On 05/21/15 at 12:42P, hiren panchasara wrote: > Getting back to this now to see if I can avoid ipfw on outgoing packets. > > @@ -500,7 +507,7 @@ ipfw_hook(int onoff, int pf) > hook_func = (pf == AF_LINK) ? ipfw_check_frame : ipfw_check_packet; > > (void) (onoff ? pfil_add_hook : pfil_remove_hook) > - (hook_func, NULL, PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh); > + (hook_func, NULL, PFIL_IN | PFIL_WAITOK, pfh); > > return 0; > } > > Should this do the right thing? I'll report back once I test this patch.
I am still seeing ipfw_chk() getting called in my iperf test. Now, if I also remove PFIL_IN, i.e if I do: - (hook_func, NULL, PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh); + (hook_func, NULL, PFIL_WAITOK, pfh); I don't see ipfw_chk() getting triggered. Somehow incoming traffic is affecting the outgoing traffic? I'd appreciate any inputs/thoughts. I'll keep poking at this. Cheers, Hiren
pgpGcsn2tpQgt.pgp
Description: PGP signature