pf & clonable devices

From: Eric Masson (e-masson_at_kisoft-services.com)
Date: 01/17/05

  • Next message: Jon Simola: "ALTQ patch for if_vlan.c"
    To: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>
    Date: Mon, 17 Jan 2005 18:19:55 +0100
    
    

    Hi,

    uname -a :
    FreeBSD srvbsdnanssv.interne.kisoft-services.com 5.3-STABLE FreeBSD 5.3-STABLE #0: Tue Jan 11 11:44:56 CET 2005 emss@srvbsdnanssv.interne.kisoft-services.com:/vol0/build/usr/src/sys/K6II i386

    kldstat :
    Id Refs Address Size Name
     1 19 0xc0400000 2f6a20 kernel
     2 1 0xc06f7000 14f08 if_ppp.ko
     3 1 0xc070c000 9a88 if_xl.ko
     4 2 0xc0716000 18a44 miibus.ko
     5 1 0xc072f000 39ac ulpt.ko
     6 9 0xc0733000 1357c agp.ko
     7 1 0xc13fa000 1e000 nfsserver.ko
     8 1 0xc1429000 28000 pf.ko

    I'm back at the moment to an isdn line for internet connection, and I'm
    using pppd (kernel ppp) and an isdn TA.

    I'm using Alain Thivillon's SSLTunnel for connection to the main office
    (kernel ppp tunnel encapsulated in a SSL session)

    pppX interfaces are created on demand as pppd is started.

    So I end with a setup like this one :
    ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524
            inet 213.36.152.19 --> 212.129.4.14 netmask 0xffffff00
    ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
            inet 192.168.0.70 --> 192.168.0.15 netmask 0xffffff00

    kernel ppp doesn't seem to reuse existing pppX devices, it creates new
    ones as needed. PF rules are defined for fixed network devices, so I
    destroy pppX interfaces on ppp shutdown and let pppd recreate them as
    needed.

    In this case, I need to refresh PF by issuing :
    pfctl -F all -f /etc/pf.conf
    to get traffic passing thru newly recreated ppp0/1 interfaces.

    Is this a feature or a bug ?

    Regards

    Éric Masson

    -- 
     Tu as mille fois raison, un abonnement gratuit ce n'est pas un cadeau.
     D'ailleurs quand on a eu le beurre, l'argent et le cul de la crémière,
     à part dire des conneries, il ne reste plus grand chose à faire.
     -+- Biz in GNU : Et là, ça vaut gratuit ou ça fout la chtouille ? -+-
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
    

  • Next message: Jon Simola: "ALTQ patch for if_vlan.c"