Re: dragonflybsd's ipfw
Hi, I get below from another email this morning, the ipfw can add dynamic rules according to below email. *You can manually insert a state as below and the state will be maintain by ipfw itself.* *ipfw state add rulenum 100 udp 192.168.1.1:0 http://192.168.1.1:0/ 8.8.8.8:53 http://8.8.8.8:53/ expiry +600* *so you dont need to implement the logic to maintain the IP addresses or configure any crontab to remove..* *different state can have different expiry or life time* ありがとう 佐藤柯德 2014-11-17 17:07 GMT+08:00 Ian Smith smi...@nimnet.asn.au: On Mon, 17 Nov 2014 15:48:13 +0800, Sato Kentney wrote: I saw a email in dragonflybsd email list, someone is doing this! http://www.dragonflybsd.org/docs/ipfw2/ We've had 'ipfw2' for a very long while. I couldn't help wondering why DF wouldn't just import our many years of development and experience rather than using bycn82's 'rewrite'? .. but DF already has ipfw2: http://leaf.dragonflybsd.org/cgi/web-man?command=ipfwsection=ANY man page dated October 2008. Before tables, in-kernel NAT, later dummynet updates and no doubt more. So why not start from there? cheers, Ian ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: dragonflybsd's ipfw
hi ok. i will test it. but he said it is faster 2014-12-15 15:26 GMT+08:00 Luigi Rizzo ri...@iet.unipi.it: On Mon, Dec 15, 2014 at 7:49 AM, Sato Kentney satokent...@gmail.com wrote: hi, his ipfw2 is ok for test now. http://www.dragonflydigest.com/2014/12/11/15220.html i meet some problem in testing so asking qesstion in drafonflybsd's email list. and i want to know is it correct that the ipfw2 is faster than ipfw in freebsd? it is what he said. i don't think he ever said that, and in any case the code seems to be taken straight from the 2002 freebsd version so i highly doubt there is any speed difference (let alone a measurable one with packets going through the kernel stack; to see an actual performance difference you'd need to run the code through netmap or some high speed framework) see http://code.google.com/p/netmap-ipfw/ cheers luigi sure i will test it by myself. thanks On 25 November 2014 at 09:17, bycn82 byc...@gmail.com wrote: *that ipfw2 means ipfw too, because it is originally from FreeBSD and totally not new create things, IMHO* *BTW Sato, I think the in-kernel NAT is almost there, I tested the basic NAT and it works in my lab environment.* On Tue, Nov 18, 2014 at 9:38 AM, Sato Kentney satokent...@gmail.com wrote: i agree, i am not good in english as networking administor from Tokyo. but when i read the page, i see that the main idea is so call modular design and there is a long way to catch up the freebsd's ipfw anyway, i dont think it can compare to freebsd's ipfw, as Smith said their ipfw is the version without in-kernel NAT and tables .all these important features On Mon, Nov 17, 2014 at 5:07 PM, Ian Smith smi...@nimnet.asn.au wrote: On Mon, 17 Nov 2014 15:48:13 +0800, Sato Kentney wrote: I saw a email in dragonflybsd email list, someone is doing this! http://www.dragonflybsd.org/docs/ipfw2/ We've had 'ipfw2' for a very long while. I couldn't help wondering why DF wouldn't just import our many years of development and experience rather than using bycn82's 'rewrite'? .. but DF already has ipfw2: http://leaf.dragonflybsd.org/cgi/web-man?command=ipfwsection=ANY man page dated October 2008. Before tables, in-kernel NAT, later dummynet updates and no doubt more. So why not start from there? cheers, Ian -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- -+--- Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/. Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -+--- -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: dragonflybsd's ipfw
