From owner-freebsd-ipfw@FreeBSD.ORG  Wed Dec 29 20:55:55 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AB03E16A4CE
	for <freebsd-ipfw@freebsd.org>; Wed, 29 Dec 2004 20:55:55 +0000 (GMT)
Received: from mail1.webmaster.com (mail1.webmaster.com [216.152.64.168])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8805343D39
	for <freebsd-ipfw@freebsd.org>; Wed, 29 Dec 2004 20:55:55 +0000 (GMT)
	(envelope-from davids@webmaster.com)
Received: from however by webmaster.com
	(MDaemon.PRO.v7.1.0.R)
	with ESMTP id md50000341924.msg
	for <freebsd-ipfw@freebsd.org>; Wed, 29 Dec 2004 12:31:56 -0800
From: "David Schwartz" <davids@webmaster.com>
Cc: <freebsd-ipfw@freebsd.org>
Date: Wed, 29 Dec 2004 12:55:53 -0800
Message-ID: <MDEHLPKNGKAHNMBLJOLKCEADAMAB.davids@webmaster.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
In-Reply-To: <Pine.BSF.4.53.0412290829280.9444@e0-0.zab2.int.zabbadoz.net>
X-Authenticated-Sender: joelkatz@webmaster.com
X-Spam-Processed: mail1.webmaster.com, Wed, 29 Dec 2004 12:31:56 -0800
	(not processed: message from trusted or authenticated source)
X-MDRemoteIP: 206.171.168.138
X-Return-Path: davids@webmaster.com
X-MDaemon-Deliver-To: freebsd-ipfw@freebsd.org
X-MDAV-Processed: mail1.webmaster.com, Wed, 29 Dec 2004 12:31:56 -0800
Subject: RE: PATCH: AGAIN, Add creation time to dynamic firewall rules
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: davids@webmaster.com
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Dec 2004 20:55:55 -0000


> > 	I submitted this email and patch about a month ago. I
> received a few "this
> > is a good idea" type replies. I'd like to see it committed to current.
> ....
> > > --- ip_fw.h	1.89.2.2 2004/10/03 17:04:40
> > > +++ ip_fw.h	Fri Nov 26 18:51:15 2004
> > > @@ -353,6 +353,7 @@ struct _ipfw_dyn_rule {
> > >  	u_int64_t	bcnt;		/* byte match counter		*/
> > >  	struct ipfw_flow_id id;		/* (masked) flow id		*/
> > >  	u_int32_t	expire;		/* expire time			*/
> > > +	u_int32_t	created;	/* creation time		*/
> > >  	u_int32_t	bucket;		/* which bucket in hash table	*/
> > >  	u_int32_t	state;		/* state of this rule (typically a
>
> *hmm* on sparc times are already 64bit. Does that matter?
>
> --
> Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT

	The creation time logic is a clone of the expire time logic with suitable
alterations for times in the past instead of the future. An unsigned 32-bit
integer seems to be enough for seconds in the past or future and this is the
from the ipfw code uses.

	DS