From owner-freebsd-net@FreeBSD.ORG Tue Jan 25 08:29:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78D5816A4CF for ; Tue, 25 Jan 2005 08:29:49 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52DDE43D31 for ; Tue, 25 Jan 2005 08:29:48 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 82704 invoked from network); 25 Jan 2005 08:11:06 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 25 Jan 2005 08:11:06 -0000 Message-ID: <41F6037E.3C7F6364@freebsd.org> Date: Tue, 25 Jan 2005 09:29:50 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20050124100717.GA47663@cell.sick.ru> <41F5FED1.B6EFD246@freebsd.org> <20050125082136.GC57248@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: brooks@freebsd.org cc: net@freebsd.org Subject: Re: [TEST/REVIEW #2] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 08:29:49 -0000 Gleb Smirnoff wrote: > > On Tue, Jan 25, 2005 at 09:09:53AM +0100, Andre Oppermann wrote: > A> I don't like the arbitrary back-passing of errors from ng_ipfw. I'm > A> fine with EACCES, ENOMEM and ESRCH (if hook not connected) but nothing > A> else. Getting back any other error is very confusing and non-intuitive > A> when looking at the error of an application having packets sunk there. > > So you want "return (0)" at end of ng_ipfw_input()? My vote is against. > Julian, Brooks? No, I want only get EACCES, ENOMEM or ESRCH back and nothing else. I didn't I want only "return (0)". > A> Why don't you prepend the m_tag within ip_fw2.c as altq and divert are > A> doing it? Dummynet should do the same to get it consistent again. > > Not sure that this is good. These tags are foreign to ipfw, they belong > to other facilities. I guess ng_ipfw is pretty much specific to ipfw, no? > A> Just to confirm it, NG_SEND_DATA_ONLY() queues the packet unconditionally > A> to unwind the stack? > > No. The stack will be unwinded when packet travels thru netgraph and returned > back to ng_ipfw node. A new ISR will start with ng_ipfw_rcvdata(). This mode > is configured in ng_ipfw_connect(). What if the packet doesn't make its way back to ng_ipfw? I can imagine a lot of configurations where this may happen (intential). The problem comes back again and is much less obvious if the stack breaks. I'm out now until tomorrow afternoon. -- Andre