svn commit: r205166 - in user/luigi/ipfw3-r8/sys: netgraph netinet

Luigi Rizzo luigi at FreeBSD.org
Mon Mar 15 09:40:23 UTC 2010 

Author: luigi
Date: Mon Mar 15 09:40:23 2010
New Revision: 205166
URL: http://svn.freebsd.org/changeset/base/205166

Log:
  missing changes to let the kernel compile

Modified:
  user/luigi/ipfw3-r8/sys/netgraph/ng_ipfw.h
  user/luigi/ipfw3-r8/sys/netinet/in.h
  user/luigi/ipfw3-r8/sys/netinet/ip_var.h

Modified: user/luigi/ipfw3-r8/sys/netgraph/ng_ipfw.h
==============================================================================
--- user/luigi/ipfw3-r8/sys/netgraph/ng_ipfw.h	Mon Mar 15 08:58:35 2010	(r205165)
+++ user/luigi/ipfw3-r8/sys/netgraph/ng_ipfw.h	Mon Mar 15 09:40:23 2010	(r205166)
@@ -26,26 +26,8 @@
  * $FreeBSD$
  */
 
+#ifndef _NG_IPFW_H
+#define _NG_IPFW_H
 #define NG_IPFW_NODE_TYPE    "ipfw"
 #define NGM_IPFW_COOKIE      1105988990
-
-#ifdef _KERNEL
-
-typedef int ng_ipfw_input_t(struct mbuf **, int, struct ip_fw_args *, int);
-extern	ng_ipfw_input_t	*ng_ipfw_input_p;
-#define	NG_IPFW_LOADED	(ng_ipfw_input_p != NULL)
-
-struct ng_ipfw_tag {
-	struct m_tag	mt;		/* tag header */
-	struct ip_fw	*rule;		/* matching rule */
-	uint32_t	rule_id;	/* matching rule id */
-	uint32_t	chain_id;	/* ruleset id */
-	struct ifnet	*ifp;		/* interface, for ip_output */
-	int		dir;
-#define	NG_IPFW_OUT	0
-#define	NG_IPFW_IN	1
-};
-
-#define	TAGSIZ	(sizeof(struct ng_ipfw_tag) - sizeof(struct m_tag))
-
-#endif /* _KERNEL */
+#endif /* _NG_IPFW_H */

Modified: user/luigi/ipfw3-r8/sys/netinet/in.h
==============================================================================
--- user/luigi/ipfw3-r8/sys/netinet/in.h	Mon Mar 15 08:58:35 2010	(r205165)
+++ user/luigi/ipfw3-r8/sys/netinet/in.h	Mon Mar 15 09:40:23 2010	(r205166)
@@ -754,6 +754,32 @@ void	 in_ifdetach(struct ifnet *);
 #define	sintosa(sin)	((struct sockaddr *)(sin))
 #define	ifatoia(ifa)	((struct in_ifaddr *)(ifa))
 
+/*
+ * Historically, BSD keeps ip_len and ip_off in host format
+ * when doing layer 3 processing, and this often requires
+ * to translate the format back and forth.
+ * To make the process explicit, we define a couple of macros
+ * that also take into account the fact that at some point
+ * we may want to keep those fields always in net format.
+ */
+
+#if (BYTE_ORDER == BIG_ENDIAN) || defined(HAVE_NET_IPLEN)
+#define SET_NET_IPLEN(p)	do {} while (0)
+#define SET_HOST_IPLEN(p)	do {} while (0)
+#else
+#define SET_NET_IPLEN(p)	do {		\
+	struct ip *h_ip = (p);			\
+	h_ip->ip_len = htons(h_ip->ip_len);	\
+	h_ip->ip_off = htons(h_ip->ip_off);	\
+	} while (0)
+
+#define SET_HOST_IPLEN(p)	do {		\
+	struct ip *h_ip = (p);			\
+	h_ip->ip_len = ntohs(h_ip->ip_len);	\
+	h_ip->ip_off = ntohs(h_ip->ip_off);	\
+	} while (0)
+#endif /* !HAVE_NET_IPLEN */
+
 #endif /* _KERNEL */
 
 /* INET6 stuff */

Modified: user/luigi/ipfw3-r8/sys/netinet/ip_var.h
==============================================================================
--- user/luigi/ipfw3-r8/sys/netinet/ip_var.h	Mon Mar 15 08:58:35 2010	(r205165)
+++ user/luigi/ipfw3-r8/sys/netinet/ip_var.h	Mon Mar 15 09:40:23 2010	(r205166)
@@ -249,7 +249,43 @@ VNET_DECLARE(struct pfil_head, inet_pfil
 
 void	in_delayed_cksum(struct mbuf *m);
 
-/* ipfw and dummynet hooks. Most are declared in raw_ip.c */
+/* Hooks for ipfw, dummynet, divert etc. Most are declared in raw_ip.c */
+/*
+ * Reference to an ipfw or packet filter rule that can be carried
+ * outside critical sections.
+ * A rule is identified by rulenum:rule_id which is ordered.
+ * In version chain_id the rule can be found in slot 'slot', so
+ * we don't need a lookup if chain_id == chain->id.
+ *
+ * On exit from the firewall this structure refers to the rule after
+ * the matching one (slot points to the new rule; rulenum:rule_id-1
+ * is the matching rule), and additional info (e.g. info often contains
+ * the insn argument or tablearg in the low 16 bits, in host format).
+ * On entry, the structure is valid if slot>0, and refers to the starting
+ * rules. 'info' contains the reason for reinject, e.g. divert port,
+ * divert direction, and so on.
+ */
+struct ipfw_rule_ref {
+	uint32_t	slot;		/* slot for matching rule	*/
+	uint32_t	rulenum;	/* matching rule number		*/
+	uint32_t	rule_id;	/* matching rule id		*/
+	uint32_t	chain_id;	/* ruleset id			*/
+	uint32_t	info;		/* see below			*/
+};
+
+enum {
+	IPFW_INFO_MASK	= 0x0000ffff,
+	IPFW_INFO_OUT	= 0x00000000,	/* outgoing, just for convenience */
+	IPFW_INFO_IN	= 0x80000000,	/* incoming, overloads dir */
+	IPFW_ONEPASS	= 0x40000000,	/* One-pass, do not reinject */
+	IPFW_IS_MASK	= 0x30000000,	/* which source ? */
+	IPFW_IS_DIVERT	= 0x20000000,
+	IPFW_IS_DUMMYNET =0x10000000,
+	IPFW_IS_PIPE	= 0x08000000,	/* pip1=1, queue = 0 */
+};
+#define MTAG_IPFW	1148380143	/* IPFW-tagged cookie */
+#define MTAG_IPFW_RULE	1262273568	/* rule reference */
+
 struct ip_fw_args;
 typedef int	(*ip_fw_chk_ptr_t)(struct ip_fw_args *args);
 typedef int	(*ip_fw_ctl_ptr_t)(struct sockopt *);
@@ -258,9 +294,14 @@ VNET_DECLARE(ip_fw_ctl_ptr_t, ip_fw_ctl_
 #define	V_ip_fw_chk_ptr		VNET(ip_fw_chk_ptr)
 #define	V_ip_fw_ctl_ptr		VNET(ip_fw_ctl_ptr)
 
+/* Divert hooks. */
+extern void	(*ip_divert_ptr)(struct mbuf *m, int incoming);
+/* ng_ipfw hooks -- XXX make it the same as divert and dummynet */
+extern int	(*ng_ipfw_input_p)(struct mbuf **, int,
+			struct ip_fw_args *, int);
+
 extern int	(*ip_dn_ctl_ptr)(struct sockopt *);
-extern int	(*ip_dn_io_ptr)(struct mbuf **m, int dir, struct ip_fw_args *fwa);
-extern void	(*ip_dn_ruledel_ptr)(void *);		/* in ip_fw2.c */
+extern int	(*ip_dn_io_ptr)(struct mbuf **, int, struct ip_fw_args *);
 
 VNET_DECLARE(int, ip_do_randomid);
 #define	V_ip_do_randomid	VNET(ip_do_randomid)

More information about the svn-src-user mailing list