Export the IPFW_DEFAULT_RULE outside ip_fw2.c. This number in not only
the default rule number but also the maximum rule number. User space software such as ipfw and natd should be aware of its value. The software that already includes ip_fw.h should use the defined value. All other a expected to use sysctl (as discussed on net@). MFC after: 5 days. Discussed on: net@
This commit is contained in:
parent
4fcf52f697
commit
8191aa7c0b
@ -28,6 +28,11 @@
|
||||
#ifndef _IPFW2_H
|
||||
#define _IPFW2_H
|
||||
|
||||
/*
|
||||
* The default rule number. It is also the max possible rule number.
|
||||
*/
|
||||
#define IPFW_DEFAULT_RULE 65535
|
||||
|
||||
/*
|
||||
* The kernel representation of ipfw rules is made of a list of
|
||||
* 'instructions' (for all practical purposes equivalent to BPF
|
||||
|
@ -122,7 +122,6 @@ static int verbose_limit;
|
||||
|
||||
static struct callout ipfw_timeout;
|
||||
static uma_zone_t ipfw_dyn_rule_zone;
|
||||
#define IPFW_DEFAULT_RULE 65535
|
||||
|
||||
/*
|
||||
* Data structure to cache our ucred related
|
||||
@ -180,6 +179,8 @@ SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose,
|
||||
&fw_verbose, 0, "Log matches to ipfw rules");
|
||||
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW,
|
||||
&verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, default_rule, CTLFLAG_RD,
|
||||
NULL, IPFW_DEFAULT_RULE, "The default/max possible rule number.");
|
||||
|
||||
/*
|
||||
* Description of dynamic rules.
|
||||
|
Loading…
Reference in New Issue
Block a user