svn commit: r190633 - in head: sbin/ipfw sys
sys/amd64/include/xen
sys/arm/arm sys/contrib/pf sys/dev/ata sys/dev/cxgb sys/dev/sound/usb
sys/dev/usb sys/dev/usb/bluetooth sys/dev/usb/controller sys...
Anton Yuzhaninov
citrin at citrin.ru
Wed Apr 1 14:47:00 PDT 2009
Paolo Pisati wrote:
> Author: piso
> Date: Wed Apr 1 20:23:47 2009
> New Revision: 190633
> URL: http://svn.freebsd.org/changeset/base/190633
>
> Log:
> Implement an ipfw action to reassemble ip packets: reass.
> Modified: head/sbin/ipfw/ipfw.8
> ==============================================================================
> --- head/sbin/ipfw/ipfw.8 Wed Apr 1 19:23:46 2009 (r190632)
> +++ head/sbin/ipfw/ipfw.8 Wed Apr 1 20:23:47 2009 (r190633)
> @@ -866,6 +866,13 @@ in any subsequent forwarding decisions.
> Initially this is limited to the values 0 through 15, see
> .Xr setfib 8 .
> Processing continues at the next rule.
> +.It Cm reass
> +Queue and reassemble ip fragments.
> +If the packet is not fragmented, counters are updated and processing continues with the next rule.
> +If the packet is the last logical fragment, the packet is reassembled and, if
> +.Va net.inet.ip.fw.one_pass
> +is set to 0, processing continues with the next rule, else packet is allowed to pass and search terminates.
> +If the packet is a fragment in the middle, it is consumed and processing stops immediately.
> .El
> .Ss RULE BODY
> The body of a rule contains zero or more patterns (such as
>
May be it will be useful to note in man, that total number of fragments in queue limited by
sysctl net.inet.ip.maxfragpackets and maximum number of fragments per packed is 16.
--
Anton Yuzhaninov
More information about the svn-src-head
mailing list