATA".
What about mpd?
--Brett
___
oon as possible, because I have
two clients who need servers installed this weekend. (They wanted
them last week, but I was trapped away from the office by a snowstorm.)
I'll send configuration information offlist.
--Brett Glass
___
freebsd-net
Qing:
On my test system, the file /usr/src/sys/netinet/in.c contains the
following tag:
__FBSDID("$FreeBSD: src/sys/netinet/in.c,v 1.143.2.13 2010/02/09
19:27:54 qingli Exp $");
The date above matches the date of revision 203718, which is 3 days old.
--Brett
At 04:26 PM 2/12/2010, Li, Qin
At 03:09 PM 2/12/2010, David Horn wrote:
If you have not already, make certain you use the appropriate tag of
"RELENG_8", and not "RELENG_8_0"
Yup, that's what I did. I used /usr/share/examples/stable-supfile
with only one mod: I explicitly inserted the name of the mirror
into the file rathe
us use 8-STABLE.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Qing:
I will try to build a system late tonight. I was stuck in
Washington, DC for four days due to snow and have just returned to
a large backlog of work. Which snapshot would you recommend?
--Brett Glass
At 11:03 AM 2/11/2010, Li, Qing wrote:
Can you at least build one 8-stable system
s.) Does anyone know if I need to set anything
special to make the firewall track FTP data ports?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
major upgrade in only one year.
I know that 7.2-RELEASE had problems with routing and PPP too, but
they were different ones. Have the 7-STABLE branch been patched
adequately since that time?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
rk or setting up
CVS on machines that won't need it in production, so please let me
know if patches are available that will add the recent fixes to 8.0-RELEASE.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailm
ither the ARP table or the routing table, and (b) the PPP
daemon can't create or destroy many of the routes that the
connections need to work.
I can't believe that a version of a major operating system shipped
without the ability to do PPP, but apparently that's the case!
--Brett
CAIFADDR, 172.18.0.1 -> 172.18.4.8
9): File exists
Feb 2 18:22:39 testgate kernel:
ifa_add_loopback_route: insertion failed
Feb 2 18:22:39 testgate kernel:
ifa_del_loopback_route: deletion failed
Ideas?
--Brett Glass
P.S. -- Please copy me directly on all responses, as I am not
currently
Thank you! The adapter which I am trying to get running is
mini-PCI, not USB. If there's code available, I'd be glad to test it.
--Brett Glass
At 11:08 PM 1/27/2010, Bruce Simpson wrote:
On 01/28/10 01:26, Brett Glass wrote:
I am trying to make FreeBSD 8.0 fully functional on an
ponses, as I am not a full time subscriber of this list.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
At 05:08 PM 12/1/2009, Julian Elischer wrote:
in the netgraph code I see:
/* Autoconfigure number of threads. */
if (numthreads <= 0)
numthreads = mp_ncpus;
Ah Found this in /sys/netgraph/ng_base.c. Yes, it does seem to
have a pool o
d has to handle all of the work of encryption, decryption,
handshaking, etc. Am I incorrect about this? I am concerned that the
performance of a single core will be the bottleneck.
--Brett Glass
P.S. -- By the way, when I compiled netgraph into the kernel to
begin my test, I began to get the me
o multithread, or is there a way to make it do so?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
rk best in a typical system? And how do the parameters submitted
to "dummynet" correspond to the ones usually seen in descriptions
of the algorithm?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listi
Among other things, more control -- including an easy way to cut off bandwidth
hogs and abusers -- and a walled garden that is better able to hijack browsers
(the one in pfsense often fails). We actually have quite a few things we'd like
to implement. More offlist if you'd like.
--B
Unfortunately, the pfsense captive portal lacks many of the
features that we need and has also had problems in some of our
tests. We need the ability to "roll our own" rather than a canned
solution, which is why we'd like to make sure that we can implement
this via IPFW.
--Brett
At 01:39 AM
dress in
the same rule -- at least in the current implementation.
>Your 'vice versa' here isn't correct; you can select by layer 3 criteria
>on packets from ether_demux,
The docs say that you can't.
