-----Original Message----- From: 'Luigi Rizzo' [mailto:[email protected]] Sent: 29 May, 2014 21:10 To: bycn82 Cc: 'FreeBSD Net' Subject: Re: propose a new generic purpose rule option for ipfw
On Thu, May 29, 2014 at 08:45:26PM +0800, bycn82 wrote: ... > > Sure, that is the reason why developers are providing more and more rule > options. But the my question is do we have enough options to match all the > fixed position values? we do not have an option for fixed position matching. Can I say that “It will be useful when a user come up with a special requirement which cannot be fulfilled by any existing rule option.” Since there are so many rule options already. So I don’t know when that special requirement will appear. L that is what you said “useless”, I accept that . As i said, feel free to submit one and i will be happy to import it if the code is clean (btw i am still waiting for fixes to the other 'rate limiting' option you sent), but keep in mind that 'fixed position' is mostly useless. Which `rate limiting`, the `Packet per second`? http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/189720 More useful options would be one where you express the position as '{MAC|VLAN|IP|UDP|TCP|...|PAYLOAD}+offset' It is possible, match <position> <mask> <value> the <mask> can be a pattern , then that means it can match multiple value at the same time. so at least you can adapt to variant headers, or one where you can look for a pattern in the entire packet or in a portion of it. cheers luigi _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
