Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)
From: Luigi Rizzo (rizzo_at_icir.org)
Date: 06/22/05
- Previous message: Ari Suutari: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- In reply to: Ari Suutari: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Next in thread: Jeremie Le Hen: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Reply: Jeremie Le Hen: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Reply: Ari Suutari: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 22 Jun 2005 09:24:52 -0700 To: Ari Suutari <ari@suutari.iki.fi>
On Wed, Jun 22, 2005 at 07:19:44PM +0300, Ari Suutari wrote:
> > yes i think you should reuse the tag, just add a new opcode so that
> > the action is attach the mtag to the mbuf if not there yet
> > (maybe override its content if you believe you could match multiple rules of
> > this type) and then continue processing as in a 'count' action.
>
> Differences to "ipfw fwd" seem to be minimal. Maybe a sysctl
yes but it is a different action and you may want both types
of rules in the same ruleset, so a sysctl is out of discussion.
I really believe the "setnexthop" action is the best approach.
> which changes fwd rule behaviour so that it can either work
> as before or similar to 'count' action would be better solution ?
> This would be similar to net.inet.ip.fw.one_pass.
i admit that there is some similarity... but not 100%... :)
cheers
luigi
> (I'm not very actively pushing to sysctl solution, I would
> just like to find out best approach before starting actual
> coding)
>
> Ari S.
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 21.6.2005
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Ari Suutari: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- In reply to: Ari Suutari: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Next in thread: Jeremie Le Hen: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Reply: Jeremie Le Hen: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Reply: Ari Suutari: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
