[HEADS UP!] IPFW Ideas: possible SoC 2008 candidate

Marcelo Araujo araujobsdport at gmail.com
Mon Mar 24 12:22:48 UTC 2008

Vadim Goncharov wrote:
> 2.5. Just to mention: modip, counter limits, fragments.
> These patches are already currently discussed in ipfw@, but included
> here just to not forget. These are "modip" action, allowing to modify IP
> header (DSCP, ToS, TTL) and corresponding match rule options, and a rule
> option to match when rule counters are less then specified number
> packets or bytes (possibly from dynamic rule's counters), may be
> a tablearg. This is also related with mentioned in section 1.2 ability
> to control rule counters.
> Adding a few keywords for O_FRAG more fragment matching (not only
> non-first fragment), e.g. for sending to specialized netgraph(4)
> reassembling module, is also desirable.
> That's all for today. Any comments, additions, corrections are welcome!
For remember to all, I work around of modip action stilly, I stoped my
work during last week, but I work again in it.
Work status:

1) We have modip action implemented:

island# ipfw add modip
ipfw: need modip [DF|TOS|IPPRE|DSCP]:code arg

2) Both DF and IPPRE works perfect:
island# ipfw show
00010    371    36133 modip ippre:immediate ip from any to any
00011     52     5035 modip df:0 ip from any to any

3) DSCP:
With the DSCP I've some errors but I believe that I fix it on this week.

4) ToS:
I start the work on the next week.

The patch: http://people.freebsd.org/~araujo/logs/ipfw-modip20080324.diff

Best Regards,

Marcelo Araujo            (__)
araujo at FreeBSD.org     \\\'',)
http://www.FreeBSD.org   \/  \ ^
Power To Server.         .\. /_)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20080324/d73e617f/signature.pgp

More information about the freebsd-hackers mailing list