From owner-freebsd-ipfw@FreeBSD.ORG  Wed Dec 21 00:20:53 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 03A2B106564A;
	Wed, 21 Dec 2011 00:20:53 +0000 (UTC)
	(envelope-from alancyang@gmail.com)
Received: from mail-we0-f182.google.com (mail-we0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 3775B8FC0A;
	Wed, 21 Dec 2011 00:20:51 +0000 (UTC)
Received: by werb13 with SMTP id b13so4214170wer.13
	for <multiple recipients>; Tue, 20 Dec 2011 16:20:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=lWtTtSpYEJRs07NdewgEqGybAj4PvGg8B7oV0PsGvsw=;
	b=wKjQi8qcVX7uc2ZWLDzOVAm6vRYUWmsVenQJWeVVShuncMYWOcWpiOLs2u2bXxPJg4
	4Ds981y+7G6QZGqpTJnFy0LwpI769Nl2jcj0JdjdCCShlpc++iypTt3vVvoJiTyR0bEV
	SlP27Ut+I5wGSg+EPi38GhpywCXl6C9aFUJys=
MIME-Version: 1.0
Received: by 10.216.138.219 with SMTP id a69mr7849483wej.6.1324426851128; Tue,
	20 Dec 2011 16:20:51 -0800 (PST)
Received: by 10.216.168.195 with HTTP; Tue, 20 Dec 2011 16:20:51 -0800 (PST)
In-Reply-To: <20111220153458.I64681@sola.nimnet.asn.au>
References: <CAPATHO3yFKkYHrhpe-DHf97GMfpzFc43Y8_4k4kJ-oXO0H+y-w@mail.gmail.com>
	<4EDE2739.1040104@FreeBSD.org>
	<CAPATHO2e2Mi=LbPRkkCFmpwUj9zvKbhqqyK6x46uBFW1OAcK6w@mail.gmail.com>
	<20111208132002.R16498@sola.nimnet.asn.au>
	<CAOfEmZieG=AKzv-x9XAKjEqUjnPYdkw9+mkdBgp_YnB9EnPa3Q@mail.gmail.com>
	<20111209021345.Y11090@sola.nimnet.asn.au>
	<CAOfEmZj5+ChnMr_sqoiyncbVGgb9YVUC5L_nDMnPEcknJNwKNQ@mail.gmail.com>
	<CAPATHO3_piwPxS6tC0yZ2MMJWGkR+gPgJa585m+0BM9mTAcF9A@mail.gmail.com>
	<20111220153458.I64681@sola.nimnet.asn.au>
Date: Tue, 20 Dec 2011 16:20:51 -0800
Message-ID: <CAPATHO0F4UEVFDYBPVoo+GxS3qLrjSbA-0HenhR06GqrNR0pXA@mail.gmail.com>
From: alan yang <alancyang@gmail.com>
To: freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Cc: Ian Smith <smithi@nimnet.asn.au>, araujo@freebsd.org,
	Sergey Matveychuk <sem@freebsd.org>
Subject: Re: ipfw dscp support
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2011 00:20:53 -0000

-----
ipfw add 100 divert 7777 tcp from any to any via em0ipfw add 101
divert 7777 udp from any to any via em0
ipfw add 500 allow altq root_em0 ip from any to any via em0
ipfw add 1010 modip dscp:AF11 ip from any to any out divertedipfw add
1020 allow altq ftp ip from any to any out diverted
65535 deny ip from any to any-----

with the above ipfw rules, expect it would:
1)  tcp, udp traffic divert to ipfw-classifyd, other traffic goes
through altq root_em0 in matching rule 500
2)  ipfw-classifyd reinject diverted traffic to match rule 1010, 1020

reading ipfw-classifyd divert socket sendto() with packet sin_port set
to flow->if_fwrule (ftp == 1000 for instance), was expecting ipfw
would continue with next rule which is 1010 in above.  But ipfw seems
to have continue with matching rule 500.

wonder am i missing something ...?