diff options
| author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-09-26 21:44:10 +0000 |
|---|---|---|
| committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-09-26 21:44:10 +0000 |
| commit | 21ee0f9ceb87b49a8d22ccccf781aaa0955725ef (patch) | |
| tree | 985658c81572fcf0d3626c19a360b7ec20878add /sys/net/pf.c | |
| parent | 759e80db3df46eb4e1e8d02d28f6df859e880ec9 (diff) | |
Rearchitecture of the userland/kernel IOCTL interface for transactions.
This brings us close to 100% atomicity for a "pfctl -f pf.conf" command.
(some splxxx work remain in the kernel). Basically, improvements are:
- Anchors/Rulesets cannot disappear unexpectedly anymore.
- No more leftover in the kernel if "pfctl -f" fail.
- Commit is now done in a single atomic IOCTL.
WARNING: The kernel code is fully backward compatible, but the new
pfctl/authpf userland utilities will only run on a new kernel.
The following ioctls are deprecated (i.e. will be deleted sooner or
later, depending on how many 3rd party utilities use them and how soon
they can be upgraded):
- DIOCBEGINRULES
- DIOCCOMMITRULES
- DIOCBEGINALTQS
- DIOCCOMMITALTQS
- DIOCRINABEGIN
- DIOCRINADEFINE
They are replaced by the following ioctls (yes, PF(4) will follow)
which operate on a vector of rulesets:
- DIOCXBEGIN
- DIOCXCOMMIT
- DIOCXROLLBACK
Ok dhartmei@ mcbride@
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index bde57816ebb..32ac4dabd1f 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.391 2003/09/26 14:48:19 mcbride Exp $ */ +/* $OpenBSD: pf.c,v 1.392 2003/09/26 21:44:08 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -103,6 +103,7 @@ struct ifnet *status_ifp; u_int32_t ticket_altqs_active; u_int32_t ticket_altqs_inactive; +int altqs_inactive_open; u_int32_t ticket_pabuf; struct timeout pf_expire_to; /* expire timeout */ |