From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 26 08:49:32 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26DE3106564A for ; Wed, 26 Mar 2008 08:49:32 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id A6D3C8FC36 for ; Wed, 26 Mar 2008 08:49:31 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JeRK6-0008HJ-8X for freebsd-ipfw@freebsd.org; Wed, 26 Mar 2008 08:49:30 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 26 Mar 2008 08:49:30 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 26 Mar 2008 08:49:30 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Vadim Goncharov Followup-To: gmane.os.freebsd.devel.ipfw Date: Wed, 26 Mar 2008 08:49:12 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 57 Message-ID: References: <47E79636.1000909@FreeBSD.org> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: Marcelo Araujo User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Cc: freebsd-hackers@freebsd.org Subject: Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2008 08:49:32 -0000 Hi Marcelo Araujo! On Mon, 24 Mar 2008 08:53:26 -0300; Marcelo Araujo wrote about 'Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate': >> 2.5. Just to mention: modip, counter limits, fragments. >> >> These patches are already currently discussed in ipfw@, but included >> here just to not forget. These are "modip" action, allowing to modify IP >> header (DSCP, ToS, TTL) and corresponding match rule options, and a rule >> option to match when rule counters are less then specified number >> packets or bytes (possibly from dynamic rule's counters), may be >> a tablearg. This is also related with mentioned in section 1.2 ability >> to control rule counters. >> >> Adding a few keywords for O_FRAG more fragment matching (not only >> non-first fragment), e.g. for sending to specialized netgraph(4) >> reassembling module, is also desirable. > For remember to all, I work around of modip action stilly, I stoped my > work during last week, but I work again in it. > Work status: > 1) We have modip action implemented: > island# ipfw add modip > ipfw: need modip [DF|TOS|IPPRE|DSCP]:code arg > 2) Both DF and IPPRE works perfect: > island# ipfw show > 00010 371 36133 modip ippre:immediate ip from any to any > 00011 52 5035 modip df:0 ip from any to any > 3) DSCP: > With the DSCP I've some errors but I believe that I fix it on this week. > 4) ToS: > I start the work on the next week. > The patch: http://people.freebsd.org/~araujo/logs/ipfw-modip20080324.diff= Looked at the patch. Some line are changed e.g. in NAT definitions without any visible changes, strange. Also, you're adding 7 opcode in the kernel, 2 for match and 5 for setting, while having single "modip" action in userland. In the case of significantly changing compilation rulesm, etc., we may need many new opcodes so we should not waste them. For example, your O_IPTOSPRE is redundant because we already have O_IPPRECEDENCE which compiler could utilize while retainig more ABI compatibility. I can correct and extend your patch for DSCP/TTL/any bytes (not forgetting credits, of course), if you're too busy... -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]