On 14.08.2014 13:23, Luigi Rizzo wrote:
On Wed, Aug 13, 2014 at 10:11 PM, Alexander V. Chernikov
<melif...@yandex-team.ru <mailto:melif...@yandex-team.ru>> wrote:
Hello list.
I've been hacking ipfw for a while and It seems there is something
ready to test/review in projects/ipfw branch.
this is a fantastic piece of work, thanks for doing it and for
integrating the feedback.
I have some detailed feedback that will send you privately,
but just a curiosity:
...
Some examples (see ipfw(8) manual page for the description):
...
ipfw table mi_test create type cidr algo "cidr:hash masks=/30,/64"
why do we need to specify mask lengths in the above ?
Well, since we're hashing IP we have to know mask to cut host bits in
advance.
(And the real reason is that I'm too lazy to implement hierarchical
matching (check /32, then /31, then /30) like how, for example,
this is done in ipset), so this particular algorithm supports only
single IPv4 and single IPv6 mask.
Anyway, it is not too hard to add another algo which is doing the above.
cheers
luigi
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
