Date: Tue, 20 Dec 2011 16:20:51 -0800 From: alan yang <alancyang@gmail.com> To: freebsd-ipfw@freebsd.org Cc: Ian Smith <smithi@nimnet.asn.au>, araujo@freebsd.org, Sergey Matveychuk <sem@freebsd.org> Subject: Re: ipfw dscp support Message-ID: <CAPATHO0F4UEVFDYBPVoo%2BGxS3qLrjSbA-0HenhR06GqrNR0pXA@mail.gmail.com> In-Reply-To: <20111220153458.I64681@sola.nimnet.asn.au> References: <CAPATHO3yFKkYHrhpe-DHf97GMfpzFc43Y8_4k4kJ-oXO0H%2By-w@mail.gmail.com> <4EDE2739.1040104@FreeBSD.org> <CAPATHO2e2Mi=LbPRkkCFmpwUj9zvKbhqqyK6x46uBFW1OAcK6w@mail.gmail.com> <20111208132002.R16498@sola.nimnet.asn.au> <CAOfEmZieG=AKzv-x9XAKjEqUjnPYdkw9%2BmkdBgp_YnB9EnPa3Q@mail.gmail.com> <20111209021345.Y11090@sola.nimnet.asn.au> <CAOfEmZj5%2BChnMr_sqoiyncbVGgb9YVUC5L_nDMnPEcknJNwKNQ@mail.gmail.com> <CAPATHO3_piwPxS6tC0yZ2MMJWGkR%2BgPgJa585m%2B0BM9mTAcF9A@mail.gmail.com> <20111220153458.I64681@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
----- ipfw add 100 divert 7777 tcp from any to any via em0ipfw add 101 divert 7777 udp from any to any via em0 ipfw add 500 allow altq root_em0 ip from any to any via em0 ipfw add 1010 modip dscp:AF11 ip from any to any out divertedipfw add 1020 allow altq ftp ip from any to any out diverted 65535 deny ip from any to any----- with the above ipfw rules, expect it would: 1) tcp, udp traffic divert to ipfw-classifyd, other traffic goes through altq root_em0 in matching rule 500 2) ipfw-classifyd reinject diverted traffic to match rule 1010, 1020 reading ipfw-classifyd divert socket sendto() with packet sin_port set to flow->if_fwrule (ftp == 1000 for instance), was expecting ipfw would continue with next rule which is 1010 in above. But ipfw seems to have continue with matching rule 500. wonder am i missing something ...?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPATHO0F4UEVFDYBPVoo%2BGxS3qLrjSbA-0HenhR06GqrNR0pXA>