From owner-freebsd-ipfw Fri Jul 14 17:46:38 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from valis.worldgate.ca (valis.worldgate.ca [198.161.84.2]) by hub.freebsd.org (Postfix) with ESMTP id CC5FD37B855 for ; Fri, 14 Jul 2000 17:46:34 -0700 (PDT) (envelope-from skafte@worldgate.ca) Received: from worldgate.ca (diskless4.worldgate.ca [198.161.84.132]) by valis.worldgate.ca (8.9.3/8.9.3) with ESMTP id SAA94145; Fri, 14 Jul 2000 18:46:28 -0600 (MDT) (envelope-from skafte@worldgate.ca) Message-ID: <396FB45F.47307416@worldgate.ca> Date: Fri, 14 Jul 2000 18:46:23 -0600 From: Greg Skafte Organization: WorldGate Inc X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.0.36 i386) X-Accept-Language: en MIME-Version: 1.0 To: Luigi Rizzo Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw accounting problem? .... References: <200007150030.CAA22244@info.iet.unipi.it> Content-Type: multipart/mixed; boundary="------------17104E690B52B8C41254BFA6" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------17104E690B52B8C41254BFA6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Luigi Rizzo wrote: > > > I really haven't started looking into the code .... but > > should the checkstate rule show packet accounting matches..... > > the way it is implemented is to account packets into the > dynamic rules and probably also in the "parent" rule (the one > with "keep-state". on a 4.X machine I'm only see the accounting info in the dynamic rules, not the Parent "keep-state". I'm just wondering if matches to the "check-state" should have accounting info? Some people may have issues with packet accounting being done in the dynamic rules since some of the rules can expire in as little as 5 seconds ( yes the timeout can be adjusted by a sysctl but ..) > > cheers > luigi > > > 09000 0 0 check-state > > 09500 16194 1609751 allow tcp from x.x.x.x to any keep-state out xmit > > fxp0 setup > >  > > > > yet there are packet matches in the dynamic rules ..... > > > > > > > > -- -- Email: skafte@worldgate.ca Voice: +780 413 1910 Fax: +780 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris) --------------17104E690B52B8C41254BFA6 Content-Type: text/x-vcard; charset=us-ascii; name="skafte.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Greg Skafte Content-Disposition: attachment; filename="skafte.vcf" begin:vcard n:Skafte;Greg tel;pager:+1 (780) 491 4791 tel;cell:+1 (780) 718 1570 tel;fax:+1 (780) 421 4929 tel;work:+1 (780) 413 1910 x-mozilla-html:FALSE org:;Network Operations adr:;;#575 10123 99 Street;Edmonton;Alberta;T5J 3H1;Canada version:2.1 email;internet:Skafte@worldgate.ca title:Operations Manager x-mozilla-cpt:;29088 fn:Greg Skafte end:vcard --------------17104E690B52B8C41254BFA6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message