Date: Sat, 27 Nov 2004 11:58:38 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: David Schwartz <davids@webmaster.com> Cc: "freebsd-current@FreeBSD. org" <freebsd-current@freebsd.org> Subject: Re: Add creation time to dynamic firewall rules Message-ID: <20041127195838.GA9781@odin.ac.hmc.edu> In-Reply-To: <MDEHLPKNGKAHNMBLJOLKCEGFABAB.davids@webmaster.com> References: <MDEHLPKNGKAHNMBLJOLKEEGCABAB.davids@webmaster.com> <MDEHLPKNGKAHNMBLJOLKCEGFABAB.davids@webmaster.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Fri, Nov 26, 2004 at 07:47:00PM -0800, David Schwartz wrote: > > Here it is, tested and working. There were two bugs in the previous post, > pretty amazing for 7 lines of core. ;) > > Again, this patch adds the creation time to every dynamic firewall rule. > This allows you to see how stable a connection is and to estimate the > average bandwidth. A '-C' flag is added to 'ipfw' to display how much time > since the rule was created rather than how long until it expires. > > The cost is 4 bytes per dynamic firewall rule. This is consumed kernel > memory and copying when you dump the dynamic firewall rules. It also adds an > extra computation when the rules are retrieved (to relativize the time, as > is done with the expiration time). > > This patch is released under the FreeBSD license and I would like it to be > considered for inclusion in the kernel. Patch is against 5_STABLE and should > easily port to other streams. The version and time stamps are in the diff. This seems reasionable to me, but I don't run a large dynamic firewall. You should post this to the freebsd-ipfw list to get more targeted review. -- Brooks [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBqNxtXY6L6fI4GtQRAjXrAKCjVuQdBh5Tp0KONBxg16arxzPxGwCg081a DDeXIulv5dLEOFL55Mp1eu0= =C6Go -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041127195838.GA9781>