Date: Thu, 14 Aug 2014 13:57:31 +0400 From: "Alexander V. Chernikov" <melifaro@yandex-team.ru> To: Luigi Rizzo <rizzo@iet.unipi.it> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Luigi Rizzo <luigi@freebsd.org>, "Andrey V. Elsukov" <ae@freebsd.org>, freebsd-ipfw <freebsd-ipfw@freebsd.org> Subject: Re: [CFT] new tables for ipfw Message-ID: <53EC880B.3020903@yandex-team.ru> In-Reply-To: <CA%2BhQ2%2Bg=A_rLHCVpBqn0AtFLu_gNGtzbmXvc-7JhpLqPSWw44A@mail.gmail.com> References: <53EBC687.9050503@yandex-team.ru> <CA%2BhQ2%2Bg=A_rLHCVpBqn0AtFLu_gNGtzbmXvc-7JhpLqPSWw44A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14.08.2014 13:23, Luigi Rizzo wrote: > > > > On Wed, Aug 13, 2014 at 10:11 PM, Alexander V. Chernikov > <melifaro@yandex-team.ru <mailto:melifaro@yandex-team.ru>> wrote: > > Hello list. > > I've been hacking ipfw for a while and It seems there is something > ready to test/review in projects/ipfw branch. > > > this is a fantastic piece of work, thanks for doing it and for > integrating the feedback. > > I have some detailed feedback that will send you privately, > but just a curiosity: > > ... > > Some examples (see ipfw(8) manual page for the description): > > ... > > > ipfw table mi_test create type cidr algo "cidr:hash masks=/30,/64" > > > why do we need to specify mask lengths in the above ? Well, since we're hashing IP we have to know mask to cut host bits in advance. (And the real reason is that I'm too lazy to implement hierarchical matching (check /32, then /31, then /30) like how, for example, this is done in ipset), so this particular algorithm supports only single IPv4 and single IPv6 mask. Anyway, it is not too hard to add another algo which is doing the above. > > cheers > luigi >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53EC880B.3020903>