[BACK]Return to ip_fw_dynamic.patch CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / patches
File:  [ELWIX - Embedded LightWeight unIX -] / fwsync / patches / ip_fw_dynamic.patch
Revision 1.3: download - view: text, annotated - select for diffs - revision graph
Tue Aug 9 23:42:44 2022 UTC (22 months ago) by misho
Branches: MAIN
CVS tags: HEAD
Adds new catch schema

    1: diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c
    2: index 00b54fa463a..3a2054aaca4 100644
    3: --- a/sys/netpfil/ipfw/ip_fw_dynamic.c
    4: +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
    5: @@ -1868,6 +1868,7 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
    6:  	struct ipfw_flow_id id;
    7:  	uint32_t hashval, parent_hashval, ruleid, rulenum;
    8:  	int ret;
    9: +	struct ipfw_dyn_hook_extdata edat;
   10:  
   11:  	MPASS(type == O_LIMIT || type == O_KEEP_STATE);
   12:  
   13: @@ -1959,6 +1960,17 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
   14:  #endif
   15:  		}
   16:  	}
   17: +
   18: +	if (type == O_KEEP_STATE && !ret && V_hook_state) {
   19: +		memset(&edat, 0, sizeof edat);
   20: +		edat.ruleid = ruleid;
   21: +		edat.rulenum = rulenum;
   22: +		edat.fibnum = fibnum;
   23: +		edat.kidx = kidx;
   24: +		edat.cmdtype = type;
   25: +		V_hook_state(pkt, &edat);
   26: +	}
   27: +
   28:  	/*
   29:  	 * EEXIST means that simultaneous thread has created this
   30:  	 * state. Consider this as success.
   31: @@ -2783,6 +2795,7 @@ dyn_tick(void *vnetx)
   32:  #endif
   33:  		NET_EPOCH_EXIT(et);
   34:  	}
   35: +
   36:  	/*
   37:  	 * Check if we need to resize the hash:
   38:  	 * if current number of states exceeds number of buckets in hash,
   39: @@ -2816,6 +2829,34 @@ ipfw_expire_dyn_states(struct ip_fw_chain *chain, ipfw_range_tlv *rt)
   40:  	dyn_expire_states(chain, rt);
   41:  }
   42:  
   43: +int
   44: +ipfw_dyn_install_sync_state(const struct ipfw_flow_id *pkt, void *rule, uint32_t ruleid, 
   45: +		uint16_t rulenum, uint16_t kidx, uint8_t cmdtype)
   46: +{
   47: +	int ret = 0;
   48: +	uint32_t hashval = 0;
   49: +	struct ipfw_dyn_info info;
   50: +
   51: +	DYN_INFO_INIT(&info);
   52: +
   53: +	printf("%s: pkt=%p rule=%p rid=%u rn=%hu kidx=0x%hx ct=%hhu\n", __func__, 
   54: +			pkt, rule, ruleid, rulenum, kidx, cmdtype);
   55: +
   56: +	hashval = hash_packet(pkt);
   57: +	if (IS_IP4_FLOW_ID(pkt))
   58: +		ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
   59: +		    NULL, 0, hashval, &info, pkt->fib, kidx, cmdtype);
   60: +#ifdef INET6
   61: +	else if (IS_IP6_FLOW_ID(pkt))
   62: +		ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
   63: +		    pkt->flow_id6, NULL, 0, hashval, &info, pkt->fib, kidx, cmdtype);
   64: +#endif /* INET6 */
   65: +	else
   66: +		ret = EAFNOSUPPORT;
   67: +
   68: +	return ret;
   69: +}
   70: +
   71:  /*
   72:   * Pass through all states and reset eaction for orphaned rules.
   73:   */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>