1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00
freebsd/sys/netinet/ipfw
Alexander V. Chernikov f8bee51a69 - Add ipfw eXtended tables permitting radix to be used for any kind of keys.
- Add support for IPv6 and interface extended tables
- Make number of tables to be loader tunable in range 0..65534.
- Use IP_FW3 opcode for all new extended table cmds

No ABI changes are introduced. Old userland will see valid tables for
IPv4 tables and no entries otherwise. Flush works for any table.

IP_FW3 socket option is used to encapsulate all new opcodes:
 /* IP_FW3 header/opcodes */
 typedef struct _ip_fw3_opheader {
        uint16_t opcode;        /* Operation opcode */
        uint16_t reserved[3];   /* Align to 64-bit boundary */
 } ip_fw3_opheader;

New opcodes added:
 IP_FW_TABLE_XADD, IP_FW_TABLE_XDEL, IP_FW_TABLE_XGETSIZE, IP_FW_TABLE_XLIST

ipfw(8) table argument parsing behavior is changed:
 'ipfw table 999 add host' now assumes 'host' to be interface name instead of
 hostname.

New tunable:
 net.inet.ip.fw.tables_max controls number of table supported by ipfw in given
 VNET instance. 128 is still the default value.

New syntax:
ipfw add skipto tablearg ip from any to any via table(42) in
ipfw add skipto tablearg ip from any to any via table(4242) out

This is a bit hackish, special interface name '\1' is used to signal interface
table number is passed in p.glob field.

Sponsored by Yandex LLC

Reviewed by:    ae
Approved by:    ae (mentor)

MFC after:      4 weeks
2012-03-12 14:07:57 +00:00
..
test
dn_heap.c Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs. 2011-11-07 06:44:47 +00:00
dn_heap.h
dn_sched_fifo.c
dn_sched_prio.c
dn_sched_qfq.c a variable was erroneously declared as 32 bit instead of 64. 2012-01-27 13:26:25 +00:00
dn_sched_rr.c
dn_sched_wf2q.c
dn_sched.h
dummynet.txt - add a missing "be" and "in" 2011-11-11 22:27:09 +00:00
ip_dn_glue.c
ip_dn_io.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
ip_dn_private.h
ip_dummynet.c Hide some debug messages under debug macro. 2011-06-01 12:33:05 +00:00
ip_fw2.c - Add ipfw eXtended tables permitting radix to be used for any kind of keys. 2012-03-12 14:07:57 +00:00
ip_fw_dynamic.c - Refresh dynamic tcp rule only if both sides answered keepalive packets. 2012-02-28 22:00:41 +00:00
ip_fw_log.c Always use the opt_*.h options for ipfw.ko, not just when 2011-11-04 16:24:19 +00:00
ip_fw_nat.c Don't use `m' after m_megapullup. 2012-02-22 04:19:33 +00:00
ip_fw_pfil.c Always use the opt_*.h options for ipfw.ko, not just when 2011-11-04 16:24:19 +00:00
ip_fw_private.h - Add ipfw eXtended tables permitting radix to be used for any kind of keys. 2012-03-12 14:07:57 +00:00
ip_fw_sockopt.c - Add ipfw eXtended tables permitting radix to be used for any kind of keys. 2012-03-12 14:07:57 +00:00
ip_fw_table.c - Add ipfw eXtended tables permitting radix to be used for any kind of keys. 2012-03-12 14:07:57 +00:00