914bffb6ab
* Add "flow:hash" algorithm Kernel changes: * Add O_IP_FLOW_LOOKUP opcode to support "flow" lookups * Add IPFW_TABLE_FLOW table type * Add "struct tflow_entry" as strage for 6-tuple flows * Add "flow:hash" algorithm. Basically it is auto-growing chained hash table. Additionally, we store mask of fields we need to compare in each instance/ * Increase ipfw_obj_tentry size by adding struct tflow_entry * Add per-algorithm stat (ifpw_ta_tinfo) to ipfw_xtable_info * Increase algoname length: 32 -> 64 (algo options passed there as string) * Assume every table type can be customized by flags, use u8 to store "tflags" field. * Simplify ipfw_find_table_entry() by providing @tentry directly to algo callback. * Fix bug in cidr:chash resize procedure. Userland changes: * add "flow table(NAME)" syntax to support n-tuple checking tables. * make fill_flags() separate function to ease working with _s_x arrays * change "table info" output to reflect longer "type" fields Syntax: ipfw table fl2 create type flow:[src-ip][,proto][,src-port][,dst-ip][dst-port] [algo flow:hash] Examples: 0:02 [2] zfscurr0# ipfw table fl2 create type flow:src-ip,proto,dst-port algo flow:hash 0:02 [2] zfscurr0# ipfw table fl2 info +++ table(fl2), set(0) +++ kindex: 0, type: flow:src-ip,proto,dst-port valtype: number, references: 0 algorithm: flow:hash items: 0, size: 280 0:02 [2] zfscurr0# ipfw table fl2 add 2a02:6b8::333,tcp,443 45000 0:02 [2] zfscurr0# ipfw table fl2 add 10.0.0.92,tcp,80 22000 0:02 [2] zfscurr0# ipfw table fl2 list +++ table(fl2), set(0) +++ 2a02:6b8::333,6,443 45000 10.0.0.92,6,80 22000 0:02 [2] zfscurr0# ipfw add 200 count tcp from me to 78.46.89.105 80 flow 'table(fl2)' 00200 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2) 0:03 [2] zfscurr0# ipfw show 00200 0 0 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2) 65535 617 59416 allow ip from any to any 0:03 [2] zfscurr0# telnet -s 10.0.0.92 78.46.89.105 80 Trying 78.46.89.105... .. 0:04 [2] zfscurr0# ipfw show 00200 5 272 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2) 65535 682 66733 allow ip from any to any |
||
---|---|---|
.. | ||
adjkerntz | ||
atm | ||
badsect | ||
bsdlabel | ||
camcontrol | ||
casperd | ||
ccdconfig | ||
clri | ||
comcontrol | ||
conscontrol | ||
ddb | ||
devd | ||
devfs | ||
dhclient | ||
dmesg | ||
dump | ||
dumpfs | ||
dumpon | ||
etherswitchcfg | ||
fdisk | ||
fdisk_pc98 | ||
ffsinfo | ||
fsck | ||
fsck_ffs | ||
fsck_msdosfs | ||
fsdb | ||
fsirand | ||
gbde | ||
geom | ||
ggate | ||
growfs | ||
gvinum | ||
hastctl | ||
hastd | ||
ifconfig | ||
init | ||
ipf | ||
ipfw | ||
iscontrol | ||
kldconfig | ||
kldload | ||
kldstat | ||
kldunload | ||
ldconfig | ||
mca | ||
md5 | ||
mdconfig | ||
mdmfs | ||
mknod | ||
mksnap_ffs | ||
mount | ||
mount_cd9660 | ||
mount_fusefs | ||
mount_msdosfs | ||
mount_nfs | ||
mount_nullfs | ||
mount_udf | ||
mount_unionfs | ||
nandfs | ||
natd | ||
newfs | ||
newfs_msdos | ||
newfs_nandfs | ||
nfsiod | ||
nos-tun | ||
nvmecontrol | ||
pfctl | ||
pflogd | ||
ping | ||
ping6 | ||
quotacheck | ||
rcorder | ||
reboot | ||
recoverdisk | ||
resolvconf | ||
restore | ||
route | ||
routed | ||
rtsol | ||
savecore | ||
sconfig | ||
setkey | ||
shutdown | ||
spppcontrol | ||
sunlabel | ||
swapon | ||
sysctl | ||
tests | ||
tunefs | ||
umount | ||
Makefile | ||
Makefile.amd64 | ||
Makefile.arm | ||
Makefile.i386 | ||
Makefile.ia64 | ||
Makefile.inc | ||
Makefile.mips | ||
Makefile.pc98 | ||
Makefile.sparc64 |