ipfw port lookup table patch for review
Ganbold
ganbold at micom.mng.net
Wed Sep 24 10:50:17 UTC 2008
Hi,
I thought it might be useful to have port lookup table similar to
existing IP lookup table
in ipfw and I have made patch for that.
The downside of the patch so far I'm seeing is the port entries are in
linked list
(no limitation yet, memory overhead), not sorted and it uses linear search
to match (could be slow when lot of entries).
Just after I've made the patch I saw
http://www.freebsd.org/cgi/query-pr.cgi?pr=121807&cat= . :(
I agree with PR's reply however for small number of port entries I thought
this functionality is quite useful. It gives benefit like no need to
modify existing rule,
adding/deleting port entries is easy.
I did some small tests and it seems like working.
Patches are at:
http://people.freebsd.org/~ganbold/ipfw_port_table/
The output of some usage samples is at:
http://people.freebsd.org/~ganbold/ipfw_port_table/ipfw_port_table_usage_sample.txt
Patches can be successfully applied to CURRENT. Didn't test RELENG_7 due to
no RELENG_7 PC :)
Please let me know your thoughts. I'm happy to discuss to improve the patch.
Correct me if I'm doing something wrong here.
thanks,
Ganbold
More information about the freebsd-ipfw
mailing list