Andrey V. Elsukov wrote: > Roman Bogorodskiy wrote: > > +.It Cm setdf Ar value > > +Changes > > +.Cm DF > > +bit of the IP packet. > > +Value may be 0 (May Fragment) or 1 (Don't Fragment). > > May be, it would be more handy make this feature via modifier > (not an action). > Rule format: > <action> [setdf|resetdf] <rule body> > > Or more extensible, use not only DF modification: > <action> [{modip [DF|TOS|DSCP|TTL]}] <rule body>
Yeah, that's nice idea. However, I have already working DF bit stuff and tos/dscp stuff as well (kern/102471) implemented in another way. And since committers don't seem to show intested in these patches/functionaliy, I'm not quite sure if I need to waste time on re-implementing it because it would be pretty useless if these patches would hang in GNATS forever. > I think this is easy to pack any of an instructions into one > ipfw_insn_xx structure. > > > + case O_SET_IPDF: > > + switch (cmd->arg1) { > > + case 0: > > + ip->ip_off &=3D ~IP_DF; > > + break; > > + case 1: > > + ip->ip_off |=3D IP_DF; > > + break; > > + default: > > + goto next_rule; > > + /* NOTREACHED */ > > We can check cmd->arg1 for correct values in the ipfw_chk > function. Hm, sorry... could you clearify it to me please?
pgpqgd1G23kQ8.pgp
Description: PGP signature