Policy routing idea (Was: ipfw: Would it be possible to
continue processing rest of rules after match ?)
Luigi Rizzo
rizzo at icir.org
Wed Jun 22 16:24:53 GMT 2005
On Wed, Jun 22, 2005 at 07:19:44PM +0300, Ari Suutari wrote:
> > yes i think you should reuse the tag, just add a new opcode so that
> > the action is attach the mtag to the mbuf if not there yet
> > (maybe override its content if you believe you could match multiple rules of
> > this type) and then continue processing as in a 'count' action.
>
> Differences to "ipfw fwd" seem to be minimal. Maybe a sysctl
yes but it is a different action and you may want both types
of rules in the same ruleset, so a sysctl is out of discussion.
I really believe the "setnexthop" action is the best approach.
> which changes fwd rule behaviour so that it can either work
> as before or similar to 'count' action would be better solution ?
> This would be similar to net.inet.ip.fw.one_pass.
i admit that there is some similarity... but not 100%... :)
cheers
luigi
> (I'm not very actively pushing to sysctl solution, I would
> just like to find out best approach before starting actual
> coding)
>
> Ari S.
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 21.6.2005
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list