Improve ipfw.8 manual page with more clear layer2 processing documentation
ClosedPublic
Actions

Authored by eugen_grosbein.net on Oct 27 2018, 3:16 PM.

Details

Reviewers

butcher
ae

Group Reviewers

network
manpages

Commits

rS341458: MFC r340110: ipfw(8): clarify layer2 processing abilities
rS341451: MFC r340110: ipfw(8): clarify layer2 processing abilities
rS340110: ipfw(8): clarify layer2 processing abilities

Summary

ipfw(8) has means to filter and/or process (layer3) IP packets and (layer2) link-level frames. Kernel-side part of ipfw has distinct processors for layer2 and layer3 mbufs in the sys/netpfil/ipfw/ip_fw_pfil.c: ipfw_check_frame() and ipfw_check_packet() respectively.

Full set of ipfw actions is implemented within ipfw_check_packet() only and ipfw_check_frame() supports only allow/deny/ngtee/netgraph and dummynet-related actions. This means, for example, that "divert 1 ip from any to any layer2" does not work. This is not documented. This change adds some words on the topic.

Test Plan

N/A

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

eugen_grosbein.net created this revision.Oct 27 2018, 3:16 PM

Herald added a reviewer: manpages. · View Herald TranscriptOct 27 2018, 3:16 PM

Herald added a subscriber: imp. · View Herald Transcript

Harbormaster completed remote builds in B20461: Diff 49686.Oct 27 2018, 3:16 PM

eugen_grosbein.net edited the summary of this revision. (Show Details)Oct 27 2018, 3:46 PM

yuripv added a subscriber: yuripv.Oct 27 2018, 11:49 PM

yuripv added inline comments.

sbin/ipfw/ipfw.8
516 ↗	(On Diff #49686)	The rest of the man page (correctly) uses .Cm for keywords. More so, apropos uses .Nm results outside of SYNOPSIS section as well, so misusing .Nm will clobber the search results.
529 ↗	(On Diff #49686)	Please start new sentences from new line.