Date: Fri, 05 Oct 2007 12:38:10 -0700 From: "Kevin Oberman" <oberman@es.net> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-current@freebsd.org, Julian Elischer <julian@elischer.org> Subject: Re: IPv6 support for tables in ipfw? Message-ID: <20071005193810.A11284500E@ptavv.es.net> In-Reply-To: Your message of "Fri, 05 Oct 2007 19:15:07 -0000." <20071005191105.C6043@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1191613090_79305P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Fri, 5 Oct 2007 19:15:07 +0000 (UTC) > From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> > > On Fri, 5 Oct 2007, Julian Elischer wrote: > > Hi, > > > Kevin Oberman wrote: > >>> Date: Fri, 05 Oct 2007 11:02:22 -0700 > >>> From: Julian Elischer <julian@elischer.org> > >>> > >>> Kevin Oberman wrote: > >>>> At this time the use of tables in ipfw is limited to IPv4. Is anyone > >>>> looking at adding IPv6 address capability? > >>> > >>> I am but it's not 'soon' on my list. > >> > >> I am on travel for a couple of weeks, so I may try and get a start on > >> this while at airports or on planes. > >> > >> Tables are very useful for allowing an IDS set up blocks on the > >> fly. Right now I am limited to a new rule for every block and that is > >> not very portable (since I don't want to step on existing rules) and > >> very messy since, except for the address, all of the rules are > >> identical. > > > > yeah, exactly.. "me too". > > > >> I'm using tables right now for V4, but I really need to have v6 support > >> soon. I'm just not real sure what 'soon' is. I hope it's different from > >> yours. > > > The question is: > > do we want to duplicate the table framework for IPv6 or have mixed > tables with both v4 and v6 addresses? > > While I am thinking about performance for lookups etc. I am more > worried about the userspace API which might change. That might be > troublesome for the 7-tree. While I would hope to eventually have mixed tables with both v4 and v6 addresses, starting out (v7 era) with table and table6 would be great. It lets me get the job done. Almost all ipfw support for v6 started as separate and is slowly merging into a common facility. (If you think it is fully merged today in current, you don't run v6 is production and use ipfw with it.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1191613090_79305P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFHBpKikn3rs5h7N1ERAk8lAJ4gbmC01GDgWpFkAHLIQ+tDVLAYRACfRyBn 1ivgMnbDomrgFfmQS6J1k14= =2Kb/ -----END PGP SIGNATURE----- --==_Exmh_1191613090_79305P--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071005193810.A11284500E>