From owner-freebsd-hackers  Wed May  7 16:20:43 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id QAA24401
          for hackers-outgoing; Wed, 7 May 1997 16:20:43 -0700 (PDT)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA24394
          for <hackers@FreeBSD.ORG>; Wed, 7 May 1997 16:20:37 -0700 (PDT)
Message-Id: <199705072320.QAA24394@hub.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA039767108; Thu, 8 May 1997 09:18:28 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: divert still broken?
To: archie@whistle.com (Archie Cobbs)
Date: Thu, 8 May 1997 09:18:28 +1000 (EST)
Cc: nnd@info.itfs.nsk.su, hackers@FreeBSD.ORG
In-Reply-To: <199705071854.LAA01477@bubba.whistle.com> from "Archie Cobbs" at May 7, 97 11:54:27 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

In some mail from Archie Cobbs, sie said:
> 
> 
> > > Anything else? :-)
> > 
> > 	Can it be possible to extend 'negative' comparison
> > logic to other filter components f.e.
> > 
> > 	add 4032 deny all from xxx.xxx.xxx.0 to any out via not cx0
> > 						     (or not via cx0 ?)
> > 
> > 	Currently this is possible for src and dst addresses (and there
> > is no more available flag bits ;-)
> 
> The biggest problem I've had is that setsockopt() limits the argument
> to 108 bytes (which is MLEN - ie., the size of an mbuf minus the header).
> Right now sizeof(struct ip_fw) == 108, so there's no more room.
> 
> The flags words is 16 bits and it's all used up as well.
> 
> Question: would it be possible to move to an ioctl() based system instead
> of setsockopt()?

IP Filter does it that way :)

Darren