Date: Wed, 7 Nov 2001 13:06:09 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: Luigi Rizzo <rizzo@aciri.org> Cc: cjclark@alum.mit.edu, freebsd-net@FreeBSD.ORG Subject: Re: Fixing ipfw(8)'s 'tee' Message-ID: <Pine.BSF.4.21.0111071304260.71994-100000@InterJet.elischer.org> In-Reply-To: <20011107093404.B96033@iguana.aciri.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I think that TEE should not accept the packet but, rather, allow processing to continue after the copy has been diverted.. starting at the next rule.. If you want to accept it, then add a rule next that does that.. On Wed, 7 Nov 2001, Luigi Rizzo wrote: > On Wed, Nov 07, 2001 at 02:12:41AM -0800, Crist J. Clark wrote: > ... > > About 'accepted,' but I don't believe this is the intended > > behavior. For outgoing packets, one copy is sent to the divert port > > and the other is routed to the destination on the packet. > ... > > I'm not really sure if I understand what 'tee' is needed for. Why > > not just have whatever is listening on the 'tee' divert socket write > > packets back in? This also works around the issue that 'tee' packets > > are immediately accepted by the firewall. But if we want to keep > > 'tee,' it probably should work. > > for sure we can replace tee with divert as you say, but then > you would depend on the userland app to do its work (and you > could have drops on the divert socket, whereas forwarding within > the kernel is much faster). > > There is not an issue of accept vs. deny a "tee" packet, if > you want to deny it you just use a "divert" rule instead. > > cheers > luigi > ----------------------------------+----------------------------------------- > Luigi RIZZO, luigi@iet.unipi.it . ACIRI/ICSI (on leave from Univ. di Pisa) > http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704 > Phone: (510) 666 2927 > ----------------------------------+----------------------------------------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0111071304260.71994-100000>