[RFC][patch] Two new actions: state-allow and state-deny
Lev Serebryakov
lev at FreeBSD.org
Tue Feb 3 10:26:58 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 03.02.2015 12:30, Lev Serebryakov wrote:
> "keep-state". Problem is, it adds "if" branch for EACH action (in
> kernel code). IMHO, it is very prohibitive. I've though about
> that, but decide it is too expensive to have "if (!iHaveRecordOnly
> || fromDynamic)" for EACH action, always. It could be done easily,
> of course.
Oh, I'm stupid! I know how to do "keep-state-only" cheap for fast path!
I'll prepare new patch today or tomorrow.
Also, I BADLY want "keep-state-but-dont-check" one. Sometimes it adds
couple of "skipto" rules to avoid "keep-state" because it will trigger
check too, even if MATCH will fail.
- --
// Lev Serebryakov AKA Black Lion
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJU0KJTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePTEMP/R3MZ8AmqKA0h7pFPy5SCwjT
/zhnjjRvk+sDpc5BJPA/xIXV8IBupCPBCDR8CvCcqbaxFBECTTbW+JHCaHB0idXf
F7lI2fTjiXcx5EK3E1RkjJ8dbRuHLAiYttMA4e1YIZBidsflgX/wLIEexseeia1K
Vqh0NLofJLgzZET+wDbDBNncgWSaUnyJyW05BtVDUi/kpHekpZg4zm71gfWAoLgl
tROv3i0y1YfkulwzZ84BcegsEAPMqD11AhSYZayeF1Ozl5jBGXTpC4rhaOQNYl7n
+Hcr828rOZFiP/b4p/QhHx0TAMdYm3oqxSXMtr8GzWK+q5cClk7vdBv2Nj2W5f43
jOaJhDHgy21HxKCmFKKvSg/ZMb43F21ZHh0hU4eVlAK+AH74cli8hISTzZo4KxwC
g74vUIPQkKs177UB+Hx1ADxwmur9fzbJpWWcK5zd/bLKQ8klUfiVrXp4awqLHma5
z6mKH89pxG9IC8rHFODetgfyvCJCiI0VY8bYuR8zJ6ciyk4NLGVhLk/VlzPyap8Y
IT8O+kYLCaOWPbJvR+Zqti+hnvsk+5JnGxa16tVUkxXiJfh7VfWt9dDQ12Z9At1t
srjr79R9yEJ0aPYKZRT4Z3q+CPhJZ+TpZyCxX3QT0vJuzewrj+R0CwSPP2xaWUZ3
x+Z6nsvc0bx37IgR7vsx
=DlMK
-----END PGP SIGNATURE-----
More information about the freebsd-net
mailing list