freebsd-nq/sys/netinet
Luigi Rizzo a8c102a2ec Implement keepalives for dynamic rules, so they will not expire
just because you leave your session idle.

Also, put in a fix for 64-bit architectures (to be revised).

In detail:

ip_fw.h

  * Reorder fields in struct ip_fw to avoid alignment problems on
    64-bit machines. This only masks the problem, I am still not
    sure whether I am doing something wrong in the code or there
    is a problem elsewhere (e.g. different aligmnent of structures
    between userland and kernel because of pragmas etc.)

  * added fields in dyn_rule to store ack numbers, so we can
    generate keepalives when the dynamic rule is about to expire

ip_fw2.c

  * use a local function, send_pkt(), to generate TCP RST for Reset rules;

  * save about 250 bytes by cleaning up the various snprintf()
    in ipfw_log() ...

  * ... and use twice as many bytes to implement keepalives
    (this seems to be working, but i have not tested it extensively).

Keepalives are generated once every 5 seconds for the last 20 seconds
of the lifetime of a dynamic rule for an established TCP flow.  The
packets are sent to both sides, so if at least one of the endpoints
is responding, the timeout is refreshed and the rule will not expire.

You can disable this feature with

        sysctl net.inet.ip.fw.dyn_keepalive=0

(the default is 1, to have them enabled).

MFC after: 1 day

(just kidding... I will supply an updated version of ipfw2 for
RELENG_4 tomorrow).
2002-07-14 23:47:18 +00:00
..
libalias Fix a bug caused by dereferencing an invalid pointer when 2002-07-08 22:57:35 +00:00
accf_data.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
accf_http.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
icmp6.h Revised MLD-related definitions 2002-05-06 16:28:25 +00:00
icmp_var.h
if_atm.c - Change the newly turned INVARIANTS #ifdef blocks (they were changed from 2002-05-21 18:52:24 +00:00
if_atm.h
if_ether.c Solve the 'unregistered netisr 18' information notice with a sledgehammer. 2002-06-20 01:27:40 +00:00
if_ether.h
igmp_var.h
igmp.c s/demon/daemon/ 2002-05-12 00:22:38 +00:00
igmp.h
in_cksum.c
in_gif.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
in_gif.h
in_pcb.c Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
in_pcb.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
in_proto.c
in_rmx.c
in_systm.h
in_var.h
in.c Lock up inpcb. 2002-06-10 20:05:46 +00:00
in.h Remove some duplicate types that should have been removed as part of 2002-05-11 23:28:51 +00:00
ip6.h
ip_divert.c fix a typo in a comment 2002-06-23 09:13:46 +00:00
ip_dummynet.c Change one variable to make it easier to switch between ipfw and ipfw2 2002-07-09 06:53:38 +00:00
ip_dummynet.h fix indentation of a comment 2002-06-23 09:14:24 +00:00
ip_ecn.c initialize local variable explicitly 2002-04-11 02:14:21 +00:00
ip_ecn.h
ip_encap.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
ip_encap.h
ip_flow.c
ip_flow.h
ip_fw2.c Implement keepalives for dynamic rules, so they will not expire 2002-07-14 23:47:18 +00:00
ip_fw.c Remove (almost all) global variables that were used to hold 2002-06-22 11:51:02 +00:00
ip_fw.h Implement keepalives for dynamic rules, so they will not expire 2002-07-14 23:47:18 +00:00
ip_icmp.c
ip_icmp.h
ip_id.c
ip_input.c Warning fixes for 64 bits platforms. With this last fix, 2002-06-27 11:02:06 +00:00
ip_mroute.c Just a comment on some additional consistency checks that could 2002-06-26 21:00:53 +00:00
ip_mroute.h
ip_output.c Avoid dereferencing a null pointer in ro_rt. 2002-07-12 22:08:47 +00:00
ip_var.h Remove ip_fw_fwd_addr (forgotten in previous commit) 2002-06-23 09:03:42 +00:00
ip.h
ipprotosw.h
raw_ip.c Remember to initialize the control block head mutex. 2002-06-11 10:58:57 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c Avoid unlocking the inp twice if badport_bandlim() returns -1. 2002-06-24 22:25:00 +00:00
tcp_output.c Slightly restructure the #ifdef INET6 sections to make the code 2002-06-23 21:25:36 +00:00
tcp_reass.c Avoid unlocking the inp twice if badport_bandlim() returns -1. 2002-06-24 22:25:00 +00:00
tcp_seq.h
tcp_subr.c Defer calling SYSCTL_OUT() until after the locks have been released. 2002-07-11 23:18:43 +00:00
tcp_syncache.c One possible code path for syncache_respond() is: 2002-06-28 19:12:38 +00:00
tcp_timer.c Lock up inpcb. 2002-06-10 20:05:46 +00:00
tcp_timer.h
tcp_timewait.c Defer calling SYSCTL_OUT() until after the locks have been released. 2002-07-11 23:18:43 +00:00
tcp_usrreq.c Because we're holding an exclusive write lock on the head, references to 2002-06-13 23:14:58 +00:00
tcp_var.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
tcp.h
tcpip.h
udp_usrreq.c Back out the previous change, since it looks like locking udbinfo provides 2002-07-12 09:55:48 +00:00
udp_var.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
udp.h