Date: Fri, 01 Aug 2014 09:55:20 +0400 From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: "Bjoern A. Zeeb" <bz@FreeBSD.org> Cc: svn-src-projects@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r269348 - in projects/ipfw: sbin/ipfw sys/netinet sys/netpfil/ipfw Message-ID: <53DB2BC8.90706@FreeBSD.org> In-Reply-To: <6499BC58-1C21-4D47-91F8-BF7FC9834169@FreeBSD.org> References: <201407312008.s6VK8J9R083960@svn.freebsd.org> <6499BC58-1C21-4D47-91F8-BF7FC9834169@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01.08.2014 04:34, Bjoern A. Zeeb wrote: > > On 31 Jul 2014, at 20:08 , Alexander V. Chernikov <melifaro@FreeBSD.org> wrote: > >> Author: melifaro >> Date: Thu Jul 31 20:08:19 2014 >> New Revision: 269348 >> URL: http://svnweb.freebsd.org/changeset/base/269348 >> >> Log: >> * Add new "flow" table type to support N=1..5-tuple lookups >> * Add "flow:hash" algorithm >> >> Kernel changes: >> * Add O_IP_FLOW_LOOKUP opcode to support "flow" lookups >> * Add IPFW_TABLE_FLOW table type >> * Add "struct tflow_entry" as strage for 6-tuple flows >> * Add "flow:hash" algorithm. Basically it is auto-growing chained hash table. >> Additionally, we store mask of fields we need to compare in each instance/ >> >> * Increase ipfw_obj_tentry size by adding struct tflow_entry >> * Add per-algorithm stat (ifpw_ta_tinfo) to ipfw_xtable_info >> * Increase algoname length: 32 -> 64 (algo options passed there as string) >> * Assume every table type can be customized by flags, use u8 to store "tflags" field. >> * Simplify ipfw_find_table_entry() by providing @tentry directly to algo callback. >> * Fix bug in cidr:chash resize procedure. >> >> Userland changes: >> * add "flow table(NAME)" syntax to support n-tuple checking tables. >> * make fill_flags() separate function to ease working with _s_x arrays >> * change "table info" output to reflect longer "type" fields >> >> Syntax: >> ipfw table fl2 create type flow:[src-ip][,proto][,src-port][,dst-ip][dst-port] [algo flow:hash] >> >> Examples: >> >> 0:02 [2] zfscurr0# ipfw table fl2 create type flow:src-ip,proto,dst-port algo flow:hash >> 0:02 [2] zfscurr0# ipfw table fl2 info >> +++ table(fl2), set(0) +++ >> kindex: 0, type: flow:src-ip,proto,dst-port >> valtype: number, references: 0 >> algorithm: flow:hash >> items: 0, size: 280 >> 0:02 [2] zfscurr0# ipfw table fl2 add 2a02:6b8::333,tcp,443 45000 >> 0:02 [2] zfscurr0# ipfw table fl2 add 10.0.0.92,tcp,80 22000 >> 0:02 [2] zfscurr0# ipfw table fl2 list >> +++ table(fl2), set(0) +++ >> 2a02:6b8::333,6,443 45000 >> 10.0.0.92,6,80 22000 >> 0:02 [2] zfscurr0# ipfw add 200 count tcp from me to 78.46.89.105 80 flow 'table(fl2)' >> 00200 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2) >> 0:03 [2] zfscurr0# ipfw show >> 00200 0 0 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2) >> 65535 617 59416 allow ip from any to any >> 0:03 [2] zfscurr0# telnet -s 10.0.0.92 78.46.89.105 80 >> Trying 78.46.89.105... >> .. >> 0:04 [2] zfscurr0# ipfw show >> 00200 5 272 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2) >> 65535 682 66733 allow ip from any to any >> >> Modified: >> projects/ipfw/sbin/ipfw/ipfw2.c >> projects/ipfw/sbin/ipfw/ipfw2.h >> projects/ipfw/sbin/ipfw/tables.c >> projects/ipfw/sys/netinet/ip_fw.h >> projects/ipfw/sys/netpfil/ipfw/ip_fw2.c >> projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c >> projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c >> projects/ipfw/sys/netpfil/ipfw/ip_fw_table.h >> projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c > > Only in case you plan merging this to head (but even if not it might be a good idea;-) > Yes, I'm going to merge this sooner or later :) > I see no changes to the man page. Please update the documentation; this is were syntax and example belong and not into the commit message. Feel free to grab someone from docs@ in case you don’t want to do it all yourself; they are always more than willing to assist. Of course. I'm currently concentrated on making this work in general. I'm not going to commit all these without a single docs change :) > > > — > Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983 > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53DB2BC8.90706>