.timeout[state->timeout];
A> start = state->rule.ptr->timeout[PFTM_ADAPTIVE_START];
A> - if (start) {
A> + if (start && state->rule.ptr != &V_pf_default_rule) {
A> end = state->rule.ptr->timeout[PFTM_A
ress, so lock prefix isn't needed.
Of course a true SMP i386 isn't a well tested arch, so I won't assert
that counter(9) doesn't have bugs on this arch. However, I don't see
lock prefix necessary here.
--
Gleb Smirnoff
___
f
glebius requested changes to this revision.
glebius added a comment.
This revision now requires changes to proceed.
Thanks a lot, Nikos.
I've fixed the problem of sleeping in UMA on kldunload. It was out the scope of
the patch. I also committed the first part of the patch - mutexes
initializati
glebius added a comment.
Recently Nikos has asked questions on kernel debugging. So, I guess, he is
working.
REVISION DETAIL
https://reviews.freebsd.org/D1944
EMAIL PREFERENCES
https://reviews.freebsd.org/settings/panel/emailpreferences/
To: nvass-gmx.com, bz, zec, trociny, glebius, rodri
glebius added a comment.
Nikos,
acking that I see the patches. Right now I'm waiting for pf to stablize after
recent patches to fragment handling. Kristof is working on the known problem.
Meanwhile you can finish your patch moving from "almost there" to "there" :)
If you got any questions about
On Mon, Jan 27, 2014 at 10:22:30PM -0500, Robert Simmons wrote:
R> > On Sun, Jan 26, 2014 at 06:19:34PM -0500, Robert Simmons wrote:
R> > R> Over the course of a few hours there are a handful of SSH packets that
R> > R> are being blocked both in and out. This does not seem to affect the
R> > R> SSH
Robert,
On Sun, Jan 26, 2014 at 06:19:34PM -0500, Robert Simmons wrote:
R> Over the course of a few hours there are a handful of SSH packets that
R> are being blocked both in and out. This does not seem to affect the
R> SSH session, and all the blocked packets have certain flags set [FP.],
R> [R
On Thu, Jan 02, 2014 at 08:16:21AM +1300, Berend de Boer wrote:
B> Gleb> Can you please try attached patch? I hope it'll fix the
B> Gleb> panic.
B>
B> Have been running this without the rule change, to see if it doesn't
B> introduce any adverse effects. So far so good. When I'm back from
B
Berend,
On Mon, Dec 30, 2013 at 03:48:07PM +1300, Berend de Boer wrote:
B> >>>>> "Gleb" == Gleb Smirnoff writes:
B>
B> Gleb> Can you share a vmcore from paniced FreeBSD 10 system and
B> Gleb> kernel binary?
B>
B> My kernel config
On Fri, Dec 27, 2013 at 01:55:31PM +1300, Berend de Boer wrote:
B> >>>>> "Gleb" == Gleb Smirnoff writes:
B>
B> Gleb> Can you share a vmcore from paniced FreeBSD 10 system and
B> Gleb> kernel binary?
B>
B> Yes, what kernel optio
Berend,
On Thu, Dec 26, 2013 at 08:32:53AM +1300, Berend de Boer wrote:
B> Gleb> Does the system panic the same way as described in
B> Gleb> misc/182141) on 10.0?
B>
B> Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD
B> 9.x, across 10.x, across 32-bit and 64-bit.
B>
On Thu, Dec 26, 2013 at 02:17:38PM +0400, Gleb Smirnoff wrote:
T> On Thu, Dec 26, 2013 at 08:32:53AM +1300, Berend de Boer wrote:
T> B> Gleb> Does the system panic the same way as described in
T> B> Gleb> misc/182141) on 10.0?
T> B>
T> B> Indeed,
On Thu, Dec 26, 2013 at 08:32:53AM +1300, Berend de Boer wrote:
B> Gleb> Does the system panic the same way as described in
B> Gleb> misc/182141) on 10.0?
B>
B> Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD
B> 9.x, across 10.x, across 32-bit and 64-bit.
