Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 1 Oct 2016 12:38:26 +0200
From:      Franco Fichtner <>
Subject:   ipfw forward in cooperative mode with pf
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

I'm working on making pf and ipfw work more closely together
in the pfil hooks.  This requires pf making use of the
PACKET_TAG_IPFOWARD as a second caller, but ipfw code needs
to be tightened slightly in order to make it cooperative:

The grand scheme of things is that using pf -> ipfw in the
pfil in hook makes pf blackhole packets when using route-to
and friends, because pf skips ahead to if_output with code
copied from ip_output().  The packets never arrive in ipfw,
where they can't be forwarded (or even dropped).

I don't have a reviewer / committer for this at the moment,
so all help and questions are welcome.


Want to link to this message? Use this URL: <>