Return to ip_fw_dynamic.patch CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / patches

update patch set

    1: diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c
    2: index 00b54fa463a..871d7f565fe 100644
    3: --- a/sys/netpfil/ipfw/ip_fw_dynamic.c
    4: +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
    5: @@ -1868,6 +1868,7 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
    6:  	struct ipfw_flow_id id;
    7:  	uint32_t hashval, parent_hashval, ruleid, rulenum;
    8:  	int ret;
    9: +	struct ipfw_dyn_hook_extdata edat;
   10:  
   11:  	MPASS(type == O_LIMIT || type == O_KEEP_STATE);
   12:  
   13: @@ -1959,6 +1960,15 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
   14:  #endif
   15:  		}
   16:  	}
   17: +
   18: +	if (type == O_KEEP_STATE && !ret && V_hook_state) {
   19: +		memset(&edat, 0, sizeof edat);
   20: +		edat.ruleid = ruleid;
   21: +		edat.rulenum = rulenum;
   22: +		edat.fibnum = fibnum;
   23: +		V_hook_state(pkt, &edat);
   24: +	}
   25: +
   26:  	/*
   27:  	 * EEXIST means that simultaneous thread has created this
   28:  	 * state. Consider this as success.
   29: @@ -1970,6 +1980,30 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
   30:  	return (ret);
   31:  }
   32:  
   33: +int
   34: +ipfw_dyn_install_sync_state(const struct ipfw_flow_id *pkt, void *rule, uint32_t ruleid, uint16_t rulenum)
   35: +{
   36: +	int ret = 0;
   37: +	uint32_t hashval;
   38: +	struct ipfw_dyn_info info;
   39: +
   40: +	DYN_INFO_INIT(&info);
   41: +
   42: +	hashval = hash_packet(pkt);
   43: +	if (IS_IP4_FLOW_ID(pkt))
   44: +		ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
   45: +		    NULL, 0, hashval, &info, pkt->fib, 0, O_KEEP_STATE);
   46: +#ifdef INET6
   47: +	else if (IS_IP6_FLOW_ID(pkt))
   48: +		ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
   49: +		    pkt->flow_id6, NULL, 0, hashval, &info, pkt->fib, 0, O_KEEP_STATE);
   50: +#endif /* INET6 */
   51: +	else
   52: +		ret = EAFNOSUPPORT;
   53: +
   54: +	return ret;
   55: +}
   56: +
   57:  /*
   58:   * Install dynamic state.
   59:   *  chain - ipfw's instance;