Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate

Vadim Goncharov wrote:

2.5. Just to mention: modip, counter limits, fragments.

These patches are already currently discussed in ipfw@, but included
here just to not forget. These are "modip" action, allowing to modify IP
header (DSCP, ToS, TTL) and corresponding match rule options, and a rule
option to match when rule counters are less then specified number
packets or bytes (possibly from dynamic rule's counters), may be
a tablearg. This is also related with mentioned in section 1.2 ability
to control rule counters.

Adding a few keywords for O_FRAG more fragment matching (not only
non-first fragment), e.g. for sending to specialized netgraph(4)
reassembling module, is also desirable.


That's all for today. Any comments, additions, corrections are welcome!


For remember to all, I work around of modip action stilly, I stoped my
work during last week, but I work again in it.
Work status:

1) We have modip action implemented:

island# ipfw add modip
ipfw: need modip [DF|TOS|IPPRE|DSCP]:code arg

2) Both DF and IPPRE works perfect:
island# ipfw show
00010 371 36133 modip ippre:immediate ip from any to any
00011 52 5035 modip df:0 ip from any to any

3) DSCP:
With the DSCP I've some errors but I believe that I fix it on this week.

4) ToS:
I start the work on the next week.


The patch: http://people.freebsd.org/~araujo/logs/ipfw-modip20080324.diff

Best Regards,

--
Marcelo Araujo (__)
araujo@xxxxxxxxxxx \\\'',)
http://www.FreeBSD.org \/ \ ^
Power To Server. .\. /_)


Attachment: signature.asc
Description: OpenPGP digital signature

Quantcast