Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 27 Nov 2004 11:58:38 -0800
From:      Brooks Davis <brooks@one-eyed-alien.net>
To:        David Schwartz <davids@webmaster.com>
Cc:        "freebsd-current@FreeBSD. org" <freebsd-current@freebsd.org>
Subject:   Re: Add creation time to dynamic firewall rules
Message-ID:  <20041127195838.GA9781@odin.ac.hmc.edu>
In-Reply-To: <MDEHLPKNGKAHNMBLJOLKCEGFABAB.davids@webmaster.com>
References:  <MDEHLPKNGKAHNMBLJOLKEEGCABAB.davids@webmaster.com> <MDEHLPKNGKAHNMBLJOLKCEGFABAB.davids@webmaster.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 26, 2004 at 07:47:00PM -0800, David Schwartz wrote:
>=20
> 	Here it is, tested and working. There were two bugs in the previous post,
> pretty amazing for 7 lines of core. ;)
>=20
> 	Again, this patch adds the creation time to every dynamic firewall rule.
> This allows you to see how stable a connection is and to estimate the
> average bandwidth. A '-C' flag is added to 'ipfw' to display how much time
> since the rule was created rather than how long until it expires.
>=20
> 	The cost is 4 bytes per dynamic firewall rule. This is consumed kernel
> memory and copying when you dump the dynamic firewall rules. It also adds=
 an
> extra computation when the rules are retrieved (to relativize the time, as
> is done with the expiration time).
>=20
> 	This patch is released under the FreeBSD license and I would like it to =
be
> considered for inclusion in the kernel. Patch is against 5_STABLE and sho=
uld
> easily port to other streams. The version and time stamps are in the diff.

This seems reasionable to me, but I don't run a large dynamic firewall.
You should post this to the freebsd-ipfw list to get more targeted
review.

-- Brooks

--SLDf9lqlvOQaIe6s
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBqNxtXY6L6fI4GtQRAjXrAKCjVuQdBh5Tp0KONBxg16arxzPxGwCg081a
DDeXIulv5dLEOFL55Mp1eu0=
=C6Go
-----END PGP SIGNATURE-----

--SLDf9lqlvOQaIe6s--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041127195838.GA9781>