From owner-freebsd-ipfw@FreeBSD.ORG  Fri Sep 22 04:18:44 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@FreeBSD.org
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E024C16A412;
	Fri, 22 Sep 2006 04:18:44 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from mx18.yandex.ru (smtp2.yandex.ru [213.180.200.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BD70343D5F;
	Fri, 22 Sep 2006 04:18:42 +0000 (GMT)
	(envelope-from bu7cher@yandex.ru)
Received: from ns.kirov.so-cdu.ru ([81.18.142.225]:13066 "EHLO [127.0.0.1]"
	smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256
	version TLSv1/SSLv3" TLS-PEER-CN1: <none>) by mail.yandex.ru
	with ESMTP id S3375747AbWIVESj (ORCPT <rfc822;oleg@FreeBSD.org>
	+ 3 others); Fri, 22 Sep 2006 08:18:39 +0400
X-Comment: RFC 2476 MSA function at smtp2.yandex.ru logged sender identity as:
	bu7cher
Message-ID: <4513641C.3010002@yandex.ru>
Date: Fri, 22 Sep 2006 08:18:36 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231)
MIME-Version: 1.0
To: Roman Bogorodskiy <novel@FreeBSD.org>
References: <200609211400.k8LE0uMN075069@freefall.freebsd.org>
In-Reply-To: <200609211400.k8LE0uMN075069@freefall.freebsd.org>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@FreeBSD.org, Gleb Smirnoff <glebius@FreeBSD.org>,
	Oleg Bulyzhin <oleg@FreeBSD.org>, Luigi Rizzo <rizzo@icir.org>
Subject: Re: kern/103454: [ipfw] [patch] add a facility to modify DF bit of
 the IP packet
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Sep 2006 04:18:45 -0000

Roman Bogorodskiy wrote:
>  +.It Cm setdf Ar value
>  +Changes
>  +.Cm DF
>  +bit of the IP packet.
>  +Value may be 0 (May Fragment) or 1 (Don't Fragment).

May be, it would be more handy make this feature via modifier
(not an action).
Rule format:
  <action> [setdf|resetdf] <rule body>

Or more extensible, use not only DF modification:
  <action> [{modip [DF|TOS|DSCP|TTL]}] <rule body>

I think this is easy to pack any of an instructions into one
ipfw_insn_xx structure.

>  +			case O_SET_IPDF:
>  +				switch (cmd->arg1) {
>  +					case 0:
>  +						ip->ip_off &=3D ~IP_DF;
>  +						break;
>  +					case 1:
>  +						ip->ip_off |=3D IP_DF;
>  +						break;
>  +					default:
>  +						goto next_rule;
>  +						/* NOTREACHED */

We can check cmd->arg1 for correct values in the ipfw_chk
function.

-- 
WBR, Andrey V. Elsukov