d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
95c3c1e25f
freebsd-dev/sbin
History
Alexander V. Chernikov 914bffb6ab * Add new "flow" table type to support N=1..5-tuple lookups 
* Add "flow:hash" algorithm

Kernel changes:
* Add O_IP_FLOW_LOOKUP opcode to support "flow" lookups
* Add IPFW_TABLE_FLOW table type
* Add "struct tflow_entry" as strage for 6-tuple flows
* Add "flow:hash" algorithm. Basically it is auto-growing chained hash table.
  Additionally, we store mask of fields we need to compare in each instance/

* Increase ipfw_obj_tentry size by adding struct tflow_entry
* Add per-algorithm stat (ifpw_ta_tinfo) to ipfw_xtable_info
* Increase algoname length: 32 -> 64 (algo options passed there as string)
* Assume every table type can be customized by flags, use u8 to store "tflags" field.
* Simplify ipfw_find_table_entry() by providing @tentry directly to algo callback.
* Fix bug in cidr:chash resize procedure.

Userland changes:
* add "flow table(NAME)" syntax to support n-tuple checking tables.
* make fill_flags() separate function to ease working with _s_x arrays
* change "table info" output to reflect longer "type" fields

Syntax:
ipfw table fl2 create type flow:[src-ip][,proto][,src-port][,dst-ip][dst-port] [algo flow:hash]

Examples:

0:02 [2] zfscurr0# ipfw table fl2 create type flow:src-ip,proto,dst-port algo flow:hash
0:02 [2] zfscurr0# ipfw table fl2 info
+++ table(fl2), set(0) +++
 kindex: 0, type: flow:src-ip,proto,dst-port
 valtype: number, references: 0
 algorithm: flow:hash
 items: 0, size: 280
0:02 [2] zfscurr0# ipfw table fl2 add 2a02:6b8::333,tcp,443 45000
0:02 [2] zfscurr0# ipfw table fl2 add 10.0.0.92,tcp,80 22000
0:02 [2] zfscurr0# ipfw table fl2 list
+++ table(fl2), set(0) +++
2a02:6b8::333,6,443 45000
10.0.0.92,6,80 22000
0:02 [2] zfscurr0# ipfw add 200 count tcp from me to 78.46.89.105 80 flow 'table(fl2)'
00200 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
0:03 [2] zfscurr0# ipfw show
00200   0     0 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
65535 617 59416 allow ip from any to any
0:03 [2] zfscurr0# telnet -s 10.0.0.92 78.46.89.105 80
Trying 78.46.89.105...
..
0:04 [2] zfscurr0# ipfw show
00200   5   272 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
65535 682 66733 allow ip from any to any
2014-07-31 20:08:19 +00:00
..
adjkerntz
atm Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
badsect
bsdlabel
camcontrol Add information about supported NCQ functionality to camcontrol identify. 2014-04-24 02:16:23 +00:00
casperd Detach from controlling session of parent. This is similar 2014-04-03 22:14:18 +00:00
ccdconfig
clri
comcontrol
conscontrol
ddb
devd Revert r263694, and apply a better fix to squelch unnecessary warnings 2014-03-26 19:31:33 +00:00
devfs
dhclient Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
dmesg
dump
dumpfs
dumpon
etherswitchcfg Add a license (1) and do some cleanup. 2014-02-04 22:20:17 +00:00
fdisk Fix fdisk(8) to create 2TB partitions on disks larger than 2TB, rather than 2013-11-27 17:59:13 +00:00
fdisk_pc98
ffsinfo
fsck In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE. 2014-06-08 17:29:31 +00:00
fsck_ffs Avoid segment fault when attempting to clean up cylinder group 2014-03-12 01:28:21 +00:00
fsck_msdosfs
fsdb Add globs.c to the build now that it's a separate file. 2013-12-30 01:17:05 +00:00
fsirand
gbde Add a missing break in option parsing. 2014-04-15 07:37:56 +00:00
geom Add disklabel64 support to GEOM_PART class. 2014-06-11 10:42:34 +00:00
ggate Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
growfs Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
gvinum - Sprinkle const and static as appropriate. 2014-05-07 09:15:46 +00:00
hastctl Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
hastd Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
ifconfig Style cleanups on ifconfig.8 2014-06-06 00:22:19 +00:00
init init: Remove code to track line numbers in /etc/ttys. 2014-02-08 13:51:15 +00:00
ipf In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE. 2014-06-08 17:29:31 +00:00
ipfw * Add new "flow" table type to support N=1..5-tuple lookups 2014-07-31 20:08:19 +00:00
iscontrol Reword the part about mutual CHAP. 2013-12-17 10:33:27 +00:00
kldconfig kldconfig: Remove some code for compatibility with FreeBSD 4.x. 2014-03-09 13:19:37 +00:00
kldload Fix dmesg(1) -> dmesg(8) 2014-01-13 17:14:10 +00:00
kldstat Add quiet support for kldstat -n 2014-01-22 17:15:17 +00:00
kldunload
ldconfig
mca
md5 Assorted updates to md5.1 2014-05-18 21:16:59 +00:00
mdconfig Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
mdmfs
mknod
mksnap_ffs
mount
mount_cd9660
mount_fusefs In tree makefile shouldn't be setting policy piecemeal. Don't set 2014-04-13 05:22:22 +00:00
mount_msdosfs
mount_nfs Document the noncontigwr NFS mount option. 2013-12-08 00:59:04 +00:00
mount_nullfs
mount_udf Unbreak mount_udf by passing the correct iovec length into 2014-02-04 21:15:15 +00:00
mount_unionfs
nandfs
natd
newfs Refer newfs and growfs users to fsck_ffs instead of 2014-02-09 14:28:47 +00:00
newfs_msdos Small cleanup: mostly whitespace vs. tabs. 2014-04-30 21:19:46 +00:00
newfs_nandfs Slight if reordering to make error branch last. 2014-03-07 01:01:57 +00:00
nfsiod
nos-tun Use INADDR_NONE instead of -1 to check inet_addr() result. 2013-10-15 07:37:30 +00:00
nvmecontrol For "nvmecontrol devlist", show namespace sizes in terms of MB instead of 2014-01-06 23:48:47 +00:00
pfctl Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
pflogd
ping Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
ping6
quotacheck
rcorder In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE. 2014-06-08 17:29:31 +00:00
reboot Minor mdoc improvements. 2014-06-06 19:00:43 +00:00
recoverdisk
resolvconf
restore
route Fix incorrect netmasks being passed via rtsock. 2014-05-08 11:56:06 +00:00
routed
rtsol NO_MAN= has been deprecated in favor of MAN= for some time, go ahead 2014-04-13 05:21:56 +00:00
savecore Fix double fclose() in an error case. 2014-04-14 21:44:34 +00:00
sconfig
setkey Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
shutdown
spppcontrol
sunlabel
swapon swapon: Fix buffer overflow when configuring encrypted swap on GBDE. 2013-12-21 11:59:58 +00:00
sysctl Fix warnings to not append "No error: 0". 2013-11-26 19:14:18 +00:00
tests Migrate tools/regression/sbin/ to the new tests layout. 2014-03-16 02:07:08 +00:00
tunefs
umount
Makefile Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
Makefile.amd64
Makefile.arm
Makefile.i386
Makefile.ia64
Makefile.inc Use src.opts.mk in preference to bsd.own.mk except where we need stuff 2014-05-06 04:22:01 +00:00
Makefile.mips
Makefile.pc98
Makefile.sparc64