B>
B> There's
On Mon, Dec 23, 2013 at 07:56:02AM +1300, Berend de Boer wrote:
B> pf has not worked well for me after version 8. Certain rules crash the
B> kernel
B> (http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/182141). Avoiding
B> these rules gave me something that at least kept the system alive on a
B> 10-C
Kajetan,
On Thu, Dec 05, 2013 at 11:07:39AM +0100, Kajetan Staszkiewicz wrote:
K> > K> To have the most clean and simple code it would make the most sense to
K> > use the K> aforementioned pfioc_universal_kill for both DIOCKILLSTATES and
K> > K> DIOCKILLSRCNODES. But that would be a change of ke
Kajetan,
On Wed, Dec 04, 2013 at 03:29:21PM +0100, Kajetan Staszkiewicz wrote:
K> Dnia poniedziałek, 2 grudnia 2013 o 17:39:27 Gleb Smirnoff napisał(a):
K>
K> > I won't object on any interface that is consistent and resides in the
K> > '-K' and '-k&#x
Ian,
On Fri, Nov 29, 2013 at 02:28:27PM +0200, Ian FREISLICH wrote:
I> At some point this stopped working. I was able to use traceroute -I
I> This rule let the echo request out and the resulting TTL exceeded
I> was matched and allowed back in.
I>
I> pass out inet proto icmp from to any icmp
Kajetan,
On Mon, Dec 02, 2013 at 05:28:57PM +0100, Kajetan Staszkiewicz wrote:
K> > On Sun, Dec 01, 2013 at 08:05:54PM +0100, Kajetan Staszkiewicz wrote:
K> > K> > Ok. Let's summurize what we need to:
K> > K> >
K> > K> > 1) Switch kill|reset, that affects both -K and -k.
K> > K> > 2) Add option
On Wed, Oct 16, 2013 at 09:16:43AM +0200, Martin Matuska wrote:
M> Hi, I have encountered the same mtag panic Craig had with VIMAGE + PF
M> and have reported this in a PR 182964:
M> http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/182964
M>
M> Here are two possible solutions I would like to discuss
Craig,
right now Nikos Vassiliadis is working on
vimaging the pf properly. I'd leave decision on whether pf
mtag zone should be V or not to him.
He is now a bit busy with real life, so patching pf is on
hiatus. I hope he will continue soon.
P.S. The patch in the first mail isn't correct,
On Wed, Jun 26, 2013 at 11:40:16AM +0200, Fleuriot Damien wrote:
F> > It isn't compilable on 10.x, so I guess you are running binary
F> > compiled on 9.x.
F> >
F> > I have a WIP to make it compilable, which ended in rewriting it for a
F> > bit more than a half. :) I need someone to finish the WIP
On Wed, Jun 26, 2013 at 01:42:45PM +0600, Eugene M. Zheganin wrote:
E> Why I'm getting this ?
E>
E> [emz@taiga:/<1>log/squid]# pftop
E> pftop: DIOCGETSTATUS: Permission denied
E> > Error Reading status (DIOCGETSTATUS): Permission denied
E>
E> (I'm kinda root).
E>
E> This is harmless (never used
Peter,
On Sat, Jun 22, 2013 at 02:59:57PM +0200, Peter N. M. Hansteen wrote:
P> > Ok. I wish PF on FreeBSD and OpenBSD were in sync.
P>
P> With the differences in release schedules (OpenBSD releases N.m+1
P> every six months, while the FreeBSD cycles typically take longer) a
P> total sync is u
Cameron,
On Sun, Jun 23, 2013 at 04:22:54PM +1000, Cameron Simpson wrote:
C> On 23Jun2013 00:55, Nikos Vassiliadis wrote:
C> | Things are just different for quite a while now and they are growing
C> | even more differently.
C>
C> Just a small related thing: are underlying things compatible? Sp
On Sun, Jun 16, 2013 at 01:13:55PM +0200, Nikos Vassiliadis wrote:
N> >>> Please review this patch. These two variables are RO-tunables and
N> >>> cannot be changed at runtime. As such, it is not useful to
N> >>> virtualize them.
N> >
N> > This looks correct to me. Also, it looks like V_pf_hashmask
On Thu, Jun 06, 2013 at 03:24:10PM +0300, Mikolaj Golub wrote:
M> > >> -VNET_DEFINE(u_long, pf_srchashsize);
M> > >> -#defineV_pf_srchashsizeVNET(pf_srchashsize)
M> > >> -SYSCTL_VNET_UINT(_net_pf, OID_AUTO, source_nodes_hashsize,
CTLFLAG_RDTUN,
M> > >> -&VNET_NAME(pf_srchashsiz
On Wed, Nov 21, 2012 at 03:44:13PM +0100, Ermal Lu?i wrote:
E> Cherry-picking would be when tehre is reasonable similarities.
