thanks for commenting, for testing
i started to read the source code this morning when i was in the mrt.
i was a java developer and the source code for i have to said "what a
mess!"
On Wed, 16 Apr 2014 10:40:00 +0800, lhmwzy wrote:
The following reply was made to PR kern/188543; it has been
tks for ur testing, u r right, that s the reason y i said the `in` option
is not functioning properly.
and who is the guy maintains the source of ipfw. two things i want to said
to him,
1. the source of ipfw is cool,amazingly powerful, by reading the source
code, it found actually it checked
Cool!
I just finished the overview of the source code,and finally understood the
`for loop` in the ip_fw2.c roughly,
beside of the coding style,sorry for my ironic words, I want to ask
whether my understanding is correct.
you wrap the packet/frame in the `check frame` or `check packet` which
,
Bill Yuan
On Wed, 16 Apr 2014 23:23:03 +0800, bycn82 wrote:
Cool!
I just finished the overview of the source code,and finally understood
the `for loop` in the ip_fw2.c roughly,
beside of the coding style,sorry for my ironic words, I want to ask
whether my understanding is correct.
you wrap
Hi,
can someone help to explain how does the user land command `ipfw` pass
the rule set into the hook function in the kernel? I assume that it must
be hardcoded in somewhere, but I did not find it yet.
Best Regards
Bycn82
___
freebsd-ipfw
On 4/21/14 22:34, Andrey V. Elsukov wrote:
On 19.04.2014 11:45, bycn82 wrote:
Hi,
can someone help to explain how does the user land command `ipfw` pass
the rule set into the hook function in the kernel? I assume that it must
be hardcoded in somewhere, but I did not find it yet.
ipfw(8) uses
Hi
`packet per second` it is easy to be implemented using iptables, there
is a module named `recent`, but in using ipfw, Do we have any solution
to fulfill it? check the link below
https://forums.freebsd.org/viewtopic.php?f=44&t=42933&p=258441#p258441
On 4/30/14 23:01, Julian Elischer wrote:
On 4/30/14, 8:52 PM, bycn82 wrote:
Hi
`packet per second` it is easy to be implemented using iptables,
there is a module named `recent`, but in using ipfw, Do we have any
solution to fulfill it? check the link below
https://forums.freebsd.org
On 4/30/14 23:45, Freddie Cash wrote:
On Wed, Apr 30, 2014 at 8:31 AM, bycn82 <mailto:byc...@gmail.com>>wrote:
On 4/30/14 23:01, Julian Elischer wrote:
On 4/30/14, 8:52 PM, bycn82 wrote:
Hi
`packet per second` it is easy to be implemen
On 5/2/14 16:59, Luigi Rizzo wrote:
On Wed, Apr 30, 2014 at 6:02 PM, bycn82 <mailto:byc...@gmail.com>> wrote:
fjwc...@gmail.com <mailto:fjwc...@gmail.com>
<mailto:fjwc...@gmail.com <mailto:fjwc...@gmail.com>>
Thanks for your reply, and it
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82 <mailto:byc...@gmail.com>> wrote:
On 5/2/14 16:59, Luigi Rizzo wrote:
On Wed, Apr 30, 2014 at 6:02 PM, bycn82 mailto:byc...@gmail.com>> wrote:
fjwc...@gmail.com <mailto
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82 <mailto:byc...@gmail.com>> wrote:
On 5/2/14 16:59, Luigi Rizzo wrote:
On Wed, Apr 30, 2014 at 6:02 PM, bycn82 mailto:byc...@gmail.com>> wrote:
fjwc...@gmail.com <mailto
On 5/8/14 8:35, bycn82 wrote:
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82 <mailto:byc...@gmail.com>> wrote:
On 5/2/14 16:59, Luigi Rizzo wrote:
On Wed, Apr 30, 2014 at 6:02 PM, bycn82 mailto:byc...@gmail.com>> wrote:
fj
On 5/8/14 15:38, Luigi Rizzo wrote:
On Thu, May 08, 2014 at 09:09:21AM +0800, bycn82 wrote:
On 5/8/14 8:35, bycn82 wrote:
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82mailto:byc...@gmail.com>> wrote:
On 5/2/14 16:59, Luigi Rizzo wrote:
On We
I think someone messed-up the makefiles,
root@FB10Head:/usr/src/sys/modules/ipfw # make
make: "/usr/src/sys/modules/ipfw/Makefile" line 3: Could not find
src.opts.mk
make: "/usr/src/sys/modules/ipfw/Makefile" line 24: Malformed
conditional (${MK_INET_SUPPORT} != "no")
make: "/usr/src/sys/module
On 5/9/14 0:11, bycn82 wrote:
On 5/8/14 15:38, Luigi Rizzo wrote:
On Thu, May 08, 2014 at 09:09:21AM +0800, bycn82 wrote:
On 5/8/14 8:35, bycn82 wrote:
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82mailto:byc...@gmail.com>> wrote:
On 5/2/14 16:59,
On 5/16/14 19:41, Ronald F. Guilmette wrote:
Is there a way to reset ipfw's packet counters to zero (either all of
them or selected individual counters) ... I mean, you know, without
rebooting the whole system?
