From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 10 01:54:41 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50F9A16A4CF for ; Wed, 10 Mar 2004 01:54:41 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02B7043D46 for ; Wed, 10 Mar 2004 01:54:41 -0800 (PST) (envelope-from mlaier@vampire.homelinux.org) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1B10QC-00011e-00 for ipfw@freebsd.org; Wed, 10 Mar 2004 10:54:40 +0100 Received: from [217.83.6.158] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1B10QB-0004vc-00 for ipfw@freebsd.org; Wed, 10 Mar 2004 10:54:40 +0100 Received: (qmail 4692 invoked by uid 1001); 10 Mar 2004 10:01:18 -0000 Date: Wed, 10 Mar 2004 11:01:18 +0100 From: Max Laier To: Ian FREISLICH Message-ID: <20040310100118.GA4514@router.laiers.local> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: ipfw@freebsd.org cc: current@freebsd.org Subject: Re: PATCH: ip_input.c, ip_output.c, ipfw.8 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2004 09:54:41 -0000 --cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 10, 2004 at 11:12:46AM +0200, Ian FREISLICH wrote: > Hi >=20 > Noted in the BUGS section of the ipfw manual page: >=20 > Packets that match a tee rule should not be immediately accepted, but > should continue going through the rule list. This may be fixed in a > later version. >=20 > I've needed to get a copy of packets before the firewall potentially > drops them or passes them to dummynet, but I still want the firewall > to process the packets as normal and not just accept them. >=20 > Here's a patch to fix the bug. If all is in order, please commit > it otherwise let me know how and what I should change so that it can > be committed. It would also be nice if it can be MFC'd. First of all, please file a PR to avoid this to be forgotten/lost/etc. The diff looks okay to me from a first glance, but it needs a closer look and testing (CC'ed ipfw). As for MFC'ing: I am afraid that this is only possible (in such an easy way) since we removed MT_TAGs lately. I am not sure if that is something that will be merged. --=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --cWoXeonUoKmBZSoM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATudtXyyEoT62BG0RAm70AJ45va7+Yzmq+uCcomt/njiWiUFCFACePMFB aGIBxAEiRsTpVT00NdyVOpk= =21Dp -----END PGP SIGNATURE----- --cWoXeonUoKmBZSoM--