CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	ae <ae@FreeBSD.org>
	Mon, 9 Jul 2018 11:35:18 +0000 (11:35 +0000)
committer	ae <ae@FreeBSD.org>
	Mon, 9 Jul 2018 11:35:18 +0000 (11:35 +0000)
commit	544b51e5e3da428c64a8567f1af47bec104e1de7
tree	3927c2067701f855536553ccdf5d714ed6717f8b	tree \| snapshot
parent	19e11c571f3c5a7674740b9dc200f51dba8c2467	commit \| diff

Add "record-state", "set-limit" and "defer-action" rule options to ipfw.

"record-state" is similar to "keep-state", but it doesn't produce implicit
O_PROBE_STATE opcode in a rule. "set-limit" is like "limit", but it has the
same feature as "record-state", it is single opcode without implicit
O_PROBE_STATE opcode. "defer-action" is targeted to be used with dynamic
states. When rule with this opcode is matched, the rule's action will
not be executed, instead dynamic state will be created. And when this
state will be matched by "check-state", then rule action will be executed.
This allows create a more complicated rulesets.

Submitted by: lev
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D1776

sbin/ipfw/ipfw.8		diff \| blob \| history
sbin/ipfw/ipfw2.c		diff \| blob \| history
sbin/ipfw/ipfw2.h		diff \| blob \| history
sys/netinet/ip_fw.h		diff \| blob \| history
sys/netpfil/ipfw/ip_fw2.c		diff \| blob \| history
sys/netpfil/ipfw/ip_fw_sockopt.c		diff \| blob \| history