kern/103454: [ipfw] [patch] add a facility to modify DF bit of
the IP packet
Andrey V. Elsukov
bu7cher at yandex.ru
Thu Sep 21 21:18:45 PDT 2006
Roman Bogorodskiy wrote:
> +.It Cm setdf Ar value
> +Changes
> +.Cm DF
> +bit of the IP packet.
> +Value may be 0 (May Fragment) or 1 (Don't Fragment).
May be, it would be more handy make this feature via modifier
(not an action).
Rule format:
<action> [setdf|resetdf] <rule body>
Or more extensible, use not only DF modification:
<action> [{modip [DF|TOS|DSCP|TTL]}] <rule body>
I think this is easy to pack any of an instructions into one
ipfw_insn_xx structure.
> + case O_SET_IPDF:
> + switch (cmd->arg1) {
> + case 0:
> + ip->ip_off &=3D ~IP_DF;
> + break;
> + case 1:
> + ip->ip_off |=3D IP_DF;
> + break;
> + default:
> + goto next_rule;
> + /* NOTREACHED */
We can check cmd->arg1 for correct values in the ipfw_chk
function.
--
WBR, Andrey V. Elsukov
More information about the freebsd-ipfw
mailing list