fwsync/patches/ip_fw_dynamic.patch - diff

Return to ip_fw_dynamic.patch CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / patches

Diff for /fwsync/patches/ip_fw_dynamic.patch between versions 1.2 and 1.3

version 1.2, 2022/08/03 17:10:59	version 1.3, 2022/08/09 23:42:44
Line 1	Line 1
diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c	diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c
index 00b54fa463a..871d7f565fe 100644	index 00b54fa463a..3a2054aaca4 100644
--- a/sys/netpfil/ipfw/ip_fw_dynamic.c	--- a/sys/netpfil/ipfw/ip_fw_dynamic.c
+++ b/sys/netpfil/ipfw/ip_fw_dynamic.c	+++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
@@ -1868,6 +1868,7 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,	@@ -1868,6 +1868,7 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
Line 10 index 00b54fa463a..871d7f565fe 100644	Line 10 index 00b54fa463a..871d7f565fe 100644

MPASS(type == O_LIMIT \|\| type == O_KEEP_STATE);	MPASS(type == O_LIMIT \|\| type == O_KEEP_STATE);

@@ -1959,6 +1960,15 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,	@@ -1959,6 +1960,17 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
#endif	#endif
}	}
}	}
Line 20 index 00b54fa463a..871d7f565fe 100644	Line 20 index 00b54fa463a..871d7f565fe 100644
+ edat.ruleid = ruleid;	+ edat.ruleid = ruleid;
+ edat.rulenum = rulenum;	+ edat.rulenum = rulenum;
+ edat.fibnum = fibnum;	+ edat.fibnum = fibnum;
	+ edat.kidx = kidx;
	+ edat.cmdtype = type;
+ V_hook_state(pkt, &edat);	+ V_hook_state(pkt, &edat);
+ }	+ }
+	+
/*	/*
* EEXIST means that simultaneous thread has created this	* EEXIST means that simultaneous thread has created this
* state. Consider this as success.	* state. Consider this as success.
@@ -1970,6 +1980,30 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,	@@ -2783,6 +2795,7 @@ dyn_tick(void *vnetx)
return (ret);	#endif
	NET_EPOCH_EXIT(et);
	}
	+
	/*
	* Check if we need to resize the hash:
	* if current number of states exceeds number of buckets in hash,
	@@ -2816,6 +2829,34 @@ ipfw_expire_dyn_states(struct ip_fw_chain chain, ipfw_range_tlv rt)
	dyn_expire_states(chain, rt);
}	}

+int	+int
+ipfw_dyn_install_sync_state(const struct ipfw_flow_id pkt, void rule, uint32_t ruleid, uint16_t rulenum)	+ipfw_dyn_install_sync_state(const struct ipfw_flow_id pkt, void rule, uint32_t ruleid,
	+ uint16_t rulenum, uint16_t kidx, uint8_t cmdtype)
+{	+{
+ int ret = 0;	+ int ret = 0;
+ uint32_t hashval;	+ uint32_t hashval = 0;
+ struct ipfw_dyn_info info;	+ struct ipfw_dyn_info info;
+	+
+ DYN_INFO_INIT(&info);	+ DYN_INFO_INIT(&info);
+	+
	+ printf("%s: pkt=%p rule=%p rid=%u rn=%hu kidx=0x%hx ct=%hhu\n", __func__,
	+ pkt, rule, ruleid, rulenum, kidx, cmdtype);
	+
+ hashval = hash_packet(pkt);	+ hashval = hash_packet(pkt);
+ if (IS_IP4_FLOW_ID(pkt))	+ if (IS_IP4_FLOW_ID(pkt))
+ ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,	+ ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
+ NULL, 0, hashval, &info, pkt->fib, 0, O_KEEP_STATE);	+ NULL, 0, hashval, &info, pkt->fib, kidx, cmdtype);
+#ifdef INET6	+#ifdef INET6
+ else if (IS_IP6_FLOW_ID(pkt))	+ else if (IS_IP6_FLOW_ID(pkt))
+ ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,	+ ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
+ pkt->flow_id6, NULL, 0, hashval, &info, pkt->fib, 0, O_KEEP_STATE);	+ pkt->flow_id6, NULL, 0, hashval, &info, pkt->fib, kidx, cmdtype);
+#endif /* INET6 */	+#endif /* INET6 */
+ else	+ else
+ ret = EAFNOSUPPORT;	+ ret = EAFNOSUPPORT;
Line 55 index 00b54fa463a..871d7f565fe 100644	Line 69 index 00b54fa463a..871d7f565fe 100644
+}	+}
+	+
/*	/*
* Install dynamic state.	* Pass through all states and reset eaction for orphaned rules.
* chain - ipfw's instance;	*/

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.2
changed lines
	Added in v.1.3