--Brett Glass
___
freebs
pment to recognize MAC addresses and
grant different degrees of access to them. For example, a user
might be trapped in a "walled garden" until agreeing to an
acceptable use policy, and then redirected -- but only once -- to a
specific Web page, such as the hotel chain's reserva
At 01:14 PM 5/13/2009, Stefan Lambrev wrote:
Not that I understand how "knowing" mac address is easier for
customers then wpa2 password ;)
Most customers would not recognize a WPA2 password if it bit them.
;-) Also, many older operating systems and Wi-Fi cards do not
support WPA at all. (For
http://svn.freebsd.org/viewvc/base/projects/l2filter/
How does one generate a diff between this code and, say,
7.1-RELEASE or 7.2-RELEASE so that I can try it as a patch? The GUI
doesn't seem to be capable of doing this (or it may be that I just
don't see how).
irewall, so I can not only block spoofing but trigger a log entry when it
happens.
--Brett
At 12:46 PM 5/13/2009, Stefan Lambrev wrote:
>Hi,
>
>apr -S (or -s) is not helping?
>Have in mind that this is not a real security as it's very easy to change your
>MAC.
>
>On
Layer 2 information in a packet can't look at Layer 3, and vice
versa. Is there a way to work around this to do MAC address locking
and/or other functions that involve looking at Layer 2 and Layer 3
simultaneously?
--Brett Glass
___
freebsd-net
The following reply was made to PR bin/130159; it has been noted by GNATS.
From: Brett Glass
To: "Luiz Otavio O Souza" , "Qing Li" ,
Cc:
Subject: Re: bin/130159: [patch] ppp(8) fails to correctly set routes
Date: Mon, 13 Apr 2009 08:20:40 -0600
At 06:01 AM 4/13
The following reply was made to PR bin/130159; it has been noted by GNATS.
From: Brett Glass
To: "Luiz Otavio O Souza" , "Qing Li" ,
Cc:
Subject: Re: bin/130159: [patch] ppp(8) fails to correctly set routes
Date: Mon, 13 Apr 2009 08:27:08 -0600
P.S. -- I am stil
The following reply was made to PR bin/130159; it has been noted by GNATS.
From: Brett Glass
To: bug-follo...@freebsd.org, loos...@gmail.com
Cc:
Subject: Re: bin/130159: [patch] ppp(8) fails to correctly set routes
Date: Sun, 12 Apr 2009 18:41:27 -0600
Note: With the patch as written, the
g
table entry. (You suggested this, implicitly, when you mentioned
using the -iface flag.) This is because the "tun" interface is
really a bridge, not a gateway.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.or
SE will break many if not most systems that rely on
userland PPP to implement a server.) I might consider using mpd
instead, but it would be a big implementation change and mpd lacks
a few capabilities that I really need.
--Brett Glass
___
fre
The following reply was made to PR bin/130159; it has been noted by GNATS.
From: Brett Glass
To: bug-follo...@freebsd.org, loos...@gmail.com
Cc:
Subject: Re: bin/130159: [patch] ppp(8) fails to correctly set routes
Date: Mon, 23 Mar 2009 11:48:50 -0600
Patch appears to work properly. Please
P.S. -- Just tried the patches in bin/130159 and bin/131250 and
they do seem to function properly. Please commit.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any
SE and not -STABLE. The patch in bin/131250 should
probably also be committed to keep things working.
--Brett Glass
At 05:06 AM 3/23/2009, Luiz Otavio O Souza wrote:
Brett,
I've fixed these two issues with ppp(8), please check the PRs:
bin/130159 and bin/131250.
If it works for you pl
if proxy arp is being done, and may not be strictly
necessary; I wanted to make sure I tore down any residual proxy arp entry.
Of course, all of this is an awful hack and the relevant code in
userland PPP still needs to be looked at.
--Brett Glass
uot;tun" interface when
it sets up routes.
What's the best solution to this problem? This problem clearly
would affect anyone who wanted to set up a similar tunneling
arrangement using userland PPP, and may also cause problems in dialup servers.
--Brett Glass
able to
make the changes by copying an editing a few lines, but...)
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
At 02:42 PM 3/22/2008, Julian Elischer wrote:
>mpd can attach to arbitrary netgraph things...
