upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-12 10:10:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sbin/ipfw
History
Andrey V. Elsukov 4a77657cbc ipfw: migrate ipfw to 32-bit size rule numbers 
This changes ABI due to the changed opcodes and includes the
following:
 * rule numbers and named object indexes converted to 32-bits
 * all hardcoded maximum rule number was replaced with
   IPFW_DEFAULT_RULE macro
 * now it is possible to grow maximum numbers or rules in
   build time
 * several opcodes converted to ipfw_insn_u32 to keep rulenum:
   O_CALL, O_SKIPTO
 * call stack modified to keep u32 rulenum. The behaviour of
   O_CALL opcode was changed to avoid possible packets looping.
   Now when call stack is overflowed or mbuf tag allocation
   failed, a packet will be dropped instead of skipping to next
   rule.
 * 'return' action now have two modes to specify return point:
   'next-rulenum' and 'next-rule'
 * new lookup key added for O_IP_DST_LOOKUP opcode 'lookup rulenum'
 * several opcodes converted to keep u32 named object indexes
   in special structure ipfw_insn_kidx
 * tables related opcodes modified to use two structures:
   ipfw_insn_kidx and ipfw_insn_table
 * added ability for table value matching for specific value type
   in 'table(name,valtype=value)' opcode
 * dynamic states and eaction code converted to use u32 rulenum
   and named objects indexes
 * added insntod() and insntoc() macros to cast to specific
   ipfw instruction type
 * default sockopt version was changed to IP_FW3_OPVER=1
 * FreeBSD 7-11 rule format support was removed
 * added ability to generate special rtsock messages via log opcode
 * added IP_FW_SKIPTO_CACHE sockopt to enable/disable skipto cache.
   It helps to reduce overhead when many rules are modified in batch.
 * added ability to keep NAT64LSN states during sets swapping

Obtained from:	Yandex LLC
Relnotes:	yes
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D46183
2025-03-03 21:15:17 +03:00
..
tests ipfw: add state/comment tests 2023-06-16 07:24:19 +00:00
altq.c Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
dummynet.c ipfw: Use nitems(foo) instead of sizeof(foo)/sizeof(foo[0]) 2024-04-28 21:30:55 -06:00
ipfw.8 ipfw: migrate ipfw to 32-bit size rule numbers 2025-03-03 21:15:17 +03:00
ipfw2.c ipfw: migrate ipfw to 32-bit size rule numbers 2025-03-03 21:15:17 +03:00
ipfw2.h ipfw: migrate ipfw to 32-bit size rule numbers 2025-03-03 21:15:17 +03:00
ipv6.c Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
main.c ipfw : Enable support for EIM NAT 2024-12-06 09:18:09 +00:00
Makefile Remove residual blank line at start of Makefile 2024-07-15 16:43:39 -06:00
Makefile.depend Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
nat.c ipfw : Enable support for EIM NAT 2024-12-06 09:18:09 +00:00
nat64clat.c sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:23:59 -07:00
nat64lsn.c ipfw: migrate ipfw to 32-bit size rule numbers 2025-03-03 21:15:17 +03:00
nat64stl.c sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:23:59 -07:00
nptv6.c sbin: Automated cleanup of cdefs and other formatting 2023-11-26 22:23:59 -07:00
tables.c ipfw: migrate ipfw to 32-bit size rule numbers 2025-03-03 21:15:17 +03:00