From owner-freebsd-doc@FreeBSD.ORG Tue Aug 26 18:10:06 2003 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4E7416A4BF for ; Tue, 26 Aug 2003 18:10:05 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D17B43FEA for ; Tue, 26 Aug 2003 18:10:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h7R1A3Up073043 for ; Tue, 26 Aug 2003 18:10:03 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h7R1A3DZ073042; Tue, 26 Aug 2003 18:10:03 -0700 (PDT) Resent-Date: Tue, 26 Aug 2003 18:10:03 -0700 (PDT) Resent-Message-Id: <200308270110.h7R1A3DZ073042@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Glen Gibb Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 883A816A4BF for ; Tue, 26 Aug 2003 18:07:26 -0700 (PDT) Received: from genesis.ridley.unimelb.edu.au (genesis.ridley.unimelb.edu.au [128.250.2.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1562343FCB for ; Tue, 26 Aug 2003 18:07:25 -0700 (PDT) (envelope-from grg@ridley.unimelb.edu.au) Received: (from root@localhost) by genesis.ridley.unimelb.edu.au (8.12.3p2/8.11.6) id h7R17Ng4047527 for freebsd-gnats-submit@freebsd.org; Wed, 27 Aug 2003 11:07:23 +1000 (EST) (envelope-from grg@genesis.ridley.unimelb.edu.au) Received: from genesis.ridley.unimelb.edu.au (localhost [127.0.0.1]) h7R17Ln3047515 for ; Wed, 27 Aug 2003 11:07:21 +1000 (EST) (envelope-from grg@genesis.ridley.unimelb.edu.au) Received: (from root@localhost)h7R17L23047514; Wed, 27 Aug 2003 11:07:21 +1000 (EST) (envelope-from grg) Message-Id: <200308270107.h7R17L23047514@genesis.ridley.unimelb.edu.au> Date: Wed, 27 Aug 2003 11:07:21 +1000 (EST) From: Glen Gibb To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: docs/56021: Documentation incorrect for mac in ipfw2 X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 01:10:06 -0000 >Number: 56021 >Category: docs >Synopsis: Documentation incorrect for mac in ipfw2 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 26 18:10:02 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Glen Gibb >Release: FreeBSD 5.1-CURRENT i386 >Organization: Ridley College >Environment: System: FreeBSD genesis.ridley.unimelb.edu.au 5.1-CURRENT FreeBSD 5.1-CURRENT #3: Wed Aug 27 00:08:46 EST 2003 grg@leviticus.ridley.unimelb.edu.au:/usr/obj/usr/src/sys/GENESIS i386 >Description: The man page for ipfw (IPFW2) is incomplete/misleading in regards to the "mac" option in the RULE OPTIONS section. The man page states that the address can be "optionally followed by a mask indicating how many bits are significant, as in MAC 10:20:30:40:50:60/33 any". This IS correct but it does not mention the second method of specifying a bit mask, that is by following the address with an ampersand (&) followed by the bitmask whcich is specified using the same format as the address. For example, if we wanted to match any mac address that ended with 60, we could use the following mask: MAC 00:00:00:00:50:60&00:00:00:00:00:ff >How-To-Repeat: man ipfw :) >Fix: Suggested change to the documentation: "Match packets with a given dst-mac and src-mac addresses, speci- fied as the any keyword (matching any MAC address), or six groups of hex digits separated by colons, and optionally followed by a mask indicating the significant bits. The mask may be specified using either of the following methods: i) append to the address a slash (/) followed by the number of bits that are significant. For example, an address in which the first 33 bits are significant could be specified as: MAC 10:20:30:40:50:60/33 any ii) append to the address an ampersand (&) followed by a bitmask specified as six groupsof hex digits separated by colons. For example, an address in which the last 16 bits are significant could be specified as: MAC 10:20:30:40:50:60&00:00:00:00:00:ff any Note that the ampersand character has special meaning in most shells and must generally be escaped. Note that the order of MAC addresses (destination first, source second) is the same as on the wire, but the opposite of the one used for IP addresses." >Release-Note: >Audit-Trail: >Unformatted: