From owner-freebsd-net Mon May 10 9:25:32 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail-out2.apple.com (mail-out2.apple.com [17.254.0.51]) by hub.freebsd.org (Postfix) with ESMTP id E9ABD14F5F for ; Mon, 10 May 1999 09:25:19 -0700 (PDT) (envelope-from justin@rhapture.apple.com) Received: from mailgate2.apple.com ([17.129.100.225]) by mail-out2.apple.com (8.8.5/8.8.5) with ESMTP id JAA33280 for ; Mon, 10 May 1999 09:25:19 -0700 Received: from scv3.apple.com (scv3.apple.com) by mailgate2.apple.com (mailgate2.apple.com- SMTPRS 2.0.15) with ESMTP id ; Mon, 10 May 1999 09:25:10 -0700 Received: from rhapture.apple.com (rhapture.apple.com [17.202.40.59]) by scv3.apple.com (8.9.3/8.9.3) with ESMTP id JAA30420; Mon, 10 May 1999 09:25:09 -0700 Received: by rhapture.apple.com (8.9.1/8.9.1) id JAA00648; Mon, 10 May 1999 09:25:06 -0700 (PDT) Message-Id: <199905101625.JAA00648@rhapture.apple.com> To: net@freebsd.org Subject: Re: ipfw misc... Cc: bp@butya.kz (Boris Popov), Luigi Rizzo In-Reply-To: Date: Mon, 10 May 1999 09:25:01 -0700 From: "Justin C. Walker" Reply-To: justin@apple.com X-Mailer: by Apple MailViewer (2.105.dev) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From: Luigi Rizzo > Date: 1999-05-10 01:28:54 -0700 > To: bp@butya.kz (Boris Popov) > Subject: Re: ipfw misc... > Cc: net@FreeBSD.ORG > In-reply-to: > X-Mailer: ELM [version 2.4 PL23] > Delivered-to: freebsd-net@freebsd.org > X-Loop: FreeBSD.org > > > On Mon, 10 May 1999, Luigi Rizzo wrote: > > > > > i have been implementing some additional rules for ipfw to match > > > ethernet header fields. For my purposes, that would mainly be used to > > > block non-ip-related traffic (ie IP and ARP), but it might have some uses > > > for those trying to limit traffic basing on the MAC address, or > > > whatever. > > > > Very nice. Also syntax 'ether type xxx' are very useful. The only > > sorry, yes, this was what i meant with > > ipfw add ether from type xxx ... > > since clearly there is only one ether type in the header... > > > question - how 802.3 frame can be filtered (it doesn't have 'type' field)? > > it must be somewhere.. i wonder actually if FreeBSD does handle IP > packets in 802.3! IP on ethernet is not typically carried in 802.2 packets, although for legacy reasons (old HP equipment), other systems do support this (802.3 doesn't actually prescribe the headers; that's in 802.2, if memory serves). Note that Token Ring, for example, will require IP-in-802.2, though, so i f the ipfw scheme wants to work with other than ethernet, it should deal with 802.2. On ethernet, 802.2 packets are distinguished from ethernet-2 packets by the value in the "ethertype" field. If the value is larger than the MTU (1500 bytes), it's an ethernet-2 packet, and the value is an ethertype. If the value is less than or equal the MTU, it's an 802.2 packet, and the software needs to look inside the frame data to find what's called a SNAP header, which gives 5 bytes of "type" info. For AppleTalk, for example, the type header is 0x080009809b; for AARP, it's 0x00000080f3. The SNAP header, with this info, is 8 bytes. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | Manager, CoreOS Networking | When crypto is outlawed, Apple Computer, Inc. | Only outlaws will have crypto. 2 Infinite Loop | Cupertino, CA 95014 | *-------------------------------------*-------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message