Date: Thu, 02 Apr 2009 01:25:52 +0400 From: Anton Yuzhaninov <citrin@citrin.ru> To: Paolo Pisati <piso@FreeBSD.org> Cc: svn-src-head@freebsd.org Subject: Re: svn commit: r190633 - in head: sbin/ipfw sys sys/amd64/include/xen sys/arm/arm sys/contrib/pf sys/dev/ata sys/dev/cxgb sys/dev/sound/usb sys/dev/usb sys/dev/usb/bluetooth sys/dev/usb/controller sys... Message-ID: <49D3DBE0.5080709@citrin.ru> In-Reply-To: <200904012023.n31KNl71041878@svn.freebsd.org> References: <200904012023.n31KNl71041878@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Paolo Pisati wrote: > Author: piso > Date: Wed Apr 1 20:23:47 2009 > New Revision: 190633 > URL: http://svn.freebsd.org/changeset/base/190633 > > Log: > Implement an ipfw action to reassemble ip packets: reass. > Modified: head/sbin/ipfw/ipfw.8 > ============================================================================== > --- head/sbin/ipfw/ipfw.8 Wed Apr 1 19:23:46 2009 (r190632) > +++ head/sbin/ipfw/ipfw.8 Wed Apr 1 20:23:47 2009 (r190633) > @@ -866,6 +866,13 @@ in any subsequent forwarding decisions. > Initially this is limited to the values 0 through 15, see > .Xr setfib 8 . > Processing continues at the next rule. > +.It Cm reass > +Queue and reassemble ip fragments. > +If the packet is not fragmented, counters are updated and processing continues with the next rule. > +If the packet is the last logical fragment, the packet is reassembled and, if > +.Va net.inet.ip.fw.one_pass > +is set to 0, processing continues with the next rule, else packet is allowed to pass and search terminates. > +If the packet is a fragment in the middle, it is consumed and processing stops immediately. > .El > .Ss RULE BODY > The body of a rule contains zero or more patterns (such as > May be it will be useful to note in man, that total number of fragments in queue limited by sysctl net.inet.ip.maxfragpackets and maximum number of fragments per packed is 16. -- Anton Yuzhaninov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49D3DBE0.5080709>