Date: Wed, 24 May 2006 17:16:02 +0400 From: Oleg Bulyzhin <oleg@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw.h ip_fw2.c src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <20060524131602.GA57006@lath.rinet.ru> In-Reply-To: <200605241309.k4OD9tex003002@repoman.freebsd.org> References: <200605241309.k4OD9tex003002@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 24, 2006 at 01:09:55PM +0000, Oleg Bulyzhin wrote: > oleg 2006-05-24 13:09:55 UTC > > FreeBSD src repository > > Modified files: > sys/netinet ip_fw.h ip_fw2.c > sbin/ipfw ipfw.8 ipfw2.c > Log: > Implement internal (i.e. inside kernel) packet tagging using mbuf_tags(9). > Since tags are kept while packet resides in kernelspace, it's possible to > use other kernel facilities (like netgraph nodes) for altering those tags. > > Submitted by: Andrey Elsukov <bu7cher at yandex dot ru> > Submitted by: Vadim Goncharov <vadimnuclight at tpu dot ru> > Approved by: glebius (mentor) > Idea from: OpenBSD PF > MFC after: 1 month > > Revision Changes Path > 1.188 +61 -1 src/sbin/ipfw/ipfw.8 > 1.89 +72 -8 src/sbin/ipfw/ipfw2.c > 1.106 +6 -0 src/sys/netinet/ip_fw.h > 1.132 +57 -1 src/sys/netinet/ip_fw2.c Examples of ipfw rules syntax: count tag 100 ip from any to any allow untag 10 ip from any to any tagged 10 allow tag 200 ip from any to any not tagged 0-65535 -- Oleg.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060524131602.GA57006>