From owner-freebsd-ipfw@FreeBSD.ORG Wed Feb 27 14:36:47 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9BD91065673 for ; Wed, 27 Feb 2008 14:36:47 +0000 (UTC) (envelope-from vadim_nuclight@mail.ru) Received: from mx40.mail.ru (mx40.mail.ru [194.67.23.36]) by mx1.freebsd.org (Postfix) with ESMTP id 3C3D48FC28 for ; Wed, 27 Feb 2008 14:36:47 +0000 (UTC) (envelope-from vadim_nuclight@mail.ru) Received: from [78.140.3.71] (port=19605 helo=nuclight.avtf.net) by mx40.mail.ru with esmtp id 1JUNOn-000FP3-00; Wed, 27 Feb 2008 17:36:45 +0300 Date: Wed, 27 Feb 2008 20:36:41 +0600 To: "Andrey V. Elsukov" , araujo@freebsd.org References: <200802261908.m1QJ8n5N023371@freefall.freebsd.org> <47C4F2D1.5080703@yandex.ru> From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <47C4F2D1.5080703@yandex.ru> User-Agent: Opera M2/7.54 (Win32, build 3865) X-Spam: Not detected X-Mras: OK Cc: freebsd-bugs@freebsd.org, Luigi Rizzo , Roman Bogorodskiy , freebsd-ipfw@freebsd.org, Julian Elischer , Oleg Bulyzhin Subject: Re: kern/121122: [ipfw] [patch] add support to ToS IP PRECEDENCE fields X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2008 14:36:47 -0000 27.02.08 @ 11:19 Andrey V. Elsukov wrote: > I talked to Roman when he submitted his first patch about > it's design. What you think about making TOK_SETIPTOSPRE not > an action, but a modifier? I think it will be much usable. Agree. If it is more general ``modip'', one could wish to change more than one IP field in the same rule. > A syntax example: > > # ipfw add allow iptospre flashover ip from any to any > # ipfw add count iptospre immediate ip from any to any > # ipfw add skipto .... > > Also I talked to Roman about extensible variant of this ability. > A syntax example: > > [{modip [DF|TOS|DSCP|TTL]}] Yes, that's what's really needed - I've seen people asking for ability to change not only TOS (and more often DSCP), but TTL and DF bit. Moreover, I think all features from RFC 3168, RFC 2780 should be supported, including ECN bits (again in TOS byte). And, it must be consistent: all things you can set with this action you should be able to check in the options section. So that if user is able to match: ipfw add count ip from any to any iptos reliability,congestion then there must be possibility to write: ipfw add count modip tos reliability,congestion And vice versa, if one can able to modify a field: ipfw add count modip dscp af11 ip from any to any then he must be able to match it: ipfw add count ip from any to any dscp af11 Other consistency question - currently we have ``ipprecedence'' option which takes a numeric argument, and proposed patch uses symbolic names like ``flashover''. It may be desirable to allow both forms to be used in both TOS and DSCP fields (for both matching and setting), thus not limiting to predefined bit names. The other thing (apart from adding more ECN bits to the only one currently existing ``congestion'' in iptos) is TTL-setting ability to make it not only fixed, but relative also, like this for increment: ipfw add count modip ttl +1 ip from any to any It is questionable, though, will it be enough 16-bit single arg1 for O_MODIP ipfw_insn. May be it should be two, and be a structure allowing further extension (e.g. modifying any bytes, but that's far future)... P.S. One more stylish comment on the patch - constants for TOS should not be reinveneted, but taken where possible from system includes, e.g. IPTOS_* from in this case. -- WBR, Vadim Goncharov