From owner-freebsd-net@FreeBSD.ORG Fri Nov 2 16:12:44 2012 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C6140F8C for ; Fri, 2 Nov 2012 16:12:44 +0000 (UTC) (envelope-from juli@clockworksquid.com) Received: from mail-yh0-f54.google.com (mail-yh0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 77B1B8FC0C for ; Fri, 2 Nov 2012 16:12:44 +0000 (UTC) Received: by mail-yh0-f54.google.com with SMTP id s35so680468yhf.13 for ; Fri, 02 Nov 2012 09:12:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=xkRW820isXpjmLfYcnCgDeqQidXRoxCobaZ3+JEaEy8=; b=Rveg4T/LieFekEROGkkv0em2/nsb/amdD23Nh+kow/QfajL4BJRD+U5mBSyVy5dedF vhBCvZDwQqvGcbiwOYdYBQ/kKMAn8Apsk+DrAUWcJ+ZBCl+r6qKC2Txg+OO8eaKm+m4g UWlcUhvOQuaPkrZTTEOXE0f4GBKVcV0N0vKNjz8LHXZWjvsIhAY0tymqWSMUeu/wvfj5 rqcUPrudW2AZqFy9Dd/bHqiexImdYpu5nYdleap3a7lU3EG1srh+uBmfogYsxt9qJFtB SlnFr44AmpLmldZbFzNwrDx8A0XJVxltnUxDPJi9oyf3dtqSAlH9WmjH6an7UcGJ7LQx +eog== Received: by 10.236.86.43 with SMTP id v31mr2129177yhe.62.1351872763642; Fri, 02 Nov 2012 09:12:43 -0700 (PDT) MIME-Version: 1.0 Sender: juli@clockworksquid.com Received: by 10.146.227.39 with HTTP; Fri, 2 Nov 2012 09:12:23 -0700 (PDT) In-Reply-To: <5093C29A.4020902@networx.ch> References: <20121102123817.GP70741@FreeBSD.org> <5093C29A.4020902@networx.ch> From: Juli Mallett Date: Fri, 2 Nov 2012 09:12:23 -0700 X-Google-Sender-Auth: gSdmiIz9NzzmXF2h8uNKozgwPRs Message-ID: Subject: Re: splitting m_flags to pkthdr.flags + m_flags To: Andre Oppermann X-Gm-Message-State: ALoCoQnN18oC1qo/YhkDEzlEJAxR5TiG7BFFqXBXNG3Ebq+6bTBOypViDKryQKsHmSc0KbSd3mth Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Nov 2012 16:12:44 -0000 On Fri, Nov 2, 2012 at 5:54 AM, Andre Oppermann wrote: > On 02.11.2012 13:38, Gleb Smirnoff wrote: > >> #define M_SKIP_FIREWALL 0x00004000 /* skip firewall processing */ >> > > This one should become an M_PROTO overlay. It is only relevant within > a protocol layer. No, like M_PROMISC it needs to follow packets around throughout the stack, and not conflict with anything else. My memory of the details is a bit hazy, but ipfw2 unfortunately does need the flag to not be something that could be accidentally set or cleared by another protocol layer, and the flag needs to persist. Or did 8 years ago. http://svnweb.freebsd.org/base?view=revision&revision=132274 But there was some disagreement at the time about whether ipfw2 was doing the right thing, and this behavior should be legitimized by making it actually work right: http://lists.freebsd.org/pipermail/cvs-src/2004-July/027830.html If the flag is made back into an M_PROTO (or, even better, removed) then it would be best to verify that it does not need to persist, it is okay if the flag is set by a different protocol layer, etc., today. Thanks, Juli.