From owner-svn-src-head@FreeBSD.ORG Wed Apr 1 21:47:00 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 641D6106566B; Wed, 1 Apr 2009 21:47:00 +0000 (UTC) (envelope-from citrin@citrin.ru) Received: from mail-chaos.rambler.ru (mail-chaos.rambler.ru [81.19.68.130]) by mx1.freebsd.org (Postfix) with ESMTP id 199BD8FC15; Wed, 1 Apr 2009 21:47:00 +0000 (UTC) (envelope-from citrin@citrin.ru) Received: from [192.168.1.4] (ppp91-78-188-105.pppoe.mtu-net.ru [91.78.188.105]) (Authenticated sender: citrin@citrin.ru) by mail-chaos.rambler.ru (Postfix) with ESMTPSA id C98B21702A; Thu, 2 Apr 2009 01:25:52 +0400 (MSD) Message-ID: <49D3DBE0.5080709@citrin.ru> Date: Thu, 02 Apr 2009 01:25:52 +0400 From: Anton Yuzhaninov User-Agent: Thunderbird 2.0.0.21 (X11/20090321) MIME-Version: 1.0 To: Paolo Pisati References: <200904012023.n31KNl71041878@svn.freebsd.org> In-Reply-To: <200904012023.n31KNl71041878@svn.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: svn-src-head@freebsd.org Subject: Re: svn commit: r190633 - in head: sbin/ipfw sys sys/amd64/include/xen sys/arm/arm sys/contrib/pf sys/dev/ata sys/dev/cxgb sys/dev/sound/usb sys/dev/usb sys/dev/usb/bluetooth sys/dev/usb/controller sys... X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2009 21:47:00 -0000 Paolo Pisati wrote: > Author: piso > Date: Wed Apr 1 20:23:47 2009 > New Revision: 190633 > URL: http://svn.freebsd.org/changeset/base/190633 > > Log: > Implement an ipfw action to reassemble ip packets: reass. > Modified: head/sbin/ipfw/ipfw.8 > ============================================================================== > --- head/sbin/ipfw/ipfw.8 Wed Apr 1 19:23:46 2009 (r190632) > +++ head/sbin/ipfw/ipfw.8 Wed Apr 1 20:23:47 2009 (r190633) > @@ -866,6 +866,13 @@ in any subsequent forwarding decisions. > Initially this is limited to the values 0 through 15, see > .Xr setfib 8 . > Processing continues at the next rule. > +.It Cm reass > +Queue and reassemble ip fragments. > +If the packet is not fragmented, counters are updated and processing continues with the next rule. > +If the packet is the last logical fragment, the packet is reassembled and, if > +.Va net.inet.ip.fw.one_pass > +is set to 0, processing continues with the next rule, else packet is allowed to pass and search terminates. > +If the packet is a fragment in the middle, it is consumed and processing stops immediately. > .El > .Ss RULE BODY > The body of a rule contains zero or more patterns (such as > May be it will be useful to note in man, that total number of fragments in queue limited by sysctl net.inet.ip.maxfragpackets and maximum number of fragments per packed is 16. -- Anton Yuzhaninov