socsvn commit: r269408 - soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw
dpl at FreeBSD.org
dpl at FreeBSD.org
Wed Jun 11 17:59:46 UTC 2014
Author: dpl
Date: Wed Jun 11 17:59:45 2014
New Revision: 269408
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269408
Log:
Reorganized code to match the structure of ip_fw2.c:ipfw_chk().
Also added two missing function headers.
Modified:
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h
Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Jun 11 17:00:42 2014 (r269407)
+++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Jun 11 17:59:45 2014 (r269408)
@@ -1355,7 +1355,7 @@
break;
case O_MACADDR2:
- rule_macaddr(&match, args, cmd);
+ rule_macaddr2(&match, args, cmd);
break;
case O_MAC_TYPE:
@@ -1466,18 +1466,11 @@
break;
case O_IP_SRC_ME:
- if (is_ipv4) {
- struct ifnet *tif;
-
- INADDR_TO_IFP(src_ip, tif);
- match = (tif != NULL);
- break;
- }
+ rule_ip_sec_me(&match, src_ip, args);
#ifdef INET6
/* FALLTHROUGH */
case O_IP6_SRC_ME:
rule_ip6_src_me(&match, is_ipv6, args)
- match= is_ipv6 && search_ip6_addr_net(&args->f_id.src_ip6);
#endif
break;
Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h
==============================================================================
--- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Wed Jun 11 17:00:42 2014 (r269407)
+++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Wed Jun 11 17:59:45 2014 (r269408)
@@ -59,7 +59,7 @@
}
inline void
-rule_macaddr(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
+rule_macaddr2(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
{
if (args->eh != NULL) { /* have MAC header */
u_int32_t *want = (u_int32_t *)
@@ -106,7 +106,7 @@
}
inline void
-rule_layertwo(int *match, struct ip_fw_args * args)
+rule_layer2(int *match, struct ip_fw_args * args)
{
*match = (args->eh != NULL);
}
@@ -144,7 +144,7 @@
// XXX Finish this function.
inline void
-rule_ip_2_lookup(int *match, ipfw_insn *cmd, int cmdlen, int is_ipv4, int is_ipv6, struct ip *ip, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, u_short offset, uint8_t proto, int ucred_lookup, ucred_cache, struct ip_fw_chain *chain)
+rule_2_lookup(int *match, ipfw_insn *cmd, int cmdlen, int is_ipv4, int is_ipv6, struct ip *ip, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, u_short offset, uint8_t proto, int ucred_lookup, ucred_cache, struct ip_fw_chain *chain)
{
if (is_ipv4) {
uint32_t key =
@@ -275,7 +275,7 @@
}
inline void
-rule_ip_dst(int *match, is_ipv4, ipfw_insn *cmd, struct in_addr *dst_ip)
+rule_ip_dst(int *match, int is_ipv4, ipfw_insn *cmd, struct in_addr *dst_ip)
{
*match = is_ipv4 &&
(((ipfw_insn_ip *)cmd)->addr.s_addr ==
@@ -332,6 +332,17 @@
}
inline void
+rule_icmp6type(int *match, u_short offset, uint8_t proto, void *void *ulp, ipfw_insn *cmd)
+{
+ *match = is_ipv6 && offset == 0 &&
+ proto==IPPROTO_ICMPV6 &&
+ icmp6type_match(
+ ICMP6(void *ulp)->icmp6_type,
+ (ipfw_insn_u32 *)cmd);
+}
+
+
+inline void
rule_ipopt(int *match, int is_ipv4, struct ip *ip, ipfw_insn *cmd)
{
*match = (is_ipv4 &&
@@ -600,39 +611,17 @@
*match = 1;
}
+#ifdef IPSEC
inline void
-rule_ip4(int *match, is_ipv4)
-{
-}
-
-inline void
-rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, )
-{
-}
-
-inline void
-rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
-{
-}
-
-inline void
-rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag)
+rule_ipsec(int *match, m)
{
+ *match = (m_tag_find(m,
+ PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL);
}
-
+#endif
#ifdef INET6
inline void
