Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 04 Feb 2015 12:24:40 +0300
From:      Lev Serebryakov <lev@FreeBSD.org>
To:        freebsd-ipfw <freebsd-ipfw@freebsd.org>,  freebsd-net <freebsd-net@freebsd.org>
Cc:        melifaro@FreeBSD.org
Subject:   [RFC][patch] New "keep-state-only" option (version 3)
Message-ID:  <54D1E558.1010700@FreeBSD.org>
In-Reply-To: <54D0FD9B.5000108@FreeBSD.org>
References:  <54D0F39B.4070707@FreeBSD.org> <54D0FD9B.5000108@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------020107060303090503050300
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 03.02.2015 19:55, Lev Serebryakov wrote:

>> Ok, "allow-state"/"deny-state" was very limited idea. Here is
>> more universal mechanism: new "keep-state-only" (aliased as 
>> "record-only") option, which works exactly as "keep-state" BUT 
>> cancel match of rule after state creation. It allows to write 
>> stateful + nat firewall as easy as:
> To work as expected, "keep-state-only" should not imply
> "check-state" in opposite to "keep-state".
  Re-installation of state (with second, third, etc... packet of
connection) should update TCP state of state (sorry!), or it will die
in 10 seconds.
  This version seems to be final (apart from name of new option!).
  It works perfectly on my router with 2 uplink ISPs.

- -- 
// Lev Serebryakov AKA Black Lion
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQJ8BAEBCgBmBQJU0eVYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePOD0P/RwpwF9yMUjyAj/KZnphr/0Y
aXHM040qIocIUqnxH7T/vwdhm2w3Zciry8hwXp9f+r2bTIe8+tTn8OwaJ0M/Wp1j
QBPxW+rjw49hy3rf2eIQbgX7nTwdIZo7YDnT82Kqtje1mImTBR4qdFcSStJac4hE
dJsbpzC6raHUuE8h5V5pWPV/m/OQebK3P5CZzBKKpVTMCX3nVsTnff9qf9L1A0Jd
q4KYfOv+NJBaB8G6vJhDHjcqtzGfEJBmYL8kOAslYhlUuyYe+iAhyGFbcUBsXwk8
/dqBalUL2iewFaZppszYZ0rTpVOfA4fOV0ECbVmpcw36uocrC2iOEpBl0WRIy+TM
HYIMkIeubF9IT24CwMwiriONpppl8MGynCmL9hyMgu+HiuvHZ/C/vYcVV9/DHFGB
