[patch] gsoc project: improving layer2 filtering

Gleb Kurtsou gleb.kurtsou at gmail.com
Mon Sep 8 20:00:20 UTC 2008 

[Max Laier and Brooks Davis CCed as suggested by Andrew Thompson]

This summer I was working on improving layer2 filtering (my mentor is
Andrew Thompson) as a google summer of code project.  The project was
successfully completed. 

I'd like to ask for a public review of the patch attached.
To apply patch (against -CURRENT):
cd /usr/src; patch -p0 < gk_l2filter.patch

Note, that the patch is not so clean: style(9) issues, stale comments,
some inaccurate variable names, etc. But is should be just fine for a
general review.  I'd like to continue working further to improve it, if
community is interested and if there is possibility for it to get
commited.  I would appreciate any comments and suggestions.

Some additional details and examples of new functionality can be found on
my blog: http://blogs.freebsdish.org/gleb/

Project's perforce repository: http://perforce.freebsd.org/changeList.cgi?CMD=changes&FSPC=//depot/projects/soc2008/gk%5fl2filter/...

To sum it up, following project goals were achieved (old todo list):

general:
    * Implement pfil hooks for filtering ethernet packets
    * Add mtag containing source and destination layer2 addresses to
      every mbuf
    * Add per interface flags: l2filter, l2tag 

ipfw:
    * Update ipfw layer2 not to touch ip headers, but to use mentioned
      mtags to do MAC-IP filtering
    * Add src-ether and dst-ether ipfw options
    * Support mac addresses in ipfw lookup tables
    * Stateful filtering by mac addresses
    * Implement ARP filtering options
    * Update documentation 

pf:
    * Add stateful filtering against mac addresses. Make it part of
      present layer3 stateful filtering.
    * Extend pf's tables facility to contain layer2 address apart with
      layer3 address.
    * Support in userspace (pf.conf, pfctl).
    * Update documentation


-------------- next part --------------
A non-text attachment was scrubbed...
Name: gk_l2filter.patch
Type: text/x-diff
Size: 104020 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20080908/8ffd3e6c/gk_l2filter-0001.bin

More information about the freebsd-net mailing list