dda10d624c
If packet leaves ipfw to other kernel subsystem (dummynet, netgraph, etc) it carries pointer to matching ipfw rule. If this packet then reinjected back to ipfw, ruleset processing starts from that rule. If rule was deleted meanwhile, due to existed race condition panic was possible (as well as other odd effects like parsing rules in 'reap list'). P.S. this commit changes ABI so userland ipfw related binaries should be recompiled. MFC after: 1 month Tested by: Mikolaj Golub |
||
|---|---|---|
| .. | ||
| ip_dummynet.c | ||
| ip_fw2.c | ||
| ip_fw_nat.c | ||
| ip_fw_pfil.c | ||