Date: Wed, 11 Aug 1999 08:34:48 -0700 (PDT) From: Luigi Rizzo <luigi@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw.h ip_fw.c Message-ID: <199908111534.IAA82092@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
luigi 1999/08/11 08:34:48 PDT
Modified files:
sys/netinet ip_fw.h ip_fw.c
Log:
Implement probabilistic rule match in ipfw. Each rule can be associated
with a match probability to achieve non-deterministic behaviour of
the firewall. This can be extremely useful for testing purposes
such as simulating random packet drop without having to use dummynet
(which already does the same thing), and simulating multipath effects
and the associated out-of-order delivery (this time in conjunction
with dummynet).
The overhead on normal rules is just one comparison with 0.
Since it would have been trivial to implement this by just adding
a field to the ip_fw structure, I decided to do it in a
backward-compatible way (i.e. struct ip_fw is unchanged, and as a
consequence you don't need to recompile ipfw if you don't want to
use this feature), since this was also useful for -STABLE.
When, at some point, someone decides to change struct ip_fw, please
add a length field and a version number at the beginning, so userland
apps can keep working even if they are out of sync with the kernel.
Revision Changes Path
1.41 +20 -2 src/sys/netinet/ip_fw.h
1.117 +18 -7 src/sys/netinet/ip_fw.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908111534.IAA82092>