From owner-freebsd-net@FreeBSD.ORG Tue Jan 25 19:38:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CBC116A4CE; Tue, 25 Jan 2005 19:38:11 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F3E043D53; Tue, 25 Jan 2005 19:38:11 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 036077A403; Tue, 25 Jan 2005 11:38:11 -0800 (PST) Message-ID: <41F6A022.5060708@elischer.org> Date: Tue, 25 Jan 2005 11:38:10 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Gleb Smirnoff References: <20050124100717.GA47663@cell.sick.ru> <41F5FED1.B6EFD246@freebsd.org> <20050125082136.GC57248@cell.sick.ru> In-Reply-To: <20050125082136.GC57248@cell.sick.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit cc: brooks@freebsd.org cc: Andre Oppermann cc: net@freebsd.org Subject: Re: [TEST/REVIEW #2] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 19:38:11 -0000 Gleb Smirnoff wrote: >On Tue, Jan 25, 2005 at 09:09:53AM +0100, Andre Oppermann wrote: >A> Style-wise there is only the space after "(void )..." in ip_fw_pfil.c >A> for the ng_tee case which is too much. > >Ok. > >A> I don't like the arbitrary back-passing of errors from ng_ipfw. I'm >A> fine with EACCES, ENOMEM and ESRCH (if hook not connected) but nothing >A> else. Getting back any other error is very confusing and non-intuitive >A> when looking at the error of an application having packets sunk there. > >So you want "return (0)" at end of ng_ipfw_input()? My vote is against. >Julian, Brooks? > I don't think that errors should be "sometimes". we all expect udp to silently discard packets.. and queued data can not return status.. If you want to return the fact that a queue is full somewhere, then we have messages for that. > >A> Why don't you prepend the m_tag within ip_fw2.c as altq and divert are >A> doing it? Dummynet should do the same to get it consistent again. > >Not sure that this is good. These tags are foreign to ipfw, they belong >to other facilities. > I have no comment > >A> Just to confirm it, NG_SEND_DATA_ONLY() queues the packet unconditionally >A> to unwind the stack? > >No. The stack will be unwinded when packet travels thru netgraph and returned >back to ng_ipfw node. A new ISR will start with ng_ipfw_rcvdata(). This mode >is configured in ng_ipfw_connect(). > > >