From owner-freebsd-net@FreeBSD.ORG Sat May 17 19:57:57 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5846032B; Sat, 17 May 2014 19:57:57 +0000 (UTC) Received: from pit.databus.com (Databus-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:80b::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 292982219; Sat, 17 May 2014 19:57:56 +0000 (UTC) Received: by pit.databus.com (Postfix, from userid 202) id 15B4C39D1C; Sat, 17 May 2014 15:57:55 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=databus.com; s=20140217; t=1400356675; bh=3C9bf+FuTPfP5kPz4XbijhW8970VKr+xoXpr7BuxJLo=; l=1741; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=jiMowduQsCLcJCvB55MRP80kJ5R2QYQUUzOr9U/8tYBMTwU9bpru5SUuio7kbMjh5 djvoSiUABnoM3vUbKPOneQ8zv7LZyA6nsPjsNqmopXZMcnpuL1Qpj/TNhVEaknbyD3 XadGCZqOPgE8VI2yim1H1+ao2lwJ1SEd81qamFagxr7qp8F1L/yRDpY1oj13Y6sprN mA8GAJhv4dv6LG5wGtxlUR5gTtldEmXtnXOg5sY1GMm2GMX4coyfOdJi0B6YFHAT/c 1n9zexQ9M+Lh/kZPiWkUQxFawviNhHHv9evx1qa/tPM4ErAzjJn4AtUkCyoZg1t3TC rGKk/dDvc854g== Date: Sat, 17 May 2014 15:57:55 -0400 From: Barney Wolff To: "Alexander V. Chernikov" Subject: Re: Problem with ipfw table add 0.0.0.0/8 Message-ID: <20140517195754.GA1087@pit.databus.com> References: <5371084F.1060009@bsdinfo.com.br> <5371112B.2030209@bsdinfo.com.br> <5371E9E7.70400@smartspb.net> <5371F4C8.3080501@FreeBSD.org> <53720AA4.80909@smartspb.net> <537767C5.80205@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <537767C5.80205@FreeBSD.org> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Dennis Yusupoff , FreeBSD Net , Marcelo Gondim X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 May 2014 19:57:57 -0000 On Sat, May 17, 2014 at 05:44:37PM +0400, Alexander V. Chernikov wrote: > On 13.05.2014 16:05, Dennis Yusupoff wrote: > > I think that universal table for all kind of data (ipv4, ipv6, ports, > > etc) is a bad idea by design. At least unless you haven't any ability to > It is not always "universal" in kernel. > Actually, different radix tables are used to store both IPv4 and IPv6 in > single table. > > specify address family on add, to avoid attempts to guess what user > > meant. Something like "ipfw table X add DEEF.DE ipv6". > I'm going to add explicit table type/naming setup soon. > Idea is the following: > > 1) Existing table can be named and addressed by either number or name. > However, you still need to assign table number manually. > > 2) Table type/name can be specified explicitly via one of the following > commands: > * ipfw table 1 create [type ] [name "table_name"] > * ipfw table name "table_name" > * ipfw table "table_name" type > > 3) ipfw(8) stops trying to guess appropriate type based on used value. > Instead, > it requests table type from kernel and interprets value according to > returned type. > Default type for all tables is cidr > > 4) Table(s) can be returned to default values using ipfw table > destroy. > Destroy means: > * flush > * table tries (or other structures) freed > * type set to cidr Please avoid violating POLA. I for one have scripts that automatically add entries and would need to be modified if separate ipfw tables become required for ipv4 and ipv6. I'd have no problem, of course, with changes to ipfw internals as long as the existing public API continues to work.