[patch] ipfw packet tagging
Vadim Goncharov
vadimnuclight at tpu.ru
Sat May 13 10:09:12 UTC 2006
13.05.06 @ 16:38 Julian Elischer wrote:
>>>> A question about features: is it worth adding functionality of
>>>> matching
>>>> range of tags? For example:
>>>>
>>>> ipfw add pass ip from any to any tagged 1-5,10,20
>>>
>>>
>>> i think it is a useful feature, and if you reuse the existing code
>>> for matching port ranges etc to implement it, performance should
>>> be reasonably good.
>>
>>
>> OK, Andrey made new version of patches available:
>> http://butcher.heavennet.ru/patches/kernel/ipfw_tags/
>>
>> Manpage patch is integrated as well as new untag/tagged range
>> functionality,
>> based on existing port ranges matching code. Short test shown that it
>> works.
>
>
> I might suggest that the new 'tablearg' keyword be useable in a tag
> command allowing a table to contain entries that give different tags.
> (I don't think it is in 5 but it may be in 6.. (not sure))
>
> would be cool however.
May be, but I can't imagine a real situation where it can be useful,
as tables already contain IP adresses. Can you give a real-life
example where it helps ?
--
WBR, Vadim Goncharov
More information about the freebsd-net
mailing list