From owner-freebsd-net@FreeBSD.ORG Wed Jun 22 22:15:46 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FF3016A41C for ; Wed, 22 Jun 2005 22:15:46 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 317EE43D48 for ; Wed, 22 Jun 2005 22:15:46 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id C9592317D8F; Thu, 23 Jun 2005 00:15:44 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 75386405C; Thu, 23 Jun 2005 00:15:57 +0200 (CEST) Date: Thu, 23 Jun 2005 00:15:57 +0200 From: Jeremie Le Hen To: Luigi Rizzo Message-ID: <20050622221557.GU738@obiwan.tataz.chchile.org> References: <42B7B352.8040806@suutari.iki.fi> <20050621170649.B82876@xorpc.icir.org> <42B94023.3090202@suutari.iki.fi> <20050622053307.B90964@xorpc.icir.org> <42B98FA0.3030805@suutari.iki.fi> <20050622092452.A95367@xorpc.icir.org> <20050622183400.GS738@obiwan.tataz.chchile.org> <20050622114513.A97519@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050622114513.A97519@xorpc.icir.org> User-Agent: Mutt/1.5.9i Cc: freebsd-net@freebsd.org, Jeremie Le Hen Subject: Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jun 2005 22:15:46 -0000 > i don;t understand what is the problem in defining a second action > 'setnexthop' which behaves as a nonblocking 'forward'. Implementationwise > you can share most of the code, it is just a matter of putting and > perhaps a flag in the structure that stores the nexthop depending > on the action specified on the command line. Same for printing. > > It does not break POLA and it lets you have both behaviours at > almost no cost. > > maybe net.inet.ip.fw.one_pass should not exist, but now it is > there and once again, we have to keep it for POLA. You are complely right. My wish would be to make ipfw minimalist, in other word no need to have either "setnexthop" or "tee" actions (respectively using non-blocking "forward" and "divert"). But this is pointless anyway as it would break POLA. Just for information, does this principle requires FreeBSD to keep existing option forever, or are there some scarce situations where some superfluous options could be deleted ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >