Please make it possible to perform table lookups using ipfw mbuf_tags(9) cookies as lookup keys. For example: # this currently works: ipfw table ngtags create type number valtype netgraph algo number:array ipfw table ngtags add 1 1000 ipfw table ngtags add 2 2000 ipfw table ngtags add 3 3000 # but this is not supported yet: ipfw add netgraph tablearg ip from any to any lookup tag ngtags That is, packets tagged with cookie 1 would be directed to ng_ipfw netgraph node hook 1000; packets tagged with 2 go to hook 2000 etc.
Such opcode handling should be a bit complicated than other lookup keys, because a packet can have many tags and you need to make lookup in a table for each tag in the loop. If you want to try, you can look at the O_IP_DST_LOOKUP opcode handling in ip_fw2.c and add new key support here.
Hi, recently ipfw mark was introduced in CURRENT, probably it can help with your task. https://reviews.freebsd.org/D39555
I almost forgot about this PR. The problem I wanted to solve also gone after 6 years. It's no use keeping the PR open.