Add creation time to dynamic firewall rules
Brooks Davis
brooks at one-eyed-alien.net
Sat Nov 27 11:58:20 PST 2004
On Fri, Nov 26, 2004 at 07:47:00PM -0800, David Schwartz wrote:
>
> Here it is, tested and working. There were two bugs in the previous post,
> pretty amazing for 7 lines of core. ;)
>
> Again, this patch adds the creation time to every dynamic firewall rule.
> This allows you to see how stable a connection is and to estimate the
> average bandwidth. A '-C' flag is added to 'ipfw' to display how much time
> since the rule was created rather than how long until it expires.
>
> The cost is 4 bytes per dynamic firewall rule. This is consumed kernel
> memory and copying when you dump the dynamic firewall rules. It also adds an
> extra computation when the rules are retrieved (to relativize the time, as
> is done with the expiration time).
>
> This patch is released under the FreeBSD license and I would like it to be
> considered for inclusion in the kernel. Patch is against 5_STABLE and should
> easily port to other streams. The version and time stamps are in the diff.
This seems reasionable to me, but I don't run a large dynamic firewall.
You should post this to the freebsd-ipfw list to get more targeted
review.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20041127/c8ada4ac/attachment.bin
More information about the freebsd-current
mailing list