Does "setfib" in ipfw forces to re-route packet?

[Julian Elischer]

On 2/3/15 7:13 AM, Lev Serebryakov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>   And looks like, it is possible.
>
>   Please, look at sys/netinet/ip_output.c, lines 493-535.
>
>   It checks, did packet filter change (a) destination address or (b)
> FIB, and if it does, it re-run routing decision.
>
>   So, it will work "as expected" and only documentation need fix :)

yes I see the change..
commit 272391 by hrs (CC'd)

Hrs, can you fix the documentation?   (man pages)  ipfw(8)
It is important that we always keep the documentation up to date with 
out source commits.
this change of behaviour shoudlhave been accomanied byt a change to 
the documentation in the actual commit.

It should note in hte man page that this is a sub-optimal path because 
each packet looks up a route twice, and much of ip_output( is run a 
second time which may be quite expensive if it redoes firewall work 
etc. (one reason I didn't do this in the first place).

I would even consider the following around line 542 (head):
if (inp != NULL) {
                    /* switch the socket over so this is it's default 
FIB now */
                     np->inp_inc.inc_fibnum = M_GETFIB(m);
}

also now that we have a fibnum local variable, it should be used
instead of all the later M_GETFIB() later in the function.

eventually struct route should have a fibnum entry in it.
(though some people have suggested it go right away.)