Hello,
patch delivers two changes to PF:
it adds PF_LOCK() et. al. At the moment the PF_LOCK() sort of
duplicates the current NET_LOCK(). It essentially synchronizes
packets with ioctl(2) and timer thread, which purges states.
The future work is going to break PF_LOCK into smaller locks,
which each will protect relevant parts of PF. Think of pf_state_lock,
pf_rule_lock, ...
The other change, which gets introduced is mutex for IP reassembly
done by PF. The mutex synchronizes fragmented packets with timer
thread, which expires incomplete packets from fragment cache.
O.K.?
thanks and
regards
sasha