iKkNe9QjX34anP6qVvEvHHmuv26PO7eq7hkdK2PZNlA9dwwNHehN8xG3DxB9N8gG
MPRGtM8yH/C/FXpqKmHoqj6shMGQCSfmZKPfJ0D49Rze8tSjo7kZaSmaELJAjmsc
xLv5umEAg7gym54bMhv8As2lXHnyeDp3uJz6glM72cmtBM5/n8N7NLk6Xga+8eM3
cZ122dgOqzGpts9TqCGWmTRW+f2Y8hLukzIjOLdzlqLPfQmXVn9pOWmqo9OKHdvD
we0uYcnte/iSltopkVuG
=muco
-----END PGP SIGNATURE-----

--------------020107060303090503050300
Content-Type: text/plain; charset=windows-1251;
 name="ipfw-state-only-v3.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="ipfw-state-only-v3.diff"

SW5kZXg6IHNiaW4vaXBmdy9pcGZ3LjgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc2Jpbi9pcGZ3L2lw
ZncuOAkocmV2aXNpb24gMjc4MTUxKQorKysgc2Jpbi9pcGZ3L2lwZncuOAkod29ya2luZyBj
b3B5KQpAQCAtMTY2LDcgKzE2Niw4IEBACiBkZXBlbmRpbmcgb24gaG93IHRoZSBrZXJuZWwg
aXMgY29uZmlndXJlZC4KIC5QcAogSWYgdGhlIHJ1bGVzZXQgaW5jbHVkZXMgb25lIG9yIG1v
cmUgcnVsZXMgd2l0aCB0aGUKLS5DbSBrZWVwLXN0YXRlCisuQ20ga2VlcC1zdGF0ZSAsCisu
Q20ga2VlcC1zdGF0ZS1vbmx5CiBvcgogLkNtIGxpbWl0CiBvcHRpb24sCkBAIC01ODIsNyAr
NTgzLDggQEAKIHBhY2tldCBkZWxpdmVyeS4KIC5QcAogTm90ZTogdGhpcyBjb25kaXRpb24g
aXMgY2hlY2tlZCBiZWZvcmUgYW55IG90aGVyIGNvbmRpdGlvbiwgaW5jbHVkaW5nCi1vbmVz
IHN1Y2ggYXMga2VlcC1zdGF0ZSBvciBjaGVjay1zdGF0ZSB3aGljaCBtaWdodCBoYXZlIHNp
ZGUgZWZmZWN0cy4KK29uZXMgc3VjaCBhcyBrZWVwLXN0YXRlLCBrZWVwLXN0YXQtb25seSBv
ciBjaGVjay1zdGF0ZSB3aGljaCBtaWdodCBoYXZlCitzaWRlIGVmZmVjdHMuCiAuSXQgQ20g
bG9nIE9wIENtIGxvZ2Ftb3VudCBBciBudW1iZXIKIFBhY2tldHMgbWF0Y2hpbmcgYSBydWxl
IHdpdGggdGhlCiAuQ20gbG9nCkBAIC0xNTgzLDYgKzE1ODUsMTggQEAKIC5YciBzeXNjdGwg
OAogdmFyaWFibGVzKSwgYW5kIHRoZSBsaWZldGltZSBpcyByZWZyZXNoZWQgZXZlcnkgdGlt
ZSBhIG1hdGNoaW5nCiBwYWNrZXQgaXMgZm91bmQuCisuSXQgQ20ga2VlcC1zdGF0ZS1vbmx5
IHwgcmVjb3JkLW9ubHkKK1Vwb24gYSBtYXRjaCwgdGhlIGZpcmV3YWxsIHdpbGwgY3JlYXRl
IGEgZHluYW1pYyBydWxlIGFzIGlmCisuQ20ga2VlcC1zdGF0ZQord2FzIHNwZWNpZmllZCwg
YnV0IGFmdGVyIHRoYXQgbWF0Y2ggaXMgY2FuY2VsbGVkIGFuZCB0aGUgc2VhcmNoCitjb250
aW51ZXMgd2l0aCB0aGUgbmV4dCBydWxlLgorT24gZHluYW1pYyBydWxlIG1hdGNoIGFjdGlv
