svn commit: r193528 - in user/luigi/ipfw_80: sbin/ipfw sys/netinet

[Luigi Rizzo]

Author: luigi
Date: Fri Jun  5 18:14:51 2009
New Revision: 193528
URL: http://svn.freebsd.org/changeset/base/193528

Log:
  sync with head

Modified:
  user/luigi/ipfw_80/sbin/ipfw/ipfw2.c
  user/luigi/ipfw_80/sys/netinet/ip_fw.h

Modified: user/luigi/ipfw_80/sbin/ipfw/ipfw2.c
==============================================================================
--- user/luigi/ipfw_80/sbin/ipfw/ipfw2.c	Fri Jun  5 17:44:43 2009	(r193527)
+++ user/luigi/ipfw_80/sbin/ipfw/ipfw2.c	Fri Jun  5 18:14:51 2009	(r193528)
@@ -2859,7 +2859,7 @@ chkarg:	
 			if (have_tag)
 				errx(EX_USAGE, "tag and untag cannot be "
 				    "specified more than once");
-			GET_UINT_ARG(tag, 1, IPFW_DEFAULT_RULE - 1, i,
+			GET_UINT_ARG(tag, IPFW_ARG_MIN, IPFW_ARG_MAX, i,
 			   rule_action_params);
 			have_tag = cmd;
 			fill_cmd(cmd, O_TAG, (i == TOK_TAG) ? 0: F_NOT, tag);
@@ -3336,7 +3336,7 @@ read_options:
 			if (c->limit_mask == 0)
 				errx(EX_USAGE, "limit: missing limit mask");
 
-			GET_UINT_ARG(c->conn_limit, 1, IPFW_DEFAULT_RULE - 1,
+			GET_UINT_ARG(c->conn_limit, IPFW_ARG_MIN, IPFW_ARG_MAX,
 			    TOK_LIMIT, rule_options);
 
 			ac--; av++;
@@ -3464,7 +3464,7 @@ read_options:
 			else {
 				uint16_t tag;
 
-				GET_UINT_ARG(tag, 1, IPFW_DEFAULT_RULE - 1,
+				GET_UINT_ARG(tag, IPFW_ARG_MIN, IPFW_ARG_MAX,
 				    TOK_TAGGED, rule_options);
 				fill_cmd(cmd, O_TAGGED, 0, tag);
 			}

Modified: user/luigi/ipfw_80/sys/netinet/ip_fw.h
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_fw.h	Fri Jun  5 17:44:43 2009	(r193527)
+++ user/luigi/ipfw_80/sys/netinet/ip_fw.h	Fri Jun  5 18:14:51 2009	(r193528)
@@ -47,6 +47,20 @@
 #define	IPFW_TABLES_MAX		128
 
 /*
+ * Most commands (queue, pipe, tag, untag, limit...) can have a 16-bit
+ * argument between 1 and 65534. The value 0 is unused, the value
+ * 65535 (IP_FW_TABLEARG) is used to represent 'tablearg', i.e. the
+ * can be 1..65534, or 65535 to indicate the use of a 'tablearg'
+ * result of the most recent table() lookup.
+ * Note that 16bit is only a historical limit, resulting from
+ * the use of a 16-bit fields for that value. In reality, we can have
+ * 2^32 pipes, queues, tag values and so on, and use 0 as a tablearg.
+ */
+#define	IPFW_ARG_MIN		1
+#define	IPFW_ARG_MAX		65534
+#define IP_FW_TABLEARG		65535	/* XXX should use 0 */
+
+/*
  * The kernel representation of ipfw rules is made of a list of
  * 'instructions' (for all practical purposes equivalent to BPF
  * instructions), which specify which fields of the packet
@@ -243,8 +257,6 @@ typedef struct	_ipfw_insn {	/* template 
  */
 #define	F_INSN_SIZE(t)	((sizeof (t))/sizeof(u_int32_t))
 
-#define MTAG_IPFW	1148380143	/* IPFW-tagged cookie */
-
 /*
  * This is used to store an array of 16-bit entries (ports etc.)
  */
@@ -562,6 +574,4 @@ typedef struct	_ipfw_table {
 	ipfw_table_entry ent[0];	/* entries			*/
 } ipfw_table;
 
-#define IP_FW_TABLEARG	65535
-
 #endif /* _IPFW2_H */