aboutsummaryrefslogtreecommitdiff
path: root/sbin/route/route.c
diff options
context:
space:
mode:
authorEugene Grosbein <eugen@FreeBSD.org>2018-10-27 07:32:26 +0000
committerEugene Grosbein <eugen@FreeBSD.org>2018-10-27 07:32:26 +0000
commit5310c191741e6b26b007f02cec3236787228ba69 (patch)
tree85d87806fb7bd778d8f8ade2b012749931a2f1bf /sbin/route/route.c
parent9edef078cc0e3ea7d789b5df6a762ae1718cbb8f (diff)
downloadsrc-5310c191741e6b26b007f02cec3236787228ba69.tar.gz
src-5310c191741e6b26b007f02cec3236787228ba69.zip
ipfw: implement ngtee/netgraph actions for layer-2 frames.
Kernel part of ipfw does not support and ignores rules other than "pass", "deny" and dummynet-related for layer-2 (ethernet frames). Others are processed as "pass". Make it support ngtee/netgraph rules just like they are supported for IP packets. For example, this allows us to mirror some frames selectively to another interface for delivery to remote network analyzer over RSPAN vlan. Assuming ng_ipfw(4) netgraph node has a hook named "900" attached to "lower" hook of vlan900's ng_ether(4) node, that would be as simple as: ipfw add ngtee 900 ip from any to 8.8.8.8 layer2 out xmit igb0 PR: 213452 MFC after: 1 month Tested-by: Fyodor Ustinov <ufm@ufm.su>
Notes
Notes: svn path=/head/; revision=339810
Diffstat (limited to 'sbin/route/route.c')
0 files changed, 0 insertions, 0 deletions