Page MenuHomeFreeBSD

[ipfw] Migrate ipfw to 32-bit size rule numbers
Needs ReviewPublic

Authored by ae on Jul 30 2024, 8:42 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Sep 24, 8:36 AM
Unknown Object (File)
Tue, Sep 24, 8:35 AM
Unknown Object (File)
Mon, Sep 23, 2:08 AM
Unknown Object (File)
Wed, Sep 18, 3:29 AM
Unknown Object (File)
Sep 9 2024, 3:53 AM
Unknown Object (File)
Sep 8 2024, 3:59 PM
Unknown Object (File)
Sep 7 2024, 4:48 PM
Unknown Object (File)
Sep 7 2024, 4:09 PM

Details

Reviewers
melifaro
glebius
Group Reviewers
network
Summary
o Convert rule numbers and named object indexes to 32-bit
o Convert O_SKIPTO and O_CALL opcodes to use 32-bit rulenum.
o Convert O_CALL's stack and skipto code to handle 32-bit rulenums.
o Add ability to grow maximum number of rules up to IPFW_DEFAULT_RULE.
o Bump default sockopt's version from 0 to 1.
o Convert dynamic states code to use 32-bit rulenums.
o Convert eaction code to use 32-bit types.
o Convert all eaction modules to use 32-bit types.
o Modify ipfw_dyn_rule type and remove all legacy fields.
o Retire FreeBSD 7-11 rule format support.
o Implement "lookup rulenum" opcode.
o Implement table value matching for specific value type in `table(name,valtype=value)' opcode
o Add ability to specify return point from O_CALLRETURN opcode.
o Add "lookup", "tagged" keywords to list of reserverd words to avoid name to port resolving.
o Add ability to generate rtsock messages with log rules
o Add ability to log to specified dst: syslog, rtsock, ipfw0
o Add insntod() and insntoc() macros
o Add ability to keep NAT64LSN states during sets swapping
o Fix several races in NAT64LSN
o Add IP_FW_SKIPTO_CACHE sockopt to enable/disable skipto cache

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 58912
Build 55799: arc lint + arc unit

Event Timeline

ae held this revision as a draft.
ae published this revision for review.Jul 30 2024, 9:06 AM
ae edited the summary of this revision. (Show Details)
ae added a reviewer: glebius.
  • Document some features, also reduce the diff.
  • Document some features, also reduce the diff.
  • Fix bug in mac:radix table: lookup addr doesn't work due to wrong args order in memcpy