PATCH: ip_input.c, ip_output.c, ipfw.8
Max Laier
max at love2party.net
Wed Mar 10 01:54:41 PST 2004
On Wed, Mar 10, 2004 at 11:12:46AM +0200, Ian FREISLICH wrote:
> Hi
>
> Noted in the BUGS section of the ipfw manual page:
>
> Packets that match a tee rule should not be immediately accepted, but
> should continue going through the rule list. This may be fixed in a
> later version.
>
> I've needed to get a copy of packets before the firewall potentially
> drops them or passes them to dummynet, but I still want the firewall
> to process the packets as normal and not just accept them.
>
> Here's a patch to fix the bug. If all is in order, please commit
> it otherwise let me know how and what I should change so that it can
> be committed. It would also be nice if it can be MFC'd.
First of all, please file a PR to avoid this to be forgotten/lost/etc.
The diff looks okay to me from a first glance, but it needs a closer look
and testing (CC'ed ipfw).
As for MFC'ing: I am afraid that this is only possible (in such an easy way)
since we removed MT_TAGs lately. I am not sure if that is something that
will be merged.
--
Best regards, | mlaier at freebsd.org
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier at EFnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20040310/c70e6bcb/attachment.bin
More information about the freebsd-ipfw
mailing list