biwgc3BlY2lmaWVkIGluIHRoaXMgcnVsZSwKK3BlcmZvcm1lZCBhcyBpZiBydWxlIGNvbnRh
aW5zCisuQ20ga2VlcC1zdGF0ZSAuCitUaGlzIG9wdGlvbiBkb2Vzbid0IGFjdCBhcworLkNt
IGNoZWNrLXN0YXRlCitpbiBjb250cmFzdCB0bworLkNtIGtlZXAtc3RhdGUgLgogLkl0IENt
IGxheWVyMgogTWF0Y2hlcyBvbmx5IGxheWVyMiBwYWNrZXRzLCBpLmUuLCB0aG9zZSBwYXNz
ZWQgdG8KIC5ObQpJbmRleDogc2Jpbi9pcGZ3L2lwZncyLmMKPT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g
c2Jpbi9pcGZ3L2lwZncyLmMJKHJldmlzaW9uIDI3ODE1MSkKKysrIHNiaW4vaXBmdy9pcGZ3
Mi5jCSh3b3JraW5nIGNvcHkpCkBAIC0yOTIsNiArMjkyLDggQEAKIAl7ICJpbiIsCQkJVE9L
X0lOIH0sCiAJeyAibGltaXQiLAkJVE9LX0xJTUlUIH0sCiAJeyAia2VlcC1zdGF0ZSIsCQlU
T0tfS0VFUFNUQVRFIH0sCisJeyAicmVjb3JkLXN0YXRlIiwJVE9LX1NUQVRFX09OTFkgfSwK
Kwl7ICJrZWVwLXN0YXRlLW9ubHkiLAlUT0tfU1RBVEVfT05MWSB9LAogCXsgImJyaWRnZWQi
LAkJVE9LX0xBWUVSMiB9LAogCXsgImxheWVyMiIsCQlUT0tfTEFZRVIyIH0sCiAJeyAib3V0
IiwJCVRPS19PVVQgfSwKQEAgLTE5OTMsNiArMTk5NSwxMCBAQAogCQkJCWJwcmludGYoYnAs
ICIga2VlcC1zdGF0ZSIpOwogCQkJCWJyZWFrOwogCisJCQljYXNlIE9fU1RBVEVfT05MWToK
KwkJCQlicHJpbnRmKGJwLCAiIGtlZXAtc3RhdGUtb25seSIpOworCQkJCWJyZWFrOworCiAJ
CQljYXNlIE9fTElNSVQ6IHsKIAkJCQlzdHJ1Y3QgX3NfeCAqcCA9IGxpbWl0X21hc2tzOwog
CQkJCWlwZndfaW5zbl9saW1pdCAqYyA9IChpcGZ3X2luc25fbGltaXQgKiljbWQ7CkBAIC00
MzM1LDE0ICs0MzQxLDE2IEBACiAJCQlicmVhazsKIAogCQljYXNlIFRPS19LRUVQU1RBVEU6
CisJCWNhc2UgVE9LX1NUQVRFX09OTFk6CiAJCQlpZiAob3Blbl9wYXIpCi0JCQkJZXJyeChF
WF9VU0FHRSwgImtlZXAtc3RhdGUgY2Fubm90IGJlIHBhcnQgIgorCQkJCWVycngoRVhfVVNB
R0UsICJrZWVwLXN0YXRlIG9yIGtlZXAtc3RhdGUtb25seSBjYW5ub3QgYmUgcGFydCAiCiAJ
CQkJICAgICJvZiBhbiBvciBibG9jayIpOwogCQkJaWYgKGhhdmVfc3RhdGUpCiAJCQkJZXJy
eChFWF9VU0FHRSwgIm9ubHkgb25lIG9mIGtlZXAtc3RhdGUgIgogCQkJCQkiYW5kIGxpbWl0
IGlzIGFsbG93ZWQiKTsKIAkJCWhhdmVfc3RhdGUgPSBjbWQ7Ci0JCQlmaWxsX2NtZChjbWQs
IE9fS0VFUF9TVEFURSwgMCwgMCk7CisJCQlmaWxsX2NtZChjbWQsIGkgPT0gVE9LX0tFRVBT
VEFURSA/CisJCQkJT19LRUVQX1NUQVRFIDogT19TVEFURV9PTkxZLCAwLCAwKTsKIAkJCWJy
