Date: Mon, 8 Sep 2008 22:13:34 +0200 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org, Brooks Davis <brooks@freebsd.org> Cc: Gleb Kurtsou <gleb.kurtsou@gmail.com>, Andrew Thompson <thompsa@freebsd.org> Subject: Re: [patch] gsoc project: improving layer2 filtering Message-ID: <200809082213.34703.max@love2party.net> In-Reply-To: <20080908193020.GA37900@rybacik> References: <20080908193020.GA37900@rybacik>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 08 September 2008 21:30:21 Gleb Kurtsou wrote: > [Max Laier and Brooks Davis CCed as suggested by Andrew Thompson] > > This summer I was working on improving layer2 filtering (my mentor is > Andrew Thompson) as a google summer of code project. The project was > successfully completed. Wow! That's one large diff ... unfortunately I don't have much time right now. I'll try to look at the pf changes one of these days, but please re-ping if I don't get to it in a timely manner. For the moment all I can say is that your work is very appreciated and that - from a quick glance - it looks like this could be ready(-ish) for inclusion. In any case we should get the releases out the door before dropping this in current. Again, thanks for your work ... I'll look at it as I find time. > I'd like to ask for a public review of the patch attached. > To apply patch (against -CURRENT): > cd /usr/src; patch -p0 < gk_l2filter.patch > > Note, that the patch is not so clean: style(9) issues, stale comments, > some inaccurate variable names, etc. But is should be just fine for a > general review. I'd like to continue working further to improve it, if > community is interested and if there is possibility for it to get > commited. I would appreciate any comments and suggestions. > > Some additional details and examples of new functionality can be found on > my blog: http://blogs.freebsdish.org/gleb/ > > Project's perforce repository: > http://perforce.freebsd.org/changeList.cgi?CMD=changes&FSPC=//depot/project >s/soc2008/gk%5fl2filter/... > > To sum it up, following project goals were achieved (old todo list): > > general: > * Implement pfil hooks for filtering ethernet packets > * Add mtag containing source and destination layer2 addresses to > every mbuf > * Add per interface flags: l2filter, l2tag > > ipfw: > * Update ipfw layer2 not to touch ip headers, but to use mentioned > mtags to do MAC-IP filtering > * Add src-ether and dst-ether ipfw options > * Support mac addresses in ipfw lookup tables > * Stateful filtering by mac addresses > * Implement ARP filtering options > * Update documentation > > pf: > * Add stateful filtering against mac addresses. Make it part of > present layer3 stateful filtering. > * Extend pf's tables facility to contain layer2 address apart with > layer3 address. > * Support in userspace (pf.conf, pfctl). > * Update documentation -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809082213.34703.max>