[HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
araujobsdport at gmail.com
Mon Mar 24 12:22:48 UTC 2008
Vadim Goncharov wrote:
> 2.5. Just to mention: modip, counter limits, fragments.
> These patches are already currently discussed in ipfw@, but included
> here just to not forget. These are "modip" action, allowing to modify IP
> header (DSCP, ToS, TTL) and corresponding match rule options, and a rule
> option to match when rule counters are less then specified number
> packets or bytes (possibly from dynamic rule's counters), may be
> a tablearg. This is also related with mentioned in section 1.2 ability
> to control rule counters.
> Adding a few keywords for O_FRAG more fragment matching (not only
> non-first fragment), e.g. for sending to specialized netgraph(4)
> reassembling module, is also desirable.
> That's all for today. Any comments, additions, corrections are welcome!
For remember to all, I work around of modip action stilly, I stoped my
work during last week, but I work again in it.
1) We have modip action implemented:
island# ipfw add modip
ipfw: need modip [DF|TOS|IPPRE|DSCP]:code arg
2) Both DF and IPPRE works perfect:
island# ipfw show
00010 371 36133 modip ippre:immediate ip from any to any
00011 52 5035 modip df:0 ip from any to any
With the DSCP I've some errors but I believe that I fix it on this week.
I start the work on the next week.
The patch: http://people.freebsd.org/~araujo/logs/ipfw-modip20080324.diff
Marcelo Araujo (__)
araujo at FreeBSD.org \\\'',)
http://www.FreeBSD.org \/ \ ^
Power To Server. .\. /_)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20080324/d73e617f/signature.pgp
More information about the freebsd-hackers