HomeFreeBSD
Diffusion FreeBSD src repository c31f8b7bd895

ipfw: add support radix tables and table lookup for MAC addresses
c31f8b7bd895
Actions

Description

ipfw: add support radix tables and table lookup for MAC addresses

By analogy with IP address matching, add a way to use ipfw radix
tables for MAC matching. This is implemented using new ipfw table
with mac:radix type. Also there are src-mac and dst-mac lookup
commands added.

Usage example:

ipfw table 1 create type mac
ipfw table 1 add 11:22:33:44:55:66/48
ipfw add skipto tablearg src-mac 'table(1)'
ipfw add deny src-mac 'table(1, 100)'
ipfw add deny lookup dst-mac 1

Note: sysctl net.link.ether.ipfw=1 should be set to enable ipfw
filtering on L2.

Reviewed by: melifaro
Obtained from: Yandex LLC
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D35103

(cherry picked from commit 81cac3906eb9c14f81e03b7bcb6893b8d30e5432)

Details

Provenance
smalukav_gmail.comAuthored on Jun 4 2022, 4:12 PM
aeCommitted on Jul 14 2022, 1:04 PM
Reviewer
melifaro
Differential Revision
D35103: ipfw: Support radix tables and table lookup for MAC addresses
Parents
rG8e6cfc632cf6: Bump __FreeBSD_version for new <crypto/*.h> headers.
Branches
Unknown
Tags
Unknown

Changes (9)

PathSize
sbin/
ipfw/
sys/
netinet/
netpfil/
ipfw/

rGc31f8b7bd895

View Options

sbin/ipfw/ipfw.8

Loading...
View Options

sbin/ipfw/ipfw2.c

Loading...
View Options

sbin/ipfw/ipfw2.h

Loading...
View Options

sbin/ipfw/tables.c

Loading...
View Options

sys/netinet/ip_fw.h

Loading...
View Options

sys/netpfil/ipfw/ip_fw2.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_sockopt.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_table.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_table_algo.c

Loading...