From owner-freebsd-net@FreeBSD.ORG Wed Jul 29 10:44:32 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C453F106566C; Wed, 29 Jul 2009 10:44:32 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from mail.digiware.nl (mail.ip6.digiware.nl [IPv6:2001:4cb8:1:106::2]) by mx1.freebsd.org (Postfix) with ESMTP id 6180F8FC34; Wed, 29 Jul 2009 10:44:32 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from localhost (localhost.digiware.nl [127.0.0.1]) by mail.digiware.nl (Postfix) with ESMTP id 50136153433; Wed, 29 Jul 2009 12:44:31 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from mail.digiware.nl ([127.0.0.1]) by localhost (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxu3qgymh98m; Wed, 29 Jul 2009 12:44:29 +0200 (CEST) Received: from [192.168.10.67] (opteron [192.168.10.67]) by mail.digiware.nl (Postfix) with ESMTP id 447CD153434; Wed, 29 Jul 2009 12:44:29 +0200 (CEST) Message-ID: <4A702885.5080803@digiware.nl> Date: Wed, 29 Jul 2009 12:46:29 +0200 From: Willem Jan Withagen Organization: Digiware User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: Raffaele De Lorenzo References: <3164304.442981248256119643.JavaMail.defaultUser@defaultHost> <4A672C79.3000006@digiware.nl> <11956F97-0C87-456F-A769-70BEDBA351BE@libero.it> In-Reply-To: <11956F97-0C87-456F-A769-70BEDBA351BE@libero.it> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, net@freebsd.org Subject: Re: R: IPv6 and ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2009 10:44:33 -0000 Raffaele De Lorenzo wrote: > Hi all, > I attached a patch that solve this problem. I will send a PR as soon as > possible. > > Instructions: > > Patch the follow files: > > /usr/src/sbin/ipfw/ipfw2.c (patch is ipfw2.c.diff) > /usr/src/sbin/ipfw/ipfw2.h (patch is ipfw2.h.diff) > /usr/src/sbin/ipfw/ipv6.c (patch is ipv6.c.diff) > > This patch was tested on FreeBSD 8 Beta 2 AMD64 and official FreeBSD 8 > BETA 2 Sources. > > Let me know any suggestion or problem. Patch worked fine on 7.2-stable as well. Multiple ipv6 addresses are now accepted in one go. But it still does not really works as well as I would like ;): ipfw add 11101 allow udp from any to 192.168.10.67,2001:dddd:c::67 dst-port 45457 keep-state ipfw: bad netmask ``dddd:c::67'' Which from your comment seems correct: + * Pre-Check multi address rules to avoid parser confusion about IPv4/IPv6 addresses. + * XXX I assume the first know address is the reference address (You cannot use both IPv4/IPv6 addresses inside + * a multi-addresses rule). But looking at the code, why not fist parse chunks seperated by ',' and then test them for all possible variants, because as far as I understand there are no ',''s allowed in the adresspec. Thanx for the work thusfar, --WjW