From owner-freebsd-ipfw Mon Jul 29 22:43:46 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50C8137B400 for ; Mon, 29 Jul 2002 22:43:43 -0700 (PDT) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id D82AB43E5E for ; Mon, 29 Jul 2002 22:43:42 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020730054342.QVML22139.rwcrmhc52.attbi.com@blossom.cjclark.org>; Tue, 30 Jul 2002 05:43:42 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g6U5hfJK089603; Mon, 29 Jul 2002 22:43:42 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g6U5hf1n089602; Mon, 29 Jul 2002 22:43:41 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Mon, 29 Jul 2002 22:43:40 -0700 From: "Crist J. Clark" To: Luigi Rizzo Cc: ipfw@FreeBSD.ORG Subject: Re: RFC: ipfw behaviour with non IPv4 packets Message-ID: <20020730054340.GB89241@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <20020725001652.A94913@iguana.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020725001652.A94913@iguana.icir.org> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jul 25, 2002 at 12:16:52AM -0700, Luigi Rizzo wrote: > Hi, > I would like your input here on the following issue. > > > The original "ipfw" would only see IPv4 packets, so given a rule > of the form > > ip from to > > the "ip" protocol specifier effectively meant "any packet" (and > "any" is in fact a synonym for "ip"). > > IPFW2 also sees non-ipv4 packets, so in some cases (e.g. when no > other fields refer to IPv4 information, say "ip from any to any") > the rule can be ambiguous. As a matter of fact, the way I have > implemented it now is > > "ip" = "any" --> any packet, ipv4 or not > > You can have the same ambiguity when you specify a protocol like > "tcp" or "udp" -- do you want these rules to match only "*-over-ip4" > or ipv6 as well ? > > I am a bit uncertain on what is the best path, but i believe a > reasonable one is to assume > > "ip" = "any" --> any IP packet (v4 or v6) > > and similarly > > "proto" --> any packet of protocol "proto" over IP (v4 or v6) > > Comments ? What happens when you do, pass ip from any to any ipoptions blah,blah... Or some other field that is inconsistent for both IPv4 and IPv6? Or more simply can you do, pass ip from 192.168.0.1 to any And, pass ip from fe80::203:0405:0607:0809 to any And, pass ip from 192.168.0.1 or fe80::203:0405:0607:0809 to any And ipfw(8) will "do the right thing?" (Whatever that might be?) -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message