Hide the locking logic used in the dynamic states implementation from ip_fw2.c.
Rename ipfw_install_state() and ipfw_lookup_dyn_rule() function to have similar names:
ipfw_dyn_install_state() and ipfw_dyn_lookup_state(). Remove ipfw_dyn_unlock() function.
Move dynamic rule counters update to the ipfw_dyn_lookup_state() function.
Now this function return NULL when there is no state, and pointer to the parent rule, when state is found. So now there is no need to return pointer to dynamic rule, and no need to hold bucket lock for this state.
In the lookup_dyn_rule_locked() add check that address family of pkt matches address family of state entry that is being checked.
Details
Details
- Reviewers
melifaro - Commits
- rS326118: Modify ipfw's dynamic states KPI.
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 10565 Build 10972: arc lint + arc unit