Re: Efficient use of Dummynet pipes in IPFW

• Previous message: Ian Smith: "Re: Efficient use of Dummynet pipes in IPFW"
• In reply to: Brett Glass: "Re: Efficient use of Dummynet pipes in IPFW"
• Next in thread: Brett Glass: "Re: Efficient use of Dummynet pipes in IPFW"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 20 Sep 2005 09:15:04 +0200
To: Brett Glass <brett@lariat.org>

Hi Brett, Luigi, all,

> >original
> >
> > ipfw add 1000 dosomething cond1 cond2 cond3 cond4 cond5 ... condN
> >
> >negated:
> >
> > ipfw add 1000 skipto 1001 cond1 cond2 cond3 cond4 cond5 ... condN
> > ipfw add 1000 dosomething
>
> This doesn't work, because you must transform cond1 && cond2 && cond3...
> into multiple rules that implement ~(cond1 || cond2 || cond3...). So,
> you'd need do do the following:
>
> ipfw add 1000 skipto 1001 not cond1
> ipfw add 1000 skipto 1001 not cond2
> ... (N rules total)
> ipfw add 1000 skipto 1001 not condN
> ipfw add 1000 dosomething
> ipfw add 1000 skipto 5000 // Where to resume on success
> ipfw add 1001

I tend to agree with Luigi now. I didn't realize this before, but
let's apply De Morgan's theorem. Each condition is identified as
a small letter "a", "b", "c". "/a" means "not a" and the "." operator
is AND, while the "+" operator is OR.

The above "original" rule is therefore : a.b.c
The above "negated" rule is obviously : /(a.b.c)

With your ruleset may be summed up as : /a+/b+/c

Which is the same as the "negated" rule in regard to De Morgan's theorem.

Do you agree with this ?

Regards,

-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Ian Smith: "Re: Efficient use of Dummynet pipes in IPFW"
• In reply to: Brett Glass: "Re: Efficient use of Dummynet pipes in IPFW"
• Next in thread: Brett Glass: "Re: Efficient use of Dummynet pipes in IPFW"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Efficient use of Dummynet pipes in IPFW ... > opcode language of IPFW is low level for sure. ... but this is just syntactic sugar and I can't ... Jeremie Le Hen ... < jeremie at le-hen dot org>< ttz at chchile dot org> ... (freebsd-net) Re: Stranges with ARP ... I'm just wondering why you don't want to use ipfw? ... > Remember the multicast bit of 802.11? ... Jeremie Le Hen ... < jeremie at le-hen dot org>< ttz at chchile dot org> ... (freebsd-net) Re: IPFW+DUMMYNET UPLOAD PROBLEM ... % ipfw show 600 601 ... Regards, ... Jeremie Le Hen ... < jeremie at le-hen dot org>< ttz at chchile dot org> ... (freebsd-hackers) Re: IPFW+DUMMYNET UPLOAD PROBLEM ... % ipfw show 600 601 ... Regards, ... Jeremie Le Hen ... < jeremie at le-hen dot org>< ttz at chchile dot org> ... (freebsd-net) Re: packet order, ipf or ipfw ... On Thu, 29 Jul 2004, Jeremie Le Hen wrote: ... >> feature. ... >> So, what is the order, if I'm running ipf AND ipfw at the same time? ... the patch in the above PR changes it to: ... (freebsd-net)