Date: Tue, 7 Apr 2020 20:46:41 +0200 From: <driesm.michiels@gmail.com> To: "'Rodney W. Grimes'" <freebsd-rwg@gndrsh.dnsmgr.net>, <lev@freebsd.org> Cc: <freebsd-hackers@freebsd.org>, "'Andrey V. Elsukov'" <bu7cher@yandex.ru>, "'Neel Chauhan'" <neel@neelc.org> Subject: RE: Committing one ipfw(8) userland patch Message-ID: <00c101d60d0c$e1331bc0$a3995340$@gmail.com> In-Reply-To: <202004071735.037HZ1mK093414@gndrsh.dnsmgr.net> References: <ed3a9bec-e5ef-2f2b-ee90-5f68239a66dd@FreeBSD.org> <202004071735.037HZ1mK093414@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-hackers@freebsd.org <owner-freebsd- > hackers@freebsd.org> On Behalf Of Rodney W. Grimes > Sent: dinsdag 7 april 2020 19:35 > To: lev@freebsd.org > Cc: freebsd-hackers@freebsd.org; Andrey V. Elsukov <bu7cher@yandex.ru>; > Neel Chauhan <neel@neelc.org> > Subject: Re: Committing one ipfw(8) userland patch > > > On 07.04.2020 11:28, Andrey V. Elsukov wrote: > > > > >> I have one patch for the ipfw userland tool: > > >> https://reviews.freebsd.org/D24234 > > >> > > >> This patch adds the src-ip4/dst-ip4 and src-ipv4/dst-ipv4 aliases > > >> for src-ip/dst-ip commands respectively in IPFW. > > >> > > >> Could someone please commit this patch? > > > > > > Can you describe what is the benefit to have all these aliases, when > > > after adding the rule you will still see other name. I think this > > > makes it more confusing. > > I think, {src|dst}-ip without version should exist only for backward > > compatibility and, maybe, produce warnings. > > But that is not what this review does. I would be in support of changing the > "official" names to src-ip4/dst-ip4/src-ip6/dst-ip6 and making src-ip/dst-ip a > backwards compatible alias. > > > > > Why? symmetry & consistency. And equal length of fields in rules for > > different versions, too :-) > > > > Also, there are confusion with me/me4/me6. When `src-ip` is really > > `src-ip4`, what does `me` mean? `me4`? or `me4 OR me6`? > > The parts of the rule are not cross applied so this is a non-question, > me4 with a src-ip6 matches 0 packets no mater what the values are. Currently only me and me6 are implemented, given your comment above does that mean that "me" should only match IPv4 packets? If that was the intend, it is not what I'm observing with my ruleset that uses "me" as destination keyword. IPv6 works fine with it. You can find my IPFW ruleset in the review https://reviews.freebsd.org/D24021. > > One could write syntax checkers to flag this NOP condition. > > > -- > > // Lev Serebryakov > -- > Rod Grimes rgrimes@freebsd.org > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c101d60d0c$e1331bc0$a3995340$>