Date: Wed, 19 Mar 2003 00:41:38 -0800 From: Luigi Rizzo <rizzo@icir.org> To: "Simon L. Nielsen" <simon@nitro.dk> Cc: "Crist J. Clark" <cjc@FreeBSD.ORG>, Wiktor Niesiobedzki <w@evip.pl>, freebsd-ipfw@FreeBSD.ORG Subject: Re: Prioritizing empty TCP ACKs with ipfw? Message-ID: <20030319004138.A68034@xorpc.icir.org> In-Reply-To: <20030318213131.GF377@nitro.dk>; from simon@nitro.dk on Tue, Mar 18, 2003 at 10:31:32PM %2B0100 References: <20030314085636.GB64326@galgenberg.net> <el59ycqr.fsf@ID-23066.news.dfncis.de> <20030314224655.GA2616@mail.evip.pl> <20030318200828.GC74853@blossom.cjclark.org> <20030318213131.GF377@nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 18, 2003 at 10:31:32PM +0100, Simon L. Nielsen wrote: ... > It adds two options instead of trying to make more complicated parsing > of the iplen option with arguments like '<', '>', '>=' and so on. actually, because other instructions already handle ranges (e.g. those matching port numbers) one could simply recycle that code in the user interface (for parsing/printing). Changing the "iplen" opcode to check numbers within a range is trivial (given that the size is upper bounded, we do not need < > and the like but just say iplen 0-90 or iplen 128-65535. This would be my preference, also for ipttl and similar instructions. cheers luigi > iplenmin len > Matches IP packets whose total length, including header and data, > is minimum len bytes (packet length >= len). > > iplenmax len > Matches IP packets whose total length, including header and data, > is maximum len bytes (packet length <= len). > > The code have been tested very little (which is the reason I have not > bothed this list with it before :) ) but in my simple tests it works > fine. > > Note that the attached patch had to be untagnled from some other code > i'm working on so it can be got the wrong parts out but I think it is > ok. > > -- > Simon L. Nielsen > Index: sbin/ipfw/ipfw.8 > =================================================================== > RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v > retrieving revision 1.122 > diff -u -d -r1.122 ipfw.8 > --- sbin/ipfw/ipfw.8 15 Mar 2003 01:13:00 -0000 1.122 > +++ sbin/ipfw/ipfw.8 18 Mar 2003 20:54:22 -0000 > @@ -901,6 +901,18 @@ > Matches IP packets whose total length, including header and data, is > .Ar len > bytes. > +.It Cm iplenmin Ar len > +Matches IP packets whose total length, including header and data, is > +minimum > +.Ar len > +bytes (packet length >= > +.Ar len ) . > +.It Cm iplenmax Ar len > +Matches IP packets whose total length, including header and data, is > +maximum > +.Ar len > +bytes (packet length <= > +.Ar len ) . > .It Cm ipoptions Ar spec > Matches packets whose IP header contains the comma separated list of > options specified in > Index: sbin/ipfw/ipfw2.c > =================================================================== > RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v > retrieving revision 1.23 > diff -u -d -r1.23 ipfw2.c > --- sbin/ipfw/ipfw2.c 15 Mar 2003 01:12:59 -0000 1.23 > +++ sbin/ipfw/ipfw2.c 18 Mar 2003 20:54:22 -0000 > @@ -209,6 +209,8 @@ > TOK_FRAG, > TOK_IPOPTS, > TOK_IPLEN, > + TOK_IPLENMIN, > + TOK_IPLENMAX, > TOK_IPID, > TOK_IPPRECEDENCE, > TOK_IPTOS, > @@ -308,6 +310,8 @@ > { "ipoptions", TOK_IPOPTS }, > { "ipopts", TOK_IPOPTS }, > { "iplen", TOK_IPLEN }, > + { "iplenmin", TOK_IPLENMIN }, > + { "iplenmax", TOK_IPLENMAX }, > { "ipid", TOK_IPID }, > { "ipprecedence", TOK_IPPRECEDENCE }, > { "iptos", TOK_IPTOS }, > @@ -1106,6 +1110,14 @@ > printf(" iplen %u", cmd->arg1 ); > break; > > + case O_IPLENMIN: > + printf(" iplenmin %u", cmd->arg1 ); > + break; > + > + case O_IPLENMAX: > + printf(" iplenmax %u", cmd->arg1 ); > + break; > + > case O_IPOPT: > print_flags("ipoptions", cmd, f_ipopts); > break; > @@ -2962,6 +2974,18 @@ > case TOK_IPLEN: > NEED1("iplen requires length"); > fill_cmd(cmd, O_IPLEN, 0, strtoul(*av, NULL, 0)); > + ac--; av++; > + break; > + > + case TOK_IPLENMIN: > + NEED1("iplenmin requires length"); > + fill_cmd(cmd, O_IPLENMIN, 0, strtoul(*av, NULL, 0)); > + ac--; av++; > + break; > + > + case TOK_IPLENMAX: > + NEED1("iplenmax requires length"); > + fill_cmd(cmd, O_IPLENMAX, 0, strtoul(*av, NULL, 0)); > ac--; av++; > break; > > Index: sys/netinet/ip_fw.h > =================================================================== > RCS file: /home/ncvs/src/sys/netinet/ip_fw.h,v > retrieving revision 1.76 > diff -u -d -r1.76 ip_fw.h > --- sys/netinet/ip_fw.h 15 Mar 2003 01:13:00 -0000 1.76 > +++ sys/netinet/ip_fw.h 18 Mar 2003 21:00:45 -0000 > @@ -72,6 +72,8 @@ > > O_IPOPT, /* arg1 = 2*u8 bitmap */ > O_IPLEN, /* arg1 = len */ > + O_IPLENMIN, /* arg1 = len */ > + O_IPLENMAX, /* arg1 = len */ > O_IPID, /* arg1 = id */ > > O_IPTOS, /* arg1 = id */ > Index: sys/netinet/ip_fw2.c > =================================================================== > RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v > retrieving revision 1.28 > diff -u -d -r1.28 ip_fw2.c > --- sys/netinet/ip_fw2.c 15 Mar 2003 01:13:00 -0000 1.28 > +++ sys/netinet/ip_fw2.c 18 Mar 2003 21:00:45 -0000 > @@ -1740,6 +1740,14 @@ > match = (hlen > 0 && cmd->arg1 == ip_len); > break; > > + case O_IPLENMIN: > + match = (hlen > 0 && cmd->arg1 <= ip_len); > + break; > + > + case O_IPLENMAX: > + match = (hlen > 0 && cmd->arg1 >= ip_len); > + break; > + > case O_IPPRECEDENCE: > match = (hlen > 0 && > (cmd->arg1 == (ip->ip_tos & 0xe0)) ); > @@ -2362,6 +2370,8 @@ > case O_FRAG: > case O_IPOPT: > case O_IPLEN: > + case O_IPLENMIN: > + case O_IPLENMAX: > case O_IPID: > case O_IPTOS: > case O_IPPRECEDENCE: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319004138.A68034>