freebsd-dev/sys/netpfil/ipfw
Andrey V. Elsukov 67ad3c0bf9 Restore the ability to keep states after parent rule deletion.
This feature is disabled by default and was removed when dynamic states
implementation changed to be lockless. Now it is reimplemented with small
differences - when dyn_keep_states sysctl variable is enabled,
dyn_match_ipv[46]_state() function doesn't match child states of deleted
rule. And thus they are keept alive until expired. ipfw_dyn_lookup_state()
function does check that state was not orphaned, and if so, it returns
pointer to default_rule and its position in the rules map. The main visible
difference is that orphaned states still have the same rule number that
they have before parent rule deleted, because now a state has many fields
related to rule and changing them all atomically to point to default_rule
seems hard enough.

Reported by:	<lantw44 at gmail.com>
MFC after:	2 days
2018-05-22 13:28:05 +00:00
..
nat64 Bring in some last changes in NAT64 implementation: 2018-05-09 11:59:24 +00:00
nptv6 Do not acquire IPFW_WLOCK when a named object is created and destroyed. 2017-09-20 22:00:06 +00:00
pmod Fix IPv6 extension header parsing. The length field doesn't include the 2017-06-29 19:06:43 +00:00
test sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dn_aqm_codel.c dummynet: Use strlcpy to appease static checkers 2017-04-13 17:47:44 +00:00
dn_aqm_codel.h Import Dummynet AQM version 0.2.1 (CoDel, FQ-CoDel, PIE and FQ-PIE). 2016-05-26 21:40:13 +00:00
dn_aqm_pie.c Fix the queue delay estimation in PIE/FQ-PIE when the timestamp 2017-05-19 08:38:03 +00:00
dn_aqm_pie.h Change several constants used by the PIE algorithm from unsigned to signed. 2017-03-18 23:00:13 +00:00
dn_aqm.h Correct a typo in a comment. 2016-05-26 22:03:28 +00:00
dn_heap.c netpfil/ipfw: Make some use of mallocarray(9). 2018-01-11 15:29:29 +00:00
dn_heap.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dn_sched_fifo.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dn_sched_fq_codel_helper.h Import Dummynet AQM version 0.2.1 (CoDel, FQ-CoDel, PIE and FQ-PIE). 2016-05-26 21:40:13 +00:00
dn_sched_fq_codel.c Implement 'domainset', a cpuset based NUMA policy mechanism. This allows 2018-01-12 22:48:23 +00:00
dn_sched_fq_codel.h Import Dummynet AQM version 0.2.1 (CoDel, FQ-CoDel, PIE and FQ-PIE). 2016-05-26 21:40:13 +00:00
dn_sched_fq_pie.c netpfil/ipfw: Make some use of mallocarray(9). 2018-01-11 15:29:29 +00:00
dn_sched_prio.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dn_sched_qfq.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dn_sched_rr.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dn_sched_wf2q.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dn_sched.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dummynet.txt sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
ip_dn_glue.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ip_dn_io.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ip_dn_private.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ip_dummynet.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ip_fw2.c ifnet: Replace if_addr_lock rwlock with epoch + mutex 2018-05-18 20:13:34 +00:00
ip_fw_bpf.c Move logging via BPF support into separate file. 2016-08-13 15:41:04 +00:00
ip_fw_dynamic.c Restore the ability to keep states after parent rule deletion. 2018-05-22 13:28:05 +00:00
ip_fw_eaction.c Add O_EXTERNAL_DATA opcode support. 2017-04-03 02:44:40 +00:00
ip_fw_iface.c Remove "IPFW static rules" rmlock. 2017-04-03 13:35:04 +00:00
ip_fw_log.c Add UDPLite support to ipfw(4). 2018-01-19 12:50:03 +00:00
ip_fw_nat.c ifnet: Replace if_addr_lock rwlock with epoch + mutex 2018-05-18 20:13:34 +00:00
ip_fw_pfil.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ip_fw_private.h Rework ipfw dynamic states implementation to be lockless on fast path. 2018-02-07 18:59:54 +00:00
ip_fw_sockopt.c Rework ipfw dynamic states implementation to be lockless on fast path. 2018-02-07 18:59:54 +00:00
ip_fw_table_algo.c Unsign some values related to allocation. 2018-01-22 02:08:10 +00:00
ip_fw_table_value.c Remove "IPFW static rules" rmlock. 2017-04-03 13:35:04 +00:00
ip_fw_table.c Fix ipfw table creation when net.inet.ip.fw.tables_sets = 0 and non zero set 2018-04-11 11:12:20 +00:00
ip_fw_table.h Add ipfw_check_object_name_generic() function to do basic checks for an 2015-11-03 10:29:46 +00:00