E> Also another argument to do this would be simplicity on locking as well as
E> i told you when you started the changes.
You were wrong. OpenBSD doesn't move towards SMP m
Mark,
On Tue, Nov 20, 2012 at 03:43:17PM +0100, Mark Martinec wrote:
M> For one thing, I'm desperately awaiting NAT64 support (the 'af-to'
M> translation rule in newer pf (5.1?), committed on 2011-10).
Backport this exact feature to FreeBSD and send patch.
M> Other: packet normalization (scrub
The following reply was made to PR kern/173659; it has been noted by GNATS.
From: Gleb Smirnoff
To: bug-follo...@freebsd.org
Cc:
Subject: Re: kern/173659: PF fatal trap on 9.1 (taskq fatal trap on
pf_test_rule)
Date: Mon, 19 Nov 2012 14:13:23 +0400
Since Patricks mail server bounces my
On Fri, Nov 09, 2012 at 05:40:16AM +, Anders N. wrote:
A> Hi. I've got a server running pf that has been displaying some odd (at least
to me) behavior.
A>
A> I use the "synproxy state"[1] option quite a few times in my config without
any ill effects that I've noticed until now. I realized it
Ermal,
On Wed, Sep 19, 2012 at 09:42:47PM +0200, Ermal Lu?i wrote:
E> > On Tue, Sep 18, 2012 at 06:02:06PM +0200, Ermal Lu?i wrote:
E> > E> The issue is that this hides the problem per se.
E> >
E> > What had hidden problem per se, was the following code:
E> >
E> > PF_UNLO
Ermal,
On Tue, Sep 18, 2012 at 06:02:06PM +0200, Ermal Lu?i wrote:
E> The issue is that this hides the problem per se.
What had hidden problem per se, was the following code:
PF_UNLOCK();
error = altq_add(a2);
PF_LOCK();
On Thu, Sep 13, 2012 at 11:26:48PM +0200, Olivier Cochard-Labb? wrote:
O> Hi,
O> here is a little patch (tested on FreeBSD 9.1-RC1) that add a new
O> option to the kernel configuration file:
O> options PF_DEFAULT_TO_DROP
O>
O> Without this option, with an empty pf.conf: All traffic are permit.
O>
On Wed, Sep 12, 2012 at 12:41:54PM +0200, Ian FREISLICH wrote:
I> Gleb Smirnoff wrote:
I> > [announce goes both to net@ and pf@, but any discussion should
I> >go on on p...@freebsd.org only, please]
I> >
I> > As you already may now, last half a year I've be
On Tue, Sep 11, 2012 at 04:21:14PM +0400, Gleb Smirnoff wrote:
T> 1) Install pfvar.h:
T>
T> cat /usr/src/sys/contrib/pf/net/pfvar.h > /usr/include/pfvar.h
Typo. Should've been:
cat /usr/src/sys/contrib/pf/net/pfvar.h > /usr/include/net/pfvar.h
--
On Tue, Sep 11, 2012 at 02:22:39PM +0300, Oguz Yilmaz wrote:
O> Ok. We go thru head.
O> We compiled the kernel and boot into 10.0
O> FreeBSD 10.0-CURRENT #0 r240350
O>
O> # pfctl -sr
O> No ALTQ support in kernel
O> ALTQ related functions disabled
O> pfctl: DIOCGETRULES: Permission denied
O> ]# pf
The following reply was made to PR kern/124364; it has been noted by GNATS.
From: Gleb Smirnoff
To: Vladimir Shapkin
Cc: bug-follo...@freebsd.org
Subject: kern/124364: [pf] [panic] Kernel panic with pf + bridge
Date: Tue, 11 Sep 2012 14:51:06 +0400
Vladimir,
have you tried to reproduce
The following reply was made to PR kern/122014; it has been noted by GNATS.
From: Gleb Smirnoff
To: "Alexander V. Shulikov"
Cc: bug-follo...@freebsd.org
Subject: kern/122014: [pf] [panic] FreeBSD 6.2 panic in pf
Date: Tue, 11 Sep 2012 14:49:22 +0400
Alexander,
can the
On Tue, Sep 11, 2012 at 12:18:23PM +0300, Oguz Yilmaz wrote:
O> Hi Gleb,
O>
O> Is it required to build world? What is the shortest way to test?
