Date: Wed, 06 Aug 2008 10:11:57 -0700 From: Julian Elischer <julian@elischer.org> To: Matt Dawson <matt@chronos.org.uk> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPv6 tables? Message-ID: <4899DB5D.7030902@elischer.org> In-Reply-To: <200808061541.39381.matt@chronos.org.uk> References: <20080806120017.1D3921065744@hub.freebsd.org> <200808061541.39381.matt@chronos.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Dawson wrote: > On Wednesday 06 Aug 2008, freebsd-ipfw-request@freebsd.org wrote: >> On Tuesday 05 August 2008 16:42:25 Max Laier wrote: >>> On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote: >>>> Just a quick question: What would it take to have similar functionality >>>> to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't >>>> there (other than the fact that I haven't got my finger out and learnt >>>> the neccessary to add it myself ;) )? >>> In FreeBSD 7 and above all three firewall packages included with FreeBSD >>> understand both IPv4 and IPv6. Read the ipfw(8) man page for details on >>> how to setup IPv6 rules. >> Oh wait ... you asked something different. Yeah, that would be nice to >> have. pf does it. If you need a reference. > > I did notice pf had tables that can handle both v4 and v6. I hadn't thought of > reading pf's code to see how it's done, although pf's tables seem to handle > handle both versions (without looking at the code, just the manpage). I'm > now wondering which approach would be less resource-hungry: Adding a > separate "table6" structure or modifying tables to accept v6. The former, to > my mind, is more economical with large tables. > > Thanks to you and Julian for the replies. Looks like I have some code and > things to read through. I think I'd go for a single table structure, that only instantiates the ipv4 or ipv6 table part of itself when you add anentry of that type.. then when you do a compare, it only looks in the apropriate half.. Since you always know which you have... but it would be note to be able do a test against both types with one ipfw rule.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4899DB5D.7030902>