Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Sep 2002 06:50:03 -0700 (PDT)
From:      Maxim Konovalov <maxim@macomnet.ru>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/35887
Message-ID:  <200209301350.g8UDo3wn013046@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/35887; it has been noted by GNATS.

From: Maxim Konovalov <maxim@macomnet.ru>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: kern/35887
Date: Mon, 30 Sep 2002 17:42:59 +0400 (MSD)

 There are two unrelated problems. First, limit rules just do not work
 for longlive connections (more than net.inet.ip.fw.dyn_ack_lifetime
 seconds). A keepalive mechanism in ipfw2 solves the problem.
 
 Second, ipfw1 incorrectly spams a kernel log. You can try a patch
 below. Again, ipfw2 does not have this bug.
 
 Index: ip_fw.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
 retrieving revision 1.188
 diff -u -r1.188 ip_fw.c
 --- ip_fw.c	22 Jun 2002 11:51:02 -0000	1.188
 +++ ip_fw.c	27 Sep 2002 12:06:35 -0000
 @@ -724,11 +724,11 @@
  	    if (zap)
  		zap = force || TIME_LEQ( q->expire , time_second );
  	    /* do not zap parent in first pass, record we need a second pass */
 -	    if (q->dyn_type == DYN_LIMIT_PARENT) {
 +	    if (zap && q->dyn_type == DYN_LIMIT_PARENT) {
  		max_pass = 1; /* we need a second pass */
 -		if (zap == 1 && (pass == 0 || q->count != 0) ) {
 +		if (pass == 0 || q->count != 0) {
  		    zap = 0 ;
 -		    if (pass == 1) /* should not happen */
 +		    if (pass == 1 && force) /* should not happen */
  			printf("OUCH! cannot remove rule, count %d\n",
  				q->count);
  		}
 
 %%%
 
 But I suggest to switch to ipfw2 instead. Instructions are there:
 
 http://docs.freebsd.org/cgi/getmsg.cgi?fetch=805262+0+archive/2002/cvs-all/20020728.cvs-all
 
 -- 
 Maxim Konovalov, MAcomnet, Internet Dept., system engineer
 phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru
 
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209301350.g8UDo3wn013046>