From owner-freebsd-ipfw@FreeBSD.ORG Wed Feb 4 09:24:47 2015 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 08C1C5F9; Wed, 4 Feb 2015 09:24:47 +0000 (UTC) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id 56CD73EE; Wed, 4 Feb 2015 09:24:46 +0000 (UTC) Received: from [IPv6:2001:470:923f:2:c806:d810:44dc:8c6f] (unknown [IPv6:2001:470:923f:2:c806:d810:44dc:8c6f]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id 2185A5C002; Wed, 4 Feb 2015 12:24:36 +0300 (MSK) Message-ID: <54D1E558.1010700@FreeBSD.org> Date: Wed, 04 Feb 2015 12:24:40 +0300 From: Lev Serebryakov Reply-To: lev@FreeBSD.org Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-ipfw , freebsd-net Subject: [RFC][patch] New "keep-state-only" option (version 3) References: <54D0F39B.4070707@FreeBSD.org> <54D0FD9B.5000108@FreeBSD.org> In-Reply-To: <54D0FD9B.5000108@FreeBSD.org> Content-Type: multipart/mixed; boundary="------------020107060303090503050300" Cc: julian@freebsd.org, melifaro@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Feb 2015 09:24:47 -0000 This is a multi-part message in MIME format. --------------020107060303090503050300 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03.02.2015 19:55, Lev Serebryakov wrote: >> Ok, "allow-state"/"deny-state" was very limited idea. Here is >> more universal mechanism: new "keep-state-only" (aliased as >> "record-only") option, which works exactly as "keep-state" BUT >> cancel match of rule after state creation. It allows to write >> stateful + nat firewall as easy as: > To work as expected, "keep-state-only" should not imply > "check-state" in opposite to "keep-state". Re-installation of state (with second, third, etc... packet of connection) should update TCP state of state (sorry!), or it will die in 10 seconds. This version seems to be final (apart from name of new option!). It works perfectly on my router with 2 uplink ISPs. - -- // Lev Serebryakov AKA Black Lion -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJU0eVYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePOD0P/RwpwF9yMUjyAj/KZnphr/0Y aXHM040qIocIUqnxH7T/vwdhm2w3Zciry8hwXp9f+r2bTIe8+tTn8OwaJ0M/Wp1j QBPxW+rjw49hy3rf2eIQbgX7nTwdIZo7YDnT82Kqtje1mImTBR4qdFcSStJac4hE dJsbpzC6raHUuE8h5V5pWPV/m/OQebK3P5CZzBKKpVTMCX3nVsTnff9qf9L1A0Jd q4KYfOv+NJBaB8G6vJhDHjcqtzGfEJBmYL8kOAslYhlUuyYe+iAhyGFbcUBsXwk8 /dqBalUL2iewFaZppszYZ0rTpVOfA4fOV0ECbVmpcw36uocrC2iOEpBl0WRIy+TM HYIMkIeubF9IT24CwMwiriONpppl8MGynCmL9hyMgu+HiuvHZ/C/vYcVV9/DHFGB iKkNe9QjX34anP6qVvEvHHmuv26PO7eq7hkdK2PZNlA9dwwNHehN8xG3DxB9N8gG MPRGtM8yH/C/FXpqKmHoqj6shMGQCSfmZKPfJ0D49Rze8tSjo7kZaSmaELJAjmsc xLv5umEAg7gym54bMhv8As2lXHnyeDp3uJz6glM72cmtBM5/n8N7NLk6Xga+8eM3 cZ122dgOqzGpts9TqCGWmTRW+f2Y8hLukzIjOLdzlqLPfQmXVn9pOWmqo9OKHdvD we0uYcnte/iSltopkVuG =muco -----END PGP SIGNATURE----- --------------020107060303090503050300 Content-Type: text/plain; charset=windows-1251; name="ipfw-state-only-v3.diff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ipfw-state-only-v3.diff" SW5kZXg6IHNiaW4vaXBmdy9pcGZ3LjgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc2Jpbi9pcGZ3L2lw ZncuOAkocmV2aXNpb24gMjc4MTUxKQorKysgc2Jpbi9pcGZ3L2lwZncuOAkod29ya2luZyBj b3B5KQpAQCAtMTY2LDcgKzE2Niw4IEBACiBkZXBlbmRpbmcgb24gaG93IHRoZSBrZXJuZWwg aXMgY29uZmlndXJlZC4KIC5QcAogSWYgdGhlIHJ1bGVzZXQgaW5jbHVkZXMgb25lIG9yIG1v cmUgcnVsZXMgd2l0aCB0aGUKLS5DbSBrZWVwLXN0YXRlCisuQ20ga2VlcC1zdGF0ZSAsCisu Q20ga2VlcC1zdGF0ZS1vbmx5CiBvcgogLkNtIGxpbWl0CiBvcHRpb24sCkBAIC01ODIsNyAr NTgzLDggQEAKIHBhY2tldCBkZWxpdmVyeS4KIC5QcAogTm90ZTogdGhpcyBjb25kaXRpb24g aXMgY2hlY2tlZCBiZWZvcmUgYW55IG90aGVyIGNvbmRpdGlvbiwgaW5jbHVkaW5nCi1vbmVz IHN1Y2ggYXMga2VlcC1zdGF0ZSBvciBjaGVjay1zdGF0ZSB3aGljaCBtaWdodCBoYXZlIHNp ZGUgZWZmZWN0cy4KK29uZXMgc3VjaCBhcyBrZWVwLXN0YXRlLCBrZWVwLXN0YXQtb25seSBv ciBjaGVjay1zdGF0ZSB3aGljaCBtaWdodCBoYXZlCitzaWRlIGVmZmVjdHMuCiAuSXQgQ20g bG9nIE9wIENtIGxvZ2Ftb3VudCBBciBudW1iZXIKIFBhY2tldHMgbWF0Y2hpbmcgYSBydWxl IHdpdGggdGhlCiAuQ20gbG9nCkBAIC0xNTgzLDYgKzE1ODUsMTggQEAKIC5YciBzeXNjdGwg