o Convert rule numbers and named object indexes to 32-bit o Convert O_SKIPTO and O_CALL opcodes to use 32-bit rulenum. o Convert O_CALL's stack and skipto code to handle 32-bit rulenums. o Add ability to grow maximum number of rules up to IPFW_DEFAULT_RULE. o Bump default sockopt's version from 0 to 1. o Convert dynamic states code to use 32-bit rulenums. o Convert eaction code to use 32-bit types. o Convert all eaction modules to use 32-bit types. o Modify ipfw_dyn_rule type and remove all legacy fields. o Retire FreeBSD 7-11 rule format support. o Implement "lookup rulenum" opcode. o Implement table value matching for specific value type in `table(name,valtype=value)' opcode o Add ability to specify return point from O_CALLRETURN opcode. o Add "lookup", "tagged" keywords to list of reserverd words to avoid name to port resolving. o Add ability to generate rtsock messages with log rules o Add ability to log to specified dst: syslog, rtsock, ipfw0 o Add insntod() and insntoc() macros o Add ability to keep NAT64LSN states during sets swapping o Fix several races in NAT64LSN o Add IP_FW_SKIPTO_CACHE sockopt to enable/disable skipto cache
Details
Details
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 58888 Build 55775: arc lint + arc unit
Event Timeline
Comment Actions
- Document some features, also reduce the diff.
- Fix bug in mac:radix table: lookup addr doesn't work due to wrong args order in memcpy
Comment Actions
- Rebase
- Document some features, also reduce the diff.
- Fix skipto/call arguments parsing.
- Fix mismerged reass/return opcodes
- Fix ipfw32 opcode version for NAT44 opcodes.
- ipfw: rework call action to drop packets on errors
Comment Actions
I'm not really qualified to give a firm "yes!" on this, but I'd just like to pipe in and say thanks for doing this, this is awesome and sorely needed. :-)