Yes, Ian answer is correct: kernel, pfctl and snmp_pf.
Since you reply to an old email thread, let me note that the projects/pf
branch had been merged t
On Fri, Sep 07, 2012 at 09:32:25AM -0700, Mark Atkinson wrote:
M> On 09/05/2012 11:36, Gleb Smirnoff wrote:
M> > What's bad with "getting stuck" with old syntax? I personally don't
M> > have any problems with it. I have had problems with performance,
M> >
Ermal,
On Fri, Sep 07, 2012 at 10:02:47AM +0200, Ermal Lu?i wrote:
E> > I won't keep OpenBSD-pf and FreeBSD-pf in parallel in FreeBSD. The
OpenBSD-pf
E> > port have proved to be poorly maintained. After last import that was made
E> > by you, at least the following regressions were introduced:
E
Ermal,
On Wed, Sep 05, 2012 at 10:09:23PM +0200, Ermal Lu?i wrote:
E> Its good to see results on your work and is good moving forward.
E> Claiming better behavior, under DoS or other comparison without showing any
data
E> or technical reason is a bit over this RFC.
Benchmark by authors are alw
Ermal,
On Wed, Sep 05, 2012 at 10:02:17PM +0200, Ermal Lu?i wrote:
E> as already shared with you the opinion the new 're-arrangement' of
E> data structure together with new syntax
E> is more helpful to SMP in general, so complementary to this work.
E> As the person who has done most of the work
Thomas,
On Wed, Sep 05, 2012 at 04:28:23PM +0200, Thomas Steen Rasmussen wrote:
T> Your work seems very exciting from a performance standpoint, and it
T> is certainty something I am looking forward to. Please don't take the
T> following as a critique of your important work :)
T>
T> In your orig
Hi!
[announce goes both to net@ and pf@, but any discussion should
go on on p...@freebsd.org only, please]
As you already may now, last half a year I've been working on
making pf SMP-scalable and faster in general. More info can be
found here:
http://lists.freebsd.org/pipermail/freebsd-
Hello, again.
On Fri, Jun 08, 2012 at 10:17:37AM +0400, Gleb Smirnoff wrote:
T> Three and a half months ago I've started on a project "SMP-friendly pf",
T> which recently have entered alpha stage. As you see from the subject of this
T> mail, this is call for testing.
On Sat, Jun 09, 2012 at 03:14:42AM -0400, Chris Buechler wrote:
C> > As you already probably know, or some may be don't yet know, the pf(4)
C> > subsystem in FreeBSD is currently working under a single mutex. This mutex
C> > is acquired right at the beginning of any packet processing, and is dropp
Ermal,
On Fri, Jun 08, 2012 at 12:39:43PM +0200, Ermal Lu?i wrote:
E> On Fri, Jun 8, 2012 at 8:17 AM, Gleb Smirnoff wrote:
E> As i already asked in private wihtout a documentation/schema
E> describing how you protect the various elements in pf(4) this is very
E> hard to review.
Hello, networkers!
[net@ in Cc, but further discussion should go on pf@]
As you already probably know, or some may be don't yet know, the pf(4)
subsystem in FreeBSD is currently working under a single mutex. This mutex
is acquired right at the beginning of any packet processing, and is drop
On Tue, Apr 17, 2012 at 04:32:31PM +, Bjoern A. Zeeb wrote:
B> > On Tue, Apr 17, 2012 at 11:33:27AM +0200, Ermal Lu?i wrote:
B> > E> The only problem i might see is when running more than one firewall
B> > E> together but still there are other issues when you do that at pfil(9)
B> > E> level.
B
On Tue, Apr 17, 2012 at 12:46:08PM +0400, Gleb Smirnoff wrote:
T> We can make the assignment like:
T>
T> if (ifp->if_flags & IFF_LOOPBACK)
T> m->m_flags |= M_SKIP_FIREWALL;
I've tested this plus MTAG_PERSISTENT on pf tags, and it looks like this
works.
At lea
Replying on only on paragrapg, everything else agreed.