ZWFrOwogCiAJCWNhc2UgVE9LX0xJTUlUOiB7CkBAIC00NTgwLDEyICs0NTg4LDEzIEBACiAJ
LyoKIAkgKiBnZW5lcmF0ZSBPX1BST0JFX1NUQVRFIGlmIG5lY2Vzc2FyeQogCSAqLwotCWlm
IChoYXZlX3N0YXRlICYmIGhhdmVfc3RhdGUtPm9wY29kZSAhPSBPX0NIRUNLX1NUQVRFKSB7
CisJaWYgKGhhdmVfc3RhdGUgJiYgaGF2ZV9zdGF0ZS0+b3Bjb2RlICE9IE9fQ0hFQ0tfU1RB
VEUgJiYKKwkgICAgaGF2ZV9zdGF0ZS0+b3Bjb2RlICE9IE9fU1RBVEVfT05MWSkgewogCQlm
aWxsX2NtZChkc3QsIE9fUFJPQkVfU1RBVEUsIDAsIDApOwogCQlkc3QgPSBuZXh0X2NtZChk
c3QsICZyYmxlbik7CiAJfQogCi0JLyogY29weSBhbGwgY29tbWFuZHMgYnV0IE9fTE9HLCBP
X0tFRVBfU1RBVEUsIE9fTElNSVQsIE9fQUxUUSwgT19UQUcgKi8KKwkvKiBjb3B5IGFsbCBj
b21tYW5kcyBidXQgT19MT0csIE9fS0VFUF9TVEFURSwgT19TVEFURV9PTkxZLCBPX0xJTUlU
LCBPX0FMVFEsIE9fVEFHICovCiAJZm9yIChzcmMgPSAoaXBmd19pbnNuICopY21kYnVmOyBz
cmMgIT0gY21kOyBzcmMgKz0gaSkgewogCQlpID0gRl9MRU4oc3JjKTsKIAkJQ0hFQ0tfUkJV
RkxFTihpKTsKQEAgLTQ1OTMsNiArNDYwMiw3IEBACiAJCXN3aXRjaCAoc3JjLT5vcGNvZGUp
IHsKIAkJY2FzZSBPX0xPRzoKIAkJY2FzZSBPX0tFRVBfU1RBVEU6CisJCWNhc2UgT19TVEFU
RV9PTkxZOgogCQljYXNlIE9fTElNSVQ6CiAJCWNhc2UgT19BTFRROgogCQljYXNlIE9fVEFH
OgpJbmRleDogc2Jpbi9pcGZ3L2lwZncyLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc2Jpbi9pcGZ3
L2lwZncyLmgJKHJldmlzaW9uIDI3ODE1MSkKKysrIHNiaW4vaXBmdy9pcGZ3Mi5oCSh3b3Jr
aW5nIGNvcHkpCkBAIC0yMjcsNiArMjI3LDcgQEAKIAlUT0tfTE9DSywKIAlUT0tfVU5MT0NL
LAogCVRPS19WTElTVCwKKwlUT0tfU1RBVEVfT05MWSwKIH07CiAKIC8qCkluZGV4OiBzeXMv
bmV0aW5ldC9pcF9mdy5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9uZXRpbmV0L2lwX2Z3LmgJ
KHJldmlzaW9uIDI3ODE1MSkKKysrIHN5cy9uZXRpbmV0L2lwX2Z3LmgJKHdvcmtpbmcgY29w
eSkKQEAgLTI1Miw2ICsyNTIsOCBAQAogCU9fRFNDUCwJCQkvKiAyIHUzMiA9IERTQ1AgbWFz
ayAqLwogCU9fU0VURFNDUCwJCS8qIGFyZzE9RFNDUCB2YWx1ZSAqLwogCU9fSVBfRkxPV19M
T09LVVAsCS8qIGFyZzE9dGFibGUgbnVtYmVyLCB1MzI9dmFsdWUJKi8KKwkKKwlPX1NUQVRF
X09OTFksCQkvKiBub25lCQkJCSovCiAKIAlPX0xBU1RfT1BDT0RFCQkvKiBub3QgYW4gb3Bj
b2RlIQkJKi8KIH07CkluZGV4OiBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3Mi5jCj09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT0KLS0tIHN5cy9uZXRwZmlsL2lwZncvaXBfZncyLmMJKHJldmlzaW9uIDI3ODE1MSkK