Yes, it can; however, there's no way in its configuration language
to say, "set up a PPTP connection, but let this netgraph node do the
demultiplexing." (Or, better, let the kernel do the demultiplexing
ve
wider applicability and it would be easy to create a netgraph
stub for it.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
d). It would be nice to make
both mpd and pptpd work properly with it....
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
aph node
to another until one of them accepts it or the packet falls off the
end of the chain.
It seems to me that it might be worth it to implement a
multiplexing function that dispatches the packet directly to the
right process or netgraph node rather than passing it from hand to
h
equires Microsoft to make
it available to third parties.
In any event, this silly and self-destructive behavior by Microsoft
may make it moot Hope they'll come to their senses.
--Brett Glass
At 05:41 AM 8/9/2007, Eric Masson wrote:
Brett Glass <[EMAIL PROTECTED]> writes:
Hi
already working on such a project?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
At 12:08 AM 8/1/2007, Julian Elischer wrote:
>possibly you could just bridge them together but use ipfw on the bridge to
>enforce isolation.
Will IPFW block ARP? IPX? Other protocols which may be either
demultiplexed or "teed" within the network stack?
>OR you could possibly make a netgraph ve
Andrew:
I will try it. Can you tell me whether this feature takes the interfaces out of
promiscuous mode (which bridging normally turns on)? Also, will this feature be
MFC'ed into 6-STABLE?
--Brett Glass
At 08:26 PM 7/31/2007, Andrew Thompson wrote:
>Such good timing, such a fea
? After all, since the FreeBSD machine is acting as a gateway, it
should really only look at packets that are addressed to it.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
e implementations just ignore LQR
>altogether under load. These implementations
>should disable LQR if they can't implement it
>properly.
I'm mostly dealing with the Linux pppd or ports of it
on the clients (since it seems to be the most popular
open source implementation, rega
At 06:23 PM 7/11/2007, Mike Tancsa wrote:
>Did you try and use just LCP echo mode instead ? I have come across a
>number of devices (especially GPRS/EVDO cards) that seem to say yes to
>supporting LQR, but do not. Try instead lcp echo
I will try it. (To be more specific, I am going to try
di
o 5 after the first missed packet.
The code in /usr/src/usr.sbin/ppp/lqr.c is quite cryptic, and I'd
like some help in figuring out just why I'm seeing so many dropped
connections due to LQR. Any folks out there willing to help me analyze it?
--Brett Glass
?" The answer to that question is, if he's on
>a switched network, no. Not without a topology change.
Is adding a hub or a bridge a topology change? I'd argue that it
wasn't.
You can't listen in if you can't connect to the wire.
--Brett Glass
at one
of these things is true. Otherwise, all bets are off from the start.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
27;t secure). A little bit of code in your favorite scripting
language will do it. And of course you can output to a graphing
package, though for me a simple histogram using asterisks has
sufficient precision in most cases.
--Brett Glass
At 09:48 AM 12/5/2006, Benjamin Adams wrote:
>I'
the packet to ensure contiguity. (This is an issue with anything
that uses divert sockets, but it creeps in with ng_nat as well due
to the way libalias is coded.) Using a Netgraph node would help
with the ring transition, though, so there should be some savings.
Has the "netgraph" keyw
e and control the ng_nat node from the shell?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ngs which are now done by userland processes
listening on divert sockets? This would boost the performance of
any FreeBSD machine that did NAT (which many if not most do).
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mai
At 03:54 AM 10/21/2006, Vladimir Grebenschikov wrote:
> 1. use PF for nat - it does aliasing in kernel space
True, but it doesn't let me translate the packets and
then continue processing within the firewall -- which
is necessary if you want to catch unregistered destination
addresses BEFORE tra
At 03:58 AM 10/21/2006, Matthew D. Fuller wrote:
>Paolo Pisati's 2005 SoC work on integrating libalias into ipfw might
>fit here. It should move the NAT'ing into the kernel and save all the
>context switches and copies, and (what has me more interested) make it
>much easier to change port forwar
re routed to the NAT
engine, and when this occurs during the processing of the packet?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
At 10:16 AM 8/25/2006, Archie Cobbs wrote:
>The ng_pptpgre node handles the "data packet" level of PPTP, but most
>of the complexity in PPTP is in the higher level protocol for setup
>and teardown. You'd have to get that in there somehow.
