Annotation of fwsync/patches/ip_fw_dynamic.patch, revision 1.4
1.1 misho 1: diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c
1.4 ! misho 2: index 00b54fa463a..3a029855704 100644
1.1 misho 3: --- a/sys/netpfil/ipfw/ip_fw_dynamic.c
4: +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
1.2 misho 5: @@ -1868,6 +1868,7 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
6: struct ipfw_flow_id id;
7: uint32_t hashval, parent_hashval, ruleid, rulenum;
8: int ret;
9: + struct ipfw_dyn_hook_extdata edat;
10:
11: MPASS(type == O_LIMIT || type == O_KEEP_STATE);
12:
1.3 misho 13: @@ -1959,6 +1960,17 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
1.1 misho 14: #endif
15: }
16: }
17: +
1.2 misho 18: + if (type == O_KEEP_STATE && !ret && V_hook_state) {
19: + memset(&edat, 0, sizeof edat);
20: + edat.ruleid = ruleid;
21: + edat.rulenum = rulenum;
22: + edat.fibnum = fibnum;
1.3 misho 23: + edat.kidx = kidx;
24: + edat.cmdtype = type;
1.2 misho 25: + V_hook_state(pkt, &edat);
26: + }
1.1 misho 27: +
28: /*
29: * EEXIST means that simultaneous thread has created this
30: * state. Consider this as success.
1.3 misho 31: @@ -2783,6 +2795,7 @@ dyn_tick(void *vnetx)
32: #endif
33: NET_EPOCH_EXIT(et);
34: }
35: +
36: /*
37: * Check if we need to resize the hash:
38: * if current number of states exceeds number of buckets in hash,
1.4 ! misho 39: @@ -2816,6 +2829,31 @@ ipfw_expire_dyn_states(struct ip_fw_chain *chain, ipfw_range_tlv *rt)
1.3 misho 40: dyn_expire_states(chain, rt);
1.2 misho 41: }
42:
43: +int
1.3 misho 44: +ipfw_dyn_install_sync_state(const struct ipfw_flow_id *pkt, void *rule, uint32_t ruleid,
45: + uint16_t rulenum, uint16_t kidx, uint8_t cmdtype)
1.2 misho 46: +{
47: + int ret = 0;
1.3 misho 48: + uint32_t hashval = 0;
1.2 misho 49: + struct ipfw_dyn_info info;
50: +
51: + DYN_INFO_INIT(&info);
52: +
53: + hashval = hash_packet(pkt);
54: + if (IS_IP4_FLOW_ID(pkt))
55: + ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
1.3 misho 56: + NULL, 0, hashval, &info, pkt->fib, kidx, cmdtype);
1.2 misho 57: +#ifdef INET6
58: + else if (IS_IP6_FLOW_ID(pkt))
59: + ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
1.3 misho 60: + pkt->flow_id6, NULL, 0, hashval, &info, pkt->fib, kidx, cmdtype);
1.2 misho 61: +#endif /* INET6 */
62: + else
63: + ret = EAFNOSUPPORT;
64: +
65: + return ret;
66: +}
67: +
68: /*
1.3 misho 69: * Pass through all states and reset eaction for orphaned rules.
70: */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ip_fw_dynamic.patch CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / patches