K 10
svn:author
V 2
ae
K 8
svn:date
V 27
2017-11-30T07:42:56.697797Z
K 7
svn:log
V 1324
MFC r326086:
  Add ipfw_add_protected_rule() function that creates rule with 65535
  number in the reserved set 31. Use this function to create default rule.

MFC r326115:
  Rework rule ranges matching. Use comparison rule id with UINT32_MAX to
  match all rules with the same rule number.

MFC r326116:
  Move ipfw_send_pkt() from ip_fw_dynamic.c into ip_fw2.c.
  It is not specific for dynamic states function and called also from
  generic code.

MFC r326117:
  Check that address family of state matches address family of packet.
  If it is not matched avoid comparing other state fields.

MFC r326118:
  Modify ipfw's dynamic states KPI.

  Hide the locking logic used in the dynamic states implementation from
  generic code. Rename ipfw_install_state() and ipfw_lookup_dyn_rule()
  function to have similar names: ipfw_dyn_install_state() and
  ipfw_dyn_lookup_state(). Move dynamic rule counters updating to the
  ipfw_dyn_lookup_state() function. Now this function return NULL when
  there is no state and pointer to the parent rule when state is found.
  Thus now there is no need to return pointer to dynamic rule, and no need
  to hold bucket lock for this state. Remove ipfw_dyn_unlock() function.

  Differential Revision:	https://reviews.freebsd.org/D11657

Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC

END