From owner-freebsd-net@FreeBSD.ORG Wed Jun 22 16:19:56 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BF4E16A41C for ; Wed, 22 Jun 2005 16:19:56 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from fep18.inet.fi (fep18.inet.fi [194.251.242.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FE6843D1D for ; Wed, 22 Jun 2005 16:19:55 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from mato.suutari.iki.fi ([80.222.160.17]) by fep18.inet.fi with ESMTP id <20050622161954.FIZV1870.fep18.inet.fi@mato.suutari.iki.fi>; Wed, 22 Jun 2005 19:19:54 +0300 Received: from [192.168.53.140] (orava.suutari.iki.fi [192.168.53.140]) by mato.suutari.iki.fi (8.13.3/8.13.3) with ESMTP id j5MGJoRl061304; Wed, 22 Jun 2005 19:19:53 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Received: from 127.0.0.1 (AVG SMTP 7.0.323 [267.7.10]); Wed, 22 Jun 2005 19:19:44 +0300 Message-ID: <42B98FA0.3030805@suutari.iki.fi> Date: Wed, 22 Jun 2005 19:19:44 +0300 From: Ari Suutari User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en To: Luigi Rizzo References: <42B7B352.8040806@suutari.iki.fi> <20050621170649.B82876@xorpc.icir.org> <42B94023.3090202@suutari.iki.fi> <20050622053307.B90964@xorpc.icir.org> In-Reply-To: <20050622053307.B90964@xorpc.icir.org> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=ISO-8859-1; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (mato.suutari.iki.fi [192.168.53.129]); Wed, 22 Jun 2005 19:19:53 +0300 (EEST) Cc: freebsd-net@freebsd.org Subject: Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jun 2005 16:19:56 -0000 > yes i think you should reuse the tag, just add a new opcode so that > the action is attach the mtag to the mbuf if not there yet > (maybe override its content if you believe you could match multiple rules of > this type) and then continue processing as in a 'count' action. Differences to "ipfw fwd" seem to be minimal. Maybe a sysctl which changes fwd rule behaviour so that it can either work as before or similar to 'count' action would be better solution ? This would be similar to net.inet.ip.fw.one_pass. (I'm not very actively pushing to sysctl solution, I would just like to find out best approach before starting actual coding) Ari S. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 21.6.2005