From owner-freebsd-net@FreeBSD.ORG Sat Aug 23 22:18:37 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 929B11065679 for ; Sat, 23 Aug 2008 22:18:37 +0000 (UTC) (envelope-from rik@inse.ru) Received: from mail.inse.ru (mail.inse.ru [144.206.128.1]) by mx1.freebsd.org (Postfix) with ESMTP id 4B42B8FC14 for ; Sat, 23 Aug 2008 22:18:37 +0000 (UTC) (envelope-from rik@inse.ru) Received: from www.inse.ru (www.inse.ru [144.206.128.1]) by mail.inse.ru (Postfix) with ESMTPSA id EF88733C73; Sun, 24 Aug 2008 02:18:35 +0400 (MSD) Message-ID: <48B08946.6030109@localhost.inse.ru> Date: Sun, 24 Aug 2008 02:03:50 +0400 From: Roman Kurakin User-Agent: Thunderbird 2.0.0.14 (X11/20080501) MIME-Version: 1.0 To: Luigi Rizzo References: <48B07DC5.2030203@localhost.inse.ru> <20080823214452.GA75815@onelab2.iet.unipi.it> In-Reply-To: <20080823214452.GA75815@onelab2.iet.unipi.it> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: [Fwd: IPFW PATCH: make the IPFW_DEFUALT_RULE number constant non private] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Aug 2008 22:18:37 -0000 Luigi Rizzo wrote: > On Sun, Aug 24, 2008 at 01:14:45AM +0400, Roman Kurakin wrote: > >> Hi, >> >> The IPFW_DEFAULT_RULE is also the max allowed rule number. >> This value should be definitely public, so here is the patch, if there is >> no objections I'll commit it within a couple of days. >> After that, I plan to fix a couple of tools that need to know this value. >> > > unless the tools you have in mind already include ip_fw.h (in which case > the change is harmless and I have no objection), i think it would be better > to export the value in a sysctl and let the tools fetch it from there, > so they do not need to include the header. > In fact, I am talking about ipfw(8) and natd(8). The first one uses hard-coded value, the last one pass rulenumbers to libalias(3) without a check, libalias(3) flushes rules also without a check. Thus if you erroneously set -punch_fw for natd(8) as 50000:60000 (and not 50000:10000) you will have to get to the remote server to set back all flashed rules at the beginning of the list. Yes, such fix will not save from such stupidities but can decrease the number of them. IIRC the natd(8) doesn't include ip_fw.h, but I do not see why it would be better to export this value via sysctl, not compiled in via #include<> for it. The only thing is binary portability, but expecting this from system utility that not just reads smth but also writes is wrong. Anyway, if you aware of some ports, for which this value would be useful sysctl also could be added but we do not have much time before code-freeze. Best regards, rik > cheers > luigi > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >