ipfw dscp support
alan yang
alancyang at gmail.com
Wed Dec 21 00:20:53 UTC 2011
-----
ipfw add 100 divert 7777 tcp from any to any via em0ipfw add 101
divert 7777 udp from any to any via em0
ipfw add 500 allow altq root_em0 ip from any to any via em0
ipfw add 1010 modip dscp:AF11 ip from any to any out divertedipfw add
1020 allow altq ftp ip from any to any out diverted
65535 deny ip from any to any-----
with the above ipfw rules, expect it would:
1) tcp, udp traffic divert to ipfw-classifyd, other traffic goes
through altq root_em0 in matching rule 500
2) ipfw-classifyd reinject diverted traffic to match rule 1010, 1020
reading ipfw-classifyd divert socket sendto() with packet sin_port set
to flow->if_fwrule (ftp == 1000 for instance), was expecting ipfw
would continue with next rule which is 1010 in above. But ipfw seems
to have continue with matching rule 500.
wonder am i missing something ...?
More information about the freebsd-ipfw
mailing list