From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 14 04:46:53 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E4699106564A for ; Mon, 14 Apr 2008 04:46:53 +0000 (UTC) (envelope-from relch2k7@yahoo.com) Received: from n8.bullet.re3.yahoo.com (n8.bullet.re3.yahoo.com [68.142.237.93]) by mx1.freebsd.org (Postfix) with SMTP id 8F9628FC25 for ; Mon, 14 Apr 2008 04:46:53 +0000 (UTC) (envelope-from relch2k7@yahoo.com) Received: from [68.142.237.89] by n8.bullet.re3.yahoo.com with NNFMP; 14 Apr 2008 04:33:27 -0000 Received: from [69.147.75.181] by t5.bullet.re3.yahoo.com with NNFMP; 14 Apr 2008 04:33:27 -0000 Received: from [127.0.0.1] by omp102.mail.re1.yahoo.com with NNFMP; 14 Apr 2008 04:33:27 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 416592.34519.bm@omp102.mail.re1.yahoo.com Received: (qmail 38720 invoked by uid 60001); 14 Apr 2008 04:33:27 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID; b=LaLrlGTFpMKAxnt0Z4omIMmxMCEpn8QHQkRxOh7BIo6KBzRjam8kWd+Acd4RLjyhM4CHFQC9keYe9O8v6WInxvg7qOcWv6Dyeu+nyMqK7cdTzyI8rI9I+sCCmqZAwnSK6VRhVeDtMbTifFi2vjfa3VJlKilb2tCdnH4thddFoTw=; X-YMail-OSG: XFfbMLcVM1lVedkwNpSpiPp1r75XLzwTIIqINalIecR.9e_b0HRubL1mzmbW6yafMvZUWRRm97SCK13CxsQXDEIjPZmb6Lticzv5 Received: from [124.217.13.191] by web57511.mail.re1.yahoo.com via HTTP; Sun, 13 Apr 2008 21:33:27 PDT X-Mailer: YahooMailWebService/0.7.185 Date: Sun, 13 Apr 2008 21:33:27 -0700 (PDT) From: Reden Colambo To: freebsd-ipfw@freebsd.org, h.blackman@chester.ac.uk Message-ID: <224575.38198.qm@web57511.mail.re1.yahoo.com> X-Mailman-Approved-At: Mon, 14 Apr 2008 04:56:40 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: captive portal help... X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: relch2k7@yahoo.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2008 04:46:54 -0000 Good Day Sir! I've read your post regarding captive portal at http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-March/000960.html can you please teach me a detailed steps on how to create a captive portal on freebsd just like the one you have. I'm a newbie to freebsd and has no experience in using it. I need your help for me to finish my case study. by the way, my version o freebsd is 5.5. Is your captive portal applicable on my version of freebsd. I hope you would be able to help me regarding this. Thank you very much in advance! God bless! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 14 11:06:50 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E500E1065672 for ; Mon, 14 Apr 2008 11:06:50 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D4BAD8FC29 for ; Mon, 14 Apr 2008 11:06:50 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3EB6o27072254 for ; Mon, 14 Apr 2008 11:06:50 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3EB6on0072250 for freebsd-ipfw@FreeBSD.org; Mon, 14 Apr 2008 11:06:50 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 14 Apr 2008 11:06:50 GMT Message-Id: <200804141106.m3EB6on0072250@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2008 11:06:51 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/121955 ipfw [ipfw] [panic] freebsd 7.0 panic with mpd 16 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] [request] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor s kern/121807 ipfw [request] TCP and UDP port_table in ipfw 29 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 14 14:40:15 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0261B1065674 for ; Mon, 14 Apr 2008 14:40:15 +0000 (UTC) (envelope-from mike@databloom.com) Received: from smtp2.beanfield.net (smtp2.beanfield.net [206.223.173.34]) by mx1.freebsd.org (Postfix) with ESMTP id C5E0F8FC24 for ; Mon, 14 Apr 2008 14:40:14 +0000 (UTC) (envelope-from mike@databloom.com) Received: from [192.168.66.29] ([66.207.193.252]) by smtp2.beanfield.net (8.13.4/8.12.11) with ESMTP id m3EDnofU081182 for ; Mon, 14 Apr 2008 09:49:50 -0400 (EDT) (envelope-from mike@databloom.com) Message-ID: <48036135.1080707@databloom.com> Date: Mon, 14 Apr 2008 09:50:45 -0400 From: Mike Bloom User-Agent: Thunderbird 1.5.0.14pre (X11/20071023) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: layer 2 captive portal questions X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2008 14:40:15 -0000 Hi All, I'm replacing a commercial java sesm capture portal with location specific vlans with ipfw and I'd like to allow a user to enter their credentials to a webserver running on the gateway of their local vlan, and be allowed to surf as long as their mac address and ip address stay the same. so far I have a working ip layer captive portal as such: 00100 228 49451 divert 8668 ip from any to any via fxp0 00100 40 6771 allow ip from 10.1.4.5 