PF PICKUPS patch #1

Matthew Dillon dillon at apollo.backplane.com
Mon Apr 7 10:08:43 PDT 2008


    This is kinda a rollup patch, it also includes the caching of the
    hash calculation in the state structure.  The rest of the FAIRQ stuff
    has already been committed so it doesn't include that.

	fetch http://apollo.backplane.com/DFlyMisc/pickups01.patch

    The rules are: for all state control adopted the OpenBSD S/SA default,
    but modified according to the new options:  no-pickups implies S/SA.
    pickups and hash-only imply no flag restrictions.


    The patch includes:

    * Caching the hash calculation in the state structure.

    * New state options:  pickups, no-pickups, and hash-only.  Please
      note that dashes in the names ('no-pickups' instead of 'nopickups').
      It seemed to be the way the rest of the language went so I changed
      it.

    * Manual page adjustments.

    * Indication in pfctl -s queue -v -v output as to whether the TCP
      state is determinant or not.

    * Some other minor code adjustments that may or may not apply to
      FreeBSD.

    * The fragment check adjustment (obviously doesn't apply to FreeBSD
      since you already have it).

    This patch isn't quite final, there's still a bit more work to do
    including putting together a more robust example in the manual.  But
    I did some basic tests and it appears to work.  I am going to load it
    up on my router today.

						-Matt






More information about the Kernel mailing list