Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 13 May 2002 03:46:03 -0700
From:      Luigi Rizzo <luigi@FreeBSD.org>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/net if_ethersubr.c src/sys/netinet ip_dummynet.c ip_dummynet.h
Message-ID:  <20020513034603.A30586@iguana.icir.org>
In-Reply-To: <12658.1021286312@critter.freebsd.dk>
References:  <200205131037.g4DAbKq89983@freefall.freebsd.org> <12658.1021286312@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, May 13, 2002 at 12:38:32PM +0200, Poul-Henning Kamp wrote:
> 
> Isn't it about time we go to multiple chains of rules ?

To some degree, yes.
And the option i am mentioning seems to me the easiest way to get
to this without breaking backward compatibility.
People have complex rulesets based on the existing structure,
and I'd rather not screwup their ruleset completely.

	cheers
	luigi

> In message <200205131037.g4DAbKq89983@freefall.freebsd.org>, Luigi Rizzo writes
> :
> 
> >  I will add an ipfw option to tell if we want a given rule to apply
> >  to ether_demux() and ether_output_frame(), but we have run out of
> >  flags in the struct ip_fw so i need to think a bit on how to implement
> >  this.
> >  
> >                  to upper layers
> >               |                       |
> >               +----------->-----------+
> >               ^                       V
> >          [ip_input]              [ip_output]     net.inet.ip.fw.enable=1
> >               |                       |
> >               ^                       V
> >          [ether_demux]      [ether_output_frame] net.link.ether.ipfw=1
> >               |                       |
> >               +->- [bdg_forward]-->---+          net.link.ether.bridge_ipfw=1
> >               ^                       V
> >               |                       |
> >                   to devices
> >  
> >  Revision  Changes    Path
> >  1.111     +146 -0    src/sys/net/if_ethersubr.c
> >  1.46      +27 -5     src/sys/netinet/ip_dummynet.c
> >  1.19      +2 -0      src/sys/netinet/ip_dummynet.h
> >
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020513034603.A30586>