From oogali@intranova.net  Wed May  3 04:03:31 2000
Return-Path: <oogali@intranova.net>
Received: from hydrant.intranova.net (msb-ts-slip11.UMDNJ.EDU [130.219.28.71])
	by hub.freebsd.org (Postfix) with SMTP id 0A41737BBEC
	for <freebsd-gnats-submit@freebsd.org>; Wed,  3 May 2000 04:03:28 -0700 (PDT)
	(envelope-from oogali@intranova.net)
Received: (qmail 603 invoked from network); 3 May 2000 11:03:38 -0000
Received: from localhost.abuselabs.com (HELO localhost) (missnglnk@127.0.0.1)
  by localhost.abuselabs.com with SMTP; 3 May 2000 11:03:38 -0000
Message-Id: <Pine.BSF.4.10.10005030702090.424-100000@hydrant.intranova.net>
Date: Wed, 3 May 2000 07:03:38 -0400 (EDT)
From: Omachonu Ogali <oogali@intranova.net>
To: freebsd-gnats-submit@freebsd.org
Subject: ipfw(8) rules increment by fixed value

>Number:         18366
>Category:       kern
>Synopsis:       Ipfw rule incrementing is fixed value
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    billf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May  3 04:10:00 PDT 2000
>Closed-Date:    Tue Jul 09 01:55:52 PDT 2002
>Last-Modified:  Tue Jul 09 01:55:52 PDT 2002
>Originator:     Omachonu Ogali
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Intranova Networking Group 
>Environment:

Any FreeBSD version on any FreeBSD-capable platform.

>Description:

When adding a rule to ipfw(8), the next rule is automatically the
highest numbered rule plus 100. Depending on your situation and how
many rules you deal with, this may be a problem for you.

>How-To-Repeat:

Add any ipfw entry.

>Fix:

Patch:

-- snip -- 
--- sys/netinet/ip_fw.c.orig	Wed May  3 06:42:28 2000
+++ sys/netinet/ip_fw.c	Wed May  3 06:46:29 2000
@@ -176,6 +176,10 @@
     &dyn_rst_lifetime, 0, "Lifetime of dyn. rules for other situations");
 #endif /* STATEFUL */
 
+static u_int32_t rule_increment = 100;
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, rule_increment, CTLFLAG_RW,
+    &rule_increment, 0, "Value to increment non-numbered ipfw rules by");
+
 #endif
 
 #define dprintf(a)	do {						\
@@ -1440,7 +1444,7 @@
 		return(0);
         }
 
-	/* If entry number is 0, find highest numbered rule and add 100 */
+	/* If entry number is 0, find highest numbered rule and add rule_increment */
 	if (ftmp->fw_number == 0) {
 		for (fcp = LIST_FIRST(chainptr); fcp; fcp = LIST_NEXT(fcp, chain)) {
 			if (fcp->rule->fw_number != (u_short)-1)
@@ -1448,8 +1452,8 @@
 			else
 				break;
 		}
-		if (nbr < IPFW_DEFAULT_RULE - 100)
-			nbr += 100;
+		if (nbr < IPFW_DEFAULT_RULE - rule_increment)
+			nbr += rule_increment;
 		ftmp->fw_number = nbr;
 	}
-- snip -- 

-- 
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogali@intranova.net |
| Intranova Networking Group                 http://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->billf 
Responsible-Changed-By: johan 
Responsible-Changed-When: Thu Aug 24 04:55:40 PDT 2000 
Responsible-Changed-Why:  
Over to ipfw maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18366 
Responsible-Changed-From-To: billf->freebsd-bugs 
Responsible-Changed-By: johan 
Responsible-Changed-When: Thu Aug 24 05:11:34 PDT 2000 
Responsible-Changed-Why:  
Whoops, I got this wrong in my personel maintainer notes :-( 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18366 
Responsible-Changed-From-To: freebsd-bugs->luigi 
Responsible-Changed-By: johan 
Responsible-Changed-When: Thu Aug 24 05:20:11 PDT 2000 
Responsible-Changed-Why:  
Over to ipfw maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18366 
State-Changed-From-To: open->analyzed 
State-Changed-By: billf 
State-Changed-When: Thu Aug 24 07:23:48 PDT 2000 
State-Changed-Why:  
I have the exact same change in my local ipfw tree(modulo 
the variable name :->), and it works. 


Responsible-Changed-From-To: luigi->billf 
Responsible-Changed-By: billf 
Responsible-Changed-When: Thu Aug 24 07:23:48 PDT 2000 
Responsible-Changed-Why:  
I'll commit this anyways. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18366 
State-Changed-From-To: analyzed->closed 
State-Changed-By: billf 
State-Changed-When: Tue Jul 9 01:55:11 PDT 2002 
State-Changed-Why:  
ipfw2 has this sysctl available. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18366 
>Unformatted:
 X-send-pr-version: 3.2
 
