From owner-freebsd-net@FreeBSD.ORG Sat May 13 10:09:12 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FF6116A471; Sat, 13 May 2006 10:09:12 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90E0743D46; Sat, 13 May 2006 10:09:11 +0000 (GMT) (envelope-from vadimnuclight@tpu.ru) Received: by relay1.tpu.ru (Postfix, from userid 501) id E46891059EA; Sat, 13 May 2006 17:09:09 +0700 (NOVST) Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3]) by relay1.tpu.ru (Postfix) with ESMTP id CB05210584E; Sat, 13 May 2006 17:09:09 +0700 (NOVST) Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with Microsoft SMTPSVC(6.0.3790.1830); Sat, 13 May 2006 17:09:09 +0700 Received: from nuclight.avtf.net ([82.117.64.107]) by mail.tpu.ru over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Sat, 13 May 2006 17:09:09 +0700 To: "Julian Elischer" References: <44648E66.6010800@freebsdbrasil.com.br> <20060512065327.B16302@xorpc.icir.org> <20060512085631.A19484@xorpc.icir.org> <4465A8F8.2020601@elischer.org> Message-ID: Date: Sat, 13 May 2006 17:08:03 +0700 From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In-Reply-To: <4465A8F8.2020601@elischer.org> User-Agent: Opera M2/7.54 (Win32, build 3865) X-OriginalArrivalTime: 13 May 2006 10:09:09.0373 (UTC) FILETIME=[468FFAD0:01C67675] Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 10:09:12 -0000 13.05.06 @ 16:38 Julian Elischer wrote: >>>> A question about features: is it worth adding functionality of >>>> matching >>>> range of tags? For example: >>>> >>>> ipfw add pass ip from any to any tagged 1-5,10,20 >>> >>> >>> i think it is a useful feature, and if you reuse the existing code >>> for matching port ranges etc to implement it, performance should >>> be reasonably good. >> >> >> OK, Andrey made new version of patches available: >> http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ >> >> Manpage patch is integrated as well as new untag/tagged range >> functionality, >> based on existing port ranges matching code. Short test shown that it >> works. > > > I might suggest that the new 'tablearg' keyword be useable in a tag > command allowing a table to contain entries that give different tags. > (I don't think it is in 5 but it may be in 6.. (not sure)) > > would be cool however. May be, but I can't imagine a real situation where it can be useful, as tables already contain IP adresses. Can you give a real-life example where it helps ? -- WBR, Vadim Goncharov