[patch] RFC: allow divert from layer 2 ipfw (e.g. bridge)
Christian S.J. Peron
csjp at FreeBSD.org
Thu Jul 27 20:30:44 UTC 2006
Max Laier wrote:
> On Wednesday 26 July 2006 20:35, Julian Elischer wrote:
>
>> This code is running on quite a few systems but in a very limited
>> environment that may not test all possibilities..
>>
>> Does anyone have comments or suggestions as to changes that I might make
>> for checkin into generic FreeBSD? It was originally written for 4.x but
>> with 6.x in mind.
>> It is now running on 6.1 and seems to be ok so far.
>>
>> Certainly I am interested in hearing from Robert and Luigi and I am
>> particularly interested in
>> what people think on how this will handle locking/SMP difficulies.
>>
>
> Instead of putting more special processing to every L2-entry point in the
> system, I'd prefer if we could finally get round to L2 pfil hooks. That
> would make it much easier to add such functionality in a common hook function
> and use it everywhere.
>
>
I agree with Max here, I think it's time we look at getting together
pfil hooks for layer 2. I would be interested in doing the leg work here
if you guys are willing to review it.
--
Christian S.J. Peron
csjp at FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team
More information about the freebsd-net
mailing list