socsvn commit: r269408 - soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw

dpl at FreeBSD.org dpl at FreeBSD.org
Wed Jun 11 17:59:46 UTC 2014 

Author: dpl
Date: Wed Jun 11 17:59:45 2014
New Revision: 269408
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269408

Log:
  Reorganized code to match the structure of ip_fw2.c:ipfw_chk().
  Also added two missing function headers.
  
  

Modified:
  soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
  soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h

Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c	Wed Jun 11 17:00:42 2014	(r269407)
+++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c	Wed Jun 11 17:59:45 2014	(r269408)
@@ -1355,7 +1355,7 @@
 				break;
 
 			case O_MACADDR2:
-				rule_macaddr(&match, args, cmd);
+				rule_macaddr2(&match, args, cmd);
 				break;
 
 			case O_MAC_TYPE:
@@ -1466,18 +1466,11 @@
 				break;
 
 			case O_IP_SRC_ME:
-				if (is_ipv4) {
-					struct ifnet *tif;
-
-					INADDR_TO_IFP(src_ip, tif);
-					match = (tif != NULL);
-					break;
-				}
+				rule_ip_sec_me(&match, src_ip, args);
 #ifdef INET6
 				/* FALLTHROUGH */
 			case O_IP6_SRC_ME:
 				rule_ip6_src_me(&match, is_ipv6, args)
-				match= is_ipv6 && search_ip6_addr_net(&args->f_id.src_ip6);
 #endif
 				break;
 

Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h
==============================================================================
--- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h	Wed Jun 11 17:00:42 2014	(r269407)
+++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h	Wed Jun 11 17:59:45 2014	(r269408)
@@ -59,7 +59,7 @@
 }
 
 inline void
-rule_macaddr(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
+rule_macaddr2(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
 {
 	if (args->eh != NULL) {	/* have MAC header */
 		u_int32_t *want = (u_int32_t *)
@@ -106,7 +106,7 @@
 }
 
 inline void
-rule_layertwo(int *match, struct ip_fw_args * args)
+rule_layer2(int *match, struct ip_fw_args * args)
 {
 	*match = (args->eh != NULL);
 }
@@ -144,7 +144,7 @@
 
 // XXX Finish this function.
 inline void
-rule_ip_2_lookup(int *match, ipfw_insn *cmd, int cmdlen, int is_ipv4, int is_ipv6, struct ip *ip, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, u_short offset, uint8_t proto, int ucred_lookup, ucred_cache, struct ip_fw_chain *chain)
+rule_2_lookup(int *match, ipfw_insn *cmd, int cmdlen, int is_ipv4, int is_ipv6, struct ip *ip, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, u_short offset, uint8_t proto, int ucred_lookup, ucred_cache, struct ip_fw_chain *chain)
 {
 	if (is_ipv4) {
 	    uint32_t key =
@@ -275,7 +275,7 @@
 }
 
 inline void
-rule_ip_dst(int *match, is_ipv4, ipfw_insn *cmd, struct in_addr *dst_ip)
+rule_ip_dst(int *match, int is_ipv4, ipfw_insn *cmd, struct in_addr *dst_ip)
 {
 	*match = is_ipv4 &&
 	    (((ipfw_insn_ip *)cmd)->addr.s_addr ==
@@ -332,6 +332,17 @@
 }
 
 inline void
+rule_icmp6type(int *match, u_short offset, uint8_t proto, void *void *ulp, ipfw_insn *cmd)
+{
+	*match = is_ipv6 && offset == 0 &&
+	    proto==IPPROTO_ICMPV6 &&
+	    icmp6type_match(
+		ICMP6(void *ulp)->icmp6_type,
+		(ipfw_insn_u32 *)cmd);
+}
+
+
+inline void
 rule_ipopt(int *match, int is_ipv4, struct ip *ip, ipfw_insn *cmd)
 {
 	*match = (is_ipv4 &&
@@ -600,39 +611,17 @@
 		*match = 1;
 }
 
+#ifdef IPSEC
 inline void
-rule_ip4(int *match, is_ipv4)
-{
-}
-
-inline void
-rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, )
-{
-}
-
-inline void
-rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
-{
-}
-
-inline void
-rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag)
+rule_ipsec(int *match, m)
 {
+	*match = (m_tag_find(m,
+	    PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL);
 }
-
+#endif
 