*Hi Sato,* *I am also in this email list, If you have any question, You can ask,I just double checked whether I made mistake or not, and I only found **To be honest, my rewrite version of ipfw2 is nothing special but it runs on this great system. So **please make me a joker in front of all these big bosses. * *Compare to the ipfw in FreeBSD, there are few differences. not a big deal.* *1. modular* *2. lock-less* *3. old version* *Regards,* *Bycn82* On Mon, Dec 15, 2014 at 4:34 PM, Sato Kentney satokent...@gmail.com wrote: hi ok. i will test it. but he said it is faster 2014-12-15 15:26 GMT+08:00 Luigi Rizzo ri...@iet.unipi.it: On Mon, Dec 15, 2014 at 7:49 AM, Sato Kentney satokent...@gmail.com wrote: hi, his ipfw2 is ok for test now. http://www.dragonflydigest.com/2014/12/11/15220.html i meet some problem in testing so asking qesstion in drafonflybsd's email list. and i want to know is it correct that the ipfw2 is faster than ipfw in freebsd? it is what he said. i don't think he ever said that, and in any case the code seems to be taken straight from the 2002 freebsd version so i highly doubt there is any speed difference (let alone a measurable one with packets going through the kernel stack; to see an actual performance difference you'd need to run the code through netmap or some high speed framework) see http://code.google.com/p/netmap-ipfw/ cheers luigi sure i will test it by myself. thanks On 25 November 2014 at 09:17, bycn82 byc...@gmail.com wrote: *that ipfw2 means ipfw too, because it is originally from FreeBSD and totally not new create things, IMHO* *BTW Sato, I think the in-kernel NAT is almost there, I tested the basic NAT and it works in my lab environment.* On Tue, Nov 18, 2014 at 9:38 AM, Sato Kentney satokent...@gmail.com wrote: i agree, i am not good in english as networking administor from Tokyo. but when i read the page, i see that the main idea is so call modular design and there is a long way to catch up the freebsd's ipfw anyway, i dont think it can compare to freebsd's ipfw, as Smith said their ipfw is the version without in-kernel NAT and tables .all these important features On Mon, Nov 17, 2014 at 5:07 PM, Ian Smith smi...@nimnet.asn.au wrote: On Mon, 17 Nov 2014 15:48:13 +0800, Sato Kentney wrote: I saw a email in dragonflybsd email list, someone is doing this! http://www.dragonflybsd.org/docs/ipfw2/ We've had 'ipfw2' for a very long while. I couldn't help wondering why DF wouldn't just import our many years of development and experience rather than using bycn82's 'rewrite'? .. but DF already has ipfw2: http://leaf.dragonflybsd.org/cgi/web-man?command=ipfwsection=ANY man page dated October 2008. Before tables, in-kernel NAT, later dummynet updates and no doubt more. So why not start from there? cheers, Ian -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- -+--- Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/. Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -+--- -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: dragonflybsd's ipfw
*So **please DON'T make me a joker in front of all these big bosses. * On Mon, Dec 15, 2014 at 8:10 PM, bycn82 byc...@gmail.com wrote: *Hi Sato,* *I am also in this email list, If you have any question, You can ask,I just double checked whether I made mistake or not, and I only found **To be honest, my rewrite version of ipfw2 is nothing special but it runs on this great system. So **please make me a joker in front of all these big bosses. * *Compare to the ipfw in FreeBSD, there are few differences. not a big deal.* *1. modular* *2. lock-less* *3. old version* *Regards,* *Bycn82* On Mon, Dec 15, 2014 at 4:34 PM, Sato Kentney satokent...@gmail.com wrote: hi ok. i will test it. but he said it is faster 2014-12-15 15:26 GMT+08:00 Luigi Rizzo ri...@iet.unipi.it: On Mon, Dec 15, 2014 at 7:49 AM, Sato Kentney satokent...@gmail.com wrote: hi, his ipfw2 is ok for test now. http://www.dragonflydigest.com/2014/12/11/15220.html i meet some problem in testing so asking qesstion in drafonflybsd's email list. and i want to know is it correct that the ipfw2 is faster than ipfw in freebsd? it is what he said. i don't think he ever said that, and in any case the code seems to be taken straight from the 2002 freebsd version so i highly doubt there is any speed difference (let alone a measurable one with packets going through the kernel stack; to see an actual performance difference you'd need to run the code through netmap or some high speed framework) see http://code.google.com/p/netmap-ipfw/ cheers luigi sure i will test it by myself. thanks On 25 November 2014 at 09:17, bycn82 byc...