From owner-freebsd-net@FreeBSD.ORG Wed Oct 7 16:42:33 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B92E10656A5; Wed, 7 Oct 2009 16:42:33 +0000 (UTC) (envelope-from rihad@mail.ru) Received: from mx75.mail.ru (mx75.mail.ru [94.100.176.90]) by mx1.freebsd.org (Postfix) with ESMTP id 15B0F8FC17; Wed, 7 Oct 2009 16:42:32 +0000 (UTC) Received: from [217.25.27.27] (port=42561 helo=[217.25.27.27]) by mx75.mail.ru with asmtp id 1MvZax-0008MC-00; Wed, 07 Oct 2009 20:42:31 +0400 Message-ID: <4ACCC4F3.3030302@mail.ru> Date: Wed, 07 Oct 2009 21:42:27 +0500 From: rihad User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090706) MIME-Version: 1.0 To: Julian Elischer References: <4AC8A76B.3050502@mail.ru> <20091007085902.GA88982@lath.rinet.ru> <4ACC5E23.8090405@mail.ru> <20091007100503.GB88982@lath.rinet.ru> <4ACC6A7B.5050808@mail.ru> <20091007104525.GC88982@lath.rinet.ru> <4ACC7308.6070301@mail.ru> <4ACCC30E.7080504@elischer.org> In-Reply-To: <4ACCC30E.7080504@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Mras: Ok Cc: freebsd-net@freebsd.org, Oleg Bulyzhin Subject: Re: dummynet dropping too many packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 16:42:33 -0000 Julian Elischer wrote: > rihad wrote: >> Oleg Bulyzhin wrote: > >> You probably have some special sources of documentation ;-) According >> to man ipfw, both "netgraph/ngtee" and "pipe" decide the fate of the >> packet unless one_pass=0. Or do you mean sprinkling smart skiptos here >> and there? ;-) >> > > ngtee should not have any affect on the packet.. it takes a copy.. > That's a logical conclusion, although I prefer trusting the man at hand (pun intended) if I haven't tested it myself to see how it works: ngtee cookie A copy of packet is diverted into netgraph, original packet is either accepted or continues with the next rule, depending on net.inet.ip.fw.one_pass sysctl variable. See ng_ipfw(4) for more information on netgraph and ngtee actions. Although... I've a question to Mr. Oleg: > 2) use 'tee' rule with ng_ksocket & ng_netflow tee port Send a copy of packets matching this rule to the divert(4) socket bound to port port. The search continues with the next rule. how is it different from one_pass=0? Both tee and ngtee w/ one_pass=0 continue with the next rule.