Date: Tue, 21 Jun 2005 17:06:49 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Ari Suutari <ari@suutari.iki.fi> Cc: freebsd-net@freebsd.org Subject: Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?) Message-ID: <20050621170649.B82876@xorpc.icir.org> In-Reply-To: <42B7B352.8040806@suutari.iki.fi>; from ari@suutari.iki.fi on Tue, Jun 21, 2005 at 09:27:30AM %2B0300 References: <42B7B352.8040806@suutari.iki.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 21, 2005 at 09:27:30AM +0300, Ari Suutari wrote: > Hi, > > I sent this to ipfw mailing list some time ago, but > got no response. I would like to adjust ipfw behaviour > with fwd rules to make policy routing easier (ie. make > it separete from filtering rules). I would just like > some input if this makes any sense (or is possible at > all with current design). i suggest to implement a new action 'setnexthop' which stores the next hop as an MTAG with the packet (so it is preserved if the packet gets passed to dummynet). But perhaps, rather than a specific next hop, maybe you want to pass a reference to a different routing table instead ? cheers luigi > >Currently the ipfw fwd rules work so that the packet > >is accepted when fwd rule matches. > > > >Would it be possible just tag the packet with > >information about next_hop and just continue processing the > >rules ? This would make complex rulesets with policy-based > >routing much simpler, since one could just have relevat > >fwd statments at beginning of rule sets and then > >filter the packets in usual way. > > Ari S. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050621170649.B82876>