Date: Wed, 10 Mar 2004 11:01:18 +0100 From: Max Laier <max@love2party.net> To: Ian FREISLICH <if@hetzner.co.za> Cc: current@freebsd.org Subject: Re: PATCH: ip_input.c, ip_output.c, ipfw.8 Message-ID: <20040310100118.GA4514@router.laiers.local> In-Reply-To: <E1B0zle-00039n-00@hetzner.co.za> References: <E1B0zle-00039n-00@hetzner.co.za>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Wed, Mar 10, 2004 at 11:12:46AM +0200, Ian FREISLICH wrote: > Hi > > Noted in the BUGS section of the ipfw manual page: > > Packets that match a tee rule should not be immediately accepted, but > should continue going through the rule list. This may be fixed in a > later version. > > I've needed to get a copy of packets before the firewall potentially > drops them or passes them to dummynet, but I still want the firewall > to process the packets as normal and not just accept them. > > Here's a patch to fix the bug. If all is in order, please commit > it otherwise let me know how and what I should change so that it can > be committed. It would also be nice if it can be MFC'd. First of all, please file a PR to avoid this to be forgotten/lost/etc. The diff looks okay to me from a first glance, but it needs a closer look and testing (CC'ed ipfw). As for MFC'ing: I am afraid that this is only possible (in such an easy way) since we removed MT_TAGs lately. I am not sure if that is something that will be merged. -- Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATudtXyyEoT62BG0RAm70AJ45va7+Yzmq+uCcomt/njiWiUFCFACePMFB aGIBxAEiRsTpVT00NdyVOpk= =21Dp -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040310100118.GA4514>