[BACK]Return to ip_fw_dynamic.patch CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / patches
File:  [ELWIX - Embedded LightWeight unIX -] / fwsync / patches / ip_fw_dynamic.patch
Revision 1.4: download - view: text, annotated - select for diffs - revision graph
Thu Aug 11 22:02:31 2022 UTC (21 months, 4 weeks ago) by misho
Branches: MAIN
CVS tags: fwsync1_2, fwsync1_1, HEAD, FWSYNC1_1
remove debug line

    1: diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c
    2: index 00b54fa463a..3a029855704 100644
    3: --- a/sys/netpfil/ipfw/ip_fw_dynamic.c
    4: +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
    5: @@ -1868,6 +1868,7 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
    6:  	struct ipfw_flow_id id;
    7:  	uint32_t hashval, parent_hashval, ruleid, rulenum;
    8:  	int ret;
    9: +	struct ipfw_dyn_hook_extdata edat;
   10:  
   11:  	MPASS(type == O_LIMIT || type == O_KEEP_STATE);
   12:  
   13: @@ -1959,6 +1960,17 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
   14:  #endif
   15:  		}
   16:  	}
   17: +
   18: +	if (type == O_KEEP_STATE && !ret && V_hook_state) {
   19: +		memset(&edat, 0, sizeof edat);
   20: +		edat.ruleid = ruleid;
   21: +		edat.rulenum = rulenum;
   22: +		edat.fibnum = fibnum;
   23: +		edat.kidx = kidx;
   24: +		edat.cmdtype = type;
   25: +		V_hook_state(pkt, &edat);
   26: +	}
   27: +
   28:  	/*
   29:  	 * EEXIST means that simultaneous thread has created this
   30:  	 * state. Consider this as success.
   31: @@ -2783,6 +2795,7 @@ dyn_tick(void *vnetx)
   32:  #endif
   33:  		NET_EPOCH_EXIT(et);
   34:  	}
   35: +
   36:  	/*
   37:  	 * Check if we need to resize the hash:
   38:  	 * if current number of states exceeds number of buckets in hash,
   39: @@ -2816,6 +2829,31 @@ ipfw_expire_dyn_states(struct ip_fw_chain *chain, ipfw_range_tlv *rt)
   40:  	dyn_expire_states(chain, rt);
   41:  }
   42:  
   43: +int
   44: +ipfw_dyn_install_sync_state(const struct ipfw_flow_id *pkt, void *rule, uint32_t ruleid, 
   45: +		uint16_t rulenum, uint16_t kidx, uint8_t cmdtype)
   46: +{
   47: +	int ret = 0;
   48: +	uint32_t hashval = 0;
   49: +	struct ipfw_dyn_info info;
   50: +
   51: +	DYN_INFO_INIT(&info);
   52: +
   53: +	hashval = hash_packet(pkt);
   54: +	if (IS_IP4_FLOW_ID(pkt))
   55: +		ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
   56: +		    NULL, 0, hashval, &info, pkt->fib, kidx, cmdtype);
   57: +#ifdef INET6
   58: +	else if (IS_IP6_FLOW_ID(pkt))
   59: +		ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
   60: +		    pkt->flow_id6, NULL, 0, hashval, &info, pkt->fib, kidx, cmdtype);
   61: +#endif /* INET6 */
   62: +	else
   63: +		ret = EAFNOSUPPORT;
   64: +
   65: +	return ret;
   66: +}
   67: +
   68:  /*
   69:   * Pass through all states and reset eaction for orphaned rules.
   70:   */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>