PATCH: AGAIN, Add creation time to dynamic firewall rules
David Schwartz
davids at webmaster.com
Wed Dec 29 12:55:55 PST 2004
> > I submitted this email and patch about a month ago. I
> received a few "this
> > is a good idea" type replies. I'd like to see it committed to current.
> ....
> > > --- ip_fw.h 1.89.2.2 2004/10/03 17:04:40
> > > +++ ip_fw.h Fri Nov 26 18:51:15 2004
> > > @@ -353,6 +353,7 @@ struct _ipfw_dyn_rule {
> > > u_int64_t bcnt; /* byte match counter */
> > > struct ipfw_flow_id id; /* (masked) flow id */
> > > u_int32_t expire; /* expire time */
> > > + u_int32_t created; /* creation time */
> > > u_int32_t bucket; /* which bucket in hash table */
> > > u_int32_t state; /* state of this rule (typically a
>
> *hmm* on sparc times are already 64bit. Does that matter?
>
> --
> Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
The creation time logic is a clone of the expire time logic with suitable
alterations for times in the past instead of the future. An unsigned 32-bit
integer seems to be enough for seconds in the past or future and this is the
from the ipfw code uses.
DS
More information about the freebsd-ipfw
mailing list