Andrey V. Elsukov wrote:
> Roman Bogorodskiy wrote:
> > +.It Cm setdf Ar value
> > +Changes
> > +.Cm DF
> > +bit of the IP packet.
> > +Value may be 0 (May Fragment) or 1 (Don't Fragment).
>
> May be, it would be more handy make this feature via modifier
> (not an action).
> Rule format:
> <action> [setdf|resetdf] <rule body>
>
> Or more extensible, use not only DF modification:
> <action> [{modip [DF|TOS|DSCP|TTL]}] <rule body>
Yeah, that's nice idea. However, I have already working DF bit stuff and
tos/dscp stuff as well (kern/102471) implemented in another way. And
since committers don't seem to show intested in these
patches/functionaliy, I'm not quite sure if I need to waste time on
re-implementing it because it would be pretty useless if these patches
would hang in GNATS forever.
> I think this is easy to pack any of an instructions into one
> ipfw_insn_xx structure.
>
> > + case O_SET_IPDF:
> > + switch (cmd->arg1) {
> > + case 0:
> > + ip->ip_off &=3D ~IP_DF;
> > + break;
> > + case 1:
> > + ip->ip_off |=3D IP_DF;
> > + break;
> > + default:
> > + goto next_rule;
> > + /* NOTREACHED */
>
> We can check cmd->arg1 for correct values in the ipfw_chk
> function.
Hm, sorry... could you clearify it to me please?
pgpqgd1G23kQ8.pgp
Description: PGP signature
