Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- From: Vadim Goncharov <vadim_nuclight@xxxxxxx>
- Date: Wed, 26 Mar 2008 08:49:12 +0000 (UTC)
Hi Marcelo Araujo!
On Mon, 24 Mar 2008 08:53:26 -0300; Marcelo Araujo wrote about 'Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate':
2.5. Just to mention: modip, counter limits, fragments.
These patches are already currently discussed in ipfw@, but included
here just to not forget. These are "modip" action, allowing to modify IP
header (DSCP, ToS, TTL) and corresponding match rule options, and a rule
option to match when rule counters are less then specified number
packets or bytes (possibly from dynamic rule's counters), may be
a tablearg. This is also related with mentioned in section 1.2 ability
to control rule counters.
Adding a few keywords for O_FRAG more fragment matching (not only
non-first fragment), e.g. for sending to specialized netgraph(4)
reassembling module, is also desirable.
For remember to all, I work around of modip action stilly, I stoped my
work during last week, but I work again in it.
Work status:
1) We have modip action implemented:
island# ipfw add modip
ipfw: need modip [DF|TOS|IPPRE|DSCP]:code arg
2) Both DF and IPPRE works perfect:
island# ipfw show
00010 371 36133 modip ippre:immediate ip from any to any
00011 52 5035 modip df:0 ip from any to any
3) DSCP:
With the DSCP I've some errors but I believe that I fix it on this week.
4) ToS:
I start the work on the next week.
The patch: http://people.freebsd.org/~araujo/logs/ipfw-modip20080324.diff=
Looked at the patch. Some line are changed e.g. in NAT definitions without any
visible changes, strange.
Also, you're adding 7 opcode in the kernel, 2 for match and 5 for setting,
while having single "modip" action in userland. In the case of significantly
changing compilation rulesm, etc., we may need many new opcodes so we should
not waste them. For example, your O_IPTOSPRE is redundant because we already
have O_IPPRECEDENCE which compiler could utilize while retainig more ABI
compatibility.
I can correct and extend your patch for DSCP/TTL/any bytes (not forgetting
credits, of course), if you're too busy...
--
WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@xxxxxxx
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- From: Marcelo Araujo
- Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- References:
- [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- From: Vadim Goncharov
- Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- From: Marcelo Araujo
- [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- Prev by Date: Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- Next by Date: Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- Previous by thread: Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- Next by thread: Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
- Index(es):
