Date: Thu, 21 May 2015 14:05:05 -0700 From: hiren panchasara <hiren@strugglingcoder.info> To: Jason Wolfe <nitroboost@gmail.com> Cc: Ian Smith <smithi@nimnet.asn.au>, Julian Elischer <julian@freebsd.org>, freebsd-ipfw@freebsd.org Subject: Re: ipfw on just inbound and not outbound Message-ID: <20150521210505.GH95600@strugglingcoder.info> In-Reply-To: <20150521194227.GF95600@strugglingcoder.info> References: <20150414210901.GA10620@strugglingcoder.info> <552F2F82.1060506@freebsd.org> <20150416164024.B93161@sola.nimnet.asn.au> <CAAAm0r0uZbbW5mVRVsOE-ooqqTDngM9Z2dMpECihoGR9=Tn=Vg@mail.gmail.com> <20150521194227.GF95600@strugglingcoder.info>
next in thread | previous in thread | raw e-mail | index | archive | help
--y9PDtDHaFrXNoMPU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 05/21/15 at 12:42P, hiren panchasara wrote: > Getting back to this now to see if I can avoid ipfw on outgoing packets. >=20 > @@ -500,7 +507,7 @@ ipfw_hook(int onoff, int pf) > hook_func =3D (pf =3D=3D AF_LINK) ? ipfw_check_frame : ipfw_check= _packet; > =20 > (void) (onoff ? pfil_add_hook : pfil_remove_hook) > - (hook_func, NULL, PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh); > + (hook_func, NULL, PFIL_IN | PFIL_WAITOK, pfh); > =20 > return 0; > } >=20 > Should this do the right thing? I'll report back once I test this patch. I am still seeing ipfw_chk() getting called in my iperf test. Now, if I also remove PFIL_IN, i.e if I do: - (hook_func, NULL, PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh); + (hook_func, NULL, PFIL_WAITOK, pfh); I don't see ipfw_chk() getting triggered.=20 Somehow incoming traffic is affecting the outgoing traffic? I'd appreciate any inputs/thoughts. I'll keep poking at this. Cheers, Hiren --y9PDtDHaFrXNoMPU Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQF8BAEBCgBmBQJVXkiAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNEUyMEZBMUQ4Nzg4RjNGMTdFNjZGMDI4 QjkyNTBFMTU2M0VERkU1AAoJEIuSUOFWPt/lUNIH+wXc2tCLJH2dIUvNpbFo5Dtx g7e35FZEDpQSffU2QQNZjgaHZpYlknTOrc8hBpeQDnRq6h1ZEXP7RKe1GneOVSLz unCmmV82WCBn/CjKXeIxuyZ/DgbiGg3aZXkVyHYd7mpAjRKE5ITpZWIdxXkzZ3x5 bVDvUxMP1hCe+vwQnAAqvHt5h7oCZkgQFeaC5pm6xH/7AvPIlGj/3DUGcgajXRbc +P14+PeBdxwFRFMMj2+vsdSRyPXzk1Gy6OHeVHo2hAYofQw5MXKRZlo2lyr6UL+d zbKgt2g0LaNFovpyDS5NQWnK+5HcvqcTEzfUFCmSK8AJMF7eucrQqap+89f/v30= =dfX/ -----END PGP SIGNATURE----- --y9PDtDHaFrXNoMPU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150521210505.GH95600>