svn commit: r205166 - in user/luigi/ipfw3-r8/sys: netgraph netinet
Luigi Rizzo
luigi at FreeBSD.org
Mon Mar 15 09:40:23 UTC 2010
Author: luigi
Date: Mon Mar 15 09:40:23 2010
New Revision: 205166
URL: http://svn.freebsd.org/changeset/base/205166
Log:
missing changes to let the kernel compile
Modified:
user/luigi/ipfw3-r8/sys/netgraph/ng_ipfw.h
user/luigi/ipfw3-r8/sys/netinet/in.h
user/luigi/ipfw3-r8/sys/netinet/ip_var.h
Modified: user/luigi/ipfw3-r8/sys/netgraph/ng_ipfw.h
==============================================================================
--- user/luigi/ipfw3-r8/sys/netgraph/ng_ipfw.h Mon Mar 15 08:58:35 2010 (r205165)
+++ user/luigi/ipfw3-r8/sys/netgraph/ng_ipfw.h Mon Mar 15 09:40:23 2010 (r205166)
@@ -26,26 +26,8 @@
* $FreeBSD$
*/
+#ifndef _NG_IPFW_H
+#define _NG_IPFW_H
#define NG_IPFW_NODE_TYPE "ipfw"
#define NGM_IPFW_COOKIE 1105988990
-
-#ifdef _KERNEL
-
-typedef int ng_ipfw_input_t(struct mbuf **, int, struct ip_fw_args *, int);
-extern ng_ipfw_input_t *ng_ipfw_input_p;
-#define NG_IPFW_LOADED (ng_ipfw_input_p != NULL)
-
-struct ng_ipfw_tag {
- struct m_tag mt; /* tag header */
- struct ip_fw *rule; /* matching rule */
- uint32_t rule_id; /* matching rule id */
- uint32_t chain_id; /* ruleset id */
- struct ifnet *ifp; /* interface, for ip_output */
- int dir;
-#define NG_IPFW_OUT 0
-#define NG_IPFW_IN 1
-};
-
-#define TAGSIZ (sizeof(struct ng_ipfw_tag) - sizeof(struct m_tag))
-
-#endif /* _KERNEL */
+#endif /* _NG_IPFW_H */
Modified: user/luigi/ipfw3-r8/sys/netinet/in.h
==============================================================================
--- user/luigi/ipfw3-r8/sys/netinet/in.h Mon Mar 15 08:58:35 2010 (r205165)
+++ user/luigi/ipfw3-r8/sys/netinet/in.h Mon Mar 15 09:40:23 2010 (r205166)
@@ -754,6 +754,32 @@ void in_ifdetach(struct ifnet *);
#define sintosa(sin) ((struct sockaddr *)(sin))
#define ifatoia(ifa) ((struct in_ifaddr *)(ifa))
+/*
+ * Historically, BSD keeps ip_len and ip_off in host format
+ * when doing layer 3 processing, and this often requires
+ * to translate the format back and forth.
+ * To make the process explicit, we define a couple of macros
+ * that also take into account the fact that at some point
+ * we may want to keep those fields always in net format.
+ */
+
+#if (BYTE_ORDER == BIG_ENDIAN) || defined(HAVE_NET_IPLEN)
+#define SET_NET_IPLEN(p) do {} while (0)
+#define SET_HOST_IPLEN(p) do {} while (0)
+#else
+#define SET_NET_IPLEN(p) do { \
+ struct ip *h_ip = (p); \
+ h_ip->ip_len = htons(h_ip->ip_len); \
+ h_ip->ip_off = htons(h_ip->ip_off); \
+ } while (0)
+
+#define SET_HOST_IPLEN(p) do { \
+ struct ip *h_ip = (p); \
+ h_ip->ip_len = ntohs(h_ip->ip_len); \
+ h_ip->ip_off = ntohs(h_ip->ip_off); \
+ } while (0)
+#endif /* !HAVE_NET_IPLEN */
+
#endif /* _KERNEL */
/* INET6 stuff */
Modified: user/luigi/ipfw3-r8/sys/netinet/ip_var.h
==============================================================================
--- user/luigi/ipfw3-r8/sys/netinet/ip_var.h Mon Mar 15 08:58:35 2010 (r205165)
+++ user/luigi/ipfw3-r8/sys/netinet/ip_var.h Mon Mar 15 09:40:23 2010 (r205166)
@@ -249,7 +249,43 @@ VNET_DECLARE(struct pfil_head, inet_pfil
void in_delayed_cksum(struct mbuf *m);
-/* ipfw and dummynet hooks. Most are declared in raw_ip.c */
+/* Hooks for ipfw, dummynet, divert etc. Most are declared in raw_ip.c */
+/*
+ * Reference to an ipfw or packet filter rule that can be carried
+ * outside critical sections.
