The following reply was made to PR kern/189720; it has been noted by GNATS.

From: "bycn82" <byc...@gmail.com>
To: <bug-follo...@freebsd.org>,
        <byc...@gmail.com>
Cc: "Luigi Rizzo" <ri...@iet.unipi.it>
Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Sat, 31 May 2014 00:53:56 +0800

 This is a multipart message in MIME format.
 
 ------=_NextPart_000_0002_01CF7C6A.CF4B9B50
 Content-Type: multipart/alternative;
        boundary="----=_NextPart_001_0003_01CF7C6A.CF4B9B50"
 
 
 ------=_NextPart_001_0003_01CF7C6A.CF4B9B50
 Content-Type: text/plain;
        charset="utf-8"
 Content-Transfer-Encoding: 7bit
 
 1.       Add static int to store the value of kern.hz
 
 2.       Convert the duration into number of ticks based on  kern.hz
 
  
 
 regards,
 
 bycn82
 
 
 ------=_NextPart_001_0003_01CF7C6A.CF4B9B50
 Content-Type: text/html;
        charset="utf-8"
 Content-Transfer-Encoding: quoted-printable
 
 <html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
 xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
 xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
 xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
 xmlns=3D"http://www.w3.org/TR/REC-html40";><head><meta =
 http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta =
 name=3DGenerator content=3D"Microsoft Word 14 (filtered =
 medium)"><style><!--
 /* Font Definitions */
 @font-face
        {font-family:=E5=AE=8B=E4=BD=93;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
 @font-face
        {font-family:=E5=AE=8B=E4=BD=93;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
 @font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
 @font-face
        {font-family:"\@=E5=AE=8B=E4=BD=93";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
 a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
 a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
 p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
 span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
 .MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
 @page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
 div.WordSection1
        {page:WordSection1;}
 /* List Definitions */
 @list l0
        {mso-list-id:633340690;
        mso-list-type:hybrid;
        mso-list-template-ids:1182030700 67698703 67698713 67698715 67698703 =
 67698713 67698715 67698703 67698713 67698715;}
 @list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
 @list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
 @list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
 @list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
 @list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
 @list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
 @list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
 @list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
 @list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
 ol
        {margin-bottom:0in;}
 ul
        {margin-bottom:0in;}
 --></style><!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
 </xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
 <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue =
 vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoListParagraph =
 style=3D'text-indent:-.25in;mso-list:l0 level1 lfo1'><![if =
 !supportLists]><span style=3D'mso-list:Ignore'>1.<span =
 style=3D'font:7.0pt "Times New =
 Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><![endif]>Add =
 static int to store the value of kern.hz<o:p></o:p></p><p =
 class=3DMsoListParagraph style=3D'text-indent:-.25in;mso-list:l0 level1 =
 lfo1'><![if !supportLists]><span style=3D'mso-list:Ignore'>2.<span =
 style=3D'font:7.0pt "Times New =
 Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
 </span></span><![endif]>Convert the duration into number of ticks based =
 on =C2=A0kern.hz<o:p></o:p></p><p =
 class=3DMsoNormal><o:p>&nbsp;</o:p></p><p =
 class=3DMsoNormal>regards,<o:p></o:p></p><p =
 class=3DMsoNormal>bycn82<o:p></o:p></p></div></body></html>
 ------=_NextPart_001_0003_01CF7C6A.CF4B9B50--
 
 ------=_NextPart_000_0002_01CF7C6A.CF4B9B50
 Content-Type: application/octet-stream;
        name="pps.patch"
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: attachment;
        filename="pps.patch"
 