KysrIHN5cy9uZXRwZmlsL2lwZncvaXBfZncyLmMJKHdvcmtpbmcgY29weSkKQEAgLTIxMDcs
OSArMjEwNyw5IEBACiAJCQkgKiBPX1RBRywgT19MT0cgYW5kIE9fQUxUUSBhY3Rpb24gcGFy
YW1ldGVyczoKIAkJCSAqICAgcGVyZm9ybSBzb21lIGFjdGlvbiBhbmQgc2V0IG1hdGNoID0g
MTsKIAkJCSAqCi0JCQkgKiBPX0xJTUlUIGFuZCBPX0tFRVBfU1RBVEU6IHRoZXNlIG9wY29k
ZXMgYXJlCi0JCQkgKiAgIG5vdCByZWFsICdhY3Rpb25zJywgYW5kIGFyZSBzdG9yZWQgcmln
aHQKLQkJCSAqICAgYmVmb3JlIHRoZSAnYWN0aW9uJyBwYXJ0IG9mIHRoZSBydWxlLgorCQkJ
ICogT19MSU1JVCwgT19LRUVQX1NUQVRFIGFuZCBPX1NUQVRFX09OTFk6IHRoZXNlCisJCQkg
KiAgIG9wY29kZXMgYXJlIG5vdCByZWFsICdhY3Rpb25zJywgYW5kIGFyZSBzdG9yZWQKKwkJ
CSAqICAgcmlnaHQgYmVmb3JlIHRoZSAnYWN0aW9uJyBwYXJ0IG9mIHRoZSBydWxlLgogCQkJ
ICogICBUaGVzZSBvcGNvZGVzIHRyeSB0byBpbnN0YWxsIGFuIGVudHJ5IGluIHRoZQogCQkJ
ICogICBzdGF0ZSB0YWJsZXM7IGlmIHN1Y2Nlc3NmdWwsIHdlIGNvbnRpbnVlIHdpdGgKIAkJ
CSAqICAgdGhlIG5leHQgb3Bjb2RlIChtYXRjaD0xOyBicmVhazspLCBvdGhlcndpc2UKQEAg
LTIxMjYsMTcgKzIxMjYsMzMgQEAKIAkJCSAqICAgZnVydGhlciBpbnN0YW5jZXMgb2YgdGhl
c2Ugb3Bjb2RlcyBiZWNvbWUgTk9Qcy4KIAkJCSAqICAgVGhlIGp1bXAgdG8gdGhlIG5leHQg
cnVsZSBpcyBkb25lIGJ5IHNldHRpbmcKIAkJCSAqICAgbD0wLCBjbWRsZW49MC4KKwkJCSAq
CisJCQkgKiBPX1NUQVRFX09OTFk6IHRoaXMgb3Bjb2RlIGlzIG5vdCByZWFsICdhY3Rpb24n
CisJCQkgKiAgdG9vLCBhbmQgaXMgc3RvcmVkIHJpZ2h0IGJlZm9yZSB0aGUgJ2FjdGlvbicK
KwkJCSAqICBwYXJ0IG9mIHRoZSBydWxlLCByaWdodCBhZnRlciBPX0tFRVBfU1RBVEUKKwkJ
CSAqICBvcGNvZGUuIEl0IGNhdXNlcyBtYXRjaCBmYWlsdXJlIHNvIHJlYWwKKwkJCSAqICAn
YWN0aW9uJyBjb3VsZCBiZSBleGVjdXRlZCBvbmx5IGlmIHJ1bGUKKwkJCSAqICBpcyBjaGVj
a2VkIHZpYSBkeW5hbWljIHJ1bGUgZnJvbSBzdGF0ZQorCQkJICogIHRhYmxlLCBhcyBpbiBz
dWNoIGNhc2UgZXhlY3V0aW9uIHN0YXJ0cworCQkJICogIGZyb20gdHJ1ZSAnYWN0aW9uJyBv
cGNvZGUgZGlyZWN0bHkuCisJCQkgKiAgIAogCQkJICovCiAJCQljYXNlIE9fTElNSVQ6CiAJ
CQljYXNlIE9fS0VFUF9TVEFURToKLQkJCQlpZiAoaXBmd19pbnN0YWxsX3N0YXRlKGNoYWlu
LCBmLAotCQkJCSAgICAoaXBmd19pbnNuX2xpbWl0ICopY21kLCBhcmdzLCB0YWJsZWFyZykp
