Date: Mon, 10 May 1999 09:25:01 -0700 From: "Justin C. Walker" <justin@apple.com> To: net@freebsd.org Cc: bp@butya.kz (Boris Popov), Luigi Rizzo <luigi@labinfo.iet.unipi.it> Subject: Re: ipfw misc... Message-ID: <199905101625.JAA00648@rhapture.apple.com> In-Reply-To: <Pine.BSF.4.05.9905101458500.62652-100000@lion.butya.kz>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> > Date: 1999-05-10 01:28:54 -0700 > To: bp@butya.kz (Boris Popov) > Subject: Re: ipfw misc... > Cc: net@FreeBSD.ORG > In-reply-to: <Pine.BSF.4.05.9905101458500.62652-100000@lion.butya.kz> > X-Mailer: ELM [version 2.4 PL23] > Delivered-to: freebsd-net@freebsd.org > X-Loop: FreeBSD.org > > > On Mon, 10 May 1999, Luigi Rizzo wrote: > > > > > i have been implementing some additional rules for ipfw to match > > > ethernet header fields. For my purposes, that would mainly be used to > > > block non-ip-related traffic (ie IP and ARP), but it might have some uses > > > for those trying to limit traffic basing on the MAC address, or > > > whatever. > > > > Very nice. Also syntax 'ether type xxx' are very useful. The only > > sorry, yes, this was what i meant with > > ipfw add <action> ether from type xxx ... > > since clearly there is only one ether type in the header... > > > question - how 802.3 frame can be filtered (it doesn't have 'type' field)? > > it must be somewhere.. i wonder actually if FreeBSD does handle IP > packets in 802.3! IP on ethernet is not typically carried in 802.2 packets, although for legacy reasons (old HP equipment), other systems do support this (802.3 doesn't actually prescribe the headers; that's in 802.2, if memory serves). Note that Token Ring, for example, will require IP-in-802.2, though, so i f the ipfw scheme wants to work with other than ethernet, it should deal with 802.2. On ethernet, 802.2 packets are distinguished from ethernet-2 packets by the value in the "ethertype" field. If the value is larger than the MTU (1500 bytes), it's an ethernet-2 packet, and the value is an ethertype. If the value is less than or equal the MTU, it's an 802.2 packet, and the software needs to look inside the frame data to find what's called a SNAP header, which gives 5 bytes of "type" info. For AppleTalk, for example, the type header is 0x080009809b; for AARP, it's 0x00000080f3. The SNAP header, with this info, is 8 bytes. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | Manager, CoreOS Networking | When crypto is outlawed, Apple Computer, Inc. | Only outlaws will have crypto. 2 Infinite Loop | Cupertino, CA 95014 | *-------------------------------------*-------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905101625.JAA00648>