I suppose that the call control facility could be impleme
h uses
the Netgraph PPPoE node. This would provide the full feature set of
the userland PPP (including dynamic creation of Netgraph nodes, the
ability to call out to shell scripts, etc.) together with your PPTP
implementation. How hard would it be to cobble this together,
starting with the code f
implementation of PPP that was written in Japan
many years ago.
Have you thought about how such modifications might be made?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, s
originally intended to be used as a client only? I'm struggling
here because I can't find a PPP/PPTP implementation that's
completely BSD licensed and really designed to be a large scale server.
--Brett Glass
___
freebsd-net@freebsd.org ma
ou run into situations where the IP assigned to the incoming
PPP/PPTP user isn't on the same subnet as the one assigned to the
host, which seems to cause routing problems.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.fre
perimenting? If I can't use mpd and PoPToP isn't
working, what other options are there for a good PPTP server?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
the driver?)... and whether I could
use existing code to do the bilateral translation or would have to
hack an "address smasher".
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
would
connect inward to the machines on the LANs, since "ping
192.168.0.100" would be ambiguous. (Perhaps one could do it from a
jail. In fact, perhaps the virtual NAT routers could be set up in jails)
--Brett Glass
___
freebsd-net@fr
27;ve seen hints that the problem may
have something to do with IPV6 but no instructions as to how to
resolve it. Can anyone explain what's wrong and how to fix it?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/m
IPFW?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ndomly distributed hosts.
Not random enough. Each of these IP addresses could be anywhere in
the 32 bit IPv4 address range.
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send a
SYN-ACK would
never make it back to the center.) Is there any other mechanism I
should be looking at (e.g. a custom "divert" filter for SYNs)?
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/fr
Oops! In my earlier message, I said:
>This doesn't work, because you must transform cond1 && cond2 && cond3...
>into multiple rules that implement ~(cond1 || cond2 || cond3...).
I should have said that you must implement !(!cond1 || !cond2 || !cond3...).
--Brett
___
At 10:20 AM 9/19/2005, Luigi Rizzo wrote:
>original
>
>ipfw add 1000 dosomething cond1 cond2 cond3 cond4 cond5 ... condN
>
>negated:
>
>ipfw add 1000 skipto 1001 cond1 cond2 cond3 cond4 cond5 ... condN
>ipfw add 1000 dosomething
This doesn't work, because you must transfor
I agree with you that the ability to negate the "AND" of all conditions
in the rule would greatly clarify some rulesets. I know it would help
with many of mine!
--Brett Glass
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
e overhead because there
really is no such thing as a NOP in IPFW. Every rule, even a jump
target, is a counter.)
>whatever. feel free to write a high level interpreter,
>since i don't see it that way you can't expect me to do that :)
I'm certainly not asking for that! I th
the individual conditions in it (that is, do a "short circuit
NAND" of all the conditions in it) would be a big help, not only
in this situation but in others. But the "resume" option would
be even more efficient in many cases.
--Brett Glass
nd part is a mess.
>But the kernel code i believe is reasonably documented
>(of course it could be documented better - patches welcome).
>the first 250 or so lines in ip_fw2.h are almost all comments
>describing the opcode formats.
>ip_fw2.c tries to describe rule parsing in the body of
mented and virtually undocumented,
so I'd probably spend a long time blundering around trying to add this
and get it right (and also have the rules display correctly, etc.).
I seem to recall (correct me if I'm wrong here) that you've hacked on
both IPFilter and IPFW. How hard would th
. Do you propose that I apply
DeMorgan's theorem to every rule that sends packets into a pipe? If
I did, I'd produce a whole long list of "skipto" rules for each
individual rule I had before. Could get very messy -- and crea
such thing as a "come from"
directive (something that's often joked about in programming
classes). So, what's the best way get a packet to skip past the
remaining bandwidth limiting rules once it was selected to go into a pipe?
--Brett Glass
___
I'm in the process of setting up a RADIUS server, and found three in
the Ports collection. Of these, which do folks recommend? Is there
one available that's BSD-licensed (or licensed under some other
truly free license) rather than under the GNU Pernicious License?
--B
1 - 100 of 149 matches
Mail list logo