OAogdmFyaWFibGVzKSwgYW5kIHRoZSBsaWZldGltZSBpcyByZWZyZXNoZWQgZXZlcnkgdGlt ZSBhIG1hdGNoaW5nCiBwYWNrZXQgaXMgZm91bmQuCisuSXQgQ20ga2VlcC1zdGF0ZS1vbmx5 IHwgcmVjb3JkLW9ubHkKK1Vwb24gYSBtYXRjaCwgdGhlIGZpcmV3YWxsIHdpbGwgY3JlYXRl IGEgZHluYW1pYyBydWxlIGFzIGlmCisuQ20ga2VlcC1zdGF0ZQord2FzIHNwZWNpZmllZCwg YnV0IGFmdGVyIHRoYXQgbWF0Y2ggaXMgY2FuY2VsbGVkIGFuZCB0aGUgc2VhcmNoCitjb250 aW51ZXMgd2l0aCB0aGUgbmV4dCBydWxlLgorT24gZHluYW1pYyBydWxlIG1hdGNoIGFjdGlv biwgc3BlY2lmaWVkIGluIHRoaXMgcnVsZSwKK3BlcmZvcm1lZCBhcyBpZiBydWxlIGNvbnRh aW5zCisuQ20ga2VlcC1zdGF0ZSAuCitUaGlzIG9wdGlvbiBkb2Vzbid0IGFjdCBhcworLkNt IGNoZWNrLXN0YXRlCitpbiBjb250cmFzdCB0bworLkNtIGtlZXAtc3RhdGUgLgogLkl0IENt IGxheWVyMgogTWF0Y2hlcyBvbmx5IGxheWVyMiBwYWNrZXRzLCBpLmUuLCB0aG9zZSBwYXNz ZWQgdG8KIC5ObQpJbmRleDogc2Jpbi9pcGZ3L2lwZncyLmMKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g c2Jpbi9pcGZ3L2lwZncyLmMJKHJldmlzaW9uIDI3ODE1MSkKKysrIHNiaW4vaXBmdy9pcGZ3 Mi5jCSh3b3JraW5nIGNvcHkpCkBAIC0yOTIsNiArMjkyLDggQEAKIAl7ICJpbiIsCQkJVE9L X0lOIH0sCiAJeyAibGltaXQiLAkJVE9LX0xJTUlUIH0sCiAJeyAia2VlcC1zdGF0ZSIsCQlU T0tfS0VFUFNUQVRFIH0sCisJeyAicmVjb3JkLXN0YXRlIiwJVE9LX1NUQVRFX09OTFkgfSwK Kwl7ICJrZWVwLXN0YXRlLW9ubHkiLAlUT0tfU1RBVEVfT05MWSB9LAogCXsgImJyaWRnZWQi LAkJVE9LX0xBWUVSMiB9LAogCXsgImxheWVyMiIsCQlUT0tfTEFZRVIyIH0sCiAJeyAib3V0 IiwJCVRPS19PVVQgfSwKQEAgLTE5OTMsNiArMTk5NSwxMCBAQAogCQkJCWJwcmludGYoYnAs ICIga2VlcC1zdGF0ZSIpOwogCQkJCWJyZWFrOwogCisJCQljYXNlIE9fU1RBVEVfT05MWToK KwkJCQlicHJpbnRmKGJwLCAiIGtlZXAtc3RhdGUtb25seSIpOworCQkJCWJyZWFrOworCiAJ CQljYXNlIE9fTElNSVQ6IHsKIAkJCQlzdHJ1Y3QgX3NfeCAqcCA9IGxpbWl0X21hc2tzOwog CQkJCWlwZndfaW5zbl9saW1pdCAqYyA9IChpcGZ3X2luc25fbGltaXQgKiljbWQ7CkBAIC00 MzM1LDE0ICs0MzQxLDE2IEBACiAJCQlicmVhazsKIAogCQljYXNlIFRPS19LRUVQU1RBVEU6 CisJCWNhc2UgVE9LX1NUQVRFX09OTFk6CiAJCQlpZiAob3Blbl9wYXIpCi0JCQkJZXJyeChF WF9VU0FHRSwgImtlZXAtc3RhdGUgY2Fubm90IGJlIHBhcnQgIgorCQkJCWVycngoRVhfVVNB R0UsICJrZWVwLXN0YXRlIG9yIGtlZXAtc3RhdGUtb25seSBjYW5ub3QgYmUgcGFydCAiCiAJ CQkJICAgICJvZiBhbiBvciBibG9jayIpOwogCQkJaWYgKGhhdmVfc3RhdGUpCiAJCQkJZXJy eChFWF9VU0FHRSwgIm9ubHkgb25lIG9mIGtlZXAtc3RhdGUgIgogCQkJCQkiYW5kIGxpbWl0 IGlzIGFsbG93ZWQiKTsKIAkJCWhhdmVfc3RhdGUgPSBjbWQ7Ci0JCQlmaWxsX2NtZChjbWQs IE9fS0VFUF9TVEFURSwgMCwgMCk7CisJCQlmaWxsX2NtZChjbWQsIGkgPT0gVE9LX0tFRVBT VEFURSA/CisJCQkJT19LRUVQX1NUQVRFIDogT19TVEFURV9PTkxZLCAwLCAwKTsKIAkJCWJy ZWFrOwogCiAJCWNhc2UgVE9LX0xJTUlUOiB7CkBAIC00NTgwLDEyICs0NTg4LDEzIEBACiAJ LyoKIAkgKiBnZW5lcmF0ZSBPX1BST0JFX1NUQVRFIGlmIG5lY2Vzc2FyeQogCSAqLwotCWlm IChoYXZlX3N0YXRlICYmIGhhdmVfc3RhdGUtPm9wY29kZSAhPSBPX0NIRUNLX1NUQVRFKSB7 CisJaWYgKGhhdmVfc3RhdGUgJiYgaGF2ZV9zdGF0ZS0+b3Bjb2RlICE9IE9fQ0hFQ0tfU1RB VEUgJiYKKwkgICAgaGF2ZV9zdGF0ZS0+b3Bjb2RlICE9IE9fU1RBVEVfT05MWSkgewogCQlm aWxsX2NtZChkc3QsIE9fUFJPQkVfU1RBVEUsIDAsIDApOwogCQlkc3QgPSBuZXh0X2NtZChk c3QsICZyYmxlbik7CiAJfQogCi0JLyogY29weSBhbGwgY29tbWFuZHMgYnV0IE9fTE9HLCBP X0tFRVBfU1RBVEUsIE9fTElNSVQsIE9fQUxUUSwgT19UQUcgKi8KKwkvKiBjb3B5IGFsbCBj b21tYW5kcyBidXQgT19MT0csIE9fS0VFUF9TVEFURSwgT19TVEFURV9PTkxZLCBPX0xJTUlU LCBPX0FMVFEsIE9fVEFHICovCiAJZm9yIChzcmMgPSAoaXBmd19pbnNuICopY21kYnVmOyBz cmMgIT0gY21kOyBzcmMgKz0gaSkgewogCQlpID0gRl9MRU4oc3JjKTsKIAkJQ0hFQ0tfUkJV RkxFTihpKTsKQEAgLTQ1OTMsNiArNDYwMiw3IEBACiAJCXN3aXRjaCAoc3JjLT5vcGNvZGUp IHsKIAkJY2FzZSBPX0xPRzoKIAkJY2FzZSBPX0tFRVBfU1RBVEU6CisJCWNhc2UgT19TVEFU RV9PTkxZOgogCQljYXNlIE9fTElNSVQ6CiAJCWNhc2UgT19BTFRROgogCQljYXNlIE9fVEFH OgpJbmRleDogc2Jpbi9pcGZ3L2lwZncyLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc2Jpbi9pcGZ3 L2lwZncyLmgJKHJldmlzaW9uIDI3ODE1MSkKKysrIHNiaW4vaXBmdy9pcGZ3Mi5oCSh3b3Jr aW5nIGNvcHkpCkBAIC0yMjcsNiArMjI3LDcgQEAKIAlUT0tfTE9DSywKIAlUT0tfVU5MT0NL LAogCVRPS19WTElTVCwKKwlUT0tfU1RBVEVfT05MWSwKIH07CiAKIC8qCkluZGV4OiBzeXMv bmV0aW5ldC9pcF9mdy5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9uZXRpbmV0L2lwX2Z3LmgJ KHJldmlzaW9uIDI3ODE1MSkKKysrIHN5cy9uZXRpbmV0L2lwX2Z3LmgJKHdvcmtpbmcgY29w eSkKQEAgLTI1Miw2ICsyNTIsOCBAQAogCU9fRFNDUCwJCQkvKiAyIHUzMiA9IERTQ1AgbWFz