IHsKKwkJCWNhc2UgT19TVEFURV9PTkxZOgorCQkJCWlmIChpcGZ3X2luc3RhbGxfb3JfdXBk
YXRlX3N0YXRlKGNoYWluLCBmLAorCQkJCSAgICAoaXBmd19pbnNuX2xpbWl0ICopY21kLCBh
cmdzLCB0YWJsZWFyZywKKwkJCQkgICAgcHJvdG8gPT0gSVBQUk9UT19UQ1AgPyBUQ1AodWxw
KSA6IE5VTEwpKSB7CiAJCQkJCS8qIGVycm9yIG9yIGxpbWl0IHZpb2xhdGlvbiAqLwogCQkJ
CQlyZXR2YWwgPSBJUF9GV19ERU5ZOwogCQkJCQlsID0gMDsJLyogZXhpdCBpbm5lciBsb29w
ICovCiAJCQkJCWRvbmUgPSAxOyAvKiBleGl0IG91dGVyIGxvb3AgKi8KIAkJCQl9Ci0JCQkJ
bWF0Y2ggPSAxOworCQkJCWlmIChjbWQtPm9wY29kZSA9PSBPX1NUQVRFX09OTFkpIHsKKwkJ
CQkJbCA9IDA7CS8qIGV4aXQgaW5uZXIgbG9vcCAqLworCQkJCQltYXRjaCA9IDA7CisJCQkJ
fSBlbHNlCisJCQkJCW1hdGNoID0gMTsKIAkJCQlicmVhazsKIAogCQkJY2FzZSBPX1BST0JF
X1NUQVRFOgpAQCAtMjE4OCw2ICsyMjA0LDcgQEAKIAkJCQlicmVhazsKIAogCQkJY2FzZSBP
X0FDQ0VQVDoKKwogCQkJCXJldHZhbCA9IDA7CS8qIGFjY2VwdCAqLwogCQkJCWwgPSAwOwkJ
LyogZXhpdCBpbm5lciBsb29wICovCiAJCQkJZG9uZSA9IDE7CS8qIGV4aXQgb3V0ZXIgbG9v
cCAqLwpAQCAtMjUzNyw3ICsyNTU0LDcgQEAKIAkJCQlkb25lID0gMTsJLyogZXhpdCBvdXRl
ciBsb29wICovCiAJCQkJYnJlYWs7CiAJCQl9Ci0KKwkJCQogCQkJZGVmYXVsdDoKIAkJCQlw
YW5pYygiLS0gdW5rbm93biBvcGNvZGUgJWRcbiIsIGNtZC0+b3Bjb2RlKTsKIAkJCX0gLyog
ZW5kIG9mIHN3aXRjaCgpIG9uIG9wY29kZXMgKi8KSW5kZXg6IHN5cy9uZXRwZmlsL2lwZncv
aXBfZndfZHluYW1pYy5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9uZXRwZmlsL2lwZncvaXBf
ZndfZHluYW1pYy5jCShyZXZpc2lvbiAyNzgxNTEpCisrKyBzeXMvbmV0cGZpbC9pcGZ3L2lw
X2Z3X2R5bmFtaWMuYwkod29ya2luZyBjb3B5KQpAQCAtNjY5LDEzICs2NjksMTUgQEAKIAog
LyoqCiAgKiBJbnN0YWxsIGR5bmFtaWMgc3RhdGUgZm9yIHJ1bGUgdHlwZSBjbWQtPm8ub3Bj
b2RlCisgKiBJZiBydWxlIGV4aXN0cywgdXBkYXRlIGl0IHN0YXRlLgogICoKICAqIFJldHVy
bnMgMSAoZmFpbHVyZSkgaWYgc3RhdGUgaXMgbm90IGluc3RhbGxlZCBiZWNhdXNlIG9mIGVy
cm9ycyBvciBiZWNhdXNlCiAgKiBzZXNzaW9uIGxpbWl0YXRpb25zIGFyZSBlbmZvcmNlZC4K
ICAqLwogaW50Ci1pcGZ3X2luc3RhbGxfc3RhdGUoc3RydWN0IGlwX2Z3X2NoYWluICpjaGFp
biwgc3RydWN0IGlwX2Z3ICpydWxlLAotICAgIGlwZndfaW5zbl9saW1pdCAqY21kLCBzdHJ1
Y3QgaXBfZndfYXJncyAqYXJncywgdWludDMyX3QgdGFibGVhcmcpCitpcGZ3X2luc3RhbGxf