 Index: sbin/ipfw/ipfw.8=0A=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
 --- sbin/ipfw/ipfw.8   (revision 266886)=0A=
 +++ sbin/ipfw/ipfw.8   (working copy)=0A=
 @@ -602,6 +602,14 @@=0A=
  Note: logging is done after all other packet matching conditions=0A=
  have been successfully verified, and before performing the final=0A=
  action (accept, deny, etc.) on the packet.=0A=
 +.It Cm pps Ar limit duration=0A=
 +Rule with the =0A=
 +.Cm pps=0A=
 +keyword will allow the first=0A=
 +.Ar limit=0A=
 +packets in recent =0A=
 +.Ar duration =0A=
 +milliseconds=0A=
  .It Cm tag Ar number=0A=
  When a packet matches a rule with the=0A=
  .Cm tag=0A=
 Index: sbin/ipfw/ipfw2.c=0A=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
 --- sbin/ipfw/ipfw2.c  (revision 266886)=0A=
 +++ sbin/ipfw/ipfw2.c  (working copy)=0A=
 @@ -244,6 +244,7 @@=0A=
        { "allow",              TOK_ACCEPT },=0A=
        { "permit",             TOK_ACCEPT },=0A=
        { "count",              TOK_COUNT },=0A=
 +      { "pps",                TOK_PPS },=0A=
        { "pipe",               TOK_PIPE },=0A=
        { "queue",              TOK_QUEUE },=0A=
        { "divert",             TOK_DIVERT },=0A=
 @@ -1232,6 +1233,13 @@=0A=
                        PRINT_UINT_ARG("skipto ", cmd->arg1);=0A=
                        break;=0A=
  =0A=
 +              case O_PPS:=0A=
 +                      {=0A=
 +                      ipfw_insn_pps *pps=3D(ipfw_insn_pps *)cmd;=0A=
 +                      printf("pps %d %d",cmd->arg1,pps->duration);=0A=
 +                      break;                  =0A=
 +                      }=0A=
 +=0A=
                case O_PIPE:=0A=
                        PRINT_UINT_ARG("pipe ", cmd->arg1);=0A=
                        break;=0A=
 @@ -2985,6 +2993,24 @@=0A=
        case TOK_COUNT:=0A=
                action->opcode =3D O_COUNT;=0A=
                break;=0A=
 +              =0A=
 +      case TOK_PPS:=0A=
 +              action->opcode =3D O_PPS;=0A=
 +              ipfw_insn_pps *p =3D (ipfw_insn_pps *)action;=0A=
 +              action->len =3D F_INSN_SIZE(ipfw_insn_pps);=0A=
 +              if (isdigit(**av)) {=0A=
 +                      action->arg1 =3D strtoul(*av, NULL, 10);=0A=
 +                      av++;=0A=
 +              }else{=0A=
 +                      errx(EX_USAGE, "illegal argument pps `limit` %s", 
*av);=0A=
 +              }=0A=
 +              if (isdigit(**av)) {=0A=
 +                      p->duration =3D strtoul(*av, NULL, 10);=0A=
 +                      av++;=0A=
 +              }else{=0A=
 +                      errx(EX_USAGE,"illegal arugment pps `duration` %s", 
*av);=0A=
 +              }=0A=
 +              break;  =0A=
  =0A=
        case TOK_NAT:=0A=
                action->opcode =3D O_NAT;=0A=
 Index: sbin/ipfw/ipfw2.h=0A=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
 --- sbin/ipfw/ipfw2.h  (revision 266886)=0A=
 +++ sbin/ipfw/ipfw2.h  (working copy)=0A=
 @@ -92,6 +92,7 @@=0A=
        TOK_NGTEE,=0A=
        TOK_FORWARD,=0A=
        TOK_SKIPTO,=0A=
 +      TOK_PPS,=0A=
        TOK_DENY,=0A=
        TOK_REJECT,=0A=
        TOK_RESET,=0A=
 Index: sys/netinet/ip_fw.h=0A=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
 --- sys/netinet/ip_fw.h        (revision 266886)=0A=
 +++ sys/netinet/ip_fw.h        (working copy)=0A=
 @@ -165,6 +165,7 @@=0A=
        O_REJECT,               /* arg1=3Dicmp arg (same as deny)       */=0A=
        O_COUNT,                /* none                         */=0A=
        O_SKIPTO,               /* arg1=3Dnext rule number      */=0A=
 +      O_PPS,                  /* arg1=3Dlimit, pps->duration */=0A=
        O_PIPE,                 /* arg1=3Dpipe number           */=0A=
        O_QUEUE,                /* arg1=3Dqueue number          */=0A=
        O_DIVERT,               /* arg1=3Dport number           */=0A=
