From owner-freebsd-ipfw@FreeBSD.ORG  Thu Sep 21 14:00:56 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E1D2516A4F6
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu, 21 Sep 2006 14:00:56 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 52EEA43D45
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu, 21 Sep 2006 14:00:56 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k8LE0u2A075070
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 21 Sep 2006 14:00:56 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k8LE0uMN075069;
	Thu, 21 Sep 2006 14:00:56 GMT (envelope-from gnats)
Date: Thu, 21 Sep 2006 14:00:56 GMT
Message-Id: <200609211400.k8LE0uMN075069@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Roman Bogorodskiy <novel@FreeBSD.org>
Cc: 
Subject: Re: kern/103454: [ipfw] [patch] add a facility to modify DF bit of
	the IP packet
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Roman Bogorodskiy <novel@FreeBSD.org>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Sep 2006 14:00:57 -0000

The following reply was made to PR kern/103454; it has been noted by GNATS.

From: Roman Bogorodskiy <novel@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc: novel@FreeBSD.org
Subject: Re: kern/103454: [ipfw] [patch] add a facility to modify DF bit of the IP packet
Date: Thu, 21 Sep 2006 17:56:15 +0400

 --5G06lTa6Jq83wMTw
 Content-Type: multipart/mixed; boundary="Bn2rw/3z4jIqBvZU"
 Content-Disposition: inline
 
 
 --Bn2rw/3z4jIqBvZU
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Hi,
 
 Attaching a slightly updated patch. Changes:
 
 - If we got not 0 or 1 as cmd->arg1, just jump to the next rule
   without updatating stats. Actually, ipfw(8) checks if the arg
   for 'setdf' is only 0 or 1, so it should never happen.
 - s/setdf DF/setdf N/ in `ipfw -h' output
 
 http://novel.fannet.ru/~novel/ipfw_setdf_20060921_3_CURRENT.diff
 
 --Bn2rw/3z4jIqBvZU
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="ipfw_setdf_20060921_3_CURRENT.diff"
 Content-Transfer-Encoding: quoted-printable
 
