From owner-freebsd-net@FreeBSD.ORG  Sat May 17 17:23:31 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7079C37B401
	for <freebsd-net@freebsd.org>; Sat, 17 May 2003 17:23:31 -0700 (PDT)
Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk
	[212.242.113.79])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D240343F85
	for <freebsd-net@freebsd.org>; Sat, 17 May 2003 17:23:30 -0700 (PDT)
	(envelope-from simon@arthur.nitro.dk)
Received: by arthur.nitro.dk (Postfix, from userid 1000)
	id F1A7A10BF81; Sun, 18 May 2003 02:23:29 +0200 (CEST)
Date: Sun, 18 May 2003 02:23:29 +0200
From: "Simon L. Nielsen" <simon@nitro.dk>
To: "Gregory P. Smith" <greg@electricrain.com>
Message-ID: <20030518002328.GJ399@nitro.dk>
References: <20030517195354.GF13501@zot.electricrain.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="DSayHWYpDlRfCAAQ"
Content-Disposition: inline
In-Reply-To: <20030517195354.GF13501@zot.electricrain.com>
User-Agent: Mutt/1.5.4i
cc: freebsd-net@freebsd.org
Subject: Re: matching a range of iplens with ipfw2?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 May 2003 00:23:31 -0000


--DSayHWYpDlRfCAAQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2003.05.17 12:53:54 -0700, Gregory P. Smith wrote:
> Is there a way to match a range of iplen values in an ipfw2 rule?
> (say i wanted a rule to match all tcp packets <=3D 64 bytes).

At the moment no.  I implemented a simple version of it some time ago
but since it was not "the right way" (not flexible enough.. try
searching the archives for FreeBSD-ipfw for more details) I didn't
proceed any further with my patch but it should work just fine.  My
patch can be found at
http://simon.nitro.dk/freebsd/files/ipfw2-iplen.patch if you want to try
it out.

Somebody (sorry can't remeber who) was looking into implemented iplen
ranges "the right way" as sugested by Luigi Rizzo, but I don' know the
progress of that work.

--=20
Simon L. Nielsen

--DSayHWYpDlRfCAAQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+xtKA8kocFXgPTRwRArAEAJwKsizYdpMmXdy6oX3dEJWTsYS9OQCg0kfZ
KL/fJIBa2f02MT9YZrCLF2M=
=s/HM
-----END PGP SIGNATURE-----

--DSayHWYpDlRfCAAQ--