On Thu, Mar 23, 2006 at 02:03:20PM +0200, Dmitry Pryanishnikov wrote:
>
> Hello!
>
> I've found a serious regression during the IPFW1->2 transition. I'm using
> "recv any" construction to match transit packets only. Manpage ipfw(8) clearly
> says:
>
> recv | xmit | via {ifX | if* | ipno | any}
> Matches packets received, transmitted or going through, respec-
> tively, the interface specified by exact name (ifX), by device
> name (if*), by IP address, or through some interface.
> ...........................................^^^^^^^^^^^^^^^^^^^^^^
>
> A packet may not have a receive or transmit interface: packets
> originating from the local host have no receive interface, while
> packets destined for the local host have no transmit interface.
The second part of this paragraph is surely incorrect - there is no transmit
interface for packets in the inbound path (i.e. while they are in ip_input())
whether or not they are destined locally. So 'xmit any' does not make
any sense.
For locally generated packets i admit 'recv any' may be of some use,
and this is unsupported. There are probably workaround such as 'src-ip me'
which may be of some help here although this particular instruction
can be expensive as it has to scan the list of local addresses.
cheers
luigi
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
