[BACK]Return to ip_fw_dynamic.patch CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / patches

Diff for /fwsync/patches/ip_fw_dynamic.patch between versions 1.1 and 1.2

version 1.1, 2022/06/22 13:01:55 version 1.2, 2022/08/03 17:10:59
Line 1 Line 1
 diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c  diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c
index 7b5a7f60e49..a31e21050ad 100644index 00b54fa463a..871d7f565fe 100644
 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c  --- a/sys/netpfil/ipfw/ip_fw_dynamic.c
 +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c  +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
@@ -1959,6 +1959,10 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,@@ -1868,6 +1868,7 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
         struct ipfw_flow_id id;
         uint32_t hashval, parent_hashval, ruleid, rulenum;
         int ret;
 +       struct ipfw_dyn_hook_extdata edat;
  
         MPASS(type == O_LIMIT || type == O_KEEP_STATE);
  
 @@ -1959,6 +1960,15 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
  #endif   #endif
                 }                  }
         }          }
 +  +
+       if (!ret && V_hook_state)+       if (type == O_KEEP_STATE && !ret && V_hook_state) {
+               V_hook_state(pkt);+               memset(&edat, 0, sizeof edat);
 +               edat.ruleid = ruleid;
 +               edat.rulenum = rulenum;
 +               edat.fibnum = fibnum;
 +               V_hook_state(pkt, &edat);
 +       }
 +  +
         /*          /*
          * EEXIST means that simultaneous thread has created this           * EEXIST means that simultaneous thread has created this
          * state. Consider this as success.           * state. Consider this as success.
   @@ -1970,6 +1980,30 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
           return (ret);
    }
    
   +int
   +ipfw_dyn_install_sync_state(const struct ipfw_flow_id *pkt, void *rule, uint32_t ruleid, uint16_t rulenum)
   +{
   +       int ret = 0;
   +       uint32_t hashval;
   +       struct ipfw_dyn_info info;
   +
   +       DYN_INFO_INIT(&info);
   +
   +       hashval = hash_packet(pkt);
   +       if (IS_IP4_FLOW_ID(pkt))
   +               ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
   +                   NULL, 0, hashval, &info, pkt->fib, 0, O_KEEP_STATE);
   +#ifdef INET6
   +       else if (IS_IP6_FLOW_ID(pkt))
   +               ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
   +                   pkt->flow_id6, NULL, 0, hashval, &info, pkt->fib, 0, O_KEEP_STATE);
   +#endif /* INET6 */
   +       else
   +               ret = EAFNOSUPPORT;
   +
   +       return ret;
   +}
   +
    /*
     * Install dynamic state.
     *  chain - ipfw's instance;
Removed from v.1.1  
changed lines
  Added in v.1.2

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>