From owner-freebsd-net@FreeBSD.ORG Mon May 19 13:13:01 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6E389E82; Mon, 19 May 2014 13:13:01 +0000 (UTC) Received: from mail-pb0-x230.google.com (mail-pb0-x230.google.com [IPv6:2607:f8b0:400e:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3646B2A7B; Mon, 19 May 2014 13:13:01 +0000 (UTC) Received: by mail-pb0-f48.google.com with SMTP id rr13so5873190pbb.21 for ; Mon, 19 May 2014 06:13:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=v9d+oMp+zxrytLw5hOgL9Gywuyd3EofIKeFxRXXXM/s=; b=o3nyIkapCDZVA0302LsuAfNYad2SrVahcSOxU5+40ZpsNUPIlHrVUqIQKWtdkTjizf T8QinmLF7RaILSNrdaKIf51mmJurJoewyax5/MsjQt+Ns7wYBghZpu5JdQcEh2E25L3j wV6GeUW9gyrZYZ7N5/juxCLiT5GeOpOZqriMkcwqiop4cFzzEqFttnEBSGOcf5/pXIgA hPJAcEK4O6eerXE6ScYTyHGVPANo+Yh8NwwHSTH6kJK5jtA8QCve9jC9i03XUle9Jy1X QuIy203UiRAypx1nykV3bJALWl1GUCYFGPyoA4mhQaHYKvrSkdbMHe8nnZKrvjHHU6xA J6/w== X-Received: by 10.66.193.104 with SMTP id hn8mr42547718pac.99.1400505180695; Mon, 19 May 2014 06:13:00 -0700 (PDT) Received: from [192.168.1.100] ([203.117.37.234]) by mx.google.com with ESMTPSA id sv10sm75611051pab.32.2014.05.19.06.12.55 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 May 2014 06:12:59 -0700 (PDT) Message-ID: <537A0356.7050104@gmail.com> Date: Mon, 19 May 2014 21:12:54 +0800 From: bycn82 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20120129 Thunderbird/10.0 MIME-Version: 1.0 To: "Alexander V. Chernikov" Subject: Re: Problem with ipfw table add 0.0.0.0/8 References: <5371084F.1060009@bsdinfo.com.br> <5371112B.2030209@bsdinfo.com.br> <5371E9E7.70400@smartspb.net> <5371F4C8.3080501@FreeBSD.org> <53720AA4.80909@smartspb.net> <537767C5.80205@FreeBSD.org> <53783333.3010205@freebsd.org> <537A0054.5000707@FreeBSD.org> In-Reply-To: <537A0054.5000707@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: Dennis Yusupoff , Marcelo Gondim , FreeBSD Net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2014 13:13:01 -0000 On 5/19/14 21:00, Alexander V. Chernikov wrote: > On 19.05.2014 11:51, Bill Yuan wrote: >> Hi Alex, > Hello Bill! >> >> You guys are chatting here! I agree with you, the table is the place >> should >> be enhanced, and I am working in this way as described below >> >> 1. Support more types. >> ip : cidr >> ipv4 : same as ip >> ipv6 : ip addr v6 >> mac : mac address >> iface : interface name >> interface : same as iface >> port : it is Alex's idea, I dont know how it works. > Well, actually that's not mine. ipfw implement the following since > long ago: > + v = ((ipfw_insn_u32 *)cmd)->d[1]; > + switch (v) { > + case 0: > + case 1: > + /* IPv4 src/dst */ > + break; > + case 2: > + case 3: > + /* src/dst port */ > + break; > + case 4: > + /* uid/gid */ > + case 5: > + /* jid */ > + case 6: > + /* dscp */ > + break; > + } > > I hope you're not using radix to implement mac addresses lookup? > > Anyway, it looks like we're doing similar things. > Can you take a look on '[CFT]: ipfw named tables / different > tabletypes' topic and > see how much it conflicts with your changes? >> >> 2. Setup the table type >> ipfw table type >> it will setup the type of the table, and flush the table >> >> 3. Get table type >> ipfw table type show >> >> 4. Add item into the table >> ipfw table add >> >> a. get the type of table >> b. if the type is not defined yet, that also means the table is new or >> empty, >> then guess the type based on the >> c. format the and insert into the table. >> >> In this way so call "back compatible" >> >> 5. how to use table >> >> case 1 >> ipfw add [line] allow icmp from "table(1)" to "table(2)" >> in the ipfw userland command, it should check the table1 and table 2 >> should >> be ipv4 or ipv6 type >> >> case 2 >> ipfw add allow icmp from any to any MAC "table(3)" "table(4)" >> in this case, the table(3) and table(4) should be a table of MAC >> addresses. >> >> case 3 >> ipfw add allow icmp from any to any via table(5) >> in this case, the table 5 should be table of interface names. >> >> >> currently I am working on the mac type. :) >> >> >> >> >> On Sun, May 18, 2014 at 12:47 PM, Jason Hellenthal >> wrote: >> >>> >>>> On May 18, 2014, at 0:12, Julian Elischer wrote: >>>>> 2) Table type/name can be specified explicitly via one of the >>>>> following >>> commands: >>>>> * ipfw table 1 create [type ] [name >>> "table_name"] >>>> type "ports" would be nice but tricky to do right. >>> That . . . would be a great addition and have me switching from pf >>> to ipfw. >>> >>> Pullllease do! :-) >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > It is good to know that have company who is working in the same direction. and it is really feeling good to have user who is expecting this feature before implemented. :) You bring up the code first , I can try to add on a patch for the "mac" type or others , As a newbie here, I am not confident about how to implement is the best way.