d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FreeBSD src
238,096 Commits 72 Branches 135 Tags 3.2 GiB
C 59.6%
C++ 25.5%
Roff 5.1%
Shell 2.9%
Assembly 2.7%
Other 3.6%
cefe3d67e2
Go to file
Andrey V. Elsukov cefe3d67e2 Reimplement how net.inet.ip.fw.dyn_keep_states works. 
Turning on of this feature allows to keep dynamic states when parent
rule is deleted. But it works only when the default rule is
"allow from any to any".

Now when rule with dynamic opcode is going to be deleted, and
net.inet.ip.fw.dyn_keep_states is enabled, existing states will reference
named objects corresponding to this rule, and also reference the rule.
And when ipfw_dyn_lookup_state() will find state for deleted parent rule,
it will return the pointer to the deleted rule, that is still valid.
This implementation doesn't support O_LIMIT_PARENT rules.

The refcnt field was added to struct ip_fw to keep reference, also
next pointer added to be able iterate rules and not damage the content
when deleted rules are chained.

Named objects are referenced only when states are going to be deleted to
be able reuse kidx of named objects when new parent rules will be
installed.

ipfw_dyn_get_count() function was modified and now it also looks into
dynamic states and constructs maps of existing named objects. This is
needed to correctly export orphaned states into userland.

ipfw_free_rule() was changed to be global, since now dynamic state can
free rule, when it is expired and references counters becomes 1.

External actions subsystem also modified, since external actions can be
deregisterd and instances can be destroyed. In these cases deleted rules,
that are referenced by orphaned states, must be modified to prevent access
to freed memory. ipfw_dyn_reset_eaction(), ipfw_reset_eaction_instance()
functions added for these purposes.

Obtained from:	Yandex LLC
MFC after:	2 months
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D17532
2018-12-04 16:01:25 +00:00
bin Clarify that /dev/kmem is not used. 2018-12-03 20:01:51 +00:00
cddl dtrace(1): remove reference to dtruss that was removed from base 2018-10-31 15:29:26 +00:00
contrib As part of the general cleanup of the ipfilter code, special cases 2018-12-04 06:11:04 +00:00
crypto Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
etc Add ga_IE.UTF-8 locale. 2018-11-26 19:39:49 +00:00
gnu Do not install GNU ld if lld is /usr/bin/ld 2018-11-26 17:07:35 +00:00
include Import OpenSSL 1.1.1a. 2018-11-20 18:59:41 +00:00
kerberos5 Update the existing heimdal implementation for OpenSSL 1.1. 2018-10-05 16:35:24 +00:00
lib Revert r340997 at the request of multiple users. 2018-12-04 03:23:14 +00:00
libexec Some fixes for LD_BIND_NOW + ifuncs. 2018-12-03 20:03:43 +00:00
release mkisoimages.sh: don't use -p flag when copying loader.efi to msdosfs. 2018-12-03 22:31:57 +00:00
rescue rescue: set NO_SHARED in Makefile 2018-11-19 22:18:18 +00:00
sbin ggated: do not expose stack data in sendfail() 2018-12-04 15:25:15 +00:00
secure Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
share netmap(4): improve man page 2018-12-03 17:17:59 +00:00
stand stand/i386: rename .s to .S to use Clang IAS 2018-12-03 19:16:34 +00:00
sys Reimplement how net.inet.ip.fw.dyn_keep_states works. 2018-12-04 16:01:25 +00:00
targets retire LINKER_FEATURES filter flag 2018-11-12 20:44:22 +00:00
tests Unbreak geli/gmirror testcases if their geom classes cannot be loaded 2018-12-02 05:06:37 +00:00
tools Remove test for KSE (removed in 2008). 2018-12-04 00:22:08 +00:00
usr.bin Print type designator 'D' for the KF_TYPE_DEV files. 2018-12-03 23:42:04 +00:00
usr.sbin Remove trim(8) by multiple demands. 2018-12-01 03:20:10 +00:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.gitattributes sfxge(4): fix incorrectly set svn properties 2018-11-26 07:30:47 +00:00
.gitignore Ignore _.universe-toolchain file. 2018-07-01 13:50:37 +00:00
COPYRIGHT Remove 'All Rights Reserved' from the collection copyright and templates. 2018-05-09 02:02:49 +00:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS Add pointer to freebsd-numerics for libm. 2018-07-16 15:29:32 +00:00
Makefile Update comment about 'universe' disk usage 2018-11-10 19:09:48 +00:00
Makefile.inc1 Fix -DNO_CLEAN amd64 build after r340463 2018-11-18 19:55:03 +00:00
Makefile.libcompat Use ...-freebsd13.0 in -target strings. 2018-11-12 16:55:20 +00:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc - Add a belated UPDATING entry for the ixlv(4) -> iavf(4) rename in r339338. 2018-11-27 12:11:16 +00:00
README Import OpenSSL 1.1.1a. 2018-11-20 18:59:41 +00:00
README.md README: add generic notes about GENERIC and NOTES 2018-06-17 19:44:24 +00:00
UPDATING - Add a belated UPDATING entry for the ixlv(4) -> iavf(4) rename in r339338. 2018-11-27 12:11:16 +00:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, and https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information, including setting make(1) variables.

Source Roadmap:

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

stand		Boot loader sources.

sys		Kernel sources.

sys/<arch>/conf Kernel configuration files. GENERIC is the configuration
		used in release builds. NOTES contains documentation of
		all possible entries.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html