ayAqLwogCU9fU0VURFNDUCwJCS8qIGFyZzE9RFNDUCB2YWx1ZSAqLwogCU9fSVBfRkxPV19M T09LVVAsCS8qIGFyZzE9dGFibGUgbnVtYmVyLCB1MzI9dmFsdWUJKi8KKwkKKwlPX1NUQVRF X09OTFksCQkvKiBub25lCQkJCSovCiAKIAlPX0xBU1RfT1BDT0RFCQkvKiBub3QgYW4gb3Bj b2RlIQkJKi8KIH07CkluZGV4OiBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3Mi5jCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIHN5cy9uZXRwZmlsL2lwZncvaXBfZncyLmMJKHJldmlzaW9uIDI3ODE1MSkK KysrIHN5cy9uZXRwZmlsL2lwZncvaXBfZncyLmMJKHdvcmtpbmcgY29weSkKQEAgLTIxMDcs OSArMjEwNyw5IEBACiAJCQkgKiBPX1RBRywgT19MT0cgYW5kIE9fQUxUUSBhY3Rpb24gcGFy YW1ldGVyczoKIAkJCSAqICAgcGVyZm9ybSBzb21lIGFjdGlvbiBhbmQgc2V0IG1hdGNoID0g MTsKIAkJCSAqCi0JCQkgKiBPX0xJTUlUIGFuZCBPX0tFRVBfU1RBVEU6IHRoZXNlIG9wY29k ZXMgYXJlCi0JCQkgKiAgIG5vdCByZWFsICdhY3Rpb25zJywgYW5kIGFyZSBzdG9yZWQgcmln aHQKLQkJCSAqICAgYmVmb3JlIHRoZSAnYWN0aW9uJyBwYXJ0IG9mIHRoZSBydWxlLgorCQkJ ICogT19MSU1JVCwgT19LRUVQX1NUQVRFIGFuZCBPX1NUQVRFX09OTFk6IHRoZXNlCisJCQkg KiAgIG9wY29kZXMgYXJlIG5vdCByZWFsICdhY3Rpb25zJywgYW5kIGFyZSBzdG9yZWQKKwkJ CSAqICAgcmlnaHQgYmVmb3JlIHRoZSAnYWN0aW9uJyBwYXJ0IG9mIHRoZSBydWxlLgogCQkJ ICogICBUaGVzZSBvcGNvZGVzIHRyeSB0byBpbnN0YWxsIGFuIGVudHJ5IGluIHRoZQogCQkJ ICogICBzdGF0ZSB0YWJsZXM7IGlmIHN1Y2Nlc3NmdWwsIHdlIGNvbnRpbnVlIHdpdGgKIAkJ CSAqICAgdGhlIG5leHQgb3Bjb2RlIChtYXRjaD0xOyBicmVhazspLCBvdGhlcndpc2UKQEAg LTIxMjYsMTcgKzIxMjYsMzMgQEAKIAkJCSAqICAgZnVydGhlciBpbnN0YW5jZXMgb2YgdGhl c2Ugb3Bjb2RlcyBiZWNvbWUgTk9Qcy4KIAkJCSAqICAgVGhlIGp1bXAgdG8gdGhlIG5leHQg cnVsZSBpcyBkb25lIGJ5IHNldHRpbmcKIAkJCSAqICAgbD0wLCBjbWRsZW49MC4KKwkJCSAq CisJCQkgKiBPX1NUQVRFX09OTFk6IHRoaXMgb3Bjb2RlIGlzIG5vdCByZWFsICdhY3Rpb24n CisJCQkgKiAgdG9vLCBhbmQgaXMgc3RvcmVkIHJpZ2h0IGJlZm9yZSB0aGUgJ2FjdGlvbicK KwkJCSAqICBwYXJ0IG9mIHRoZSBydWxlLCByaWdodCBhZnRlciBPX0tFRVBfU1RBVEUKKwkJ CSAqICBvcGNvZGUuIEl0IGNhdXNlcyBtYXRjaCBmYWlsdXJlIHNvIHJlYWwKKwkJCSAqICAn YWN0aW9uJyBjb3VsZCBiZSBleGVjdXRlZCBvbmx5IGlmIHJ1bGUKKwkJCSAqICBpcyBjaGVj a2VkIHZpYSBkeW5hbWljIHJ1bGUgZnJvbSBzdGF0ZQorCQkJICogIHRhYmxlLCBhcyBpbiBz dWNoIGNhc2UgZXhlY3V0aW9uIHN0YXJ0cworCQkJICogIGZyb20gdHJ1ZSAnYWN0aW9uJyBv cGNvZGUgZGlyZWN0bHkuCisJCQkgKiAgIAogCQkJICovCiAJCQljYXNlIE9fTElNSVQ6CiAJ CQljYXNlIE9fS0VFUF9TVEFURToKLQkJCQlpZiAoaXBmd19pbnN0YWxsX3N0YXRlKGNoYWlu LCBmLAotCQkJCSAgICAoaXBmd19pbnNuX2xpbWl0ICopY21kLCBhcmdzLCB0YWJsZWFyZykp IHsKKwkJCWNhc2UgT19TVEFURV9PTkxZOgorCQkJCWlmIChpcGZ3X2luc3RhbGxfb3JfdXBk YXRlX3N0YXRlKGNoYWluLCBmLAorCQkJCSAgICAoaXBmd19pbnNuX2xpbWl0ICopY21kLCBh cmdzLCB0YWJsZWFyZywKKwkJCQkgICAgcHJvdG8gPT0gSVBQUk9UT19UQ1AgPyBUQ1AodWxw KSA6IE5VTEwpKSB7CiAJCQkJCS8qIGVycm9yIG9yIGxpbWl0IHZpb2xhdGlvbiAqLwogCQkJ CQlyZXR2YWwgPSBJUF9GV19ERU5ZOwogCQkJCQlsID0gMDsJLyogZXhpdCBpbm5lciBsb29w ICovCiAJCQkJCWRvbmUgPSAxOyAvKiBleGl0IG91dGVyIGxvb3AgKi8KIAkJCQl9Ci0JCQkJ bWF0Y2ggPSAxOworCQkJCWlmIChjbWQtPm9wY29kZSA9PSBPX1NUQVRFX09OTFkpIHsKKwkJ CQkJbCA9IDA7CS8qIGV4aXQgaW5uZXIgbG9vcCAqLworCQkJCQltYXRjaCA9IDA7CisJCQkJ fSBlbHNlCisJCQkJCW1hdGNoID0gMTsKIAkJCQlicmVhazsKIAogCQkJY2FzZSBPX1BST0JF X1NUQVRFOgpAQCAtMjE4OCw2ICsyMjA0LDcgQEAKIAkJCQlicmVhazsKIAogCQkJY2FzZSBP X0FDQ0VQVDoKKwogCQkJCXJldHZhbCA9IDA7CS8qIGFjY2VwdCAqLwogCQkJCWwgPSAwOwkJ LyogZXhpdCBpbm5lciBsb29wICovCiAJCQkJZG9uZSA9IDE7CS8qIGV4aXQgb3V0ZXIgbG9v cCAqLwpAQCAtMjUzNyw3ICsyNTU0LDcgQEAKIAkJCQlkb25lID0gMTsJLyogZXhpdCBvdXRl ciBsb29wICovCiAJCQkJYnJlYWs7CiAJCQl9Ci0KKwkJCQogCQkJZGVmYXVsdDoKIAkJCQlw YW5pYygiLS0gdW5rbm93biBvcGNvZGUgJWRcbiIsIGNtZC0+b3Bjb2RlKTsKIAkJCX0gLyog ZW5kIG9mIHN3aXRjaCgpIG9uIG9wY29kZXMgKi8KSW5kZXg6IHN5cy9uZXRwZmlsL2lwZncv aXBfZndfZHluYW1pYy5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9uZXRwZmlsL2lwZncvaXBf ZndfZHluYW1pYy5jCShyZXZpc2lvbiAyNzgxNTEpCisrKyBzeXMvbmV0cGZpbC9pcGZ3L2lw X2Z3X2R5bmFtaWMuYwkod29ya2luZyBjb3B5KQpAQCAtNjY5LDEzICs2NjksMTUgQEAKIAog LyoqCiAgKiBJbnN0YWxsIGR5bmFtaWMgc3RhdGUgZm9yIHJ1bGUgdHlwZSBjbWQtPm8ub3Bj b2RlCisgKiBJZiBydWxlIGV4aXN0cywgdXBkYXRlIGl0IHN0YXRlLgogICoKICAqIFJldHVy bnMgMSAoZmFpbHVyZSkgaWYgc3RhdGUgaXMgbm90IGluc3RhbGxlZCBiZWNhdXNlIG9mIGVy cm9ycyBvciBiZWNhdXNlCiAgKiBzZXNzaW9uIGxpbWl0YXRpb25zIGFyZSBlbmZvcmNlZC4K