March 24, 2009 

Haven’t posted about progress with lyear2 filtering for a while. One notable improvement is addition of ethernet address masks to dummynet.

Just configure a pipe. New masks available: src-ether and dst-ether (and a shortcut for specifying both of them: ether)
# ipfw pipe 1 config bw 1Mb mask ether

And use it:
# ipfw add 1100 pipe 1 src-ether 00:11:11:11:11:11 dst-ether 00:22:22:22:22:22 out via bridge0 layer2
# ipfw add 1200 pipe 1 dst-ether 00:11:11:11:11:11 src-ether 00:22:22:22:22:22 out via bridge0 layer2

# ipfw pipe show
00001: 1.000 Mbit/s 0 ms 50 sl. 2 queues (64 buckets) droptail
mask: ff:ff:ff:ff:ff:ff -> ff:ff:ff:ff:ff:ff tag: 0x0000
BKT _Source Ether Addr_ _Dest. Ether Addr__ Tag Tot_pkt/bytes Pkt/Byte Drp
40 00:11:11:11:11:11 00:22:22:22:22:22 0 2 196 0 0 0
43 00:22:22:22:22:22 00:11:11:11:11:11 0 2 196 0 0 0

Besides, masking packet by tag is also there:
# ipfw add 200 pipe 1 ip from any to any tagged 1-1000 via bridge0 layer2

As several tags per packet supported, it is necessary to specify desired tag range, tag, or any tag:
# ipfw add 200 pipe 1 ip from any to any tagged any via bridge0 layer2

Patches for current and 7-stable available:
l2filter-stable-2009-03-24 (updated link)

  1. CD says:

    thanks a lot!

    This is long waiting feature and i suggest to try to commit to src-tree asap.


  2. Leo says:

    Unfortunately link to patch for -stable version is broken. Could you fix it? Thanx!

  3. Leo says:

    Thnx a lot! Does it apply to 7.2-STABLE?

  4. Brett Glass says:

    Gleb, where can I find patches for this that will work against 7.1-RELEASE and 7.2-RELEASE?

  5. gleb says:

    I’ve updated patch set. It should apply to 7.2 release:


