CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	ae <ae@FreeBSD.org>
	Wed, 8 Aug 2018 16:11:46 +0000 (16:11 +0000)
committer	ae <ae@FreeBSD.org>
	Wed, 8 Aug 2018 16:11:46 +0000 (16:11 +0000)
commit	51ad3e57521117486fac82f8aede8b36e6dd1d9b
tree	a6851f50a2161ba113779a649cc7630fb4fd8f82	tree \| snapshot
parent	efaaa5d64a386bda529b430d612d333e2737ca97	commit \| diff

MFC r336132:
  Add "record-state", "set-limit" and "defer-action" rule options to ipfw.

  "record-state" is similar to "keep-state", but it doesn't produce implicit
  O_PROBE_STATE opcode in a rule. "set-limit" is like "limit", but it has the
  same feature as "record-state", it is single opcode without implicit
  O_PROBE_STATE opcode. "defer-action" is targeted to be used with dynamic
  states. When rule with this opcode is matched, the rule's action will
  not be executed, instead dynamic state will be created. And when this
  state will be matched by "check-state", then rule action will be executed.
  This allows create a more complicated rulesets.

  Submitted by: lev

sbin/ipfw/ipfw.8		diff \| blob \| history
sbin/ipfw/ipfw2.c		diff \| blob \| history
sbin/ipfw/ipfw2.h		diff \| blob \| history
sys/netinet/ip_fw.h		diff \| blob \| history
sys/netpfil/ipfw/ip_fw2.c		diff \| blob \| history
sys/netpfil/ipfw/ip_fw_sockopt.c		diff \| blob \| history