cvs commit: src/sys/net/ipfw ip_fw2.c

Sepherosa Ziehau sephe at
Fri Aug 8 23:10:49 PDT 2008

sephe       2008/08/08 23:09:18 PDT

DragonFly src repository

  Modified files:
    sys/net/ipfw         ip_fw2.c 
  ipfw(4) parallelize stage 1, step 1/2: lock dynamic rule table
  - Looking up dynamic rule is protected by shared lockmgr lock, add comment in
    the dynamic rule description comment section.  Following related changes are
    o  In lookup_dyn_rule(), don't try to delete expired states or move the
       state to the head of hash bucket.
    o  Expired states will be reaped in ipfw_tick().  Exclusive lockmgr lock is
       held when iterating dynamic rules in ipfw_tick().
  - Installing and deleting dynamic rules are protected by exclusive lockmgr lock.
  - Add lookup_rule(), which returns static rule ptr saved in dynamic rule.  This
    function is added mainly because accessing dynamic rule outside of lockmgr
    lock is unsafe.
  - Add static ruleset generation, so that we could check whether static ruleset
    was changed or not after blocking operation (e.g. try to hold lockmgr lock)
    during static ruleset iteration.  If static ruleset was changed, the static
    rulset iteration would be terminated and the packet being checked would be
    denied/dropped without further static rule accessing (e.g. stats updating).
  - Add sysctl functions to make sure that user supplied values are in sane state.
  Revision  Changes    Path
  1.67      +263 -94   src/sys/net/ipfw/ip_fw2.c

More information about the Commits mailing list