dummynet setting ifp pointer in mbuf?
Guido van Rooij
guido at gvr.org
Thu Nov 4 04:16:03 PST 2004
I am having problems combining ipf's ipnat rules with dummynet. The
reason is that if I use dummmynet queues configured to
be used outbound (queue .... out xmit if), then ipnat starts
applying rewriting of RDR rules on the wrong interface.
e.g.:
firewall has 2 interfaces: if0 and if1
if i say:
rdr from any to 1.2.3.4 port 22 -> 2.2.3.4 port 2222
then ipfilter should rewrite incoming packets on if0 (and
outgoing packets as well).
With a dummynet rule like
queue 2 tcp from any 22 to any out xmit if0
ipf starts rewriting on if1, which leads to blocked packets as
the rewritten packet does not match the state entry for the connection.
When looking in the dummynet source I see (rev 1.75, line 1190):
pkt->ifp = fwa->oif;
So it seems the queued packets interface is set to the outgoing interface.
But according to me, that is wrong.
Can a dummynet expert verify if my analysis is correct or come up
with a real explanation if not?
-Guido
More information about the freebsd-net
mailing list