___
freebsd-ipfw@freebsd.org mailing list
iced that you are
still working on it, Can you please explain in which direction you are
enhancing it ? I am willing to help if I can.
Actually I am trying to introduce some new features into the table.
regards,
bycn82
___
freebsd-ipfw@freebsd.org
On 4/30/14 23:45, Freddie Cash wrote:
On Wed, Apr 30, 2014 at 8:31 AM, bycn82 <mailto:byc...@gmail.com>>wrote:
On 4/30/14 23:01, Julian Elischer wrote:
On 4/30/14, 8:52 PM, bycn82 wrote:
Hi
`packet per second` it is easy to be implemen
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: "bycn82"
To: "'Luigi Rizzo'" ,
Cc:
Subject: RE: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Thu, 29 May 2014 23:06:27 +0800
-Original Message-
'Luigi Rizzo'
> Sent: 29 May, 2014 23:20
> To: freebsd-ipfw@FreeBSD.org
> Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
>
> The following reply was made to PR kern/189720; it has been noted by
> GNATS.
>
> From: 'Luigi Rizzo'
> To: bycn82
>
the duration from measurement `milliseconds` to
`ticks`, and can reuse the logic of PPT. PPT technically is perfect. But for
user, It is ugly. They need to know what TICK is ! anyway, at least user have
an option to choose when they really need to be accurate.
Regards,
Bycn82
> -Origi
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: "bycn82"
To: ,
Cc: "Luigi Rizzo"
Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Sat, 31 May 2014 00:53:56 +0800
This is a multipart me
>
> What is the "use case" of this addition? Is this objective to limit the
> mischief
> on a certain port, for example ntp or port 53?
>
> I can appreciate the need to limit the number of packets during, say a DDOS
> event, but I'm struggling with why I would want less that 1 packet per second
root@FB10Head:/usr/src/sbin/ipfw # make
cc -O2 -pipe -DPF -std=gnu99 -fstack-protector -Wsystem-headers -Werror -Wall
-Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -Wno-empty-body
-Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value
-Wno-parentheses-equality -Wno-unused-fun
On 9/11/14 23:02, Freddie Cash wrote:
Forgot to mention, this is 64-bit FreeBSD 10.0-RELEASE-p7, using Intel
i350-T4 (igb) NICs.
why not explain the situation by providing a set of rules which can
replicate the problem you mentioned instead of your long long email?
_
On 9/14/14 20:47, Willem Jan Withagen wrote:
On 14-9-2014 13:44, Ian Smith wrote:
On Sun, 14 Sep 2014 12:36:43 +0200, Willem Jan Withagen wrote:
> On 13-9-2014 21:51, Freddie Cash wrote:
> > You can replicate it using 3 rules, loaded into two sets:
> >
> > ipfw set disable 1
> > ipfw a
On 9/17/14 22:58, Freddie Cash wrote:
Just to summarise everything:
1. Automatic rule numbering works beautifully if you only ever use
the default rule set (set 0). Meaning, if you don't use any set
commands at all.
2. If you manually number every rule, then using rule sets works
beautif
eebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Hi,
Good job, Waiting for your code :)
Regards,
Bycn82
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Hi,
Finally got some time to read the new implementation of table feature.
