Re: [TEST/REVIEW #2] ng_ipfw: node to glue together ipfw(4) and netgraph(4)

• Previous message: Brian Reichert: "Re: public ip address behind nat"
• In reply to: Gleb Smirnoff: "Re: [TEST/REVIEW #2] ng_ipfw: node to glue together ipfw(4) and netgraph(4)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 25 Jan 2005 11:38:10 -0800
To: Gleb Smirnoff <glebius@freebsd.org>

Gleb Smirnoff wrote:

>On Tue, Jan 25, 2005 at 09:09:53AM +0100, Andre Oppermann wrote:
>A> Style-wise there is only the space after "(void )..." in ip_fw_pfil.c
>A> for the ng_tee case which is too much.
>
>Ok.
>
>A> I don't like the arbitrary back-passing of errors from ng_ipfw. I'm
>A> fine with EACCES, ENOMEM and ESRCH (if hook not connected) but nothing
>A> else. Getting back any other error is very confusing and non-intuitive
>A> when looking at the error of an application having packets sunk there.
>
>So you want "return (0)" at end of ng_ipfw_input()? My vote is against.
>Julian, Brooks?
>

I don't think that errors should be "sometimes".
we all expect udp to silently discard packets..
and queued data can not return status..
If you want to return the fact that a queue is full somewhere,
 then we have messages for that.

>
>A> Why don't you prepend the m_tag within ip_fw2.c as altq and divert are
>A> doing it? Dummynet should do the same to get it consistent again.
>
>Not sure that this is good. These tags are foreign to ipfw, they belong
>to other facilities.
>

I have no comment

>
>A> Just to confirm it, NG_SEND_DATA_ONLY() queues the packet unconditionally
>A> to unwind the stack?
>
>No. The stack will be unwinded when packet travels thru netgraph and returned
>back to ng_ipfw node. A new ISR will start with ng_ipfw_rcvdata(). This mode
>is configured in ng_ipfw_connect().
>
>
>

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Brian Reichert: "Re: public ip address behind nat"
• In reply to: Gleb Smirnoff: "Re: [TEST/REVIEW #2] ng_ipfw: node to glue together ipfw(4) and netgraph(4)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: syslog server, RH ES 4, large amounts of UDP loss. please help ... 26 packets to unknown port received. ... Below I see no recieve errors, but netstat reports recieve ... stats are only looking at the Ethernet level errors in the stack. ... the higher levels on the receiving system stack are tripping over themselves. ... (comp.os.linux.networking) Re: Selecting optimum block sizes for data transmission ... socket up with data until it either tells you you can't send any more ... Once you've make a call to send data, the TCP/IP stack does a huge ... Maintains a congestion window to limit data flow in the face of long ... Attempts to avoid wasteful sends of very small packets, ... (comp.lang.pascal.delphi.misc) [fw-wiz] dirty packet tricks? ... I'm a bit out of date on the latest/greatest dirty packet-flogging ... things in BSD firewalls by whacking the code in the IP stack so that ... I was thinking of using bpf to vacuum up packets into user space ... The other alternative appears to be to just do user-mode TCP by ... (Firewall-Wizards) Re: virtual END and ARP processing ... I added a "snarf protocol". ... to reach the TCP/IP stack, while most packets was to be ... etherInputHookAdd I am presently using VxWorks 5.4 ... (comp.os.vxworks) Re: problem with NdisReturnPackets ( ) ... appear on the stack anywhere. ... > It does not happen on other vmware versions and physical NICs. ... > I use separate pools for send and receive packets. ... (microsoft.public.development.device.drivers)