Implement an ipfw action to reassemble ip packets: reass.

author: piso <piso@FreeBSD.org> 2009-04-01 20:23:47 +0000
committer: piso <piso@FreeBSD.org> 2009-04-01 20:23:47 +0000
commit: c9b4c109954a4dd9052f62f379febea366d11a07 (patch)
tree: 12380d32edc71a17a6bfe18bb48510a54c10f4f3 /sbin/ipfw/ipfw.8
parent: e965f0a26dd194aa82e93f27e2493e7c4d0afea2 (diff)
download: FreeBSD-src-c9b4c109954a4dd9052f62f379febea366d11a07.zip
FreeBSD-src-c9b4c109954a4dd9052f62f379febea366d11a07.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index d163106..4cc2f9e 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -866,6 +866,13 @@ in any subsequent forwarding decisions.
 Initially this is limited to the values 0 through 15, see
 .Xr setfib 8 .
 Processing continues at the next rule.
+.It Cm reass
+Queue and reassemble ip fragments.
+If the packet is not fragmented, counters are updated and processing continues with the next rule.
+If the packet is the last logical fragment, the packet is reassembled and, if
+.Va net.inet.ip.fw.one_pass
+is set to 0, processing continues with the next rule, else packet is allowed to pass and search terminates.
+If the packet is a fragment in the middle, it is consumed and processing stops immediately.
 .El
 .Ss RULE BODY
 The body of a rule contains zero or more patterns (such as
author	piso <piso@FreeBSD.org>	2009-04-01 20:23:47 +0000
committer	piso <piso@FreeBSD.org>	2009-04-01 20:23:47 +0000
commit	c9b4c109954a4dd9052f62f379febea366d11a07 (patch)
tree	12380d32edc71a17a6bfe18bb48510a54c10f4f3 /sbin/ipfw/ipfw.8
parent	e965f0a26dd194aa82e93f27e2493e7c4d0afea2 (diff)
download	FreeBSD-src-c9b4c109954a4dd9052f62f379febea366d11a07.zip FreeBSD-src-c9b4c109954a4dd9052f62f379febea366d11a07.tar.gz