Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Nov 2018 11:33:19 +0000
From:      bugzilla-noreply@freebsd.org
To:        ipfw@FreeBSD.org
Subject:   [Bug 213452] [patch] [ipfw] add support for ipfw ngtee/netgraph actions at layer-2
Message-ID:  <bug-213452-8303-Pg0HBJ9GdR@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-213452-8303@https.bugs.freebsd.org/bugzilla/>
References:  <bug-213452-8303@https.bugs.freebsd.org/bugzilla/>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213452

--- Comment #5 from commit-hook@freebsd.org ---
A commit references this bug:

Author: eugen
Date: Mon Nov 26 11:32:22 UTC 2018
New revision: 340956
URL: https://svnweb.freebsd.org/changeset/base/340956

Log:
  MFC r339810: ipfw: implement ngtee/netgraph actions for layer-2 frames.

    Kernel part of ipfw does not support and ignores rules other than
    "pass", "deny" and dummynet-related for layer-2 (ethernet frames).
    Others are processed as "pass".

    Make it support ngtee/netgraph rules just like they are supported
    for IP packets. For example, this allows us to mirror some frames
    selectively to another interface for delivery to remote network analyzer
    over RSPAN vlan. Assuming ng_ipfw(4) netgraph node has a hook named "90=
0"
    attached to "lower" hook of vlan900's ng_ether(4) node, that would be
    as simple as:

    ipfw add ngtee 900 ip from any to 8.8.8.8 layer2 out xmit igb0

  PR:           213452
  Tested-by:    Fyodor Ustinov <ufm@ufm.su>

Changes:
_U  stable/11/
  stable/11/sys/netpfil/ipfw/ip_fw_pfil.c

--=20
You are receiving this mail because:
You are on the CC list for the bug.=



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?bug-213452-8303-Pg0HBJ9GdR>