@gmail.com wrote: *that ipfw2 means ipfw too, because it is originally from FreeBSD and totally not new create things, IMHO* *BTW Sato, I think the in-kernel NAT is almost there, I tested the basic NAT and it works in my lab environment.* On Tue, Nov 18, 2014 at 9:38 AM, Sato Kentney satokent...@gmail.com wrote: i agree, i am not good in english as networking administor from Tokyo. but when i read the page, i see that the main idea is so call modular design and there is a long way to catch up the freebsd's ipfw anyway, i dont think it can compare to freebsd's ipfw, as Smith said their ipfw is the version without in-kernel NAT and tables .all these important features On Mon, Nov 17, 2014 at 5:07 PM, Ian Smith smi...@nimnet.asn.au wrote: On Mon, 17 Nov 2014 15:48:13 +0800, Sato Kentney wrote: I saw a email in dragonflybsd email list, someone is doing this! http://www.dragonflybsd.org/docs/ipfw2/ We've had 'ipfw2' for a very long while. I couldn't help wondering why DF wouldn't just import our many years of development and experience rather than using bycn82's 'rewrite'? .. but DF already has ipfw2: http://leaf.dragonflybsd.org/cgi/web-man?command=ipfwsection=ANY man page dated October 2008. Before tables, in-kernel NAT, later dummynet updates and no doubt more. So why not start from there? cheers, Ian -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- -+--- Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/. Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -+--- -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: dragonflybsd's ipfw
On Mon, Dec 15, 2014, at 06:11, bycn82 wrote: *So **please DON'T make me a joker in front of all these big bosses. * Don't worry. Your work is interesting and I encourage you to keep on hacking. Nobody is interested in making a fool out of anyone. If you come to any new conclusions please share your data. Thanks and have fun! ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: dragonflybsd's ipfw
hi, his ipfw2 is ok for test now. http://www.dragonflydigest.com/2014/12/11/15220.html i meet some problem in testing so asking qesstion in drafonflybsd's email list. and i want to know is it correct that the ipfw2 is faster than ipfw in freebsd? it is what he said. sure i will test it by myself. thanks On 25 November 2014 at 09:17, bycn82 byc...@gmail.com wrote: *that ipfw2 means ipfw too, because it is originally from FreeBSD and totally not new create things, IMHO* *BTW Sato, I think the in-kernel NAT is almost there, I tested the basic NAT and it works in my lab environment.* On Tue, Nov 18, 2014 at 9:38 AM, Sato Kentney satokent...@gmail.com wrote: i agree, i am not good in english as networking administor from Tokyo. but when i read the page, i see that the main idea is so call modular design and there is a long way to catch up the freebsd's ipfw anyway, i dont think it can compare to freebsd's ipfw, as Smith said their ipfw is the version without in-kernel NAT and tables .all these important features On Mon, Nov 17, 2014 at 5:07 PM, Ian Smith smi...@nimnet.asn.au wrote: On Mon, 17 Nov 2014 15:48:13 +0800, Sato Kentney wrote: I saw a email in dragonflybsd email list, someone is doing this! http://www.dragonflybsd.org/docs/ipfw2/ We've had 'ipfw2' for a very long while. I couldn't help wondering why DF wouldn't just import our many years of development and experience rather than using bycn82's 'rewrite'? .. but DF already has ipfw2: http://leaf.dragonflybsd.org/cgi/web-man?command=ipfwsection=ANY man page dated October 2008. Before tables, in-kernel NAT, later dummynet updates and no doubt more. So why not start from there? cheers, Ian -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: dragonflybsd's ipfw
