Attachment 11146 Details for Bug 22065 – file.diff

[patch] file.diff

file.diff (text/plain), 2.95 KB, created by agifford on 2000-10-17 23:40:01 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: agifford

Created: 2000-10-17 23:40:01 UTC

Size: 2.95 KB

patch

obsolete

>--- sbin/ipfw/ipfw.c.orig       Tue Oct 17 07:44:55 2000
>+++ sbin/ipfw/ipfw.c    Tue Oct 17 16:08:36 2000
>@@ -383,6 +383,8 @@
>                     printf(" keep-state %d", (int)chain->next_rule_ptr);
>                 else
>                     printf(" keep-state");
>+               if (chain->fw_dyn_lifetime)
>+                   printf(" lifetime %d", (int)chain->fw_dyn_lifetime);
>         }
>         /* Direction */
>         if (chain->fw_flg & IP_FW_BRIDGED)
>@@ -837,6 +839,7 @@
> "    ipoptions [!]{ssrr|lsrr|rr|ts},...\n"
> "    tcpoptions [!]{mss|window|sack|ts|cc},...\n"
> "    icmptypes {type[,type]}...\n"
>+"    keep-state [lifetime <number>]\n"
> "  pipeconfig:\n"
> "    {bw|bandwidth} <number>{bit/s|Kbit/s|Mbit/s|Bytes/s|KBytes/s|MBytes/s}\n"
> "    {bw|bandwidth} interface_name\n"
>@@ -1821,6 +1824,15 @@
>                             (int)rule.next_rule_ptr = type ;
>                             av++; ac--;
>                         }
>+                       if (ac > 0 && !strncmp(*av,"lifetime",strlen(*av))) {
>+                           u_long lifetime ;
>+
>+                           av++; ac--;
>+                           if (ac > 0 && (lifetime = atoi(*av)) != 0) {
>+                               rule.fw_dyn_lifetime = lifetime;
>+                               av++; ac--;
>+                           }
>+                       }
>                         continue;
>                 }
>                 if (!strncmp(*av,"bridged",strlen(*av))) {
>--- sbin/ipfw/ipfw.8.orig       Tue Oct 17 07:09:53 2000
>+++ sbin/ipfw/ipfw.8    Tue Oct 17 16:08:36 2000
>@@ -605,18 +605,38 @@
> interface.
> .It Ar options :
> .Bl -tag -width indent
>-.It Cm keep-state Op Ar method
>+.It Xo Cm keep-state Op Ar method
>+.Op Cm lifetime Ar number
>+.Xc
> Upon a match, the firewall will create a dynamic rule, whose
>-default behaviour is to matching bidirectional traffic between
>+default behaviour is to match bidirectional traffic between
> source and destination IP/port using the same protocol.
>-The rule has a limited lifetime (controlled by a set of
>+The rule has a limited lifetime controlled by a set of
> .Xr sysctl 8
>-variables), and the lifetime is refreshed every time a matching
>-packet is found.
>+variables that may be overridden on a per-rule basis.
>+The lifetime is refreshed every time a matching packet is
>+found.
> .Pp
> The actual behaviour can be modified by specifying a different
> .Ar method ,
> although at the moment only the default one is specified.
>+.Pp
>+The default rule lifetime may be overridden for a specific
>+rule by appending
>+.Cm lifetime Ar number
>+to explicitly set the number of seconds for the dynamic rule
>+lifetime.
>+.Pp
>+For TCP rules, explicitly setting a rule lifetime overrides the
>+default setting stored in the
>+.Xr sysctl 8
>+variable
>+.Em net.inet.ip.fw.dyn_ack_lifetime .
>+For non-TCP rules, it overrides the
>+.Xr sysctl 8
>+variable
>+.Em net.inet.ip.fw.dyn_short_lifetime
>+instead.
> .It Cm bridged
> Matches only bridged packets.
> This can be useful for multicast or broadcast traffic, which

Actions: View | Diff

Attachments on bug 22065: 11144 | 11145 | 11146