 #ifdef INET6
 inline void
-rule_icmp6type(int *match, u_short offset, uint8_t proto, void *void *ulp, ipfw_insn *cmd)
-{
-	*match = is_ipv6 && offset == 0 &&
-	    proto==IPPROTO_ICMPV6 &&
-	    icmp6type_match(
-		ICMP6(void *ulp)->icmp6_type,
-		(ipfw_insn_u32 *)cmd);
-}
-
-inline void
 rule_ip6_src(int *match, int is_ipv6, struct ip_fw_args *args, ipfw_insn *cmd)
 {
 	*match = is_ipv6 &&
@@ -673,30 +662,35 @@
 }
 
 inline void
-rule_ip6_dst(int *match, int is_ipv6 flow_id6, ipfw_insn *cmd)
+rule_flow6id(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
 {
 }
 
 inline void
-rule_is_ipv6(int *match, int is_ipv6 ext_hd, ipfw_insn *cmd)
+rule_ext_hdr(int *match, int is_ipv6, uint16_t ext_hd, ipfw_insn *cmd)
 {
 }
 
 inline void
-rule_ip6(int *match, is_ipv6)
+rule_ip6(int *match, int is_ipv6)
 {
 }
-
 #endif
 
-#ifdef IPSEC
 inline void
-rule_ipsec(int *match, m)
+rule_ip4(int *match, int is_ipv4)
+{
+}
+
+inline void
+rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, )
+{
+}
+
+inline void
+rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
 {
-	*match = (m_tag_find(m,
-	    PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL);
 }
-#endif
 
 #ifndef USERSPACE
 inline void
@@ -705,8 +699,13 @@
 }
 #endif /* !USERSPACE */				
 
+inline void
+rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag)
+{
+}
+
 /*
- * The second round of actions.
+ * The second sets of opcodes. They represent the actions of a rule.
  */
 inline void
 rule_keep_state(int *match, f, ipfw_insn *cmd, struct ip_fw_args *args, uint32_t *tablearg, retval, l, done)
@@ -753,50 +752,51 @@
 {
 }
 
+#ifdef INET6
 inline void
-rule_deny(l, done, retval)
+rule_unreach6(u_int hlen, int is_ipv4 u_short offset, uint8_t proto, icmp6_type, struct mbuf *m, struct ip_fw_args *args, ipfw_insn *cmd, struct ip *ip)
 {
 }
+#endif /* INET6 */
+
 
 inline void
-rule_forward_ip(args, q, dyn_dir, ipfw_insn *cmd, sa, retval, l, done)
+rule_deny(l, done, retval)
 {
 }
 
 inline void
-rule_ngtee(args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, V_fw_one_pass, retval, l, done)
+rule_forward_ip(args, q, dyn_dir, ipfw_insn *cmd, sa, retval, l, done)
 {
 }
 
+#ifdef INET6
 inline void
-rule_setfib(f, pktlen, ipfw_insn *cmd, rt_numfibs, struct mbuf *m, struct ip_fw_args *args, l)
+rule_forward_ip6(args, q, f, dun_dir, ipfw_insn *cmd, struct ip_fw_args *args, retval, l, done)
 {
 }
+#endif /* INET6 */
 
 inline void
-rule_setdscp(ipfw_insn *cmd, l, int is_ipv4 a, int is_ipv6 f, pktlen)
+rule_ngtee(args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, V_fw_one_pass, retval, l, done)
 {
 }
 
 inline void
-rule_nat(l, done, retval, struct ip_fw_args *args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, struct ip_fw_chain *chain)
+rule_setfib(f, pktlen, ipfw_insn *cmd, rt_numfibs, struct mbuf *m, struct ip_fw_args *args, l)
 {
 }
 
-inlinue void rule_reass(f, pktlen, l, ip_off, struct ip *ip, struct ip_fw_args *args, struct mbuf *m, retval, done)
+inline void
+rule_setdscp(ipfw_insn *cmd, l, int is_ipv4 a, int is_ipv6 f, pktlen)
 {
 }
 
-
-#ifdef INET6
 inline void
-rule_unreach6(u_int hlen, int is_ipv4 u_short offset, uint8_t proto, icmp6_type, struct mbuf *m, struct ip_fw_args *args, ipfw_insn *cmd, struct ip *ip)
+rule_nat(l, done, retval, struct ip_fw_args *args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, struct ip_fw_chain *chain)
 {
 }
 
-inline void
-rule_forward_ip6(args, q, f, dun_dir, ipfw_insn *cmd, struct ip_fw_args *args, retval, l, done)
+inlinue void rule_reass(f, pktlen, l, ip_off, struct ip *ip, struct ip_fw_args *args, struct mbuf *m, retval, done)
 {
 }
-
-#endif /* INET6 */

More information about the svn-soc-all mailing list