Date: Sat, 1 Oct 2016 12:38:26 +0200 From: Franco Fichtner <franco@lastsummer.de> To: freebsd-ipfw@freebsd.org Subject: ipfw forward in cooperative mode with pf Message-ID: <32FC1AF7-CE44-4A20-8EA1-ED22CBDADD0B@lastsummer.de>
next in thread | raw e-mail | index | archive | help
Hi, I'm working on making pf and ipfw work more closely together in the pfil hooks. This requires pf making use of the PACKET_TAG_IPFOWARD as a second caller, but ipfw code needs to be tightened slightly in order to make it cooperative: https://reviews.freebsd.org/D8109 The grand scheme of things is that using pf -> ipfw in the pfil in hook makes pf blackhole packets when using route-to and friends, because pf skips ahead to if_output with code copied from ip_output(). The packets never arrive in ipfw, where they can't be forwarded (or even dropped). I don't have a reviewer / committer for this at the moment, so all help and questions are welcome. Cheers, Franco
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32FC1AF7-CE44-4A20-8EA1-ED22CBDADD0B>