Date: Wed, 29 Jul 2009 12:46:29 +0200 From: Willem Jan Withagen <wjw@digiware.nl> To: Raffaele De Lorenzo <raffaele.delorenzo@libero.it> Cc: freebsd-ipfw@freebsd.org, net@freebsd.org Subject: Re: R: IPv6 and ipfw Message-ID: <4A702885.5080803@digiware.nl> In-Reply-To: <11956F97-0C87-456F-A769-70BEDBA351BE@libero.it> References: <3164304.442981248256119643.JavaMail.defaultUser@defaultHost> <4A672C79.3000006@digiware.nl> <11956F97-0C87-456F-A769-70BEDBA351BE@libero.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Raffaele De Lorenzo wrote: > Hi all, > I attached a patch that solve this problem. I will send a PR as soon as > possible. > > Instructions: > > Patch the follow files: > > /usr/src/sbin/ipfw/ipfw2.c (patch is ipfw2.c.diff) > /usr/src/sbin/ipfw/ipfw2.h (patch is ipfw2.h.diff) > /usr/src/sbin/ipfw/ipv6.c (patch is ipv6.c.diff) > > This patch was tested on FreeBSD 8 Beta 2 AMD64 and official FreeBSD 8 > BETA 2 Sources. > > Let me know any suggestion or problem. Patch worked fine on 7.2-stable as well. Multiple ipv6 addresses are now accepted in one go. But it still does not really works as well as I would like ;): ipfw add 11101 allow udp from any to 192.168.10.67,2001:dddd:c::67 dst-port 45457 keep-state ipfw: bad netmask ``dddd:c::67'' Which from your comment seems correct: + * Pre-Check multi address rules to avoid parser confusion about IPv4/IPv6 addresses. + * XXX I assume the first know address is the reference address (You cannot use both IPv4/IPv6 addresses inside + * a multi-addresses rule). But looking at the code, why not fist parse chunks seperated by ',' and then test them for all possible variants, because as far as I understand there are no ',''s allowed in the adresspec. Thanx for the work thusfar, --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A702885.5080803>