cvs commit: src/sys/netinet ip_fw2.c
Bjoern A. Zeeb
bz at FreeBSD.org
Mon Nov 13 20:13:01 UTC 2006
On Mon, 13 Nov 2006, Bjoern A. Zeeb wrote:
> bz 2006-11-13 19:07:33 UTC
>
> FreeBSD src repository
>
> Modified files:
> sys/netinet ip_fw2.c
> Log:
> Add SCTP as a known upper layer protocol over v6.
There is another 'problem' the way things work at the moment.
We have over 100 IPPROTO_* defined in in.h. We really do not
want to permit any single one and add it to the switch in
ip_fw2.c/ipfw_chk.
Basically at that point we can have:
1 extension headers (we need to know about them to get to 2 or 3)
2 upper layer protocols we know about and want to do/allow more
specific filtering (like tcp/udp/..)
3 upper layer protocols ipfw doesn't know about
In case anyone has a good idea what to do with everything in cat 3
feel free to discuss/commit it;)
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
More information about the cvs-src
mailing list