Date: Thu, 20 Mar 2003 09:08:55 +1100 From: Gregory Bond <gnb@itga.com.au> To: Luigi Rizzo <rizzo@icir.org> Cc: "Simon L. Nielsen" <simon@nitro.dk>, "Crist J. Clark" <cjc@FreeBSD.ORG>, Wiktor Niesiobedzki <w@evip.pl>, freebsd-ipfw@FreeBSD.ORG, gnb@itga.com.au Subject: Re: Prioritizing empty TCP ACKs with ipfw? Message-ID: <200303192208.JAA01920@lightning.itga.com.au> In-Reply-To: Your message of Wed, 19 Mar 2003 00:41:38 -0800.
next in thread | raw e-mail | index | archive | help
> > iplenmin len > > Matches IP packets whose total length, including header and da > ta, > > is minimum len bytes (packet length >= len). If we're going to all that trouble, why not add function/keyword to calculate payload length (for IP/UDP/TCP), after accounting for IP and TCP options. This would allow unambiguous detection of acks (payloadlen < 1) and pretty good detection of interactive telnet traffic and the like. It's pretty easy and cheap to do this calc in C but a fair bit harder to do in FW rules. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303192208.JAA01920>