From owner-freebsd-ipfw@FreeBSD.ORG Thu May 7 20:23:01 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 69CBB106564A; Thu, 7 May 2009 20:23:01 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from cp-out7.libero.it (cp-out7.libero.it [212.52.84.107]) by mx1.freebsd.org (Postfix) with ESMTP id C60D48FC16; Thu, 7 May 2009 20:22:59 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from [10.0.0.1] (151.49.36.1) by cp-out7.libero.it (8.5.107) id 49F9A039012E6FFE; Thu, 7 May 2009 22:11:32 +0200 Message-Id: <3233DB7C-06E8-4AFE-9704-0F900925DAE3@libero.it> From: Raffaele De Lorenzo To: Steve Bertrand , Kevin Oberman , freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Content-Type: multipart/mixed; boundary=Apple-Mail-83--720617087 Mime-Version: 1.0 (Apple Message framework v930.3) Date: Thu, 7 May 2009 22:11:11 +0200 X-Mailer: Apple Mail (2.930.3) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Luigi Rizzo Subject: [ipfw patch - add ipv6 support for table mechanism] request for testing/commit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 May 2009 20:23:01 -0000 --Apple-Mail-83--720617087 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hi all, I extended the ipfw table mechanism to IPv6 protocol and now i need some people for testing and next commit it. The code is stable but you must be careful about possible ambiguous parser semantics. Now you must insert IPv6 addresses inside a table: ipfw table 1 add fe80::1 And you can create IPv6 rules about this table: ipfw add deny tcp from table6(1) to any dst-port 22 ipfw add deny icmp6 from any to table6(1) The "table6" semantic tell the difference betwen the IPv4 semantic ("table"). The following changes are made on the ipfw2 sources: KERNEL SPACE: ip_fw.h 1) Added 2 new OPCODES: O_IP6_SRC_LOOKUP, O_IP6_DST_LOOKUP 2) Added the follow fields in "ipfw_table_entry" structure: struct in6_addr addr6, mask6; uint8_t proto; ip_fw2.c --Apple-Mail-83--720617087 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit 1) Added the follow fields in "struct table_entry" structure: struct sockaddr_in6 addr6, mask6; uint8_t proto; 2) Some changes inside the "add_table_entry" function. 3) Some changes inside the "del_table_entry" function. 4) Some changes inside the "flush_table_entry" function. 5) Some changes inside the "lookup_table" function. 6) Some changes inside the "dump_table_entry" function. 7) Added a new function named "set_proto_table". 8) Added the two new OPCODES inside the "ipfw_check()" function. 9) Added the two new OPCODES inside the "check_ipfw_struct" function. USER SPACE: ipfw2.c 1) Added some changes on "table_handler" function 2) Added some changes on "show_ipfw" function 3) Added some changes on "print_ip6" function 4) Added some changes on "fill_ip6" function 5) Added some changes on "add_dstip6" function 6) Added some changes on "add_srcip6" function 7) Added some changes on "add_src" function 8) Added some changes on "add_dst" function I updated the man pages. INSTALLATION INSTRUCTIONS: Put the "ip_fw2.c" and "ip_fw.h" files inside the "/sys/netinet/ directory" Put the "ipfw2.c" file inside the /src/sbin/ipfw/ directory Rebuild the ipfw kernel module or rebuild you kernel Rebuild the ipfw bin or the entire SBIN. The Sources was tested on FreeBSD 7.2 Release. Let me know any troubles Ciao Raffaele --Apple-Mail-83--720617087--