Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Jul 2002 16:47:18 -0700 (PDT)
From:      Luigi Rizzo <luigi@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/netinet ip_fw.h ip_fw2.c
Message-ID:  <200207142347.g6ENlIES037731@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
luigi       2002/07/14 16:47:18 PDT

  Modified files:
    sys/netinet          ip_fw.h ip_fw2.c 
  Log:
  Implement keepalives for dynamic rules, so they will not expire
  just because you leave your session idle.
  
  Also, put in a fix for 64-bit architectures (to be revised).
  
  In detail:
  
  ip_fw.h
  
    * Reorder fields in struct ip_fw to avoid alignment problems on
      64-bit machines. This only masks the problem, I am still not
      sure whether I am doing something wrong in the code or there
      is a problem elsewhere (e.g. different aligmnent of structures
      between userland and kernel because of pragmas etc.)
  
    * added fields in dyn_rule to store ack numbers, so we can
      generate keepalives when the dynamic rule is about to expire
  
  ip_fw2.c
  
    * use a local function, send_pkt(), to generate TCP RST for Reset rules;
  
    * save about 250 bytes by cleaning up the various snprintf()
      in ipfw_log() ...
  
    * ... and use twice as many bytes to implement keepalives
      (this seems to be working, but i have not tested it extensively).
  
  Keepalives are generated once every 5 seconds for the last 20 seconds
  of the lifetime of a dynamic rule for an established TCP flow.  The
  packets are sent to both sides, so if at least one of the endpoints
  is responding, the timeout is refreshed and the rule will not expire.
  
  You can disable this feature with
  
          sysctl net.inet.ip.fw.dyn_keepalive=0
  
  (the default is 1, to have them enabled).
  
  MFC after: 1 day
  
  (just kidding... I will supply an updated version of ipfw2 for
  RELENG_4 tomorrow).
  
  Revision  Changes    Path
  1.72      +5 -3      src/sys/netinet/ip_fw.h
  1.5       +145 -104  src/sys/netinet/ip_fw2.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207142347.g6ENlIES037731>