+ * A rule is identified by rulenum:rule_id which is ordered.
+ * In version chain_id the rule can be found in slot 'slot', so
+ * we don't need a lookup if chain_id == chain->id.
+ *
+ * On exit from the firewall this structure refers to the rule after
+ * the matching one (slot points to the new rule; rulenum:rule_id-1
+ * is the matching rule), and additional info (e.g. info often contains
+ * the insn argument or tablearg in the low 16 bits, in host format).
+ * On entry, the structure is valid if slot>0, and refers to the starting
+ * rules. 'info' contains the reason for reinject, e.g. divert port,
+ * divert direction, and so on.
+ */
+struct ipfw_rule_ref {
+ uint32_t slot; /* slot for matching rule */
+ uint32_t rulenum; /* matching rule number */
+ uint32_t rule_id; /* matching rule id */
+ uint32_t chain_id; /* ruleset id */
+ uint32_t info; /* see below */
+};
+
+enum {
+ IPFW_INFO_MASK = 0x0000ffff,
+ IPFW_INFO_OUT = 0x00000000, /* outgoing, just for convenience */
+ IPFW_INFO_IN = 0x80000000, /* incoming, overloads dir */
+ IPFW_ONEPASS = 0x40000000, /* One-pass, do not reinject */
+ IPFW_IS_MASK = 0x30000000, /* which source ? */
+ IPFW_IS_DIVERT = 0x20000000,
+ IPFW_IS_DUMMYNET =0x10000000,
+ IPFW_IS_PIPE = 0x08000000, /* pip1=1, queue = 0 */
+};
+#define MTAG_IPFW 1148380143 /* IPFW-tagged cookie */
+#define MTAG_IPFW_RULE 1262273568 /* rule reference */
+
struct ip_fw_args;
typedef int (*ip_fw_chk_ptr_t)(struct ip_fw_args *args);
typedef int (*ip_fw_ctl_ptr_t)(struct sockopt *);
@@ -258,9 +294,14 @@ VNET_DECLARE(ip_fw_ctl_ptr_t, ip_fw_ctl_
#define V_ip_fw_chk_ptr VNET(ip_fw_chk_ptr)
#define V_ip_fw_ctl_ptr VNET(ip_fw_ctl_ptr)
+/* Divert hooks. */
+extern void (*ip_divert_ptr)(struct mbuf *m, int incoming);
+/* ng_ipfw hooks -- XXX make it the same as divert and dummynet */
+extern int (*ng_ipfw_input_p)(struct mbuf **, int,
+ struct ip_fw_args *, int);
+
extern int (*ip_dn_ctl_ptr)(struct sockopt *);
-extern int (*ip_dn_io_ptr)(struct mbuf **m, int dir, struct ip_fw_args *fwa);
-extern void (*ip_dn_ruledel_ptr)(void *); /* in ip_fw2.c */
+extern int (*ip_dn_io_ptr)(struct mbuf **, int, struct ip_fw_args *);
VNET_DECLARE(int, ip_do_randomid);
#define V_ip_do_randomid VNET(ip_do_randomid)
More information about the svn-src-user
mailing list