From owner-cvs-all Wed Aug 11 8:35:26 1999 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 9D19B155BD; Wed, 11 Aug 1999 08:35:22 -0700 (PDT) (envelope-from luigi@FreeBSD.org) Received: (from luigi@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id IAA82092; Wed, 11 Aug 1999 08:34:48 -0700 (PDT) (envelope-from luigi@FreeBSD.org) Message-Id: <199908111534.IAA82092@freefall.freebsd.org> From: Luigi Rizzo Date: Wed, 11 Aug 1999 08:34:48 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw.h ip_fw.c Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk luigi 1999/08/11 08:34:48 PDT Modified files: sys/netinet ip_fw.h ip_fw.c Log: Implement probabilistic rule match in ipfw. Each rule can be associated with a match probability to achieve non-deterministic behaviour of the firewall. This can be extremely useful for testing purposes such as simulating random packet drop without having to use dummynet (which already does the same thing), and simulating multipath effects and the associated out-of-order delivery (this time in conjunction with dummynet). The overhead on normal rules is just one comparison with 0. Since it would have been trivial to implement this by just adding a field to the ip_fw structure, I decided to do it in a backward-compatible way (i.e. struct ip_fw is unchanged, and as a consequence you don't need to recompile ipfw if you don't want to use this feature), since this was also useful for -STABLE. When, at some point, someone decides to change struct ip_fw, please add a length field and a version number at the beginning, so userland apps can keep working even if they are out of sync with the kernel. Revision Changes Path 1.41 +20 -2 src/sys/netinet/ip_fw.h 1.117 +18 -7 src/sys/netinet/ip_fw.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message