On Tue, Apr 17, 2012 at 11:33:27AM +0200, Ermal Lu?i wrote:
E> The only problem i might see is when running more than one firewall
E> together but still there are other issues when you do that at pfil(9)
E> level.
Well, playing with two fir
On Tue, Apr 17, 2012 at 10:38:31AM +0200, Ermal Lu?i wrote:
E> 2012/4/17 Gleb Smirnoff :
E> > On Tue, Apr 17, 2012 at 10:06:15AM +0200, Ermal Lu?i wrote:
E> > E> 2012/4/16 Gleb Smirnoff :
E> > E> > On Sun, Apr 15, 2012 at 12:00:21PM +, Gleb Smirnoff wrote:
E> &
On Tue, Apr 17, 2012 at 10:06:15AM +0200, Ermal Lu?i wrote:
E> 2012/4/16 Gleb Smirnoff :
E> > On Sun, Apr 15, 2012 at 12:00:21PM +0000, Gleb Smirnoff wrote:
E> > T> On Sun, Apr 15, 2012 at 11:10:03AM +0000, Gleb Smirnoff wrote:
E> > T> T> I have a vague suspic
On Sun, Apr 15, 2012 at 12:00:21PM +, Gleb Smirnoff wrote:
T> On Sun, Apr 15, 2012 at 11:10:03AM +0000, Gleb Smirnoff wrote:
T> T>I have a vague suspicion on what is happening. Your description of
T> T> the problem looks like if a packet processing in the kernel has ent
The following reply was made to PR kern/164402; it has been noted by GNATS.
From: Gleb Smirnoff
To: freebsd-pf@FreeBSD.org
Cc: bug-follo...@freebsd.org
Subject: Re: kern/164402: [pf] pf crashes with a particular set of rules when
first matching packet arrives
Date: Sun, 15 Apr 2012 15:51:24
On Sun, Apr 15, 2012 at 11:10:03AM +, Gleb Smirnoff wrote:
T>I have a vague suspicion on what is happening. Your description of
T> the problem looks like if a packet processing in the kernel has entered
T> an endless loop.
T>
T>Looking at pf_route() I see such po
The following reply was made to PR kern/164402; it has been noted by GNATS.
From: Gleb Smirnoff
To: "Eugene M. Zheganin"
Cc: bug-follo...@freebsd.org
Subject: kern/164402: [pf] pf crashes with a particular set of rules when
first matching packet arrives
Date: Sun, 15 Apr 2012 15:0
The following reply was made to PR kern/114095; it has been noted by GNATS.
From: Gleb Smirnoff
To: Ermal Lu?i
Cc: nerijus.ambra...@ktu.lt, freebsd-pf@FreeBSD.org, bug-follo...@freebsd.org
Subject: Re: kern/114095: [carp] carp+pf delay with high state limit
Date: Mon, 17 Oct 2011 23:13:48 +0400
On Mon, Oct 17, 2011 at 08:47:31PM +0200, Ermal Lu?i wrote:
E> > This is a surprise for me that this feature had been removed!
E> >
E> > It used to be in stable/6:
E> >
E> > http://fxr.watson.org/fxr/ident?v=FREEBSD60;i=carp_suppress_preempt
E> >
E> > And I always treated that variable in CARP as s
The following reply was made to PR kern/114095; it has been noted by GNATS.
From: Gleb Smirnoff
To: Ermal Lu?i
Cc: nerijus.ambra...@ktu.lt, freebsd-pf@FreeBSD.org, bug-follo...@freebsd.org
Subject: Re: kern/114095: [carp] carp+pf delay with high state limit
Date: Mon, 17 Oct 2011 17:17:42 +0400
On Mon, Oct 17, 2011 at 02:18:38PM +0200, Ermal Lu?i wrote:
E> On Sat, Oct 15, 2011 at 4:20 PM, wrote:
E> > Synopsis: [carp] carp+pf delay with high state limit
E> >
E> > State-Changed-From-To: open->closed
E> > State-Changed-By: glebius
E> > State-Changed-When: Sat Oct 15 14:20:00 UTC 2011
E> >
On Mon, Sep 11, 2006 at 02:32:19AM +0200, Volker wrote:
V> two or three weeks ago I've switched from userland ppp to mpd for my
V> internet connection. While using ng0 as the public interface I'm
V> also using altq (cbq) for bw management.
