| ip_fw_dynamic.c (215317) | ip_fw_dynamic.c (215701) |
|---|---|
| 1/*- 2 * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 10 unchanged lines hidden (view full) --- 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 */ 25 26#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 10 unchanged lines hidden (view full) --- 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 */ 25 26#include <sys/cdefs.h> |
| 27__FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw_dynamic.c 215317 2010-11-14 20:38:11Z dim $"); | 27__FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw_dynamic.c 215701 2010-11-22 19:32:54Z dim $"); |
| 28 29#define DEB(x) 30#define DDB(x) x 31 32/* 33 * Dynamic rule support for ipfw 34 */ 35 --- 77 unchanged lines hidden (view full) --- 113 * There are some limitations with dynamic rules -- we do not 114 * obey the 'randomized match', and we do not do multiple 115 * passes through the firewall. XXX check the latter!!! 116 */ 117 118/* 119 * Static variables followed by global ones 120 */ | 28 29#define DEB(x) 30#define DDB(x) x 31 32/* 33 * Dynamic rule support for ipfw 34 */ 35 --- 77 unchanged lines hidden (view full) --- 113 * There are some limitations with dynamic rules -- we do not 114 * obey the 'randomized match', and we do not do multiple 115 * passes through the firewall. XXX check the latter!!! 116 */ 117 118/* 119 * Static variables followed by global ones 120 */ |
| 121STATIC_VNET_DEFINE(ipfw_dyn_rule **, ipfw_dyn_v); 122STATIC_VNET_DEFINE(u_int32_t, dyn_buckets); 123STATIC_VNET_DEFINE(u_int32_t, curr_dyn_buckets); 124STATIC_VNET_DEFINE(struct callout, ipfw_timeout); | 121static VNET_DEFINE(ipfw_dyn_rule **, ipfw_dyn_v); 122static VNET_DEFINE(u_int32_t, dyn_buckets); 123static VNET_DEFINE(u_int32_t, curr_dyn_buckets); 124static VNET_DEFINE(struct callout, ipfw_timeout); |
| 125#define V_ipfw_dyn_v VNET(ipfw_dyn_v) 126#define V_dyn_buckets VNET(dyn_buckets) 127#define V_curr_dyn_buckets VNET(curr_dyn_buckets) 128#define V_ipfw_timeout VNET(ipfw_timeout) 129 130static uma_zone_t ipfw_dyn_rule_zone; 131#ifndef __FreeBSD__ 132DEFINE_SPINLOCK(ipfw_dyn_mtx); --- 12 unchanged lines hidden (view full) --- 145ipfw_dyn_unlock(void) 146{ 147 IPFW_DYN_UNLOCK(); 148} 149 150/* 151 * Timeouts for various events in handing dynamic rules. 152 */ | 125#define V_ipfw_dyn_v VNET(ipfw_dyn_v) 126#define V_dyn_buckets VNET(dyn_buckets) 127#define V_curr_dyn_buckets VNET(curr_dyn_buckets) 128#define V_ipfw_timeout VNET(ipfw_timeout) 129 130static uma_zone_t ipfw_dyn_rule_zone; 131#ifndef __FreeBSD__ 132DEFINE_SPINLOCK(ipfw_dyn_mtx); --- 12 unchanged lines hidden (view full) --- 145ipfw_dyn_unlock(void) 146{ 147 IPFW_DYN_UNLOCK(); 148} 149 150/* 151 * Timeouts for various events in handing dynamic rules. 152 */ |
| 153STATIC_VNET_DEFINE(u_int32_t, dyn_ack_lifetime); 154STATIC_VNET_DEFINE(u_int32_t, dyn_syn_lifetime); 155STATIC_VNET_DEFINE(u_int32_t, dyn_fin_lifetime); 156STATIC_VNET_DEFINE(u_int32_t, dyn_rst_lifetime); 157STATIC_VNET_DEFINE(u_int32_t, dyn_udp_lifetime); 158STATIC_VNET_DEFINE(u_int32_t, dyn_short_lifetime); | 153static VNET_DEFINE(u_int32_t, dyn_ack_lifetime); 154static VNET_DEFINE(u_int32_t, dyn_syn_lifetime); 155static VNET_DEFINE(u_int32_t, dyn_fin_lifetime); 156static VNET_DEFINE(u_int32_t, dyn_rst_lifetime); 157static VNET_DEFINE(u_int32_t, dyn_udp_lifetime); 158static VNET_DEFINE(u_int32_t, dyn_short_lifetime); |
| 159 160#define V_dyn_ack_lifetime VNET(dyn_ack_lifetime) 161#define V_dyn_syn_lifetime VNET(dyn_syn_lifetime) 162#define V_dyn_fin_lifetime VNET(dyn_fin_lifetime) 163#define V_dyn_rst_lifetime VNET(dyn_rst_lifetime) 164#define V_dyn_udp_lifetime VNET(dyn_udp_lifetime) 165#define V_dyn_short_lifetime VNET(dyn_short_lifetime) 166 167/* 168 * Keepalives are sent if dyn_keepalive is set. They are sent every 169 * dyn_keepalive_period seconds, in the last dyn_keepalive_interval 170 * seconds of lifetime of a rule. 171 * dyn_rst_lifetime and dyn_fin_lifetime should be strictly lower 172 * than dyn_keepalive_period. 173 */ 174 | 159 160#define V_dyn_ack_lifetime VNET(dyn_ack_lifetime) 161#define V_dyn_syn_lifetime VNET(dyn_syn_lifetime) 162#define V_dyn_fin_lifetime VNET(dyn_fin_lifetime) 163#define V_dyn_rst_lifetime VNET(dyn_rst_lifetime) 164#define V_dyn_udp_lifetime VNET(dyn_udp_lifetime) 165#define V_dyn_short_lifetime VNET(dyn_short_lifetime) 166 167/* 168 * Keepalives are sent if dyn_keepalive is set. They are sent every 169 * dyn_keepalive_period seconds, in the last dyn_keepalive_interval 170 * seconds of lifetime of a rule. 171 * dyn_rst_lifetime and dyn_fin_lifetime should be strictly lower 172 * than dyn_keepalive_period. 173 */ 174 |
| 175STATIC_VNET_DEFINE(u_int32_t, dyn_keepalive_interval); 176STATIC_VNET_DEFINE(u_int32_t, dyn_keepalive_period); 177STATIC_VNET_DEFINE(u_int32_t, dyn_keepalive); | 175static VNET_DEFINE(u_int32_t, dyn_keepalive_interval); 176static VNET_DEFINE(u_int32_t, dyn_keepalive_period); 177static VNET_DEFINE(u_int32_t, dyn_keepalive); |
| 178 179#define V_dyn_keepalive_interval VNET(dyn_keepalive_interval) 180#define V_dyn_keepalive_period VNET(dyn_keepalive_period) 181#define V_dyn_keepalive VNET(dyn_keepalive) 182 | 178 179#define V_dyn_keepalive_interval VNET(dyn_keepalive_interval) 180#define V_dyn_keepalive_period VNET(dyn_keepalive_period) 181#define V_dyn_keepalive VNET(dyn_keepalive) 182 |
| 183STATIC_VNET_DEFINE(u_int32_t, dyn_count); /* # of dynamic rules */ 184STATIC_VNET_DEFINE(u_int32_t, dyn_max); /* max # of dynamic rules */ | 183static VNET_DEFINE(u_int32_t, dyn_count); /* # of dynamic rules */ 184static VNET_DEFINE(u_int32_t, dyn_max); /* max # of dynamic rules */ |
| 185 186#define V_dyn_count VNET(dyn_count) 187#define V_dyn_max VNET(dyn_max) 188 189#ifdef SYSCTL_NODE 190 191SYSBEGIN(f2) 192 --- 1048 unchanged lines hidden --- | 185 186#define V_dyn_count VNET(dyn_count) 187#define V_dyn_max VNET(dyn_max) 188 189#ifdef SYSCTL_NODE 190 191SYSBEGIN(f2) 192 --- 1048 unchanged lines hidden --- |