Chris Cowart wrote:
KES wrote:
????????????, Lowell.
?? ?????? 16 ?????? 2009 ?., 15:22:31:
LG> KES <kes-...@yandex.ru> writes:
The tablearg feature provides the ability to use a value, looked up in
the table, as the argument for a rule action, action parameter or rule
option. This can significantly reduce number of rules in some configura-
tions. If two tables are used in a rule, the result of the second (des-
tination) is used. The tablearg argument can be used with the following
actions: nat, pipe, queue, divert, tee, netgraph, ngtee, fwd, skipto
action parameters: tag, untag, rule options: limit, tagged.
Why tablearg cannot be used with setfib?
LG> Because tables are a feature of IPFW, and the FIB isn't.
setfib is also feature of ipfw. see man:
setfib fibnum
The packet is tagged so as to use the FIB (routing table) fibnum
in any subsequent forwarding decisions. Initially this is limited
to the values 0 through 15. See setfib(8). Processing continues
at the next rule.
There is no any difficulties to use 'tablearg' as 'fibnum'
ipfw add 3 setfib 2 all from 192.168.0.0/16 to any in recv <IFACE>
ipfw add 3 setfib tablearg all from table(<X>) to any in recv <IFACE>
but now this is not mistake to write 'setfib tablearg'. IPFW just
replace tablearg in rule with 0
It seems like a bug. because of it MUST work in proper way or DO NOT
work at all. IMHO
I use tablearg with netgraph.
For example,
ipfw add netgraph tablearg all from 'table(9)' to any in
When I run ipfw show, I see:
02380 408 60358 netgraph tablearg ip from any to table(9) in
KES, do you mean to say that when you run `ipfw show' the rule is echoed
back to you as:
setfib 0 all from table(<X>) to any in recv <IFACE>
instead of tablearg?
If that's the case, it sounds like ipfw is parsing the rule incorrectly.
If tablearg isn't supported by setfib, I would expect a syntax error to
be thrown and not a different rule being inserted into your ruleset. If
this is the behavior you're seeing, you should run it by the folks on
the -net mailing list. That would also be a good place to ask about
future plans to support this feature.
Unfortunately 'tablearg' is not implemented in the code as a generic
thing, but rather needs to be implemented separately for each place
where it may be used. In this case I simply didn't think of it when
I added setfib.
It does make sense to allow it and I will consider adding this in the
future as it would be useful for policy routing.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
