[CFT] new tables for ipfw
Alexander V. Chernikov
melifaro at yandex-team.ru
Thu Aug 14 09:57:38 UTC 2014
On 14.08.2014 13:23, Luigi Rizzo wrote:
>
>
>
> On Wed, Aug 13, 2014 at 10:11 PM, Alexander V. Chernikov
> <melifaro at yandex-team.ru <mailto:melifaro at yandex-team.ru>> wrote:
>
> Hello list.
>
> I've been hacking ipfw for a while and It seems there is something
> ready to test/review in projects/ipfw branch.
>
>
> this is a fantastic piece of work, thanks for doing it and for
> integrating the feedback.
>
> I have some detailed feedback that will send you privately,
> but just a curiosity:
>
> ...
>
> Some examples (see ipfw(8) manual page for the description):
>
> ...
>
>
> ipfw table mi_test create type cidr algo "cidr:hash masks=/30,/64"
>
>
> why do we need to specify mask lengths in the above ?
Well, since we're hashing IP we have to know mask to cut host bits in
advance.
(And the real reason is that I'm too lazy to implement hierarchical
matching (check /32, then /31, then /30) like how, for example,
this is done in ipset), so this particular algorithm supports only
single IPv4 and single IPv6 mask.
Anyway, it is not too hard to add another algo which is doing the above.
>
> cheers
> luigi
>
More information about the freebsd-net
mailing list