b3JfdXBkYXRlX3N0YXRlKHN0cnVjdCBpcF9md19jaGFpbiAqY2hhaW4sIHN0cnVjdCBpcF9m
dyAqcnVsZSwKKyAgICBpcGZ3X2luc25fbGltaXQgKmNtZCwgc3RydWN0IGlwX2Z3X2FyZ3Mg
KmFyZ3MsIHVpbnQzMl90IHRhYmxlYXJnLAorICAgIHN0cnVjdCB0Y3BoZHIgKnRjcCkKIHsK
IAlpcGZ3X2R5bl9ydWxlICpxOwogCWludCBpOwpAQCAtNjg2LDcgKzY4OCw3IEBACiAKIAlJ
UEZXX0JVQ0tfTE9DSyhpKTsKIAotCXEgPSBsb29rdXBfZHluX3J1bGVfbG9ja2VkKCZhcmdz
LT5mX2lkLCBpLCBOVUxMLCBOVUxMKTsKKwlxID0gbG9va3VwX2R5bl9ydWxlX2xvY2tlZCgm
YXJncy0+Zl9pZCwgaSwgTlVMTCwgdGNwKTsKIAogCWlmIChxICE9IE5VTEwpIHsJLyogc2hv
dWxkIG5ldmVyIG9jY3VyICovCiAJCURFQigKQEAgLTcwOCw2ICs3MTAsNyBAQAogCiAJc3dp
dGNoIChjbWQtPm8ub3Bjb2RlKSB7CiAJY2FzZSBPX0tFRVBfU1RBVEU6CS8qIGJpZGlyIHJ1
bGUgKi8KKwljYXNlIE9fU1RBVEVfT05MWToKIAkJcSA9IGFkZF9keW5fcnVsZSgmYXJncy0+
Zl9pZCwgaSwgT19LRUVQX1NUQVRFLCBydWxlKTsKIAkJYnJlYWs7CiAKQEAgLTEzNTcsNiAr
MTM2MCw3IEBACiAJCXN3aXRjaCAoY21kLT5vcGNvZGUpIHsKIAkJY2FzZSBPX0xJTUlUOgog
CQljYXNlIE9fS0VFUF9TVEFURToKKwkJY2FzZSBPX1NUQVRFX09OTFk6CiAJCWNhc2UgT19Q
Uk9CRV9TVEFURToKIAkJY2FzZSBPX0NIRUNLX1NUQVRFOgogCQkJcmV0dXJuICgxKTsKSW5k
ZXg6IHN5cy9uZXRwZmlsL2lwZncvaXBfZndfcHJpdmF0ZS5oCj09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t
IHN5cy9uZXRwZmlsL2lwZncvaXBfZndfcHJpdmF0ZS5oCShyZXZpc2lvbiAyNzgxNTEpCisr
KyBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X3ByaXZhdGUuaAkod29ya2luZyBjb3B5KQpAQCAt
MTgzLDggKzE4Myw5IEBACiBzdHJ1Y3QgdGNwaGRyOwogc3RydWN0IG1idWYgKmlwZndfc2Vu
ZF9wa3Qoc3RydWN0IG1idWYgKiwgc3RydWN0IGlwZndfZmxvd19pZCAqLAogICAgIHVfaW50
MzJfdCwgdV9pbnQzMl90LCBpbnQpOwotaW50IGlwZndfaW5zdGFsbF9zdGF0ZShzdHJ1Y3Qg
aXBfZndfY2hhaW4gKmNoYWluLCBzdHJ1Y3QgaXBfZncgKnJ1bGUsCi0gICAgaXBmd19pbnNu
X2xpbWl0ICpjbWQsIHN0cnVjdCBpcF9md19hcmdzICphcmdzLCB1aW50MzJfdCB0YWJsZWFy
Zyk7CitpbnQgaXBmd19pbnN0YWxsX29yX3VwZGF0ZV9zdGF0ZShzdHJ1Y3QgaXBfZndfY2hh
aW4gKmNoYWluLCBzdHJ1Y3QgaXBfZncgKnJ1bGUsCisgICAgaXBmd19pbnNuX2xpbWl0ICpj
bWQsIHN0cnVjdCBpcF9md19hcmdzICphcmdzLCB1aW50MzJfdCB0YWJsZWFyZywKKyAgICBz
