[patch] ipfw packet tagging

Luigi Rizzo rizzo at icir.org
Fri May 12 13:53:31 UTC 2006


On Fri, May 12, 2006 at 10:32:22AM -0300, Patrick Tracanelli wrote:
> Vadim Goncharov wrote:
> > Hi, All!
> > 
> > I've tried Andrey Elsukov's ipfw "tag/tagged" patches from:
> > http://butcher.heavennet.ru/patches/kernel/ipfw_tags/
> > 
> > Tested on 5.5-PRERELEASE production server with moderate
> > load - rock stable [I've also looked through the code - patch
> > is small, so it simply can't be any bugs there ;)].
> > 
> > Personally I very like the idea from original Andrey's letter
> 
> I have tested on 6.1 and works fine too.
> 
> Hope it gets commited. Very useful for altq/dummynet flexibility too.

i would, however, like to have a bit more documentation in the patch,
in particular:

- a manpage patch describing how to use the thing, and also the
  behaviour in in odd situations (e.g. what happens when we try to tag
  a packet multiple times ? does the tag survive between the 'input'
  and 'output' path of ipfw for routed packets, etc ?).
  I can look this up in the code, but the average user cannot,
  and the patch does not contain a single line of comment,
  plus we generally want to have some textual description of the
  behaviour (so we can RTFM), not just an implementation
  without comments.

- more comments in the code, per the above.

cheers
luigi


More information about the freebsd-ipfw mailing list