From cub@digma.com.ua  Wed Sep 11 05:12:03 2002
Return-Path: <cub@digma.com.ua>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 56D3137B401
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 11 Sep 2002 05:12:03 -0700 (PDT)
Received: from digma.kharkov.ua (digma.kharkov.ua [217.12.194.76])
	by mx1.FreeBSD.org (Postfix) with SMTP id B946D43E42
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 11 Sep 2002 05:11:58 -0700 (PDT)
	(envelope-from cub@digma.com.ua)
Received: (qmail 89348 invoked from network); 11 Sep 2002 12:10:59 -0000
Received: from demani.digma (HELO digma.com.ua) (cub@172.20.5.7)
  by ns.digma with SMTP; 11 Sep 2002 12:10:59 -0000
Message-Id: <3D7F3303.4090005@digma.com.ua>
Date: Wed, 11 Sep 2002 15:11:47 +0300
From: Kostyuk Oleg <cub@digma.com.ua>
To: FreeBSD-gnats-submit@freebsd.org
Subject: added new command 'checkpoint' to show and zero rules at one time

>Number:         42655
>Category:       bin
>Synopsis:       added new command 'checkpoint' to show and zero rules at one time
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    luigi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 11 05:20:01 PDT 2002
>Closed-Date:    Mon Jul 14 06:45:12 PDT 2003
>Last-Modified:  Mon Jul 14 06:45:12 PDT 2003
>Originator:     Oleg Kostyuk
>Release:        FreeBSD 4.6.2-RELEASE i386
>Organization:
>Environment:

 System: FreeBSD digma.com.ua 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE #0: Mon 
 Sep 2 10:19:31 EEST 2002 root@digma.com.ua:/usr/obj/usr/src/sys/DIGMA i386
 
 >Description:
          There is need to show-and-zero traffic counters in traffic
 	counting systems as one action. It is fact as between executing
 	'ipfw show' and 'ipfw zero' can be some NONACCOUNTED by traffic
 	accounting system (not by firewall) traffic.
          As a solution - to do these actions as one ipfw command.
  >How-To-Repeat:
  >Fix:
          patch applied
 
 --- ipfw.c.patch begins here ---
 --- src/sbin/ipfw/ipfw.c.orig   Wed Sep 11 14:06:16 2002
 +++ src/sbin/ipfw/ipfw.c        Wed Sep 11 14:32:34 2002
 @@ -867,6 +867,7 @@
   "    [pipe] list [number ...]\n"
   "    [pipe] show [number ...]\n"
   "    zero [number ...]\n"
 +"    checkpoint [number ...]\n"
   "    resetlog [number ...]\n"
   "    pipe number config [pipeconfig]\n"
   "  rule: [prob <match_probability>] action proto src dst extras...\n"
 @@ -2150,6 +2151,14 @@
   }
 
   static void
 +checkpoint (int ac, char *av[])
 +{
 +       do_acct++;
 +       list(ac-1, av+1);
 +       zero(ac, av);
 +}
 +
 +static void
   resetlog (int ac, char *av[])
   {
          struct ip_fw rule;
 @@ -2298,6 +2307,8 @@
                  }
          } else if (!strncmp(*av, "zero", strlen(*av))) {
                  zero(ac, av);
 +       } else if (!strncmp(*av, "checkpoint", strlen(*av))) {
 +               checkpoint(ac, av);
          } else if (!strncmp(*av, "resetlog", strlen(*av))) {
                  resetlog(ac, av);
          } else if (!strncmp(*av, "print", strlen(*av))) {
 --- ipfw.c.patch ends here ---

>Description:
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
Class-Changed-From-To: sw-bug->change-request 
Class-Changed-By: keramida 
Class-Changed-When: Thu Sep 19 10:33:30 PDT 2002 
Class-Changed-Why:  
Refile misfiled PR under bin/* and assign to freebsd-bugs. 

To the originator: 
When filling up the fields of the send-pr template, please only append 
text to the single-line field lines that start with '>' characters. 
Do not fill, do not justify, or ident those lines. 

Thanks for your submission :-) 


Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: keramida 
Responsible-Changed-When: Thu Sep 19 10:33:30 PDT 2002 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=42655 

From: Maxim Konovalov <maxim@FreeBSD.org>
To: Oleg Kostyuk <cub@digma.com.ua>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/42655: added new command 'checkpoint' to show and zero rules
 at one time
Date: Thu, 19 Sep 2002 22:20:38 +0400 (MSD)

 Hello,
 
 Your fix is incomplete. There is still a time frame between list() and
 zero(). It should be implemented in kernel.
 
 -- 
 Maxim Konovalov, maxim@FreeBSD.org
 
Responsible-Changed-From-To: freebsd-bugs->luigi 
Responsible-Changed-By: kris 
Responsible-Changed-When: Mon Jul 14 04:24:27 PDT 2003 
Responsible-Changed-Why:  
Assign to ipfw maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42655 
State-Changed-From-To: open->closed 
State-Changed-By: luigi 
State-Changed-When: Mon Jul 14 06:39:24 PDT 2003 
State-Changed-Why:  
The suggested patch does not work. 
The read-and-zero should be implemented atomically in the kernel, 
not in userland. But doing the thing atomically in the kernel is 
quite complex because you should make sure that the copyout does 
not fail after zeroing the counters. 

It is way more reliable to have the counters just report the absolute 
values, and compute differences between subsequent readings in 
userland (maybe by adding some support in ipfw to save a snapshot 
of the last reading and do some postprocessing based on it). 

cheers 
luigi 


http://www.freebsd.org/cgi/query-pr.cgi?pr=42655 
>Unformatted:
