Committing one ipfw(8) userland patch
Rodney W. Grimes
freebsd-rwg at gndrsh.dnsmgr.net
Tue Apr 7 17:35:04 UTC 2020
> On 07.04.2020 11:28, Andrey V. Elsukov wrote:
>
> >> I have one patch for the ipfw userland tool:
> >> https://reviews.freebsd.org/D24234
> >>
> >> This patch adds the src-ip4/dst-ip4 and src-ipv4/dst-ipv4 aliases for
> >> src-ip/dst-ip commands respectively in IPFW.
> >>
> >> Could someone please commit this patch?
> >
> > Can you describe what is the benefit to have all these aliases, when
> > after adding the rule you will still see other name. I think this makes
> > it more confusing.
> I think, {src|dst}-ip without version should exist only for backward
> compatibility and, maybe, produce warnings.
But that is not what this review does. I would be in support of
changing the "official" names to src-ip4/dst-ip4/src-ip6/dst-ip6
and making src-ip/dst-ip a backwards compatible alias.
>
> Why? symmetry & consistency. And equal length of fields in rules for
> different versions, too :-)
>
> Also, there are confusion with me/me4/me6. When `src-ip` is really
> `src-ip4`, what does `me` mean? `me4`? or `me4 OR me6`?
The parts of the rule are not cross applied so this is a non-question,
me4 with a src-ip6 matches 0 packets no mater what the values are.
One could write syntax checkers to flag this NOP condition.
> --
> // Lev Serebryakov
--
Rod Grimes rgrimes at freebsd.org
More information about the freebsd-hackers
mailing list