svn commit: r200119 - in stable/8/sys/netinet: . ipfw

Sat Dec 5 12:51:51 UTC 2009

Author: luigi
Date: Sat Dec  5 12:51:51 2009
New Revision: 200119
URL: http://svn.freebsd.org/changeset/base/200119

Log:
  some simple MFC:
  
  r200020:
    change the type of the opcode from enum *:8  to u_int8_t
    so the size and alignment of the ipfw_insn is not compiler dependent.
    No changes in the code generated by gcc.
  
  r200023:
    Add new sockopt names for ipfw and dummynet.
  
    This commit is just grabbing entries for the new names
    that will be used in the future, so you don't need to
    rebuild anything now.
  
  r200034
    Dispatch sockopt calls to ipfw and dummynet
    using the new option numbers, IP_FW3 and IP_DUMMYNET3.
    Right now the modules return an error if called with those arguments
    so there is no danger of unwanted behaviour.
  
  r200040
    - initialize src_ip in the main loop to prevent a compiler warning
      (gcc 4.x under linux, not sure how real is the complaint).
    - rename a macro argument to prevent name clashes.
    -  add the macro name on a couple of #endif
    - add a blank line for readability.

Modified:
  stable/8/sys/netinet/in.h
  stable/8/sys/netinet/ip_fw.h
  stable/8/sys/netinet/ipfw/ip_fw2.c
  stable/8/sys/netinet/raw_ip.c

Modified: stable/8/sys/netinet/in.h
==============================================================================

--- stable/8/sys/netinet/in.h	Sat Dec  5 11:51:32 2009	(r200118)
+++ stable/8/sys/netinet/in.h	Sat Dec  5 12:51:51 2009	(r200119)
@@ -443,12 +443,20 @@ __END_DECLS
 #define	IP_ONESBCAST		23   /* bool: send all-ones broadcast */
 #define	IP_BINDANY		24   /* bool: allow bind to any address */
 
+/*
+ * Options for controlling the firewall and dummynet.
+ * Historical options (from 40 to 64) will eventually be
+ * replaced by only two options, IP_FW3 and IP_DUMMYNET3.
+ */
 #define	IP_FW_TABLE_ADD		40   /* add entry */
 #define	IP_FW_TABLE_DEL		41   /* delete entry */
 #define	IP_FW_TABLE_FLUSH	42   /* flush table */
 #define	IP_FW_TABLE_GETSIZE	43   /* get table size */
 #define	IP_FW_TABLE_LIST	44   /* list table contents */
 
+#define	IP_FW3			48   /* generic ipfw v.3 sockopts */
+#define	IP_DUMMYNET3		49   /* generic dummynet v.3 sockopts */
+
 #define	IP_FW_ADD		50   /* add a firewall rule to chain */
 #define	IP_FW_DEL		51   /* delete a firewall rule from chain */
 #define	IP_FW_FLUSH		52   /* flush firewall rule chain */

Modified: stable/8/sys/netinet/ip_fw.h
==============================================================================
--- stable/8/sys/netinet/ip_fw.h	Sat Dec  5 11:51:32 2009	(r200118)
+++ stable/8/sys/netinet/ip_fw.h	Sat Dec  5 12:51:51 2009	(r200119)
@@ -237,7 +237,7 @@ enum ipfw_opcodes {		/* arguments (4 byt
  *
  */
 typedef struct	_ipfw_insn {	/* template for instructions */
-	enum ipfw_opcodes	opcode:8;
+	u_int8_t 	opcode;
 	u_int8_t	len;	/* number of 32-bit words */
 #define	F_NOT		0x80
 #define	F_OR		0x40

Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_fw2.c	Sat Dec  5 11:51:32 2009	(r200118)
+++ stable/8/sys/netinet/ipfw/ip_fw2.c	Sat Dec  5 12:51:51 2009	(r200119)
@@ -185,6 +185,7 @@ SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, de
     &default_to_accept, 0,
     "Make the default rule accept all packets.");
 TUNABLE_INT("net.inet.ip.fw.default_to_accept", &default_to_accept);
+
 #ifdef INET6
 SYSCTL_DECL(_net_inet6_ip6);
 SYSCTL_NODE(_net_inet6_ip6, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
@@ -194,8 +195,9 @@ SYSCTL_VNET_PROC(_net_inet6_ip6_fw, OID_
 SYSCTL_VNET_INT(_net_inet6_ip6_fw, OID_AUTO, deny_unknown_exthdrs,
     CTLFLAG_RW | CTLFLAG_SECURE, &VNET_NAME(fw_deny_unknown_exthdrs), 0,
     "Deny packets with unknown IPv6 Extension Headers");
-#endif
-#endif
+#endif /* INET6 */
+
+#endif /* SYSCTL_NODE */
 
 /*
  * Description of dynamic rules.
@@ -2243,6 +2245,7 @@ ipfw_chk(struct ip_fw_args *args)
 		return (IP_FW_PASS);	/* accept */
 
 	dst_ip.s_addr = 0;		/* make sure it is initialized */
+	src_ip.s_addr = 0;		/* make sure it is initialized */
 	pktlen = m->m_pkthdr.len;
 	args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */
 	proto = args->f_id.proto = 0;	/* mark f_id invalid */
@@ -2254,15 +2257,15 @@ ipfw_chk(struct ip_fw_args *args)
  * pointer might become stale after other pullups (but we never use it
  * this way).
  */
-#define PULLUP_TO(len, p, T)						\
+#define PULLUP_TO(_len, p, T)						\
 do {									\
-	int x = (len) + sizeof(T);					\
+	int x = (_len) + sizeof(T);					\
 	if ((m)->m_len < x) {						\
 		args->m = m = m_pullup(m, x);				\
 		if (m == NULL)						\
 			goto pullup_failed;				\
 	}								\
-	p = (mtod(m, char *) + (len));					\
+	p = (mtod(m, char *) + (_len));					\
 } while (0)
 
 	/*

Modified: stable/8/sys/netinet/raw_ip.c
==============================================================================
--- stable/8/sys/netinet/raw_ip.c	Sat Dec  5 11:51:32 2009	(r200118)
+++ stable/8/sys/netinet/raw_ip.c	Sat Dec  5 12:51:51 2009	(r200119)
@@ -535,6 +535,7 @@ rip_ctloutput(struct socket *so, struct 
 			error = sooptcopyout(sopt, &optval, sizeof optval);
 			break;
 
+		case IP_FW3:	/* generic ipfw v.3 functions */
 		case IP_FW_ADD:	/* ADD actually returns the body... */
 		case IP_FW_GET:
 		case IP_FW_TABLE_GETSIZE:
@@ -547,6 +548,7 @@ rip_ctloutput(struct socket *so, struct 
 				error = ENOPROTOOPT;
 			break;
 
+		case IP_DUMMYNET3:	/* generic dummynet v.3 functions */
 		case IP_DUMMYNET_GET:
 			if (ip_dn_ctl_ptr != NULL)
 				error = ip_dn_ctl_ptr(sopt);
@@ -592,6 +594,7 @@ rip_ctloutput(struct socket *so, struct 
 				inp->inp_flags &= ~INP_HDRINCL;
 			break;
 
+		case IP_FW3:	/* generic ipfw v.3 functions */
 		case IP_FW_ADD:
 		case IP_FW_DEL:
 		case IP_FW_FLUSH:
@@ -608,6 +611,7 @@ rip_ctloutput(struct socket *so, struct 
 				error = ENOPROTOOPT;
 			break;
 
+		case IP_DUMMYNET3:	/* generic dummynet v.3 functions */
 		case IP_DUMMYNET_CONFIGURE:
 		case IP_DUMMYNET_DEL:
 		case IP_DUMMYNET_FLUSH:
