svn commit: r203452 - user/luigi/ipfw3-head/sys/netinet/ipfw

Luigi Rizzo luigi at FreeBSD.org
Wed Feb 3 22:08:26 UTC 2010 

Author: luigi
Date: Wed Feb  3 22:08:25 2010
New Revision: 203452
URL: http://svn.freebsd.org/changeset/base/203452

Log:
  portability fixes -- make this code build under Linux and Windows

Modified:
  user/luigi/ipfw3-head/sys/netinet/ipfw/dn_sched_qfq.c
  user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c
  user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_dynamic.c
  user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_log.c
  user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_table.c

Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/dn_sched_qfq.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netinet/ipfw/dn_sched_qfq.c	Wed Feb  3 22:07:50 2010	(r203451)
+++ user/luigi/ipfw3-head/sys/netinet/ipfw/dn_sched_qfq.c	Wed Feb  3 22:08:25 2010	(r203452)
@@ -57,7 +57,7 @@ typedef	unsigned long	bitmap;
  * bitmaps ops are critical. Some linux versions have __fls
  * and the bitmap ops. Some machines have ffs
  */
-#if !defined(_KERNEL) || defined( __FreeBSD__ )
+#if !defined(_KERNEL) || defined( __FreeBSD__ ) || defined(_WIN32)
 static inline unsigned long __fls(unsigned long word)
 {
 	return fls(word) - 1;
@@ -92,6 +92,10 @@ void __clear_bit(int ix, bitmap *p)
 #endif /* !QFQ_DEBUG */
 #endif /* !__linux__ */
 
+#ifdef __MIPSEL__
+#define __clear_bit(ix, pData) (*pData) &= ~(1<<(ix))
+#endif
+
 /*-------------------------------------------*/
 /*
 

Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c	Wed Feb  3 22:07:50 2010	(r203451)
+++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c	Wed Feb  3 22:08:25 2010	(r203452)
@@ -155,11 +155,13 @@ SYSCTL_VNET_INT(_net_inet_ip_fw, OID_AUT
 SYSCTL_VNET_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit,
     CTLFLAG_RW, &VNET_NAME(verbose_limit), 0,
     "Set upper limit of matches of ipfw rules logged");
+uint32_t dummy_def = IPFW_DEFAULT_RULE;
 SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, default_rule, CTLFLAG_RD,
-    NULL, IPFW_DEFAULT_RULE,
+    &dummy_def, 0,
     "The default/max possible rule number.");
+uint32_t dummy_tables_max = IPFW_TABLES_MAX;
 SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, tables_max, CTLFLAG_RD,
-    NULL, IPFW_TABLES_MAX,
+    &dummy_tables_max, 0,
     "The maximum number of tables.");
 SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, default_to_accept, CTLFLAG_RDTUN,
     &default_to_accept, 0,
@@ -344,6 +346,7 @@ iface_match(struct ifnet *ifp, ipfw_insn
 				return(1);
 		}
 	} else {
+#ifdef	__FreeBSD__	/* and OSX too ? */
 		struct ifaddr *ia;
 
 		if_addr_rlock(ifp);
@@ -357,6 +360,7 @@ iface_match(struct ifnet *ifp, ipfw_insn
 			}
 		}
 		if_addr_runlock(ifp);
+#endif /* __FreeBSD__ */
 	}
 	return(0);	/* no match, fail ... */
 }
@@ -385,6 +389,9 @@ iface_match(struct ifnet *ifp, ipfw_insn
 static int
 verify_path(struct in_addr src, struct ifnet *ifp, u_int fib)
 {
+#ifndef __FreeBSD__
+	return 0;
+#else
 	struct route ro;
 	struct sockaddr_in *dst;
 
@@ -427,6 +434,7 @@ verify_path(struct in_addr src, struct i
 	/* found valid route */
 	RTFREE(ro.ro_rt);
 	return 1;
+#endif /* __FreeBSD__ */
 }
 
 #ifdef INET6
@@ -634,9 +642,14 @@ send_reject(struct ip_fw_args *args, int
 static int
 check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif,
     struct in_addr dst_ip, u_int16_t dst_port, struct in_addr src_ip,
-    u_int16_t src_port, struct ucred **uc, int *ugid_lookupp,
-    struct inpcb *inp)
+    u_int16_t src_port, int *ugid_lookupp,
+    struct ucred **uc, struct inpcb *inp)
 {
+#ifndef __FreeBSD__
+	return cred_check(insn, proto, oif,
+	    dst_ip, dst_port, src_ip, src_port,
+	    (struct bsd_ucred *)uc, ugid_lookupp, ((struct mbuf *)inp)->m_skb);
+#else  /* FreeBSD */
 	struct inpcbinfo *pi;
 	int wildcard;
 	struct inpcb *pcb;
@@ -703,6 +716,7 @@ check_uidgid(ipfw_insn_u32 *insn, int pr
 	else if (insn->o.opcode == O_JAIL)
 		match = ((*uc)->cr_prison->pr_id == (int)insn->d[0]);
 	return match;
+#endif /* __FreeBSD__ */
 }
 
 /*
@@ -794,7 +808,11 @@ ipfw_chk(struct ip_fw_args *args)
 	 * these types of constraints, as well as decrease contention
 	 * on pcb related locks.
 	 */
+#ifndef __FreeBSD__
+	struct bsd_ucred ucred_cache;
+#else
 	struct ucred *ucred_cache = NULL;
+#endif
 	int ucred_lookup = 0;
 
 	/*
@@ -1233,8 +1251,13 @@ do {								\
 						    (ipfw_insn_u32 *)cmd,
 						    proto, oif,
 						    dst_ip, dst_port,
-						    src_ip, src_port, &ucred_cache,
-						    &ucred_lookup, args->inp);
+						    src_ip, src_port, &ucred_lookup,
+#ifdef __FreeBSD__
+						    &ucred_cache, args->inp);
+#else
+						    (void *)&ucred_cache,
+						    (struct inpcb *)args->m);
+#endif
 				break;
 
 			case O_RECV:
@@ -1348,13 +1371,22 @@ do {								\
 						(ipfw_insn_u32 *)cmd,
 						proto, oif,
 						dst_ip, dst_port,
-						src_ip, src_port, &ucred_cache,
-						&ucred_lookup, args->inp);
+						src_ip, src_port, &ucred_lookup,
+#ifdef __FreeBSD__
+						&ucred_cache, args->inp);
 					    if (v == 4 /* O_UID */)
 						key = ucred_cache->cr_uid;
 					    else if (v == 5 /* O_JAIL */)
 						key = ucred_cache->cr_prison->pr_id;
 					    key = htonl(key);
+#else /* !__FreeBSD__ */
+						(void *)&ucred_cache,
+						(struct inpcb *)args->m);
+					    if (v ==4 /* O_UID */)
+						key = ucred_cache.uid;
+					    else if (v == 5 /* O_JAIL */)
+						key = ucred_cache.xid;
+#endif /* !__FreeBSD__ */
 					} else
 					    break;
 				    }
@@ -1390,7 +1422,13 @@ do {								\
 
 					INADDR_TO_IFP(src_ip, tif);
 					match = (tif != NULL);
+					break;
 				}
+#ifdef INET6
+				/* FALLTHROUGH */
+			case O_IP6_SRC_ME:
+				match= is_ipv6 && search_ip6_addr_net(&args->f_id.src_ip6);
+#endif
 				break;
 
 			case O_IP_DST_SET:
@@ -1423,9 +1461,16 @@ do {								\
 
 					INADDR_TO_IFP(dst_ip, tif);
 					match = (tif != NULL);
+					break;
 				}
+#ifdef INET6
+				/* FALLTHROUGH */
+			case O_IP6_DST_ME:
+				match= is_ipv6 && search_ip6_addr_net(&args->f_id.dst_ip6);
+#endif
 				break;
 
+
 			case O_IP_SRCPORT:
 			case O_IP_DSTPORT:
 				/*
@@ -1691,14 +1736,6 @@ do {								\
 				}
 				break;
 
-			case O_IP6_SRC_ME:
-				match= is_ipv6 && search_ip6_addr_net(&args->f_id.src_ip6);
-				break;
-
-			case O_IP6_DST_ME:
-				match= is_ipv6 && search_ip6_addr_net(&args->f_id.dst_ip6);
-				break;
-
 			case O_FLOW6ID:
 				match = is_ipv6 &&
 				    flow6id_match(args->f_id.flow_id6,
@@ -2158,8 +2195,10 @@ do {								\
 		printf("ipfw: ouch!, skip past end of rules, denying packet\n");
 	}
 	IPFW_RUNLOCK(chain);
+#ifdef __FreeBSD__
 	if (ucred_cache != NULL)
 		crfree(ucred_cache);
+#endif
 	return (retval);
 
 pullup_failed:

Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_dynamic.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_dynamic.c	Wed Feb  3 22:07:50 2010	(r203451)
+++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_dynamic.c	Wed Feb  3 22:08:25 2010	(r203452)
@@ -128,7 +128,11 @@ static VNET_DEFINE(struct callout, ipfw_
 #define V_ipfw_timeout                  VNET(ipfw_timeout)
 
 static uma_zone_t ipfw_dyn_rule_zone;
+#ifndef __FreeBSD__
+DEFINE_SPINLOCK(ipfw_dyn_mtx);
+#else
 static struct mtx ipfw_dyn_mtx;		/* mutex guarding dynamic rules */
+#endif
 
 #define	IPFW_DYN_LOCK_INIT() \
 	mtx_init(&ipfw_dyn_mtx, "IPFW dynamic rules", NULL, MTX_DEF)
@@ -884,6 +888,9 @@ struct mbuf *
 ipfw_send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq,
     u_int32_t ack, int flags)
 {
+#ifndef __FreeBSD__
+	return NULL;
+#else
 	struct mbuf *m;
 	int len, dir;
 	struct ip *h = NULL;		/* stupid compiler */
@@ -1020,6 +1027,7 @@ ipfw_send_pkt(struct mbuf *replyto, stru
 	}
 
 	return (m);
+#endif /* __FreeBSD__ */
 }
 
 /*

Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_log.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_log.c	Wed Feb  3 22:07:50 2010	(r203451)
+++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_log.c	Wed Feb  3 22:08:25 2010	(r203452)
@@ -413,6 +413,7 @@ ipfw_log(struct ip_fw *f, u_int hlen, st
 				    (ipoff & IP_MF) ? "+" : "");
 		}
 	}
+#ifdef __FreeBSD__
 	if (oif || m->m_pkthdr.rcvif)
 		log(LOG_SECURITY | LOG_INFO,
 		    "ipfw: %d %s %s %s via %s%s\n",
@@ -421,6 +422,7 @@ ipfw_log(struct ip_fw *f, u_int hlen, st
 		    oif ? oif->if_xname : m->m_pkthdr.rcvif->if_xname,
 		    fragment);
 	else
+#endif
 		log(LOG_SECURITY | LOG_INFO,
 		    "ipfw: %d %s %s [no if info]%s\n",
 		    f ? f->rulenum : -1,

Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_table.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_table.c	Wed Feb  3 22:07:50 2010	(r203451)
+++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_table.c	Wed Feb  3 22:08:25 2010	(r203452)
@@ -66,6 +66,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/in.h>
 #include <netinet/ip_var.h>	/* struct ipfw_rule_ref */
 #include <netinet/ip_fw.h>
+#include <sys/queue.h> /* LIST_HEAD */
 #include <netinet/ipfw/ip_fw_private.h>
 
 #ifdef MAC

More information about the svn-src-user mailing list