diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c
index 00b54fa463a..871d7f565fe 100644
--- a/sys/netpfil/ipfw/ip_fw_dynamic.c
+++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
@@ -1868,6 +1868,7 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
struct ipfw_flow_id id;
uint32_t hashval, parent_hashval, ruleid, rulenum;
int ret;
+ struct ipfw_dyn_hook_extdata edat;
MPASS(type == O_LIMIT || type == O_KEEP_STATE);
@@ -1959,6 +1960,15 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
#endif
}
}
+
+ if (type == O_KEEP_STATE && !ret && V_hook_state) {
+ memset(&edat, 0, sizeof edat);
+ edat.ruleid = ruleid;
+ edat.rulenum = rulenum;
+ edat.fibnum = fibnum;
+ V_hook_state(pkt, &edat);
+ }
+
/*
* EEXIST means that simultaneous thread has created this
* state. Consider this as success.
@@ -1970,6 +1980,30 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint32_t zoneid,
return (ret);
}
+int
+ipfw_dyn_install_sync_state(const struct ipfw_flow_id *pkt, void *rule, uint32_t ruleid, uint16_t rulenum)
+{
+ int ret = 0;
+ uint32_t hashval;
+ struct ipfw_dyn_info info;
+
+ DYN_INFO_INIT(&info);
+
+ hashval = hash_packet(pkt);
+ if (IS_IP4_FLOW_ID(pkt))
+ ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
+ NULL, 0, hashval, &info, pkt->fib, 0, O_KEEP_STATE);
+#ifdef INET6
+ else if (IS_IP6_FLOW_ID(pkt))
+ ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
+ pkt->flow_id6, NULL, 0, hashval, &info, pkt->fib, 0, O_KEEP_STATE);
+#endif /* INET6 */
+ else
+ ret = EAFNOSUPPORT;
+
+ return ret;
+}
+
/*
* Install dynamic state.
* chain - ipfw's instance;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ip_fw_dynamic.patch CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / patches