From owner-freebsd-net@FreeBSD.ORG Sun Apr 6 10:57:44 2014 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C198DD4D for ; Sun, 6 Apr 2014 10:57:44 +0000 (UTC) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DA5114C for ; Sun, 6 Apr 2014 10:57:43 +0000 (UTC) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221]) by hz.grosbein.net (8.14.7/8.14.7) with ESMTP id s36AvKYc082262 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 6 Apr 2014 12:57:25 +0200 (CEST) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: net@freebsd.org Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id s36AvEFr064633; Sun, 6 Apr 2014 17:57:15 +0700 (NOVT) (envelope-from eugen@grosbein.net) Message-ID: <5341330A.70603@grosbein.net> Date: Sun, 06 Apr 2014 17:57:14 +0700 From: Eugene Grosbein User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130415 Thunderbird/17.0.5 MIME-Version: 1.0 To: Brett Glass Subject: Re: IPFW and VLANs References: <201404060226.UAA10958@mail.lariat.net> In-Reply-To: <201404060226.UAA10958@mail.lariat.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM autolearn=no version=3.3.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net Cc: net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Apr 2014 10:57:44 -0000 On 06.04.2014 09:26, Brett Glass wrote: > I added a few more rules, with "recv" and "xmit" options, and > checked the counts again after zeroing them and letting the router > run for a bit: > > 00001 20591 8769298 count ip from any to any layer2 via re0_1 > 00002 18715 8725085 count ip from any to any layer2 via re0 > 00003 0 0 count ip from any to any not layer2 via re0 > 00004 18715 8725085 count ip from any to any layer2 recv re0 > 00005 18715 8725085 count ip from any to any layer2 xmit re0 > 00006 12746 1324342 count ip from any to any layer2 recv re0_1 > 00007 20592 8770798 count ip from any to any layer2 xmit re0_1 > > Maybe I am missing something (as I often do), but this seems just plain wrong. > > What gives? Help in interpreting these results would be much appreciated. You should use "in recv" and "out xmit" instead of just recv/xmit as routed packet will match BOTH of "recv $in_if" and "xmit $out_if".