[Click] question for ipfilter
Eddie Kohler
kohler at cs.ucla.edu
Fri Jan 12 12:26:42 EST 2007
negation_is_simple() is not used by IPFilter itself, but rather by other
code that uses IPFilter. It determines whether "!PRIMITIVE" is a valid
primitive. For instance, "!(proto == tcp)" can also be expressed as
"proto != tcp". However, "!(tcp port == 80)" has no simple negation,
since its negation is the same as "(proto != tcp) || (proto == tcp &&
port != 80)".
Because of the TRANSP_FAKE_OFFSET stuff discussed in the last mail
wang houfen wrote:
> Hello,
>
> What functionality hat the following function negation_is_simple() and what for is the function used?
>
> inline bool
> IPFilter::Primitive::negation_is_simple() const
> {
> if (_type == TYPE_PROTO)
> return true;
> else if (_transp_proto >= 0)
> return false;
> else
> return _type == TYPE_HOST || (_type & TYPE_FIELD) || _type == TYPE_IPFRAG;
> }
>
>
> Why is packet_length = p->length() + TRANSP_FAKE_OFFSET - p->transport_header_offset() from IPFilter::length_checked_push(Packet *p)?
>
>
> Best Regards,
> Houfen
>
>
>
>
>
>
>
>
>
> ____________________________________________________________________________________
> Don't get soaked. Take a quick peak at the forecast
> with the Yahoo! Search weather shortcut.
> http://tools.search.yahoo.com/shortcuts/#loc_weather
>
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
More information about the click
mailing list