Date: Fri, 2 Nov 2012 09:12:23 -0700 From: Juli Mallett <jmallett@FreeBSD.org> To: Andre Oppermann <oppermann@networx.ch> Cc: "freebsd-net@freebsd.org" <net@freebsd.org> Subject: Re: splitting m_flags to pkthdr.flags + m_flags Message-ID: <CACVs6=-bLcYAHjzByBWcC0i-=4xurpFAMBBE=CNiSJOiT=hhzw@mail.gmail.com> In-Reply-To: <5093C29A.4020902@networx.ch> References: <20121102123817.GP70741@FreeBSD.org> <5093C29A.4020902@networx.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 2, 2012 at 5:54 AM, Andre Oppermann <oppermann@networx.ch>wrote: > On 02.11.2012 13:38, Gleb Smirnoff wrote: > >> #define M_SKIP_FIREWALL 0x00004000 /* skip firewall processing */ >> > > This one should become an M_PROTO overlay. It is only relevant within > a protocol layer. No, like M_PROMISC it needs to follow packets around throughout the stack, and not conflict with anything else. My memory of the details is a bit hazy, but ipfw2 unfortunately does need the flag to not be something that could be accidentally set or cleared by another protocol layer, and the flag needs to persist. Or did 8 years ago. http://svnweb.freebsd.org/base?view=revision&revision=132274 But there was some disagreement at the time about whether ipfw2 was doing the right thing, and this behavior should be legitimized by making it actually work right: http://lists.freebsd.org/pipermail/cvs-src/2004-July/027830.html If the flag is made back into an M_PROTO (or, even better, removed) then it would be best to verify that it does not need to persist, it is okay if the flag is set by a different protocol layer, etc., today. Thanks, Juli.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACVs6=-bLcYAHjzByBWcC0i-=4xurpFAMBBE=CNiSJOiT=hhzw>