From owner-freebsd-hackers  Mon Apr 27 03:06:10 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA04342
          for freebsd-hackers-outgoing; Mon, 27 Apr 1998 03:06:10 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id DAA04330
          for <hackers@FreeBSD.ORG>; Mon, 27 Apr 1998 03:06:04 -0700 (PDT)
          (envelope-from luigi@labinfo.iet.unipi.it)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id KAA24696; Mon, 27 Apr 1998 10:28:35 +0200
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199804270828.KAA24696@labinfo.iet.unipi.it>
Subject: Re: RFC: IPFW/DIVERT change suggestion.
To: julian@whistle.com (Julian Elischer)
Date: Mon, 27 Apr 1998 10:28:35 +0200 (MET DST)
Cc: hackers@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.95.980427001717.21604K-100000@current1.whistle.com> from "Julian Elischer" at Apr 27, 98 00:38:00 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> When we write the DIVERT facility we made a rather foolish design decision
> and I'd like to suggest a change that would alter the semantics
> of DIVERT/IPFW to fix it..

same conclusion here...

> What can we do about this?

i think the most reasonable view of the "divert" process is to see
it as a graph where a pkt is forwarded.  So we need to associate
a set of rules to each node of the graph, and a matching rule also
needs to specify the 'destination' node where to restart processing.

So i would add a parameter to divert-like rules where you specify
the next rule to continue processing.
In a sense, this is similar to the first approach you propose, except
that the 'destination' can be interpreted as a "jump".
(there is no need to modify simple actions like allow/deny since the
decision is final.)

> would be that it might be possible to store a 'stack' for each packet
> so that we could add 'gosub' (heh) to ipfw.. (just seeing if you're
> reading)

don't like the idea of 'subroutines' very much, i doubt it would be
of much use in practice, and lot of work to implement it.

	cheers
	luigi
-----------------------------+--------------------------------------
Luigi Rizzo                  |  Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it    |  Universita' di Pisa
tel: +39-50-568533           |  via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522           |  http://www.iet.unipi.it/~luigi/
_____________________________|______________________________________

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message