From owner-freebsd-hackers@freebsd.org Tue Apr 7 23:34:04 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F26F42A289C for ; Tue, 7 Apr 2020 23:34:04 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48xkJC3Ts8z4PGq; Tue, 7 Apr 2020 23:34:03 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 037NY0f6094851; Tue, 7 Apr 2020 16:34:00 -0700 (PDT) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 037NY0NO094850; Tue, 7 Apr 2020 16:34:00 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <202004072334.037NY0NO094850@gndrsh.dnsmgr.net> Subject: Re: Committing one ipfw(8) userland patch In-Reply-To: <00c101d60d0c$e1331bc0$a3995340$@gmail.com> To: driesm.michiels@gmail.com Date: Tue, 7 Apr 2020 16:34:00 -0700 (PDT) CC: "'Rodney W. Grimes'" , lev@freebsd.org, freebsd-hackers@freebsd.org, "'Andrey V. Elsukov'" , "'Neel Chauhan'" X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 48xkJC3Ts8z4PGq X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-rwg@gndrsh.dnsmgr.net has no SPF policy when checking 69.59.192.140) smtp.mailfrom=freebsd-rwg@gndrsh.dnsmgr.net X-Spamd-Result: default: False [4.29 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[dnsmgr.net]; AUTH_NA(1.00)[]; RCPT_COUNT_FIVE(0.00)[6]; NEURAL_SPAM_MEDIUM(0.95)[0.950,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(0.03)[ip: (0.13), ipnet: 69.59.192.0/19(0.06), asn: 13868(0.03), country: US(-0.05)]; NEURAL_SPAM_LONG(0.91)[0.908,0]; R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; SUSPICIOUS_RECIPS(1.50)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Apr 2020 23:34:05 -0000 > > -----Original Message----- > > From: owner-freebsd-hackers@freebsd.org > hackers@freebsd.org> On Behalf Of Rodney W. Grimes > > Sent: dinsdag 7 april 2020 19:35 > > To: lev@freebsd.org > > Cc: freebsd-hackers@freebsd.org; Andrey V. Elsukov ; > > Neel Chauhan > > Subject: Re: Committing one ipfw(8) userland patch > > > > > On 07.04.2020 11:28, Andrey V. Elsukov wrote: > > > > > > >> I have one patch for the ipfw userland tool: > > > >> https://reviews.freebsd.org/D24234 > > > >> > > > >> This patch adds the src-ip4/dst-ip4 and src-ipv4/dst-ipv4 aliases > > > >> for src-ip/dst-ip commands respectively in IPFW. > > > >> > > > >> Could someone please commit this patch? > > > > > > > > Can you describe what is the benefit to have all these aliases, when > > > > after adding the rule you will still see other name. I think this > > > > makes it more confusing. > > > I think, {src|dst}-ip without version should exist only for backward > > > compatibility and, maybe, produce warnings. > > > > But that is not what this review does. I would be in support of changing > the > > "official" names to src-ip4/dst-ip4/src-ip6/dst-ip6 and making > src-ip/dst-ip a > > backwards compatible alias. > > > > > > > > Why? symmetry & consistency. And equal length of fields in rules for > > > different versions, too :-) > > > > > > Also, there are confusion with me/me4/me6. When `src-ip` is really > > > `src-ip4`, what does `me` mean? `me4`? or `me4 OR me6`? > > > > The parts of the rule are not cross applied so this is a non-question, > > me4 with a src-ip6 matches 0 packets no mater what the values are. > > Currently only me and me6 are implemented, given your comment above does > that mean that "me" should only match IPv4 packets? No Your review adds me4 as an explicit match on ipv4 address only, which is what was agreed to in the review. "me" should continue to match v4 or v6 packets. I would expect a me with a src-ip4 modifier to be the "and" of them, and something silly like me4 with a src-ip6 to be the empty set. > If that was the intend, it is not what I'm observing with my ruleset that > uses "me" as destination keyword. IPv6 works fine with it. > You can find my IPFW ruleset in the review > https://reviews.freebsd.org/D24021. > > > > > One could write syntax checkers to flag this NOP condition. > > > > > -- > > > // Lev Serebryakov > > -- > > Rod Grimes > rgrimes@freebsd.org > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > -- Rod Grimes rgrimes@freebsd.org