 @@ -378,6 +379,16 @@=0A=
  } ipfw_insn_log;=0A=
  =0A=
  /*=0A=
 + *    This is used for PPS=0A=
 + */=0A=
 +typedef struct _ipfw_insn_pps{=0A=
 +      ipfw_insn o;=0A=
 +      uint32_t start_time;=0A=
 +      uint32_t count;=0A=
 +      uint32_t duration;=0A=
 +} ipfw_insn_pps;=0A=
 +=0A=
 +/*=0A=
   * Data structures required by both ipfw(8) and ipfw(4) but not part of =
 the=0A=
   * management API are protected by IPFW_INTERNAL.=0A=
   */=0A=
 Index: sys/netpfil/ipfw/ip_fw2.c=0A=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
 --- sys/netpfil/ipfw/ip_fw2.c  (revision 266886)=0A=
 +++ sys/netpfil/ipfw/ip_fw2.c  (working copy)=0A=
 @@ -124,6 +124,7 @@=0A=
  /* Use 128 tables by default */=0A=
  static unsigned int default_fw_tables =3D IPFW_TABLES_DEFAULT;=0A=
  =0A=
 +static unsigned int kern_hz=3D1000;=0A=
  /*=0A=
   * Each rule belongs to one of 32 different sets (0..31).=0A=
   * The variable set_disable contains one bit per set.=0A=
 @@ -186,6 +187,7 @@=0A=
  SYSCTL_VNET_INT(_net_inet_ip_fw, OID_AUTO, static_count,=0A=
      CTLFLAG_RD, &VNET_NAME(layer3_chain.n_rules), 0,=0A=
      "Number of static rules");=0A=
 +TUNABLE_INT("kern.hz", (int *)&kern_hz);=0A=
  =0A=
  #ifdef INET6=0A=
  SYSCTL_DECL(_net_inet6_ip6);=0A=
 @@ -2189,6 +2191,31 @@=0A=
                            continue;=0A=
                            break;      /* not reached */=0A=
  =0A=
 +                      case O_PPS:{=0A=
 +                              int duration_in_ticks;=0A=
 +                              ipfw_insn_pps *pps =3D (ipfw_insn_pps *)cmd;=0A=
 +                              if(1000/kern_hz >=3D pps->duration){=0A=
 +                                      duration_in_ticks=3D1;=0A=
 +                              }else{=0A=
 +                                      
duration_in_ticks=3Dpps->duration*kern_hz/1000+1;=0A=
 +                              }=0A=
 +                              if(pps->start_time+duration_in_ticks>=3D 
ticks){=0A=
 +                                      if(pps->count < cmd->arg1){=0A=
 +                                              retval =3D IP_FW_PASS;=0A=
 +                                      }else{=0A=
 +                                              retval =3D IP_FW_DENY;=0A=
 +                                      }=0A=
 +                                      pps->count++;=0A=
 +                              }else{=0A=
 +                                      pps->start_time=3Dticks;=0A=
 +                                      pps->count=3D1;=0A=
 +                                      retval =3D IP_FW_PASS;=0A=
 +                              }=0A=
 +                              l =3D 0;                =0A=
 +                              done =3D 1;=0A=
 +                              break;  =0A=
 +                      }=0A=
 +=0A=
                        case O_CALLRETURN: {=0A=
                                /*=0A=
                                 * Implementation of `subroutine' 
call/return,=0A=
 Index: sys/netpfil/ipfw/ip_fw_sockopt.c=0A=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
 --- sys/netpfil/ipfw/ip_fw_sockopt.c   (revision 266886)=0A=
 +++ sys/netpfil/ipfw/ip_fw_sockopt.c   (working copy)=0A=
 @@ -703,6 +703,12 @@=0A=
                                goto bad_size;=0A=
                        break;=0A=
  =0A=
 +              case O_PPS:=0A=
 +                      have_action=3D1;=0A=
 +                      if (cmdlen !=3D F_INSN_SIZE(ipfw_insn_pps))=0A=
 +                              goto bad_size;=0A=
 +                      break;=0A=
 +=0A=
                case O_PIPE:=0A=
                case O_QUEUE:=0A=
                        if (cmdlen !=3D F_INSN_SIZE(ipfw_insn))=0A=
 
 ------=_NextPart_000_0002_01CF7C6A.CF4B9B50--
 
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Reply via email to