diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2019-06-21 10:54:51 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2019-06-21 10:54:51 +0000 |
| commit | 978f2d17285bf3a0017510c61eb71a2dcae38dbe (patch) | |
| tree | 3b4f2ef29d6880a58db7336fbeb58e824605f079 /sys/netinet/ip_fw.h | |
| parent | 05fc9d78d783848f63ccf1d1dc54775aab284bc6 (diff) | |
| download | src-978f2d17285bf3a0017510c61eb71a2dcae38dbe.tar.gz src-978f2d17285bf3a0017510c61eb71a2dcae38dbe.zip | |
Add "tcpmss" opcode to match the TCP MSS value.
With this opcode it is possible to match TCP packets with specified
MSS option, whose value corresponds to configured in opcode value.
It is allowed to specify single value, range of values, or array of
specific values or ranges. E.g.
# ipfw add deny log tcp from any to any tcpmss 0-500
Reviewed by: melifaro,bcr
Obtained from: Yandex LLC
MFC after: 1 week
Sponsored by: Yandex LLC
Notes
Notes:
svn path=/head/; revision=349267
Diffstat (limited to 'sys/netinet/ip_fw.h')
| -rw-r--r-- | sys/netinet/ip_fw.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index de0cc29db1d2..7a01c82ba58b 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -293,6 +293,7 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ O_EXTERNAL_DATA, /* variable length data */ O_SKIP_ACTION, /* none */ + O_TCPMSS, /* arg1=MSS value */ O_LAST_OPCODE /* not an opcode! */ }; |