On Mon, Dec 15, 2014 at 7:49 AM, Sato Kentney satokent...@gmail.com wrote: hi, his ipfw2 is ok for test now. http://www.dragonflydigest.com/2014/12/11/15220.html i meet some problem in testing so asking qesstion in drafonflybsd's email list. and i want to know is it correct that the ipfw2 is faster than ipfw in freebsd? it is what he said. i don't think he ever said that, and in any case the code seems to be taken straight from the 2002 freebsd version so i highly doubt there is any speed difference (let alone a measurable one with packets going through the kernel stack; to see an actual performance difference you'd need to run the code through netmap or some high speed framework) see http://code.google.com/p/netmap-ipfw/ cheers luigi sure i will test it by myself. thanks On 25 November 2014 at 09:17, bycn82 byc...@gmail.com wrote: *that ipfw2 means ipfw too, because it is originally from FreeBSD and totally not new create things, IMHO* *BTW Sato, I think the in-kernel NAT is almost there, I tested the basic NAT and it works in my lab environment.* On Tue, Nov 18, 2014 at 9:38 AM, Sato Kentney satokent...@gmail.com wrote: i agree, i am not good in english as networking administor from Tokyo. but when i read the page, i see that the main idea is so call modular design and there is a long way to catch up the freebsd's ipfw anyway, i dont think it can compare to freebsd's ipfw, as Smith said their ipfw is the version without in-kernel NAT and tables .all these important features On Mon, Nov 17, 2014 at 5:07 PM, Ian Smith smi...@nimnet.asn.au wrote: On Mon, 17 Nov 2014 15:48:13 +0800, Sato Kentney wrote: I saw a email in dragonflybsd email list, someone is doing this! http://www.dragonflybsd.org/docs/ipfw2/ We've had 'ipfw2' for a very long while. I couldn't help wondering why DF wouldn't just import our many years of development and experience rather than using bycn82's 'rewrite'? .. but DF already has ipfw2: http://leaf.dragonflybsd.org/cgi/web-man?command=ipfwsection=ANY man page dated October 2008. Before tables, in-kernel NAT, later dummynet updates and no doubt more. So why not start from there? cheers, Ian -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org -- -+--- Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/. Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -+--- ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: dragonflybsd's ipfw
*that ipfw2 means ipfw too, because it is originally from FreeBSD and totally not new create things, IMHO* *BTW Sato, I think the in-kernel NAT is almost there, I tested the basic NAT and it works in my lab environment.* On Tue, Nov 18, 2014 at 9:38 AM, Sato Kentney satokent...@gmail.com wrote: i agree, i am not good in english as networking administor from Tokyo. but when i read the page, i see that the main idea is so call modular design and there is a long way to catch up the freebsd's ipfw anyway, i dont think it can compare to freebsd's ipfw, as Smith said their ipfw is the version without in-kernel NAT and tables .all these important features On Mon, Nov 17, 2014 at 5:07 PM, Ian Smith smi...@nimnet.asn.au wrote: On Mon, 17 Nov 2014 15:48:13 +0800, Sato Kentney wrote: I saw a email in dragonflybsd email list, someone is doing this! http://www.dragonflybsd.org/docs/ipfw2/ We've had 'ipfw2' for a very long while. I couldn't help wondering why DF wouldn't just import our many years of development and experience rather than using bycn82's 'rewrite'? .. but DF already has ipfw2: http://leaf.dragonflybsd.org/cgi/web-man?command=ipfwsection=ANY man page dated October 2008. Before tables, in-kernel NAT, later dummynet updates and no doubt more. So why not start from there? cheers, Ian -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
dragonflybsd's ipfw
I saw a email in dragonflybsd email list, someone is doing this! http://www.dragonflybsd.org/docs/ipfw2/ -- ありがとう 佐藤柯德 Sato K. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
