Date: Wed, 29 Dec 2004 12:55:53 -0800 From: "David Schwartz" <davids@webmaster.com> Cc: <freebsd-ipfw@freebsd.org> Subject: RE: PATCH: AGAIN, Add creation time to dynamic firewall rules Message-ID: <MDEHLPKNGKAHNMBLJOLKCEADAMAB.davids@webmaster.com> In-Reply-To: <Pine.BSF.4.53.0412290829280.9444@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I submitted this email and patch about a month ago. I
> received a few "this
> > is a good idea" type replies. I'd like to see it committed to current.
> ....
> > > --- ip_fw.h 1.89.2.2 2004/10/03 17:04:40
> > > +++ ip_fw.h Fri Nov 26 18:51:15 2004
> > > @@ -353,6 +353,7 @@ struct _ipfw_dyn_rule {
> > > u_int64_t bcnt; /* byte match counter */
> > > struct ipfw_flow_id id; /* (masked) flow id */
> > > u_int32_t expire; /* expire time */
> > > + u_int32_t created; /* creation time */
> > > u_int32_t bucket; /* which bucket in hash table */
> > > u_int32_t state; /* state of this rule (typically a
>
> *hmm* on sparc times are already 64bit. Does that matter?
>
> --
> Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
The creation time logic is a clone of the expire time logic with suitable
alterations for times in the past instead of the future. An unsigned 32-bit
integer seems to be enough for seconds in the past or future and this is the
from the ipfw code uses.
DS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MDEHLPKNGKAHNMBLJOLKCEADAMAB.davids>