Date: Fri, 5 Jan 2001 01:57:42 -0800 (PST) From: Jon Simola <jon@abccom.bc.ca> To: Luigi Rizzo <rizzo@aciri.org> Cc: ipfw@FreeBSD.ORG Subject: Re: Indexing IPFW rule Message-ID: <Pine.BSF.3.96.1010104235451.462h-100000@newmail.netbistro.com> In-Reply-To: <200101050744.f057ini96287@iguana.aciri.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 4 Jan 2001, Luigi Rizzo wrote:
> oh for traffic stats, you can replace the 'accept' rule with a "pipe N"
> action, where pipe N is configured as
>
> ipfw pipe N config mask src-ip 0xffffffff
Is there a way to zero the stats? I can't see a way to do that without
ipfw delete (pipe rule)
ipfw -f pipe flush
ipfw pipe N config
ipfw add (pipe rule)
> A more efficient way would be to install the access list in the
> kernel in a way which can be accessed in O(1) time. A possible
> example would be a 256-bit string which tells you which hosts
> are enabled and which ones are not.
> I'd definitely suggest this method, which looks straightforward
> to implement, and reasonably easy to understand (and you can
> still have traffic stats by replacing the action with a pipe!)
Yep, I'd have to agree with that.
> Only catch is that you might need more room in the ipfw struct.
Hmm...
---
Jon Simola <jon@abccom.bc.ca> | "In the near future - corporate networks
Systems Administrator | reach out to the stars, electrons and light
ABC Communications | flow throughout the universe." -- GITS
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010104235451.462h-100000>