Date: Mon, 13 Nov 2006 20:02:29 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <20061113195449.O54329@maildrop.int.zabbadoz.net> In-Reply-To: <200611131907.kADJ7XSX068491@repoman.freebsd.org> References: <200611131907.kADJ7XSX068491@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 13 Nov 2006, Bjoern A. Zeeb wrote: > bz 2006-11-13 19:07:33 UTC > > FreeBSD src repository > > Modified files: > sys/netinet ip_fw2.c > Log: > Add SCTP as a known upper layer protocol over v6. There is another 'problem' the way things work at the moment. We have over 100 IPPROTO_* defined in in.h. We really do not want to permit any single one and add it to the switch in ip_fw2.c/ipfw_chk. Basically at that point we can have: 1 extension headers (we need to know about them to get to 2 or 3) 2 upper layer protocols we know about and want to do/allow more specific filtering (like tcp/udp/..) 3 upper layer protocols ipfw doesn't know about In case anyone has a good idea what to do with everything in cat 3 feel free to discuss/commit it;) -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061113195449.O54329>