Bug 18366

Summary: Ipfw rule incrementing is fixed value
Product: Base System Reporter: oogali <oogali>
Component: kernAssignee: bill fumerola <billf>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   

Description oogali 2000-05-03 12:10:00 UTC 
When adding a rule to ipfw(8), the next rule is automatically the
highest numbered rule plus 100. Depending on your situation and how
many rules you deal with, this may be a problem for you.

Fix: Patch:

-- snip -- 


-- 
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogali@intranova.net |
| Intranova Networking Group                 http://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+--ZYURKWlbpM1JxPO01QIgRaiyGQFzKv8A2xvp1DjGci8gwpTF
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

--- sys/netinet/ip_fw.c.orig	Wed May  3 06:42:28 2000
+++ sys/netinet/ip_fw.c	Wed May  3 06:46:29 2000
@@ -176,6 +176,10 @@
     &dyn_rst_lifetime, 0, "Lifetime of dyn. rules for other situations");
 #endif /* STATEFUL */
 
+static u_int32_t rule_increment = 100;
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, rule_increment, CTLFLAG_RW,
+    &rule_increment, 0, "Value to increment non-numbered ipfw rules by");
+
 #endif
 
 #define dprintf(a)	do {						\
@@ -1440,7 +1444,7 @@
 		return(0);
         }
 
-	/* If entry number is 0, find highest numbered rule and add 100 */
+	/* If entry number is 0, find highest numbered rule and add rule_increment */
 	if (ftmp->fw_number == 0) {
 		for (fcp = LIST_FIRST(chainptr); fcp; fcp = LIST_NEXT(fcp, chain)) {
 			if (fcp->rule->fw_number != (u_short)-1)
@@ -1448,8 +1452,8 @@
 			else
 				break;
 		}
-		if (nbr < IPFW_DEFAULT_RULE - 100)
-			nbr += 100;
+		if (nbr < IPFW_DEFAULT_RULE - rule_increment)
+			nbr += rule_increment;
 		ftmp->fw_number = nbr;
 	}
-- snip -- 
How-To-Repeat: 
Add any ipfw entry.
Comment 1 Johan Karlsson freebsd_committer freebsd_triage 2000-08-24 12:55:40 UTC 
Responsible Changed
From-To: freebsd-bugs->billf

Over to ipfw maintainer.
Comment 2 Johan Karlsson freebsd_committer freebsd_triage 2000-08-24 13:11:34 UTC 
Responsible Changed
From-To: billf->freebsd-bugs

Whoops, I got this wrong in my personel maintainer notes :-(
Comment 3 Johan Karlsson freebsd_committer freebsd_triage 2000-08-24 13:20:11 UTC 
Responsible Changed
From-To: freebsd-bugs->luigi

Over to ipfw maintainer.
Comment 4 bill fumerola freebsd_committer freebsd_triage 2000-08-24 15:23:48 UTC 
State Changed
From-To: open->analyzed

I have the exact same change in my local ipfw tree(modulo 
the variable name :->), and it works.
Comment 5 bill fumerola freebsd_committer freebsd_triage 2000-08-24 15:23:48 UTC 
Responsible Changed
From-To: luigi->billf

I'll commit this anyways.
Comment 6 bill fumerola freebsd_committer freebsd_triage 2002-07-09 09:55:11 UTC 
State Changed
From-To: analyzed->closed

ipfw2 has this sysctl available.