HomeFreeBSD
Diffusion FreeBSD src repository fc727ad63d3f

ipfw: add [fw]mark implementation for ipfw
fc727ad63d3f
Actions

Description

ipfw: add [fw]mark implementation for ipfw

Packet Mark is an analogue to ipfw tags with O(1) lookup from mbuf while
regular tags require a single-linked list traversal.
Mark is a 32-bit number that can be looked up in a table
[with 'number' table-type], matched or compared with a number with optional
mask applied before comparison.
Having generic nature, Mark can be used in a variety of needs.
For example, it could be used as a security group: mark will hold a security
group id and represent a group of packet flows that shares same access
control policy.

Reviewed By: pauamma_gundo.com
Differential Revision: https://reviews.freebsd.org/D39555
MFC after: 1 month

Details

Provenance
lytboris_gmail.comAuthored on Apr 25 2023, 12:38 PM
melifaroCommitted on Apr 25 2023, 12:40 PM
Reviewer
pauamma_gundo.com
Differential Revision
D39555: [fw]mark implementation for ipfw
Parents
rG089104e0e01f: netlink: add netlink interfaces to if_clone
Branches
Unknown
Tags
Unknown

Changes (13)

PathSize
sbin/
ipfw/
sys/
netinet/
netpfil/
ipfw/

rGfc727ad63d3f

View Options

sbin/ipfw/ipfw.8

Loading...
View Options

sbin/ipfw/ipfw2.c

Loading...
View Options

sbin/ipfw/ipfw2.h

Loading...
View Options

sbin/ipfw/tables.c

Loading...
View Options

sys/netinet/ip_fw.h

Loading...
View Options

sys/netinet/ip_var.h

Loading...
View Options

sys/netpfil/ipfw/ip_fw2.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_log.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_pfil.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_private.h

Loading...
View Options

sys/netpfil/ipfw/ip_fw_sockopt.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_table.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw_table_value.c

Loading...