Compare to the previous code, it is much more clear now, Well done!
Regards,
Bycn82
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo
can be optimized it depends on the conditions in the switch/case
statements, and I noticed that the cases statement in the 2 loops are not
arranging the opcode in running number, so does the compiler smart enough to
optimize it?
Regards,
Bycn82
From: bycn82 [mailto:byc...@gmail.com]
Sent: W
ock 5"
otherwise, it will jump to N, because call the cases are nice in running
numbers,
but when the cases are messy, it will by just like lots of if/else
On Thu, Oct 30, 2014 at 6:30 AM, Erich Dollansky <
erichsfreebsdl...@alogt.com> wrote:
> Hi,
>
> On Wed, 29 Oct 2014 22
*cool, I like this, it got some points.*
*though the email is too long to be read.*
On 3 February 2015 at 14:44, Julian Elischer wrote:
> On 2/3/15 3:17 AM, Lev Serebryakov wrote:
>
>>
>> I propose two new actions: state-allow and state-deny.
>>
>> They imply "keep-state" and create new
*Cool, But maybe not all people are following this topic, so can you please
simplify it by answering below question in order to allow more people to
know what is going on here.*
*What kind of problem you are facing and how does your patch resolve it?*
On 4 February 2015 at 17:24, Lev Serebryako
*Hello,*
*Can you please explain what is going one again,*
*Sorry I did not follow the emails, I am not checking the FB email for a
while, *
*I think I missed some emails.*
*e.g *
*what is the purpose of the "*skip-immediate-action"
*Regards,*
*Bycn82*
On 6 June 2015 at 13:58, Ian Sm
te. it will directly skip-to the rule.
and the destination rule can be allow or deny or others.
Regards,
Bill Yuan
On 6 June 2015 at 21:48, Ian Smith wrote:
> On Sat, 6 Jun 2015 19:52:35 +0800, bycn82 wrote:
>
> > *Hello,*
> > *Can you please explain what is going one ag
the point :( i still dont understand
what is "skipto-nat-allow"
On 6 June 2015 at 23:41, bycn82 wrote:
> Hi,
>
> i saw my previous email in this thread,but i think i replied that
> without fully read all the emails.
>
> i like the state-deny and allow,
>
> act
for me. i am totally dont understand all these. waiting dor example as
well
On Tuesday, July 28, 2015, Ian Smith wrote:
> Way back on Wed, 1 Jul 2015 22:02:53 +0300, Lev Serebryakov wrote:
> > On 30.06.2015 22:20, Georgios Amanakis via freebsd-ipfw wrote:
> >
> > It is good example for m
rom C to D *
*Correct me if I was wrong, but in my opinion, the rule 5 and 10 are
almost the same, so I dont see the benefit by introducing the "skipto"
rulees. **IMHO, the "check-state" is to speed-up some selected packets, it
will slow-down all other unexpected packets at the sa
*Hi,*
*But I dont understand why you said C->D is already in the dynamic table?
which line create the dynamic rule for it?*
*Regards,*
*bycn82*
On 29 July 2015 at 22:03, Julian Elischer wrote:
> On 7/29/15 5:26 PM, bycn82 wrote:
>
> *Hi Julian,*
>
> *So below are the rul
why fwd based on MAC? Can share more info of your requirement?
On Monday, 21 December 2015, Julian Elischer wrote:
> On 21/12/2015 10:20 AM, Ganbold Tsagaankhuu wrote:
>
>> Hi,
>>
>> Does ipfw support layer2 fwd to support transparent proxying on bridge?
>>
>> Does similar change like
>>
>> ht
December 2015 at 22:40, Julian Elischer wrote:
> On 21/12/2015 5:47 PM, bycn82 wrote:
>
> why fwd based on MAC? Can share more info of your requirement?
>
>
> you still decide to FWD based on IP address, but you do it while the
> packet is still in the layer 2 bridge.
>
>
015 10:57 PM, bycn82 wrote:
>
>> Hi Julian,
>>
>> Thanks for the explanation.
>>
>> Since it is on layer2, that means we can differentiate traffic by MAC or
>> other layer2 filters only.
>> e.g , forward the traffic when the type is 0x800 and destination M
43 matches
Mail list logo
