From owner-freebsd-ipfw@FreeBSD.ORG Mon Aug 6 16:31:10 2007 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2ED7816A418 for ; Mon, 6 Aug 2007 16:31:10 +0000 (UTC) (envelope-from dudu.meyer@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.231]) by mx1.freebsd.org (Postfix) with ESMTP id F0BB513C465 for ; Mon, 6 Aug 2007 16:31:09 +0000 (UTC) (envelope-from dudu.meyer@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so450005nzf for ; Mon, 06 Aug 2007 09:31:09 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=tuIiMtLrBtpClv3lEbPfsCazkLtCNrrU6Yr6saqZKR9BfIrhKsBLoQqU3W8UN7EPdpMEXwHyrc+vV0sFo7/PVZhBj05VpMJJXCzFNvp/0j260rsWhRKANM+9aDy9n1K0Sg+pmrl6EwWPWI2NIM+MtibMVlBo+Uw+eg4wtLYcgtk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=EKlZvCSXwFegOy1jctb1blLyjtKWJ/TMhIoGQ49YpJqmpqdH93qsfKyY/iKx6hxk3PNzPFuS0HfxSgu6aaMnHiD4S0/UDW0cAIp5jBJoh1yMAi4jqrK46pW4/TPPXBWG/MDrw5mbchAhfzDYTHLPyE8o+TNAjSHX9CJlFLf7wVM= Received: by 10.64.193.2 with SMTP id q2mr9072109qbf.1186416325046; Mon, 06 Aug 2007 09:05:25 -0700 (PDT) Received: by 10.65.156.9 with HTTP; Mon, 6 Aug 2007 09:05:24 -0700 (PDT) Message-ID: Date: Mon, 6 Aug 2007 13:05:25 -0300 From: "Eduardo Meyer" To: ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: All I have is one packet! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2007 16:31:10 -0000 Hello ipfw users and hackers. I have tried, for many weeks, ng_tag to tag packets for ipfw filtering. I could make it work fine. However, I have one problem. I want to make a state that will match any packet, on any protocol, between the peers. Why? Because all I have, is one packet. And this packet however, wont always be in the same transport protocol. For example, I can identify session initialization on TCP packets, but once initialized, all communication between peers happen via UDP. I know such a thing dont exist in ipfw. However, I would like to know if someone can suggest changes to the code that would do this. Would also be great if I could have a sysctl OID to tune state-timing of this unusual behavior, differently from the existing sysctl mibs on "dyn" stuff on ipfw. Every suggestion on a feature like that, would be appreciated. -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br