From owner-freebsd-net@FreeBSD.ORG  Thu May 29 13:05:41 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 00CA2B7C
 for <freebsd-net@freebsd.org>; Thu, 29 May 2014 13:05:40 +0000 (UTC)
Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238])
 by mx1.freebsd.org (Postfix) with ESMTP id B67402791
 for <freebsd-net@freebsd.org>; Thu, 29 May 2014 13:05:40 +0000 (UTC)
Received: by onelab2.iet.unipi.it (Postfix, from userid 275)
 id 7C8937300A; Thu, 29 May 2014 15:10:15 +0200 (CEST)
Date: Thu, 29 May 2014 15:10:15 +0200
From: 'Luigi Rizzo' <rizzo@iet.unipi.it>
To: bycn82 <bycn82@gmail.com>
Subject: Re: propose a new generic purpose rule option for ipfw
Message-ID: <20140529131015.GA72798@onelab2.iet.unipi.it>
References: <CAC+JH2x08jGWyaRKoE8PwXcwv555EhDP576-WJd5vZDrF+nsbg@mail.gmail.com>
 <CA+hQ2+gQZQXOj8Ga+r+ORMKX-WVXo=aTND-EA0WPF3Z+R30j-g@mail.gmail.com>
 <001b01cf7b3b$dfd1cfb0$9f756f10$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001b01cf7b3b$dfd1cfb0$9f756f10$@gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: 'FreeBSD Net' <freebsd-net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 May 2014 13:05:41 -0000

On Thu, May 29, 2014 at 08:45:26PM +0800, bycn82 wrote:
...
> 
> Sure, that is the reason why developers are providing more and more rule options. But the my question is do we have enough options to match all the fixed position values?

we do not have an option for fixed position matching.

As i said, feel free to submit one and i will be happy to
import it if the code is clean (btw i am still waiting
for fixes to the other 'rate limiting' option you sent),
but keep in mind that 'fixed position' is mostly useless.

More useful options would be one where you express the position as

	'{MAC|VLAN|IP|UDP|TCP|...|PAYLOAD}+offset'

so at least you can adapt to variant headers, or one where you can look
for a pattern in the entire packet or in a portion of it.

cheers
luigi