Date: Thu, 7 May 2009 22:11:11 +0200 From: Raffaele De Lorenzo <raffaele.delorenzo@libero.it> To: Steve Bertrand <steve@ibctech.ca>, Kevin Oberman <oberman@es.net>, freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Cc: Luigi Rizzo <rizzo@icir.org> Subject: [ipfw patch - add ipv6 support for table mechanism] request for testing/commit Message-ID: <3233DB7C-06E8-4AFE-9704-0F900925DAE3@libero.it>
next in thread | raw e-mail | index | archive | help
--Apple-Mail-83--720617087
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
Hi all,
I extended the ipfw table mechanism to IPv6 protocol and now i need
some people for testing and next commit it.
The code is stable but you must be careful about possible ambiguous
parser semantics.
Now you must insert IPv6 addresses inside a table:
ipfw table 1 add fe80::1
And you can create IPv6 rules about this table:
ipfw add deny tcp from table6(1) to any dst-port 22
ipfw add deny icmp6 from any to table6(1)
The "table6" semantic tell the difference betwen the IPv4 semantic
("table").
The following changes are made on the ipfw2 sources:
KERNEL SPACE:
ip_fw.h
1) Added 2 new OPCODES: O_IP6_SRC_LOOKUP, O_IP6_DST_LOOKUP
2) Added the follow fields in "ipfw_table_entry" structure:
struct in6_addr addr6, mask6;
uint8_t proto;
ip_fw2.c
--Apple-Mail-83--720617087
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
1) Added the follow fields in "struct table_entry" structure:
struct sockaddr_in6 addr6, mask6;
uint8_t proto;
2) Some changes inside the "add_table_entry" function.
3) Some changes inside the "del_table_entry" function.
4) Some changes inside the "flush_table_entry" function.
5) Some changes inside the "lookup_table" function.
6) Some changes inside the "dump_table_entry" function.
7) Added a new function named "set_proto_table".
8) Added the two new OPCODES inside the "ipfw_check()" function.
9) Added the two new OPCODES inside the "check_ipfw_struct" function.
USER SPACE:
ipfw2.c
1) Added some changes on "table_handler" function
2) Added some changes on "show_ipfw" function
3) Added some changes on "print_ip6" function
4) Added some changes on "fill_ip6" function
5) Added some changes on "add_dstip6" function
6) Added some changes on "add_srcip6" function
7) Added some changes on "add_src" function
8) Added some changes on "add_dst" function
I updated the man pages.
INSTALLATION INSTRUCTIONS:
Put the "ip_fw2.c" and "ip_fw.h" files inside the "/sys/netinet/
directory"
Put the "ipfw2.c" file inside the /src/sbin/ipfw/ directory
Rebuild the ipfw kernel module or rebuild you kernel
Rebuild the ipfw bin or the entire SBIN.
The Sources was tested on FreeBSD 7.2 Release.
Let me know any troubles
Ciao
Raffaele
--Apple-Mail-83--720617087--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3233DB7C-06E8-4AFE-9704-0F900925DAE3>