Date: Fri, 22 Sep 2006 08:18:36 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Roman Bogorodskiy <novel@FreeBSD.org> Cc: freebsd-ipfw@FreeBSD.org, Gleb Smirnoff <glebius@FreeBSD.org>, Oleg Bulyzhin <oleg@FreeBSD.org>, Luigi Rizzo <rizzo@icir.org> Subject: Re: kern/103454: [ipfw] [patch] add a facility to modify DF bit of the IP packet Message-ID: <4513641C.3010002@yandex.ru> In-Reply-To: <200609211400.k8LE0uMN075069@freefall.freebsd.org> References: <200609211400.k8LE0uMN075069@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Roman Bogorodskiy wrote:
> +.It Cm setdf Ar value
> +Changes
> +.Cm DF
> +bit of the IP packet.
> +Value may be 0 (May Fragment) or 1 (Don't Fragment).
May be, it would be more handy make this feature via modifier
(not an action).
Rule format:
<action> [setdf|resetdf] <rule body>
Or more extensible, use not only DF modification:
<action> [{modip [DF|TOS|DSCP|TTL]}] <rule body>
I think this is easy to pack any of an instructions into one
ipfw_insn_xx structure.
> + case O_SET_IPDF:
> + switch (cmd->arg1) {
> + case 0:
> + ip->ip_off &=3D ~IP_DF;
> + break;
> + case 1:
> + ip->ip_off |=3D IP_DF;
> + break;
> + default:
> + goto next_rule;
> + /* NOTREACHED */
We can check cmd->arg1 for correct values in the ipfw_chk
function.
--
WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4513641C.3010002>