 ? sbin/ipfw/ipfw
 Index: sbin/ipfw/ipfw.8
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v
 retrieving revision 1.195
 diff -u -r1.195 ipfw.8
 --- sbin/ipfw/ipfw.8	18 Sep 2006 11:55:10 -0000	1.195
 +++ sbin/ipfw/ipfw.8	21 Sep 2006 13:41:49 -0000
 @@ -822,6 +822,11 @@
  and
  .Cm ngtee
  actions.
 +.It Cm setdf Ar value
 +Changes
 +.Cm DF
 +bit of the IP packet.
 +Value may be 0 (May Fragment) or 1 (Don't Fragment).
  .El
  .Ss RULE BODY
  The body of a rule contains zero or more patterns (such as
 Index: sbin/ipfw/ipfw2.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
 retrieving revision 1.98
 diff -u -r1.98 ipfw2.c
 --- sbin/ipfw/ipfw2.c	16 Sep 2006 19:27:40 -0000	1.98
 +++ sbin/ipfw/ipfw2.c	21 Sep 2006 13:41:50 -0000
 @@ -247,7 +247,8 @@
  	TOK_RESET,
  	TOK_UNREACH,
  	TOK_CHECKSTATE,
 -
 +	TOK_SETDF,
 +=09
  	TOK_ALTQ,
  	TOK_LOG,
  	TOK_TAG,
 @@ -374,6 +375,7 @@
  	{ "unreach6",		TOK_UNREACH6 },
  	{ "unreach",		TOK_UNREACH },
  	{ "check-state",	TOK_CHECKSTATE },
 +	{ "setdf",		TOK_SETDF },
  	{ "//",			TOK_COMMENT },
  	{ NULL, 0 }	/* terminator */
  };
 @@ -1555,6 +1557,10 @@
  		    }
  			break;
 =20
 +		case O_SET_IPDF:
 +			PRINT_UINT_ARG("setdf ", cmd->arg1);
 +			break;
 +
  		case O_LOG: /* O_LOG is printed last */
  			logptr =3D (ipfw_insn_log *)cmd;
  			break;
 @@ -2635,7 +2641,7 @@
  "RULE-BODY:	check-state [PARAMS] | ACTION [PARAMS] ADDR [OPTION_LIST]\n"
  "ACTION:	check-state | allow | count | deny | unreach{,6} CODE |\n"
  "               skipto N | {divert|tee} PORT | forward ADDR |\n"
 -"               pipe N | queue N\n"
 +"               pipe N | queue N | setdf N\n"
  "PARAMS: 	[log [logamount LOGLIMIT]] [altq QUEUE_NAME]\n"
  "ADDR:		[ MAC dst src ether_type ] \n"
  "		[ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"
 @@ -3970,6 +3976,20 @@
  		action->opcode =3D O_COUNT;
  		break;
 =20
 +	case TOK_SETDF:
 +	   {
 +		int df;
 +		  =20
 +		NEED1("need setdf arg\n");
 +		df =3D strtoul(*av, NULL, 0);
 +		if (df < 0 || df > 1)
 +			errx(EX_DATAERR, "illegal argument for %s",
 +				*(av - 1));
 +		fill_cmd(action, O_SET_IPDF, 0, df);
 +		ac--; av++;
 +	   }
 +		break;
 +	=09
  	case TOK_QUEUE:
  		action->opcode =3D O_QUEUE;
  		goto chkarg;
 Index: sys/netinet/ip_fw.h
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sys/netinet/ip_fw.h,v
 retrieving revision 1.108
 diff -u -r1.108 ip_fw.h
 --- sys/netinet/ip_fw.h	18 Aug 2006 22:36:04 -0000	1.108
 +++ sys/netinet/ip_fw.h	21 Sep 2006 13:42:11 -0000
 @@ -160,6 +160,8 @@
  	O_TAG,   		/* arg1=3Dtag number */
  	O_TAGGED,		/* arg1=3Dtag number */
 =20
 +	O_SET_IPDF,		/* arg1=3D[0|1] */
 +=09
  	O_LAST_OPCODE		/* not an opcode!		*/
  };
 =20
 Index: sys/netinet/ip_fw2.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
 retrieving revision 1.147
 diff -u -r1.147 ip_fw2.c
 --- sys/netinet/ip_fw2.c	16 Sep 2006 10:27:05 -0000	1.147
 +++ sys/netinet/ip_fw2.c	21 Sep 2006 13:42:11 -0000
 @@ -3127,6 +3127,23 @@
  				goto done;
  			}
 =20
 +			case O_SET_IPDF:
 +				switch (cmd->arg1) {
 +					case 0:
 +						ip->ip_off &=3D ~IP_DF;
 +						break;
 +					case 1:
 +						ip->ip_off |=3D IP_DF;
 +						break;
 +					default:
 +						goto next_rule;
 +						/* NOTREACHED */
 +				}
 +				f->pcnt++;
 +				f->bcnt +=3D pktlen;
 +				f->timestamp =3D time_second;
 +				goto next_rule;
 +
  			case O_COUNT:
  			case O_SKIPTO:
  				f->pcnt++;	/* update stats */
 @@ -3654,6 +3671,10 @@
  				goto bad_size;
  			break;
 =20
 +		case O_SET_IPDF:
 +			have_action =3D 1;
 +			break;
 +
  		case O_UID:
  		case O_GID:
  		case O_JAIL:
 
 --Bn2rw/3z4jIqBvZU--
 
 --5G06lTa6Jq83wMTw
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (FreeBSD)
 
 iQCVAwUBRRKZ/4B0WzgdqspGAQK5wgP/ZiaI62k5RvNb6G71CH114zGX5SH6EYFa
 WDJ7T8Q/0By/KH0aHXlcBO5R3b1bEOoppaAYGOx4DXjFA75vqF17lPh9vi2Cs5R+
 RKOY84KANWLvATgVe48iaUIVQvvLUXaY6E7NFgyekhEywcqRpCId1WcSElCwi4jB
 uy2l78sTklU=
 =VnhE
 -----END PGP SIGNATURE-----
 
 --5G06lTa6Jq83wMTw--