diff options
author | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-12-04 16:12:43 +0000 |
---|---|---|
committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-12-04 16:12:43 +0000 |
commit | d66f9c86fa3fd8d8f0a56ea96b03ca11f2fac1fb (patch) | |
tree | 0315ee86648d11c7484394ebdf189819d9c638a1 /sys/netinet | |
parent | cefe3d67e29b9d9321a0677cc565d8c05c230d82 (diff) | |
download | src-d66f9c86fa3fd8d8f0a56ea96b03ca11f2fac1fb.tar.gz src-d66f9c86fa3fd8d8f0a56ea96b03ca11f2fac1fb.zip |
Add ability to request listing and deleting only for dynamic states.
This can be useful, when net.inet.ip.fw.dyn_keep_states is enabled, but
after rules reloading some state must be deleted. Added new flag '-D'
for such purpose.
Retire '-e' flag, since there can not be expired states in the meaning
that this flag historically had.
Also add "verbose" mode for listing of dynamic states, it can be enabled
with '-v' flag and adds additional information to states list. This can
be useful for debugging.
Obtained from: Yandex LLC
MFC after: 2 months
Sponsored by: Yandex LLC
Notes
Notes:
svn path=/head/; revision=341472
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_fw.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index e49b9ad9c6c6..41351215f96e 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -708,6 +708,7 @@ struct _ipfw_dyn_rule { u_int32_t state; /* state of this rule (typically a * combination of TCP flags) */ +#define IPFW_DYN_ORPHANED 0x40000 /* state's parent rule was deleted */ u_int32_t ack_fwd; /* most recent ACKs in forward */ u_int32_t ack_rev; /* and reverse directions (used */ /* to generate keepalives) */ @@ -938,9 +939,10 @@ typedef struct _ipfw_range_tlv { #define IPFW_RCFLAG_RANGE 0x01 /* rule range is set */ #define IPFW_RCFLAG_ALL 0x02 /* match ALL rules */ #define IPFW_RCFLAG_SET 0x04 /* match rules in given set */ +#define IPFW_RCFLAG_DYNAMIC 0x08 /* match only dynamic states */ /* User-settable flags */ #define IPFW_RCFLAG_USER (IPFW_RCFLAG_RANGE | IPFW_RCFLAG_ALL | \ - IPFW_RCFLAG_SET) + IPFW_RCFLAG_SET | IPFW_RCFLAG_DYNAMIC) /* Internally used flags */ #define IPFW_RCFLAG_DEFAULT 0x0100 /* Do not skip defaul rule */ |