From owner-freebsd-net@FreeBSD.ORG Tue May 20 17:33:10 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 10CD5E26 for ; Tue, 20 May 2014 17:33:10 +0000 (UTC) Received: from mail.ipfw.ru (mail.ipfw.ru [IPv6:2a01:4f8:120:6141::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 88E652D60 for ; Tue, 20 May 2014 17:33:09 +0000 (UTC) Received: from 95.108.170.210-red.dhcp.yndx.net ([95.108.170.210] helo=ptichko.yndx.net) by mail.ipfw.ru with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from ) id 1Wmk0A-0002Y7-FK; Tue, 20 May 2014 17:22:42 +0400 Message-ID: <537B9170.6040303@FreeBSD.org> Date: Tue, 20 May 2014 21:31:28 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 MIME-Version: 1.0 To: bycn82 Subject: Re: Problem with ipfw table add 0.0.0.0/8 References: <5371084F.1060009@bsdinfo.com.br> <5371112B.2030209@bsdinfo.com.br> <5371E9E7.70400@smartspb.net> <5371F4C8.3080501@FreeBSD.org> <53720AA4.80909@smartspb.net> <537767C5.80205@FreeBSD.org> <53783333.3010205@freebsd.org> <537A0054.5000707@FreeBSD.org> <537A0356.7050104@gmail.com> In-Reply-To: <537A0356.7050104@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: Dennis Yusupoff , Marcelo Gondim , FreeBSD Net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2014 17:33:10 -0000 On 19.05.2014 17:12, bycn82 wrote: > On 5/19/14 21:00, Alexander V. Chernikov wrote: >> On 19.05.2014 11:51, Bill Yuan wrote: >>> Hi Alex, >> Hello Bill! >>> >>> You guys are chatting here! I agree with you, the table is the place >>> should >>> be enhanced, and I am working in this way as described below >>> >>> 1. Support more types. >>> ip : cidr >>> ipv4 : same as ip >>> ipv6 : ip addr v6 >>> mac : mac address >>> iface : interface name >>> interface : same as iface >>> port : it is Alex's idea, I dont know how it works. >> Well, actually that's not mine. ipfw implement the following since >> long ago: >> + v = ((ipfw_insn_u32 *)cmd)->d[1]; >> + switch (v) { >> + case 0: >> + case 1: >> + /* IPv4 src/dst */ >> + break; >> + case 2: >> + case 3: >> + /* src/dst port */ >> + break; >> + case 4: >> + /* uid/gid */ >> + case 5: >> + /* jid */ >> + case 6: >> + /* dscp */ >> + break; >> + } >> >> I hope you're not using radix to implement mac addresses lookup? >> >> Anyway, it looks like we're doing similar things. >> Can you take a look on '[CFT]: ipfw named tables / different >> tabletypes' topic and >> see how much it conflicts with your changes? >>> >>> 2. Setup the table type >>> ipfw table type >>> it will setup the type of the table, and flush the table >>> >>> 3. Get table type >>> ipfw table type show >>> >>> 4. Add item into the table >>> ipfw table add >>> >>> a. get the type of table >>> b. if the type is not defined yet, that also means the table is new or >>> empty, >>> then guess the type based on the >>> c. format the and insert into the table. >>> >>> In this way so call "back compatible" >>> >>> 5. how to use table >>> >>> case 1 >>> ipfw add [line] allow icmp from "table(1)" to "table(2)" >>> in the ipfw userland command, it should check the table1 and table 2 >>> should >>> be ipv4 or ipv6 type >>> >>> case 2 >>> ipfw add allow icmp from any to any MAC "table(3)" "table(4)" >>> in this case, the table(3) and table(4) should be a table of MAC >>> addresses. >>> >>> case 3 >>> ipfw add allow icmp from any to any via table(5) >>> in this case, the table 5 should be table of interface names. >>> >>> >>> currently I am working on the mac type. :) >>> >>> >>> >>> >>> On Sun, May 18, 2014 at 12:47 PM, Jason Hellenthal >>> wrote: >>> >>>> >>>>> On May 18, 2014, at 0:12, Julian Elischer wrote: >>>>>> 2) Table type/name can be specified explicitly via one of the >>>>>> following >>>> commands: >>>>>> * ipfw table 1 create [type ] [name >>>> "table_name"] >>>>> type "ports" would be nice but tricky to do right. >>>> That . . . would be a great addition and have me switching from pf >>>> to ipfw. >>>> >>>> Pullllease do! :-) >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> >> >> > > It is good to know that have company who is working in the same > direction. > and it is really feeling good to have user who is expecting this > feature before implemented. :) Yup. Named tables (and arbitrary tables) should have been done long time ago.. > > You bring up the code first , I can try to add on a patch for the > "mac" type or others , As a newbie here, I am not confident about how > to implement is the best way. Well, stock radix is slow and consumes a lot of memory per record (more than 3 cache lines). So it is probably better to implement either array of configurable item size or/and hash table.