-rule_icmp6type(int *match, u_short offset, uint8_t proto, void *void *ulp, ipfw_insn *cmd)
-{
- *match = is_ipv6 && offset == 0 &&
- proto==IPPROTO_ICMPV6 &&
- icmp6type_match(
- ICMP6(void *ulp)->icmp6_type,
- (ipfw_insn_u32 *)cmd);
-}
-
-inline void
rule_ip6_src(int *match, int is_ipv6, struct ip_fw_args *args, ipfw_insn *cmd)
{
*match = is_ipv6 &&
@@ -673,30 +662,35 @@
}
inline void
-rule_ip6_dst(int *match, int is_ipv6 flow_id6, ipfw_insn *cmd)
+rule_flow6id(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
{
}
inline void
-rule_is_ipv6(int *match, int is_ipv6 ext_hd, ipfw_insn *cmd)
+rule_ext_hdr(int *match, int is_ipv6, uint16_t ext_hd, ipfw_insn *cmd)
{
}
inline void
-rule_ip6(int *match, is_ipv6)
+rule_ip6(int *match, int is_ipv6)
{
}
-
#endif
-#ifdef IPSEC
inline void
-rule_ipsec(int *match, m)
+rule_ip4(int *match, int is_ipv4)
+{
+}
+
+inline void
+rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, )
+{
+}
+
+inline void
+rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
{
- *match = (m_tag_find(m,
- PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL);
}
-#endif
#ifndef USERSPACE
inline void
@@ -705,8 +699,13 @@
}
#endif /* !USERSPACE */
+inline void
+rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag)
+{
+}
+
/*
- * The second round of actions.
+ * The second sets of opcodes. They represent the actions of a rule.
*/
inline void
rule_keep_state(int *match, f, ipfw_insn *cmd, struct ip_fw_args *args, uint32_t *tablearg, retval, l, done)
@@ -753,50 +752,51 @@
{
}
+#ifdef INET6
inline void
-rule_deny(l, done, retval)
+rule_unreach6(u_int hlen, int is_ipv4 u_short offset, uint8_t proto, icmp6_type, struct mbuf *m, struct ip_fw_args *args, ipfw_insn *cmd, struct ip *ip)
{
}
+#endif /* INET6 */
+
inline void
-rule_forward_ip(args, q, dyn_dir, ipfw_insn *cmd, sa, retval, l, done)
+rule_deny(l, done, retval)
{
}
inline void
-rule_ngtee(args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, V_fw_one_pass, retval, l, done)
+rule_forward_ip(args, q, dyn_dir, ipfw_insn *cmd, sa, retval, l, done)
{
}
+#ifdef INET6
inline void
-rule_setfib(f, pktlen, ipfw_insn *cmd, rt_numfibs, struct mbuf *m, struct ip_fw_args *args, l)
+rule_forward_ip6(args, q, f, dun_dir, ipfw_insn *cmd, struct ip_fw_args *args, retval, l, done)
{
}
+#endif /* INET6 */
inline void
-rule_setdscp(ipfw_insn *cmd, l, int is_ipv4 a, int is_ipv6 f, pktlen)
+rule_ngtee(args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, V_fw_one_pass, retval, l, done)
{
}
inline void
-rule_nat(l, done, retval, struct ip_fw_args *args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, struct ip_fw_chain *chain)
+rule_setfib(f, pktlen, ipfw_insn *cmd, rt_numfibs, struct mbuf *m, struct ip_fw_args *args, l)
{
}
-inlinue void rule_reass(f, pktlen, l, ip_off, struct ip *ip, struct ip_fw_args *args, struct mbuf *m, retval, done)
+inline void
+rule_setdscp(ipfw_insn *cmd, l, int is_ipv4 a, int is_ipv6 f, pktlen)
{
}
-
-#ifdef INET6
inline void
-rule_unreach6(u_int hlen, int is_ipv4 u_short offset, uint8_t proto, icmp6_type, struct mbuf *m, struct ip_fw_args *args, ipfw_insn *cmd, struct ip *ip)
+rule_nat(l, done, retval, struct ip_fw_args *args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, struct ip_fw_chain *chain)
{
}
-inline void
-rule_forward_ip6(args, q, f, dun_dir, ipfw_insn *cmd, struct ip_fw_args *args, retval, l, done)
+inlinue void rule_reass(f, pktlen, l, ip_off, struct ip *ip, struct ip_fw_args *args, struct mbuf *m, retval, done)
{
}
-
-#endif /* INET6 */
More information about the svn-soc-all
mailing list