gitweb.dragonflybsd.org Git - freebsd.git/commit

author	Arseny Smalyuk <smalukav@gmail.com>
	Sat, 4 Jun 2022 16:12:29 +0000 (19:12 +0300)
committer	Andrey V. Elsukov <ae@FreeBSD.org>
	Sat, 4 Jun 2022 16:12:29 +0000 (19:12 +0300)
commit	81cac3906eb9c14f81e03b7bcb6893b8d30e5432
tree	9aa441c93a516a29ab333ae3ca8b1f7bdda9dc09	tree \| snapshot
parent	32a01b2b8691453b59a26cf273a5a5eae7643985	commit \| diff

ipfw: add support radix tables and table lookup for MAC addresses

By analogy with IP address matching, add a way to use ipfw radix
tables for MAC matching. This is implemented using new ipfw table
with mac:radix type. Also there are src-mac and dst-mac lookup
commands added.

Usage example:
  ipfw table 1 create type mac
  ipfw table 1 add 11:22:33:44:55:66/48
  ipfw add skipto tablearg src-mac 'table(1)'
  ipfw add deny src-mac 'table(1, 100)'
  ipfw add deny lookup dst-mac 1

Note: sysctl net.link.ether.ipfw=1 should be set to enable ipfw
filtering on L2.

Reviewed by: melifaro
Obtained from: Yandex LLC
MFC after: 1 month
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D35103

sbin/ipfw/ipfw.8		diff \| blob \| blame \| history
sbin/ipfw/ipfw2.c		diff \| blob \| blame \| history
sbin/ipfw/ipfw2.h		diff \| blob \| blame \| history
sbin/ipfw/tables.c		diff \| blob \| blame \| history
sys/netinet/ip_fw.h		diff \| blob \| blame \| history
sys/netpfil/ipfw/ip_fw2.c		diff \| blob \| blame \| history
sys/netpfil/ipfw/ip_fw_sockopt.c		diff \| blob \| blame \| history
sys/netpfil/ipfw/ip_fw_table.c		diff \| blob \| blame \| history
sys/netpfil/ipfw/ip_fw_table_algo.c		diff \| blob \| blame \| history