diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-07-09 11:35:18 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-07-09 11:35:18 +0000 |
| commit | f7c4fdee1af6c18aecf374bf797ffa27d33c6789 (patch) | |
| tree | 3927c2067701f855536553ccdf5d714ed6717f8b /sbin/ipfw/ipfw2.h | |
| parent | 98a8fdf6dac8aa5c28a3ac6640a1020bbd7a28da (diff) | |
| download | src-f7c4fdee1af6c18aecf374bf797ffa27d33c6789.tar.gz src-f7c4fdee1af6c18aecf374bf797ffa27d33c6789.zip | |
Add "record-state", "set-limit" and "defer-action" rule options to ipfw.
"record-state" is similar to "keep-state", but it doesn't produce implicit
O_PROBE_STATE opcode in a rule. "set-limit" is like "limit", but it has the
same feature as "record-state", it is single opcode without implicit
O_PROBE_STATE opcode. "defer-action" is targeted to be used with dynamic
states. When rule with this opcode is matched, the rule's action will
not be executed, instead dynamic state will be created. And when this
state will be matched by "check-state", then rule action will be executed.
This allows create a more complicated rulesets.
Submitted by: lev
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D1776
Notes
Notes:
svn path=/head/; revision=336132
Diffstat (limited to 'sbin/ipfw/ipfw2.h')
| -rw-r--r-- | sbin/ipfw/ipfw2.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw2.h b/sbin/ipfw/ipfw2.h index 6834d411f36c..6f1481001861 100644 --- a/sbin/ipfw/ipfw2.h +++ b/sbin/ipfw/ipfw2.h @@ -124,7 +124,9 @@ enum tokens { TOK_JAIL, TOK_IN, TOK_LIMIT, + TOK_SETLIMIT, TOK_KEEPSTATE, + TOK_RECORDSTATE, TOK_LAYER2, TOK_OUT, TOK_DIVERTED, @@ -294,6 +296,8 @@ enum tokens { TOK_PREFIXLEN, TOK_TCPSETMSS, + + TOK_SKIPACTION, }; /* |