From patrick@mindstep.com  Tue Oct  3 15:03:23 2000
Return-Path: <patrick@mindstep.com>
Received: from modemcable101.200-201-24.mtl.mc.videotron.ca (modemcable140.61-201-24.mtl.mc.videotron.ca [24.201.61.140])
	by hub.freebsd.org (Postfix) with SMTP id 635C237B66C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  3 Oct 2000 15:02:47 -0700 (PDT)
Received: (qmail 13825 invoked by alias); 3 Oct 2000 22:02:46 -0000
Received: (qmail 13821 invoked from network); 3 Oct 2000 22:02:46 -0000
Received: from nitro.local.mindstep.com (qmailr@192.168.10.2)
  by jacuzzi.local.mindstep.com with SMTP; 3 Oct 2000 22:02:46 -0000
Received: (qmail 3915 invoked by uid 0); 3 Oct 2000 22:06:14 -0000
Message-Id: <20001003220614.3914.qmail@nitro.local.mindstep.com>
Date: 3 Oct 2000 22:06:14 -0000
From: patrick@mindstep.com
Reply-To: patrick@mindstep.com
To: freefall-gnats@mindstep.com
Subject: Let ipfw increment rules by arbitrary amount

>Number:         21735
>Category:       kern
>Synopsis:       Let ipfw increment rules by arbitrary amount
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    billf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 03 15:10:01 PDT 2000
>Closed-Date:    Tue Oct 3 15:11:13 PDT 2000
>Last-Modified:  Tue Oct 03 15:12:11 PDT 2000
>Originator:     Patrick Bihan-Faou
>Release:        FreeBSD 4.1.1-STABLE i386
>Organization:
MindStep Corporation
>Environment:

FreeBSD nitro 4.1.1-STABLE FreeBSD 4.1.1-STABLE #0: Tue Oct  3 17:42:33 EDT 2000     patrick@nitro:/music/usr_obj/music/usr_src/sys/NITRO  i386

Source code CVSup'd today

>Description:

The following patch adds a sysctl variable to set the amount by
which the rule numbers are incremented when they are not specified
on the command line.

This is usefull to create large rule sets with variable number of
rules.


The following patch to sys/inet/ip_fw.c and sbin/ipfw/ipfw.8 are based
on the code in the RELENG_4 branch.

Loca testing was done.

>How-To-Repeat:

n/a

>Fix:


--- sys/netinet/ip_fw.c.orig	Tue Oct  3 13:49:23 2000
+++ sys/netinet/ip_fw.c	Tue Oct  3 14:01:36 2000
@@ -78,6 +78,7 @@
 #else
 static int fw_verbose_limit = 0;
 #endif
+static int fw_auto_increment = 100;
 
 static u_int64_t counter;	/* counter for ipfw_report(NULL...) */
 struct ipfw_flow_id last_pkt ;
@@ -102,6 +103,8 @@
     &fw_verbose, 0, "Log matches to ipfw rules");
 SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, 
     &fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, auto_increment, CTLFLAG_RW, 
+    &fw_auto_increment, 0, "Amount by which to increment rule numbers when it is not specified");
 
 #if STATEFUL
 /*
@@ -1458,7 +1461,7 @@
 		return(0);
         }
 
-	/* If entry number is 0, find highest numbered rule and add 100 */
+	/* If entry number is 0, find highest numbered rule and add fw_auto_increment */
 	if (ftmp->fw_number == 0) {
 		for (fcp = LIST_FIRST(chainptr); fcp; fcp = LIST_NEXT(fcp, chain)) {
 			if (fcp->rule->fw_number != (u_short)-1)
@@ -1466,8 +1469,8 @@
 			else
 				break;
 		}
-		if (nbr < IPFW_DEFAULT_RULE - 100)
-			nbr += 100;
+		if (nbr < IPFW_DEFAULT_RULE - fw_auto_increment)
+			nbr += fw_auto_increment;
 		ftmp->fw_number = nbr;
 	}
 
--- sbin/ipfw/ipfw.8.orig	Tue Oct  3 14:11:34 2000
+++ sbin/ipfw/ipfw.8	Tue Oct  3 14:15:10 2000
@@ -1056,6 +1056,8 @@
 firewall even if compiled in.
 .It Em net.inet.ip.fw.verbose_limit : No 0
 Limits the number of messages produced by a verbose firewall.
+.It Em net.inet.ip.fw.auto_increment : No 100
+Amount by which to increment the current rule number when none is specified
 .It Em net.inet.ip.fw.dyn_buckets : No 256
 .It Em net.inet.ip.fw.curr_dyn_buckets : No 256
 The configured and current size of the hash table used to

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: billf 
State-Changed-When: Tue Oct 3 15:11:13 PDT 2000 
State-Changed-Why:  
Duplicate of pr#18366 


Responsible-Changed-From-To: freebsd-bugs->billf 
Responsible-Changed-By: billf 
Responsible-Changed-When: Tue Oct 3 15:11:13 PDT 2000 
Responsible-Changed-Why:  
Keep this where I can grab it, I'll probably still use the man page delta. 
thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21735 
>Unformatted:
 X-send-pr-version: 3.2
 
 
