From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 24 12:22:48 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1D2A106566B for ; Mon, 24 Mar 2008 12:22:48 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.236]) by mx1.freebsd.org (Postfix) with ESMTP id 70D298FC2C for ; Mon, 24 Mar 2008 12:22:48 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so3290654wxd.7 for ; Mon, 24 Mar 2008 05:22:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:from; bh=Ma8J3Gz5W7f7eYu5ltN/SM1/2gKY6jUS/nVITGKmkJ0=; b=K/biZs0vIALuiIsfMlQ04H/M6y0bQN7ZwrXIziNiF+B7IyQcUqZGx7ChHZeWltR6HjgJ+ETjPvHcVTCT9WGdtxUHbtNObd+T3uBdTxFhl4J3wkN+ZwOV+eWHl6JCaxl+AfshGeotBb7X9hLxI18cbYLeqW4Qnj8VI2Le3u/YtoA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:from; b=KT2N2SY4sJX3A6kIkBp0VsDk6ZecQiLkz1mOVBy8UL5MszHrbCC0ZPPbo3eI/62MEqQB61xjIkHe/ODddYCieKOIL7hBHZY6Ael+6uUdnyGQ9IC2feJkMAgCcihkJ95Jo9kZsxmg6uzdPlnDavngvv/I6bV1y4GpahvmBFO51lw= Received: by 10.141.142.15 with SMTP id u15mr2041089rvn.238.1206359612013; Mon, 24 Mar 2008 04:53:32 -0700 (PDT) Received: from island.freebsd.org ( [201.25.194.19]) by mx.google.com with ESMTPS id l22sm10866554wrl.34.2008.03.24.04.53.29 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 24 Mar 2008 04:53:31 -0700 (PDT) Message-ID: <47E79636.1000909@FreeBSD.org> Date: Mon, 24 Mar 2008 08:53:26 -0300 Organization: FreeBSD User-Agent: Thunderbird 2.0.0.0 (X11/20070521) MIME-Version: 1.0 To: vadim_nuclight@mail.ru References: In-Reply-To: X-Enigmail-Version: 0.95.0 OpenPGP: id=53E4CFA8 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig68C51D89D2EA2978728F1F6B" From: Marcelo Araujo X-Mailman-Approved-At: Mon, 24 Mar 2008 12:44:16 +0000 Cc: freebsd-ipfw@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2008 12:22:48 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig68C51D89D2EA2978728F1F6B Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Vadim Goncharov wrote: > > 2.5. Just to mention: modip, counter limits, fragments. > > These patches are already currently discussed in ipfw@, but included > here just to not forget. These are "modip" action, allowing to modify I= P > header (DSCP, ToS, TTL) and corresponding match rule options, and a rul= e > option to match when rule counters are less then specified number > packets or bytes (possibly from dynamic rule's counters), may be > a tablearg. This is also related with mentioned in section 1.2 ability > to control rule counters. > > Adding a few keywords for O_FRAG more fragment matching (not only > non-first fragment), e.g. for sending to specialized netgraph(4) > reassembling module, is also desirable. > > > That's all for today. Any comments, additions, corrections are welcome!= > > =20 For remember to all, I work around of modip action stilly, I stoped my work during last week, but I work again in it. Work status: 1) We have modip action implemented: island# ipfw add modip ipfw: need modip [DF|TOS|IPPRE|DSCP]:code arg 2) Both DF and IPPRE works perfect: island# ipfw show 00010 371 36133 modip ippre:immediate ip from any to any 00011 52 5035 modip df:0 ip from any to any 3) DSCP: With the DSCP I've some errors but I believe that I fix it on this week. 4) ToS: I start the work on the next week. The patch: http://people.freebsd.org/~araujo/logs/ipfw-modip20080324.diff= Best Regards, --=20 Marcelo Araujo (__) araujo@FreeBSD.org \\\'',) http://www.FreeBSD.org \/ \ ^ Power To Server. .\. /_) --------------enig68C51D89D2EA2978728F1F6B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFH55Y6ovxJd1Pkz6gRAhUqAKCVpZfYvydqItLJBJTuCF9DY+wLdACgmmFG DgswIh3yibFXEUaA68uzRq8= =4XZQ -----END PGP SIGNATURE----- --------------enig68C51D89D2EA2978728F1F6B--