On Thu, Jun 23, 2005 at 10:52:02AM +0300, Ari Suutari wrote: > Hi, > > The patches which implement both > "ipfw setnexthop" and "ipfw .... defaultroute" are at:
look reasonable, but i would like to reuse the existing 'forward' code a lot more, to avoid duplication and inconsistencies should we apply fixes/changes to that in the future. E.g. > http://www.suutari.iki.fi/freebsd/ipfw-nexthop.patch for the chunk at --- 2951,2987 ---- i think it would be better to reuse the 'case TOK_FORWARD', by changing the opcode and messages according to the actual command. BTW for the 'setnexthop', the port number does not really make much sense... though it can be useful as a degenerate 'nexthop' case to forward to a local port. > http://www.suutari.iki.fi/freebsd/netinet-nexthop.patch here too i would reuse the existing code more, e.g. in ipfw_log() put 'case O_SETNEXTHOP' next to case 'O_FORWARD_IP' and replace the string "Forward" in the first snprintf() with "%s" and an additional argument cmd->opcode == O_FORWARD_IP ? "Forward" : "SetNextHop" Same in the action part at --- 2474,2490 ----, just reuse the O_FORWARD case and end the block with if (cmd->opcode == O_FORWARD_IP) goto done; else goto next_rule; and the check for instruction format --- 3055,3069 ---- can just reuse the O_FORWARD_IP code with no modifications. (btw do we still have it under #ifdef IPFIREWALL_FORWARD ?) thanks luigi > These are against 5.4-RELEASE - if that causes > too much trouble I can try to generate them against > -current. > > I have tested these in lab environment, but not in production > use. However, I woudn't expect much problems, since these > features use much existing code. > > Ari S. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
