Date: Sat, 30 Jun 2001 23:29:54 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: BRIDGE in ip_fw.c Message-ID: <20010630232954.J348@blossom.cjclark.org> In-Reply-To: <200106302307.BAA27133@info.iet.unipi.it>; from luigi@info.iet.unipi.it on Sun, Jul 01, 2001 at 01:07:28AM %2B0200 References: <20010630121500.F348@blossom.cjclark.org> <200106302307.BAA27133@info.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 01, 2001 at 01:07:28AM +0200, Luigi Rizzo wrote: > > I am about to put some fixes/enhancements up for review before > > i would be grateful if you could send me a summary > (not the code, just a description) of the > changes you have planned to commit Just two things at the moment. First is a sure thing, a fix for my old PR kern/23446. Although all following fragments are logged, initial fragments are not. The only thing still in the air is how well to fix the problem. Just print the offset of frags like we do now? Or fix it "right" and go for a tcpdump-like format that prints IP ID, offset, and status of the MF flag? The second thing is a general increase in the verbosity of ipfw log messages. Some more evolved versions patches I posted earlier this year, http://www.FreeBSD.org/cgi/getmsg.cgi?fetch=224008+235323+/usr/local/www/db/text/2000/freebsd-security/20001217.freebsd-security > > committing them to CURRENT. Before I do that, I need have a question > > about some of the code in ip_fw.c, > > > > if (0 && BRIDGED) { /* not yet... */ > > offset = (ntohs(ip->ip_off) & IP_OFFMASK); > > ip_len = ntohs(ip->ip_len); > > } else { > > offset = (ip->ip_off & IP_OFFMASK); > > ip_len = ip->ip_len; > > } > > > > What's the deal with that zeroed out code? (And wouldn't it be better > > form to zero it out in the preprocessor?) > > the compiler will remove the unused code anyways. > > The "not yet" comment refers to the fact that my > plan for bridged packets was to make the mbufs readonly > as much as possible, thus avoiding the NTOHS() calls > on ip_off and ip_len fields and in turn an m_pullup() > and the associated data copy when you need do duplicate > the buffer. The reason I ask is that I need the flag bits of ip->ip_off. The test to see if a packet is a fragment is, (ip->ip_off & (IP_OFFMASK | IP_MF)) And not just if the offset is non-zero. Obviously, whether ip->ip_off is in host or network order will make a difference on how to do the test. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010630232954.J348>