Date: Sat, 17 Sep 2005 13:18:17 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: vladone <vladone@spaingsm.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: in via or in recv Message-ID: <20050917111817.GG51142@obiwan.tataz.chchile.org> In-Reply-To: <1352090989.20050917130747@spaingsm.com> References: <1126236392.20050901000512@spaingsm.com> <200509151332.j8FDWoqd035125@lurza.secnetix.de> <20050916122751.GC51142@obiwan.tataz.chchile.org> <1352090989.20050917130747@spaingsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> U speak in this explanation about "outgoing path" or "incoming path".
> How i can find when i have an situation or another?
> U say: "If the packet is on the outgoing path ....", so need to know
> when the packet is on "outgoing path" or "incoming path". How know
> that?
The incoming path is when the packet just entered the network stack,
after being received on the network adapter ; at this time, it has not
been routed yet. Conversely, the outgoing path is when the packet has
been routed by the network stack, just before giving it to the network
adapter.
Let's do some ASCII art :
+-------------+
| FreeBSD box |
+---------------------+
| |
| Network |
| stack |
| |
| |
| [ROUTING] |
| | | |
fxp0 ^ v sis0
...->---#---->---+ +-->-----#---->-...
| |
|incoming outgoing|
| path path |
+---------------------+
% ipfw add allow ip from any to any recv fxp0 xmit sis0
This rule will apply on the outgoing path (because of "xmit") and will
let through all packets that arrived on fxp0 and then leave through sis0.
If you have a third interface, let's say em0, then packets leaving
through sis0 but that has come through the latter won't match this rule.
I hope this help you to understand. I will make my webpage more precise
on this.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050917111817.GG51142>