On Fri, Nov 26, 2004 at 07:47:00PM -0800, David Schwartz wrote: > > Here it is, tested and working. There were two bugs in the previous post, > pretty amazing for 7 lines of core. ;) > > Again, this patch adds the creation time to every dynamic firewall rule. > This allows you to see how stable a connection is and to estimate the > average bandwidth. A '-C' flag is added to 'ipfw' to display how much time > since the rule was created rather than how long until it expires. > > The cost is 4 bytes per dynamic firewall rule. This is consumed kernel > memory and copying when you dump the dynamic firewall rules. It also adds an > extra computation when the rules are retrieved (to relativize the time, as > is done with the expiration time). > > This patch is released under the FreeBSD license and I would like it to be > considered for inclusion in the kernel. Patch is against 5_STABLE and should > easily port to other streams. The version and time stamps are in the diff. This seems reasionable to me, but I don't run a large dynamic firewall. You should post this to the freebsd-ipfw list to get more targeted review. -- Brooks
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:23 UTC