svn commit: r254519 - in head/sys: netinet netinet6 sys
Julian Elischer
julian at freebsd.org
Tue Aug 20 03:05:08 UTC 2013
On 8/19/13 7:08 PM, Andre Oppermann wrote:
> Author: andre
> Date: Mon Aug 19 11:08:36 2013
> New Revision: 254519
> URL: http://svnweb.freebsd.org/changeset/base/254519
>
> Log:
> Move the global M_SKIP_FIREWALL mbuf flags to a protocol layer specific
> flag instead. The flag is only used within the IP and IPv6 layer 3
> protocols.
weeeeelllll, "maybe"
Layer 2 usage of ipfw could make use of this flag as well.
Cisco were using L2 ipfw some years back. I don't know if this affects
them at all.
>
> Because some firewall packages treat IPv4 and IPv6 packets the same the
> flag should have the same value for both.
>
> Discussed with: trociny, glebius
>
> Modified:
> head/sys/netinet/ip_var.h
> head/sys/netinet6/ip6_var.h
> head/sys/sys/mbuf.h
>
> Modified: head/sys/netinet/ip_var.h
> ==============================================================================
> --- head/sys/netinet/ip_var.h Mon Aug 19 10:34:10 2013 (r254518)
> +++ head/sys/netinet/ip_var.h Mon Aug 19 11:08:36 2013 (r254519)
> @@ -163,10 +163,12 @@ void kmod_ipstat_dec(int statnum);
> #define IP_ALLOWBROADCAST SO_BROADCAST /* 0x20 can send broadcast packets */
>
> /*
> - * mbuf flag used by ip_fastfwd
> + * IPv4 protocol layer specific mbuf flags.
> */
> #define M_FASTFWD_OURS M_PROTO1 /* changed dst to local */
> #define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop */
> +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing,
> + keep in sync with IP6 */
> #define M_IP_FRAG M_PROTO4 /* fragment reassembly */
>
> #ifdef __NO_STRICT_ALIGNMENT
>
> Modified: head/sys/netinet6/ip6_var.h
> ==============================================================================
> --- head/sys/netinet6/ip6_var.h Mon Aug 19 10:34:10 2013 (r254518)
> +++ head/sys/netinet6/ip6_var.h Mon Aug 19 11:08:36 2013 (r254519)
> @@ -293,7 +293,12 @@ struct ip6aux {
> #define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */
> #define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */
>
> -#define M_IP6_NEXTHOP M_PROTO7 /* explicit ip nexthop */
> +/*
> + * IPv6 protocol layer specific mbuf flags.
> + */
> +#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop */
> +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing,
> + keep in sync with IPv4 */
>
> #ifdef __NO_STRICT_ALIGNMENT
> #define IP6_HDR_ALIGNED_P(ip) 1
>
> Modified: head/sys/sys/mbuf.h
> ==============================================================================
> --- head/sys/sys/mbuf.h Mon Aug 19 10:34:10 2013 (r254518)
> +++ head/sys/sys/mbuf.h Mon Aug 19 11:08:36 2013 (r254519)
> @@ -196,7 +196,7 @@ struct mbuf {
> #define M_FRAG 0x00000800 /* packet is a fragment of a larger packet */
> #define M_FIRSTFRAG 0x00001000 /* packet is first fragment */
> #define M_LASTFRAG 0x00002000 /* packet is last fragment */
> -#define M_SKIP_FIREWALL 0x00004000 /* skip firewall processing */
> + /* 0x00004000 free */
> /* 0x00008000 free */
> #define M_VLANTAG 0x00010000 /* ether_vtag is valid */
> #define M_PROMISC 0x00020000 /* packet was not for us */
> @@ -253,7 +253,7 @@ struct mbuf {
> * Flags preserved when copying m_pkthdr.
> */
> #define M_COPYFLAGS \
> - (M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_SKIP_FIREWALL|M_BCAST|M_MCAST|\
> + (M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_BCAST|M_MCAST|\
> M_FRAG|M_FIRSTFRAG|M_LASTFRAG|M_VLANTAG|M_PROMISC|M_HASHTYPEBITS)
>
> /*
>
>
More information about the svn-src-all
mailing list