From owner-freebsd-ipfw@freebsd.org  Mon Nov 26 11:29:16 2018
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0BCAD1155D7A
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Mon, 26 Nov 2018 11:29:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 934DF6E602
 for <freebsd-ipfw@freebsd.org>; Mon, 26 Nov 2018 11:29:15 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 5337B1155D79; Mon, 26 Nov 2018 11:29:15 +0000 (UTC)
Delivered-To: ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4157B1155D78
 for <ipfw@mailman.ysv.freebsd.org>; Mon, 26 Nov 2018 11:29:15 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D3B7D6E5FD
 for <ipfw@FreeBSD.org>; Mon, 26 Nov 2018 11:29:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 00FB71C01A
 for <ipfw@FreeBSD.org>; Mon, 26 Nov 2018 11:29:14 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wAQBTDW2033751
 for <ipfw@FreeBSD.org>; Mon, 26 Nov 2018 11:29:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from bugzilla@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wAQBTD3g033750
 for ipfw@FreeBSD.org; Mon, 26 Nov 2018 11:29:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ipfw@FreeBSD.org
Subject: [Bug 213452] [patch] [ipfw] add support for ipfw ngtee/netgraph
 actions at layer-2
Date: Mon, 26 Nov 2018 11:29:14 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-STABLE
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: eugen@freebsd.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-213452-8303-IVVlJUu39T@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-213452-8303@https.bugs.freebsd.org/bugzilla/>
References: <bug-213452-8303@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-Rspamd-Queue-Id: 934DF6E602
X-Spamd-Result: default: False [1.38 / 15.00];
 local_wl_from(0.00)[freebsd.org];
 NEURAL_SPAM_LONG(0.79)[0.792,0];
 NEURAL_SPAM_MEDIUM(0.52)[0.525,0];
 ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US];
 NEURAL_SPAM_SHORT(0.06)[0.063,0]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 11:29:16 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213452

--- Comment #4 from commit-hook@freebsd.org ---
A commit references this bug:

Author: eugen
Date: Mon Nov 26 11:28:35 UTC 2018
New revision: 340955
URL: https://svnweb.freebsd.org/changeset/base/340955

Log:
  MFC r339810: ipfw: implement ngtee/netgraph actions for layer-2 frames.

    Kernel part of ipfw does not support and ignores rules other than
    "pass", "deny" and dummynet-related for layer-2 (ethernet frames).
    Others are processed as "pass".

    Make it support ngtee/netgraph rules just like they are supported
    for IP packets. For example, this allows us to mirror some frames
    selectively to another interface for delivery to remote network analyzer
    over RSPAN vlan. Assuming ng_ipfw(4) netgraph node has a hook named "90=
0"
    attached to "lower" hook of vlan900's ng_ether(4) node, that would be
    as simple as:

    ipfw add ngtee 900 ip from any to 8.8.8.8 layer2 out xmit igb0

  PR:           213452
  Tested-by:    Fyodor Ustinov <ufm@ufm.su>

Changes:
_U  stable/12/
  stable/12/sys/netpfil/ipfw/ip_fw_pfil.c

--=20
You are receiving this mail because:
You are on the CC list for the bug.=