Roman Bogorodskiy wrote:
+.It Cm setdf Ar value
+Changes
+.Cm DF
+bit of the IP packet.
+Value may be 0 (May Fragment) or 1 (Don't Fragment).
May be, it would be more handy make this feature via modifier
(not an action).
Rule format:
<action> [setdf|resetdf] <rule body>
Or more extensible, use not only DF modification:
<action> [{modip [DF|TOS|DSCP|TTL]}] <rule body>
I think this is easy to pack any of an instructions into one
ipfw_insn_xx structure.
+ case O_SET_IPDF:
+ switch (cmd->arg1) {
+ case 0:
+ ip->ip_off &=3D ~IP_DF;
+ break;
+ case 1:
+ ip->ip_off |=3D IP_DF;
+ break;
+ default:
+ goto next_rule;
+ /* NOTREACHED */
We can check cmd->arg1 for correct values in the ipfw_chk
function.
--
WBR, Andrey V. Elsukov
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