ICAqLwogaW50Ci1pcGZ3X2luc3RhbGxfc3RhdGUoc3RydWN0IGlwX2Z3X2NoYWluICpjaGFp biwgc3RydWN0IGlwX2Z3ICpydWxlLAotICAgIGlwZndfaW5zbl9saW1pdCAqY21kLCBzdHJ1 Y3QgaXBfZndfYXJncyAqYXJncywgdWludDMyX3QgdGFibGVhcmcpCitpcGZ3X2luc3RhbGxf b3JfdXBkYXRlX3N0YXRlKHN0cnVjdCBpcF9md19jaGFpbiAqY2hhaW4sIHN0cnVjdCBpcF9m dyAqcnVsZSwKKyAgICBpcGZ3X2luc25fbGltaXQgKmNtZCwgc3RydWN0IGlwX2Z3X2FyZ3Mg KmFyZ3MsIHVpbnQzMl90IHRhYmxlYXJnLAorICAgIHN0cnVjdCB0Y3BoZHIgKnRjcCkKIHsK IAlpcGZ3X2R5bl9ydWxlICpxOwogCWludCBpOwpAQCAtNjg2LDcgKzY4OCw3IEBACiAKIAlJ UEZXX0JVQ0tfTE9DSyhpKTsKIAotCXEgPSBsb29rdXBfZHluX3J1bGVfbG9ja2VkKCZhcmdz LT5mX2lkLCBpLCBOVUxMLCBOVUxMKTsKKwlxID0gbG9va3VwX2R5bl9ydWxlX2xvY2tlZCgm YXJncy0+Zl9pZCwgaSwgTlVMTCwgdGNwKTsKIAogCWlmIChxICE9IE5VTEwpIHsJLyogc2hv dWxkIG5ldmVyIG9jY3VyICovCiAJCURFQigKQEAgLTcwOCw2ICs3MTAsNyBAQAogCiAJc3dp dGNoIChjbWQtPm8ub3Bjb2RlKSB7CiAJY2FzZSBPX0tFRVBfU1RBVEU6CS8qIGJpZGlyIHJ1 bGUgKi8KKwljYXNlIE9fU1RBVEVfT05MWToKIAkJcSA9IGFkZF9keW5fcnVsZSgmYXJncy0+ Zl9pZCwgaSwgT19LRUVQX1NUQVRFLCBydWxlKTsKIAkJYnJlYWs7CiAKQEAgLTEzNTcsNiAr MTM2MCw3IEBACiAJCXN3aXRjaCAoY21kLT5vcGNvZGUpIHsKIAkJY2FzZSBPX0xJTUlUOgog CQljYXNlIE9fS0VFUF9TVEFURToKKwkJY2FzZSBPX1NUQVRFX09OTFk6CiAJCWNhc2UgT19Q Uk9CRV9TVEFURToKIAkJY2FzZSBPX0NIRUNLX1NUQVRFOgogCQkJcmV0dXJuICgxKTsKSW5k ZXg6IHN5cy9uZXRwZmlsL2lwZncvaXBfZndfcHJpdmF0ZS5oCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IHN5cy9uZXRwZmlsL2lwZncvaXBfZndfcHJpdmF0ZS5oCShyZXZpc2lvbiAyNzgxNTEpCisr KyBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X3ByaXZhdGUuaAkod29ya2luZyBjb3B5KQpAQCAt MTgzLDggKzE4Myw5IEBACiBzdHJ1Y3QgdGNwaGRyOwogc3RydWN0IG1idWYgKmlwZndfc2Vu ZF9wa3Qoc3RydWN0IG1idWYgKiwgc3RydWN0IGlwZndfZmxvd19pZCAqLAogICAgIHVfaW50 MzJfdCwgdV9pbnQzMl90LCBpbnQpOwotaW50IGlwZndfaW5zdGFsbF9zdGF0ZShzdHJ1Y3Qg aXBfZndfY2hhaW4gKmNoYWluLCBzdHJ1Y3QgaXBfZncgKnJ1bGUsCi0gICAgaXBmd19pbnNu X2xpbWl0ICpjbWQsIHN0cnVjdCBpcF9md19hcmdzICphcmdzLCB1aW50MzJfdCB0YWJsZWFy Zyk7CitpbnQgaXBmd19pbnN0YWxsX29yX3VwZGF0ZV9zdGF0ZShzdHJ1Y3QgaXBfZndfY2hh