Date: Sun, 13 Jul 1997 18:24:14 -0700 From: Julian Elischer <julian@whistle.com> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: Archie Cobbs <archie@whistle.com>, owensc@enc.edu, freebsd-hackers@FreeBSD.ORG, ari.suutari@ps.carel.fi Subject: Re: ipfw rules processing order when DIVERTing Message-ID: <33C97FBE.41C67EA6@whistle.com> References: <199707130852.BAA26310@gatekeeper.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote: > > In some mail from Archie Cobbs, sie said: > > Yes! ``It could start processing at the next higher number.'' > > I agree with that :-) > > > > The problem is that when the packet returns to the kernel from > > user-land, that bit of state that says "this packet has already > > seen rules 1-2000 (or whatever)" is lost, and you can't retrieve > > it. The only way to do this would be for the user-land process > > to send back some additional info that says "skip to rule 2000". > > > > Doable, but .. not very pretty? > > what if the packet is changed enough to make the outcome of starting at > N+1 different to starting at 1 ? As I said earlier, this is the main argument FOR keeping it as it is... the new semantic however would allow this decision to be taken by the diverting program. If it feeds it back with the received line number processing carries on where it left off. if it sets it to 0 processing restarts at the beginning... it would be easier to set up "cascades" of processes where you could chain theoutput of one to another.. I'd also like to see the 'only forwards' rule with 'skipto' removed.. and some sort of 'subroutine' capability. :) julian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33C97FBE.41C67EA6>