dHJ1Y3QgdGNwaGRyICp0Y3ApOwogaXBmd19keW5fcnVsZSAqaXBmd19sb29rdXBfZHluX3J1
bGUoc3RydWN0IGlwZndfZmxvd19pZCAqcGt0LAogCWludCAqbWF0Y2hfZGlyZWN0aW9uLCBz
dHJ1Y3QgdGNwaGRyICp0Y3ApOwogdm9pZCBpcGZ3X3JlbW92ZV9keW5fY2hpbGRyZW4oc3Ry
dWN0IGlwX2Z3ICpydWxlKTsKSW5kZXg6IHN5cy9uZXRwZmlsL2lwZncvaXBfZndfc29ja29w
dC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9uZXRwZmlsL2lwZncvaXBfZndfc29ja29wdC5j
CShyZXZpc2lvbiAyNzgxNTEpCisrKyBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X3NvY2tvcHQu
Ywkod29ya2luZyBjb3B5KQpAQCAtMTQzMyw2ICsxNDMzLDcgQEAKIAkJc3dpdGNoIChjbWQt
Pm9wY29kZSkgewogCQljYXNlIE9fUFJPQkVfU1RBVEU6CiAJCWNhc2UgT19LRUVQX1NUQVRF
OgorCQljYXNlIE9fU1RBVEVfT05MWToKIAkJY2FzZSBPX1BST1RPOgogCQljYXNlIE9fSVBf
U1JDX01FOgogCQljYXNlIE9fSVBfRFNUX01FOgo=
--------------020107060303090503050300
Content-Type: application/octet-stream;
 name="ipfw-state-only-v3.diff.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="ipfw-state-only-v3.diff.sig"

iQJ8BAABCgBmBQJU0eVYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3Au
ZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFFQUIwM0M1OEJGREM0
NzhGAAoJEOqwPFi/3EeP2YgQAKCEWSHEP1mmS5S8BHDTV1GsImxOJ64Bj6Zr+tGG2WpRiMIJ
/0gr0AcMa7QxxZAQ2U5gYNf9g8/BFAmpNOI54oJKlwL0BuJYLbaL6QM4Si5Sy8mzVIVGdm1a
K/PbZ+G7Meg8eHyDv5+VjTErDWN4TH71hgPRZgOIJvZaB5JIcYDUZdYsd6k+Y6trh4QbPxrQ
A2neRTyVKtQUuAoTyvpuDbu0eTGVCi/8NWQWzlr9h9jvUO/dGE5vuiDD3f9SBHnEGTaGxk48
Co2E/Xbb2W6n+T8niFKFAq8jdWVCrQuAvZiKIWgPUdha3PKLi32r1gRH9zRK7kPO07Z4JE5F
srEJRSVqP0zxeQ/9QkR3+OQ4nyfsjip/jGJk4/7VMsh7L0zcSK5dtrH0G92FkcpVQyPcQx/p
c1/d+6n76W35gcjzN+hkY+1vNweaD8in2qNrLwVnlI7DB2q/2l5Ujv9pUOlJY3UwPbSYJjnd
pnAmWv/eIL4SawSm/vq/J/3ontgzBQx+hVMNnKy/S6yyh7T7t8uS3zO0HnlMdDLkIE0QojWz
S7Cr8fjPiRHbkOf5Df254P7RK5RiuB1Q9YLxF8DQ18rah6fospj5xWOFRiWrVcmOcvNUI9Lh
FQjAUYZXba+aAja+qryfoT3IQE6t2OAkPz0jhg0XiH5r5soQsOBa1L3S5H27
--------------020107060303090503050300--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54D1E558.1010700>