On Aug 11, 2012, at 11:07 AM, h bagade <[email protected]> wrote: > Hi all, > > I want to use the node ng_patch, to set the ToS field of special class of > packets. I try to test the function by a simple test scenario and > encountered problem using it. I have no idea why the problem occurs. > > Here I explain the test scenario I've used. > > I have a topology like this: > > |A:192.168.8.8|<---->|192.168.8.26--(B)--192.168.7.26|<---->|C:192.168.7.20| > -------------------------------- > A, C: two end stations > B: a router > -------------------------------- > netgraph settings: > kldload ng_ipfw > ngctl mkpeer ipfw: patch 300 in > ngctl name ipfw:300 tos > ngctl msg tos: setconfig {count=1 csum_flags=1 ops=[ {mode=1 value=0x05 > length=1 offset=1}]} > -------------------------------- > ipfw rule: > ipfw add 20 netgraph 300 icmp from any to 192.168.7.20 > > This configuration works well and when A pings C or C pings A, the packets > destined to 192.168.7.20(station C) gets the ToS: 0x05. > The problem occurs when I change the ipfw rule to the following; > > ipfw add 20 netgraph 300 icmp from 192.168.7.20 to any > > By this rule, neither A can ping C nor C can ping A! the packets sent to > ng_patch node never comes back to the next ipfw rule! > > I don't know what's the difference between these two scenarios (only the > checking from destination address is changed to source address), but it's > what I saw in my tests. I really hope to understand what's happening. > > Any hints or comments would help > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[email protected]"
Hi, Do you have "sysctl net.inet.ip.fw.one_pass=0" set? Regards, _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