V>
V> Everything works (haven't yet measured for queue eff
Synopsis: [carp] pfsync state time problem with CARP + Arp.Balance
State-Changed-From-To: open->patched
State-Changed-By: glebius
State-Changed-When: Wed Jun 7 10:28:13 UTC 2006
State-Changed-Why:
I have documented why this setup can't work in carp(4).
Responsible-Changed-From-To: freebsd-pf->g
The following reply was made to PR kern/93829; it has been noted by GNATS.
From: Gleb Smirnoff <[EMAIL PROTECTED]>
To: "C.Dornig" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: kern/93829: Pfsync state time problem with CARP +
On Sat, Dec 31, 2005 at 12:50:57AM +0100, ?ukasz Bromirski wrote:
?> Is there by any chance work being done on pf to include functionality
?> that is present in FreeBSD ipfw, that checks if packet entered
?> router via correct interface as pointed out by routing table?
?>
?> I know there is antisp
Synopsis: [pf] [panic] carp with pfsync causing system crash, dump debug
attached
State-Changed-From-To: open->feedback
State-Changed-By: glebius
State-Changed-When: Mon Nov 7 11:58:15 GMT 2005
State-Changed-Why:
Patch has been committed, and PR can be closed after submitter reports
that upgradi
On Wed, Oct 26, 2005 at 05:39:17PM +1000, Josh Finlay wrote:
J> Thanks alot. :)
J>
J> Patched now.
J>
J> Hrm, would I need to buildworld again?
J> Hope not, 4hrs waiting heh...
Only kernel if you compile ng_iface into kernel, and only module
if you load it dynamically.
P.S. Please, do not top q
On Wed, Oct 26, 2005 at 11:09:36AM +1000, Josh Finlay wrote:
J> Gleb, my best friend! ;) ;)
J>
J> I've just cvsup'd to RELENG_6, would you have a nice pretty patch to give
J> ng_iface(4) ALTQ functionality?
J>
J> I must have read wrong in previous messages, I thought RELENG_6 already had
J> thi
On Tue, Oct 18, 2005 at 11:15:54AM +0300, Sorin Gheorghe wrote:
S> did someone have the pf patch for tunning pf, i heard that pf has 6 classes
and if i can patch the pf to remove some classes, it will become performant to
shappe 10-15 kpps of trafic.
pf doesn't shapes traffic, but altq does.
-
On Fri, Oct 21, 2005 at 11:35:39PM +1000, Josh Finlay wrote:
J> I tried a few examples I found, no luck, found another thing I will need to
J> fix first:
J>
J> pfctl: ng0: driver does not support altq
J>
J> I searched for a patch for the ng_iface driver, but no luck.
Recently ng_iface(4) has ga
Bruno,
On Sun, Oct 16, 2005 at 02:06:44PM -0400, Bruno Afonso wrote:
B> I've been recently "invited" (I mean, I was the only guy they knew that
B> had fbsd experience :> ) to setup a pppoe server for a 20+ user base of
B> wifi users. basically, we're using pppoe server from freebsd and a
B> r
On Sat, Oct 15, 2005 at 04:39:37PM +0200, Max Laier wrote:
M> I agree that ALTQ configuration (esp for big setups) has some limitations
and
M> gotchas as is. I'd like to take the opportunity to start a discussion about
M> what features are required to make it more useable. It is certainly
M>
Colleagues,
I've got two problems when running ALTQ on PPP access
concentrator. May be you have ideas on how to solve them
in a nice way.
- When pf.conf is parsed at boot time, the p2p interfaces
(ng_iface(4) in my case) do not exist, so the ALTQ queues
are not created. The PPP software (mp
Synopsis: cbq scheduler cause bad latency
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf
Responsible-Changed-By: glebius
Responsible-Changed-When: Mon Jun 20 08:59:48 GMT 2005
Responsible-Changed-Why:
For pf gurus review.
http://www.freebsd.org/cgi/query-pr.cgi?pr=82271
__
On Mon, Jun 13, 2005 at 12:00:36PM -0400, Josh Kayse wrote:
J> The reason we are using CARP on a PLIP interface is to allow us to
J> have redundant connections between 2 transparent bridging firewalls.
J> Instead of sending packets over our network, we isolate them onto a
J> PLIP interface and cro
76 matches
Mail list logo
