PF PICKUPS patch #1
Matthew Dillon
dillon at apollo.backplane.com
Mon Apr 7 10:08:43 PDT 2008
This is kinda a rollup patch, it also includes the caching of the
hash calculation in the state structure. The rest of the FAIRQ stuff
has already been committed so it doesn't include that.
fetch http://apollo.backplane.com/DFlyMisc/pickups01.patch
The rules are: for all state control adopted the OpenBSD S/SA default,
but modified according to the new options: no-pickups implies S/SA.
pickups and hash-only imply no flag restrictions.
The patch includes:
* Caching the hash calculation in the state structure.
* New state options: pickups, no-pickups, and hash-only. Please
note that dashes in the names ('no-pickups' instead of 'nopickups').
It seemed to be the way the rest of the language went so I changed
it.
* Manual page adjustments.
* Indication in pfctl -s queue -v -v output as to whether the TCP
state is determinant or not.
* Some other minor code adjustments that may or may not apply to
FreeBSD.
* The fragment check adjustment (obviously doesn't apply to FreeBSD
since you already have it).
This patch isn't quite final, there's still a bit more work to do
including putting together a more robust example in the manual. But
I did some basic tests and it appears to work. I am going to load it
up on my router today.
-Matt
More information about the Kernel
mailing list