Date: 3 Oct 2000 22:06:14 -0000 From: patrick@mindstep.com To: freefall-gnats@mindstep.com Subject: kern/21735: Let ipfw increment rules by arbitrary amount Message-ID: <20001003220614.3914.qmail@nitro.local.mindstep.com>
next in thread | raw e-mail | index | archive | help
>Number: 21735
>Category: kern
>Synopsis: Let ipfw increment rules by arbitrary amount
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 03 15:10:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Patrick Bihan-Faou
>Release: FreeBSD 4.1.1-STABLE i386
>Organization:
MindStep Corporation
>Environment:
FreeBSD nitro 4.1.1-STABLE FreeBSD 4.1.1-STABLE #0: Tue Oct 3 17:42:33 EDT 2000 patrick@nitro:/music/usr_obj/music/usr_src/sys/NITRO i386
Source code CVSup'd today
>Description:
The following patch adds a sysctl variable to set the amount by
which the rule numbers are incremented when they are not specified
on the command line.
This is usefull to create large rule sets with variable number of
rules.
The following patch to sys/inet/ip_fw.c and sbin/ipfw/ipfw.8 are based
on the code in the RELENG_4 branch.
Loca testing was done.
>How-To-Repeat:
n/a
>Fix:
--- sys/netinet/ip_fw.c.orig Tue Oct 3 13:49:23 2000
+++ sys/netinet/ip_fw.c Tue Oct 3 14:01:36 2000
@@ -78,6 +78,7 @@
#else
static int fw_verbose_limit = 0;
#endif
+static int fw_auto_increment = 100;
static u_int64_t counter; /* counter for ipfw_report(NULL...) */
struct ipfw_flow_id last_pkt ;
@@ -102,6 +103,8 @@
&fw_verbose, 0, "Log matches to ipfw rules");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW,
&fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, auto_increment, CTLFLAG_RW,
+ &fw_auto_increment, 0, "Amount by which to increment rule numbers when it is not specified");
#if STATEFUL
/*
@@ -1458,7 +1461,7 @@
return(0);
}
- /* If entry number is 0, find highest numbered rule and add 100 */
+ /* If entry number is 0, find highest numbered rule and add fw_auto_increment */
if (ftmp->fw_number == 0) {
for (fcp = LIST_FIRST(chainptr); fcp; fcp = LIST_NEXT(fcp, chain)) {
if (fcp->rule->fw_number != (u_short)-1)
@@ -1466,8 +1469,8 @@
else
break;
}
- if (nbr < IPFW_DEFAULT_RULE - 100)
- nbr += 100;
+ if (nbr < IPFW_DEFAULT_RULE - fw_auto_increment)
+ nbr += fw_auto_increment;
ftmp->fw_number = nbr;
}
--- sbin/ipfw/ipfw.8.orig Tue Oct 3 14:11:34 2000
+++ sbin/ipfw/ipfw.8 Tue Oct 3 14:15:10 2000
@@ -1056,6 +1056,8 @@
firewall even if compiled in.
.It Em net.inet.ip.fw.verbose_limit : No 0
Limits the number of messages produced by a verbose firewall.
+.It Em net.inet.ip.fw.auto_increment : No 100
+Amount by which to increment the current rule number when none is specified
.It Em net.inet.ip.fw.dyn_buckets : No 256
.It Em net.inet.ip.fw.curr_dyn_buckets : No 256
The configured and current size of the hash table used to
>Release-Note:
>Audit-Trail:
>Unformatted:
X-send-pr-version: 3.2
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001003220614.3914.qmail>