Date: Sun, 4 Apr 1999 11:04:54 -0400 (EDT) From: Brian Feldman <green@unixhelp.org> To: "Matthew N. Dodd" <winter@jurai.net> Cc: hackers@FreeBSD.ORG Subject: Re: ipfw uid Message-ID: <Pine.BSF.4.05.9904041101340.21261-100000@janus.syracuse.net> In-Reply-To: <Pine.BSF.4.02.9904040618060.2158-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 4 Apr 1999, Matthew N. Dodd wrote:
> On Sat, 3 Apr 1999, Brian Feldman wrote:
> > {"/usr/src/sbin/ipfw"}# ipfw show
> > 00050 8157 2864127 count ip from any to any uid 1000 in
> > 00060 8952 1834453 count ip from any to any uid 1000 out
>
> This is, by far, the most BOFHly software feature I've seen in a while.
>
> Add 'gid', 'egid', 'euid' etc. support and you'll have it.
>
> Something like this can help prevent individual users from sucking up your
> whole line.
Especially coupled with dummynet, which I haven't tried yet. My order for
working on this is now two priorites.
1. Get incoming packets counted correctly. This is not easy, it seems.
2. Get gids working. This won't be too hard, but it's less important.
If you have any good ideas on the easiest way to find the destination of a
packet (tcp and udp) BEFORE they reach ipfw (in ip_input of course), I'm
interested (as it will save me time trying to figure this out.)
>
> --
> | Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS |
> | winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax |
> | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? |
>
>
Brian Feldman _ __ ___ ____ ___ ___ ___
green@unixhelp.org _ __ ___ | _ ) __| \
FreeBSD: The Power to Serve! _ __ | _ \__ \ |) |
http://www.freebsd.org _ |___/___/___/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9904041101340.21261-100000>