to any 00200 0 0 fwd 10.1.4.1,8080 tcp from any to any dst-port 80 in 00300 296 77558 allow ip from any to any 00400 0 0 deny ip from any to any 65535 294 25712 deny ip from any to any fxp0 is WAN, 10.1.4.1 is the gateway ip for my vlan's subnet. If I do a 00100 40 6771 allow ip from 10.1.4.5 to any before the fwd statement, my user is free to browse the web without the capture portal. However, what I would like to do is lock down their mac address (which I collect from arping their ip on the vlan interface) **and** ip. as such: 00100 0 0 allow ip from 10.1.4.5 to any via vlan4 MAC 00:1b:63:ac:3a:84 any 00100 0 0 allow ip from 10.1.4.5 to any via vlan4 MAC any 00:1b:63:ac:3a:84 I think I'm mixing layer2 and layer 3 criteria and probably I just need to seperate these rules out by blocking layer2 between fxp0 and vlan4 (where the 10.1.4.x subnet exists) **then** allowing ip through via the previously mentioned scheme. Any thoughts or suggestions would be greatly appreciated. From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 17 03:01:52 2008 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7433C106566B for ; Thu, 17 Apr 2008 03:01:52 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outR.internet-mail-service.net (outr.internet-mail-service.net [216.240.47.241]) by mx1.freebsd.org (Postfix) with ESMTP id 5AA4A8FC17 for ; Thu, 17 Apr 2008 03:01:52 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Thu, 17 Apr 2008 06:51:40 -0700 Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 973E92D6016; Wed, 16 Apr 2008 19:47:49 -0700 (PDT) Message-ID: <4806BA59.4030106@elischer.org> Date: Wed, 16 Apr 2008 19:47:53 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) MIME-Version: 1.0 To: FreeBSD Net , Luigi Rizzo , ipfw@freebsd.org Content-Type: multipart/mixed; boundary="------------090907080703050903020505" Cc: Subject: addition to ipfw table.. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2008 03:01:52 -0000 This is a multi-part message in MIME format. --------------090907080703050903020505 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit this change allows one to type ipfw table 2 add 1.1.1.1:255.255.255.0 0 in addition to the currently acceptable 1.1.1.1/24 0 The reason is that some programs supply the netmask in that (mask) form and a shell script trying to add it to a table has a hard time converting it to the currently acceptable form (the latter). I do know it won't handle non contiguous masks well but as the ipfw ABI code only accepts a network mask length instead of a mask, there's not much that can be done. I may suggest a later fix for that but it will break the ABI. comments? --------------090907080703050903020505 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="ipfw.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfw.diff" Index: ipfw2.c =================================================================== RCS file: /usr/local/cvsroot/freebsd/src/sbin/ipfw/ipfw2.c,v retrieving revision 1.118 diff -d -u -r1.118 ipfw2.c --- ipfw2.c 27 Feb 2008 13:52:33 -0000 1.118 +++ ipfw2.c 17 Apr 2008 02:46:34 -0000 @@ -5856,8 +5856,22 @@ ent.masklen = atoi(p); if (ent.masklen > 32) errx(EX_DATAERR, "bad width ``%s''", p); - } else - ent.masklen = 32; + } else { + p = strchr(*av, ':'); + if (p) { + u_int32_t tempint; + *p++ = '\0'; + if (!inet_aton(p, (struct in_addr *)&tempint )) + errx(EX_DATAERR, + "bad netmask ``%s''", p); + if (tempint) + ent.masklen = + 33 - ffs((~ntohl(tempint)) + 1); + else + ent.masklen = 0; + } else + ent.masklen = 32; + } if (lookup_host(*av, (struct in_addr *)&ent.addr) != 0) errx(EX_NOHOST, "hostname ``%s'' unknown", *av); ac--; av++; --------------090907080703050903020505-- From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 17 06:10:17 2008 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4AF6106567C; Thu, 17 Apr 2008 06:10:17 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp11.yandex.ru (smtp11.yandex.ru [213.180.223.93]) by mx1.freebsd.org (Postfix) with ESMTP id 9380C8FC38; Thu, 17 Apr 2008 06:10:16 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([77.72.136.145]:22991 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S1246489AbYDQFrX (ORCPT + 1 other); Thu, 17 Apr 2008 09:47:23 +0400 X-Yandex-Spam: 1 X-Yandex-Front: smtp11 X-Yandex-TimeMark: 1208411243 X-MsgDayCount: 4 X-Comment: RFC 2476 MSA function at smtp11.yandex.ru logged sender identity as: bu7cher Message-ID: <4806E468.5030906@yandex.ru> Date: Thu, 17 Apr 2008 09:47:20 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Julian Elischer References: <4806BA59.4030106@elischer.org> In-Reply-To: <4806BA59.4030106@elischer.org> Content-Type: multipart/mixed; boundary="------------090204050606090409040801" Cc: FreeBSD Net , ipfw@freebsd.org, Luigi Rizzo Subject: Re: addition to ipfw table.. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2008 06:10:18 -0000 This is a multi-part message in MIME format. --------------090204050606090409040801 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Julian Elischer wrote: > I do know it won't handle non contiguous masks well but as the > ipfw ABI code only accepts a network mask length instead of a > mask, there's not much that can be done. > I may suggest a later fix for that but it will break the ABI. > > comments? What you think about my patch? -- WBR, Andrey V. Elsukov --------------090204050606090409040801 Content-Type: text/plain; name="ipfw_table_mask.diff.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfw_table_mask.diff.txt" Index: src/sbin/ipfw/ipfw2.c =================================================================== RCS file: /ncvs/src/sbin/ipfw/ipfw2.c,v retrieving revision 1.118 diff -u -p -r1.118 ipfw2.c --- src/sbin/ipfw/ipfw2.c 27 Feb 2008 13:52:33 -0000 1.118 +++ src/sbin/ipfw/ipfw2.c 17 Apr 2008 05:45:27 -0000 @@ -5833,7 +5833,7 @@ table_handler(int ac, char *av[]) ipfw_table_entry ent; ipfw_table *tbl; int do_add; - char *p; + char *p, md; socklen_t l; uint32_t a; @@ -5850,10 +5850,22 @@ table_handler(int ac, char *av[]) ac--; av++; if (!ac) errx(EX_USAGE, "IP address required"); - p = strchr(*av, '/'); + p = strpbrk(*av, "/:"); if (p) { + md = *p; *p++ = '\0'; - ent.masklen = atoi(p); + switch (md) { + case ':': + if (!inet_aton(p, (struct in_addr *)&a)) + errx(EX_DATAERR, "bad netmask ``%s''", p); + ent.masklen = contigmask((uint8_t *)&a, 32); + if (ent.masklen > 32) + errx(EX_DATAERR, + "netmask ``%s'' is not contiguous", p); + break; + case '/': + ent.masklen = atoi(p); + } if (ent.masklen > 32) errx(EX_DATAERR, "bad width ``%s''", p); } else --------------090204050606090409040801-- From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 17 14:26:45 2008 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F3672106564A for ; Thu, 17 Apr 2008 14:26:44 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.freebsd.org (Postfix) with ESMTP id 6D9188FC12 for ; Thu, 17 Apr 2008 14:26:44 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from anb.p.matik.com.br (anb.p.matik.com.br [200.152.83.34] (may be forged)) by msrv.matik.com.br (8.14.1/8.13.1) with ESMTP id m3HDFoM8027164 for ; Thu, 17 Apr 2008 10:15:50 -0300 (BRT) (envelope-from asstec@matik.com.br) From: AT Matik Organization: Infomatik To: ipfw@freebsd.org Date: Thu, 17 Apr 2008 10:15:44 -0300 User-Agent: KMail/1.9.7 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200804171015.44181.asstec@matik.com.br> X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on msrv.matik.com.br X-Virus-Status: Clean Cc: Subject: kernel: ipfw: install_state: entry already present, done X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2008 14:26:45 -0000 some knows if this spam is planned to disappear from messages soon? kernel: ipfw: install_state: entry already present, done seems it comes from "limit src" rules =2D-=20 Atenciosamente, J.M. Respons=E1vel Plant=E3o Site Support Matik Infomatik Internet Technology http://info.matik.com.br A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 17 17:48:28 2008 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9B701065671 for ; Thu, 17 Apr 2008 17:48:28 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outQ.internet-mail-service.net (outq.internet-mail-service.net [216.240.47.240]) by mx1.freebsd.org (Postfix) with ESMTP id 997018FC23 for ; Thu, 17 Apr 2008 17:48:28 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Thu, 17 Apr 2008 21:52:31 -0700 Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id D9F982D6011; Thu, 17 Apr 2008 10:48:27 -0700 (PDT) Message-ID: <48078D71.403@elischer.org> Date: Thu, 17 Apr 2008 10:48:33 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) MIME-Version: 1.0 To: "Andrey V. Elsukov" References: <4806BA59.4030106@elischer.org> <4806E468.5030906@yandex.ru> In-Reply-To: <4806E468.5030906@yandex.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net , ipfw@freebsd.org, Luigi Rizzo Subject: Re: addition to ipfw table.. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2008 17:48:28 -0000 Andrey V. Elsukov wrote: > Julian Elischer wrote: >> I do know it won't handle non contiguous masks well but as the >> ipfw ABI code only accepts a network mask length instead of a >> mask, there's not much that can be done. >> I may suggest a later fix for that but it will break the ABI. >> >> comments? > > What you think about my patch? > I like it.. :-) I didn't know about contigmask()