aW4gKmNoYWluLCBzdHJ1Y3QgaXBfZncgKnJ1bGUsCisgICAgaXBmd19pbnNuX2xpbWl0ICpj bWQsIHN0cnVjdCBpcF9md19hcmdzICphcmdzLCB1aW50MzJfdCB0YWJsZWFyZywKKyAgICBz dHJ1Y3QgdGNwaGRyICp0Y3ApOwogaXBmd19keW5fcnVsZSAqaXBmd19sb29rdXBfZHluX3J1 bGUoc3RydWN0IGlwZndfZmxvd19pZCAqcGt0LAogCWludCAqbWF0Y2hfZGlyZWN0aW9uLCBz dHJ1Y3QgdGNwaGRyICp0Y3ApOwogdm9pZCBpcGZ3X3JlbW92ZV9keW5fY2hpbGRyZW4oc3Ry dWN0IGlwX2Z3ICpydWxlKTsKSW5kZXg6IHN5cy9uZXRwZmlsL2lwZncvaXBfZndfc29ja29w dC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9uZXRwZmlsL2lwZncvaXBfZndfc29ja29wdC5j CShyZXZpc2lvbiAyNzgxNTEpCisrKyBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X3NvY2tvcHQu Ywkod29ya2luZyBjb3B5KQpAQCAtMTQzMyw2ICsxNDMzLDcgQEAKIAkJc3dpdGNoIChjbWQt Pm9wY29kZSkgewogCQljYXNlIE9fUFJPQkVfU1RBVEU6CiAJCWNhc2UgT19LRUVQX1NUQVRF OgorCQljYXNlIE9fU1RBVEVfT05MWToKIAkJY2FzZSBPX1BST1RPOgogCQljYXNlIE9fSVBf U1JDX01FOgogCQljYXNlIE9fSVBfRFNUX01FOgo= --------------020107060303090503050300 Content-Type: application/octet-stream; name="ipfw-state-only-v3.diff.sig" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ipfw-state-only-v3.diff.sig" iQJ8BAABCgBmBQJU0eVYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3Au ZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFFQUIwM0M1OEJGREM0 NzhGAAoJEOqwPFi/3EeP2YgQAKCEWSHEP1mmS5S8BHDTV1GsImxOJ64Bj6Zr+tGG2WpRiMIJ /0gr0AcMa7QxxZAQ2U5gYNf9g8/BFAmpNOI54oJKlwL0BuJYLbaL6QM4Si5Sy8mzVIVGdm1a K/PbZ+G7Meg8eHyDv5+VjTErDWN4TH71hgPRZgOIJvZaB5JIcYDUZdYsd6k+Y6trh4QbPxrQ A2neRTyVKtQUuAoTyvpuDbu0eTGVCi/8NWQWzlr9h9jvUO/dGE5vuiDD3f9SBHnEGTaGxk48 Co2E/Xbb2W6n+T8niFKFAq8jdWVCrQuAvZiKIWgPUdha3PKLi32r1gRH9zRK7kPO07Z4JE5F srEJRSVqP0zxeQ/9QkR3+OQ4nyfsjip/jGJk4/7VMsh7L0zcSK5dtrH0G92FkcpVQyPcQx/p c1/d+6n76W35gcjzN+hkY+1vNweaD8in2qNrLwVnlI7DB2q/2l5Ujv9pUOlJY3UwPbSYJjnd pnAmWv/eIL4SawSm/vq/J/3ontgzBQx+hVMNnKy/S6yyh7T7t8uS3zO0HnlMdDLkIE0QojWz S7Cr8fjPiRHbkOf5Df254P7RK5RiuB1Q9YLxF8DQ18rah6fospj5xWOFRiWrVcmOcvNUI9Lh FQjAUYZXba+aAja+qryfoT3IQE6t2OAkPz0jhg0XiH5r5soQsOBa1L3S5H27 --------------020107060303090503050300--