From owner-freebsd-current@FreeBSD.ORG Sat Nov 27 19:58:20 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B408A16A4CE for ; Sat, 27 Nov 2004 19:58:20 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88BC143D31 for ; Sat, 27 Nov 2004 19:58:20 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id iARJwcCo009870; Sat, 27 Nov 2004 11:58:38 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id iARJwckn009869; Sat, 27 Nov 2004 11:58:38 -0800 Date: Sat, 27 Nov 2004 11:58:38 -0800 From: Brooks Davis To: David Schwartz Message-ID: <20041127195838.GA9781@odin.ac.hmc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: "freebsd-current@FreeBSD. org" Subject: Re: Add creation time to dynamic firewall rules X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Nov 2004 19:58:20 -0000 --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 26, 2004 at 07:47:00PM -0800, David Schwartz wrote: >=20 > Here it is, tested and working. There were two bugs in the previous post, > pretty amazing for 7 lines of core. ;) >=20 > Again, this patch adds the creation time to every dynamic firewall rule. > This allows you to see how stable a connection is and to estimate the > average bandwidth. A '-C' flag is added to 'ipfw' to display how much time > since the rule was created rather than how long until it expires. >=20 > The cost is 4 bytes per dynamic firewall rule. This is consumed kernel > memory and copying when you dump the dynamic firewall rules. It also adds= an > extra computation when the rules are retrieved (to relativize the time, as > is done with the expiration time). >=20 > This patch is released under the FreeBSD license and I would like it to = be > considered for inclusion in the kernel. Patch is against 5_STABLE and sho= uld > easily port to other streams. The version and time stamps are in the diff. This seems reasionable to me, but I don't run a large dynamic firewall. You should post this to the freebsd-ipfw list to get more targeted review. -- Brooks --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBqNxtXY6L6fI4GtQRAjXrAKCjVuQdBh5Tp0KONBxg16arxzPxGwCg081a DDeXIulv5dLEOFL55Mp1eu0= =C6Go -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--