Date: Sun, 13 Jul 1997 18:41:46 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: archie@whistle.com (Archie Cobbs) Cc: julian@whistle.com, archie@whistle.com, owensc@enc.edu, freebsd-hackers@FreeBSD.ORG, ari.suutari@ps.carel.fi Subject: Re: ipfw rules processing order when DIVERTing Message-ID: <199707130852.BAA11658@hub.freebsd.org> In-Reply-To: <199707102329.QAA04387@bubba.whistle.com> from "Archie Cobbs" at Jul 10, 97 04:29:50 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Archie Cobbs, sie said: > Yes! ``It could start processing at the next higher number.'' > I agree with that :-) > > The problem is that when the packet returns to the kernel from > user-land, that bit of state that says "this packet has already > seen rules 1-2000 (or whatever)" is lost, and you can't retrieve > it. The only way to do this would be for the user-land process > to send back some additional info that says "skip to rule 2000". > > Doable, but .. not very pretty? what if the packet is changed enough to make the outcome of starting at N+1 different to starting at 1 ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707130852.BAA11658>