From owner-freebsd-bugs  Sun Aug  6 17:10: 9 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 753B037BC7C
	for <freebsd-bugs@FreeBSD.org>; Sun,  6 Aug 2000 17:10:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id RAA67482;
	Sun, 6 Aug 2000 17:10:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Sun, 6 Aug 2000 17:10:03 -0700 (PDT)
Message-Id: <200008070010.RAA67482@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Bill Fumerola <billf@chimesnet.com>
Subject: Re: kern/20448: expired dynamic rules shown in "ipfw get" output
Reply-To: Bill Fumerola <billf@chimesnet.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/20448; it has been noted by GNATS.

From: Bill Fumerola <billf@chimesnet.com>
To: roland+freebsd@frob.com
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/20448: expired dynamic rules shown in "ipfw get" output
Date: Sun, 6 Aug 2000 20:06:53 -0400

 On Sun, Aug 06, 2000 at 04:54:43PM -0700, roland+freebsd@frob.com wrote:
 
 > >Fix:
 > I made the following change to sys/netinet/ip_fw.c, which simply
 > does the expired-rule collection procedure before walking the hash
 > table for an IP_FW_GET request.  It looks like the current version
 > of ip_fw.c has not changed this part of the code, so this change should still apply.
 [....]
 > 
 > diff -ubp /sys/netinet/ip_fw.c.~1~ /sys/netinet/ip_fw.c
 > --- /sys/netinet/ip_fw.c.~1~    Sun Aug  6 16:50:28 2000
 > +++ /sys/netinet/ip_fw.c        Sun Aug  6 16:50:28 2000
 > @@ -1720,6 +1720,7 @@ ip_fw_ctl(struct sockopt *sopt)
 >                     int i ;
 >                     struct ipfw_dyn_rule *p ;
 > 
 > +                   remove_dyn_rule(NULL, 0 /* expire */);
 >                     for (i = 0 ; i < curr_dyn_buckets ; i++ )
 >                         for ( p = ipfw_dyn_v[i] ; p != NULL ; p = p->next )
 >                             size += sizeof(*p) ;
 > 
 
 I believe this has to be called at splnet().
 
 -- 
 Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
                 billf@chimesnet.com / billf@FreeBSD.org
 
 
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message