svn commit: r201542 - in user/luigi/ipfw3-head/sys: netgraph netinet/ipfw

Luigi Rizzo luigi at FreeBSD.org
Mon Jan 4 22:57:34 UTC 2010 

Author: luigi
Date: Mon Jan  4 22:57:33 2010
New Revision: 201542
URL: http://svn.freebsd.org/changeset/base/201542

Log:
  sync with HEAD

Modified:
  user/luigi/ipfw3-head/sys/netgraph/ng_ipfw.c
  user/luigi/ipfw3-head/sys/netinet/ipfw/ip_dummynet.c
  user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_sockopt.c

Modified: user/luigi/ipfw3-head/sys/netgraph/ng_ipfw.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netgraph/ng_ipfw.c	Mon Jan  4 22:45:20 2010	(r201541)
+++ user/luigi/ipfw3-head/sys/netgraph/ng_ipfw.c	Mon Jan  4 22:57:33 2010	(r201542)
@@ -221,22 +221,23 @@ ng_ipfw_findhook1(node_p node, u_int16_t
 static int
 ng_ipfw_rcvdata(hook_p hook, item_p item)
 {
-	struct ipfw_start_info	*ngit;
+	struct ipfw_rule_ref	*tag;
 	struct mbuf *m;
 
 	NGI_GET_M(item, m);
 	NG_FREE_ITEM(item);
 
-	ngit = (struct ipfw_start_info *)
-		m_tag_locate(m, NGM_IPFW_COOKIE, 0, NULL);
-	if (ngit == NULL) {
+	tag = (struct ipfw_rule_ref *)
+		m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL);
+	if (tag == NULL) {
 		NG_FREE_M(m);
 		return (EINVAL);	/* XXX: find smth better */
 	};
 
-	switch (ngit->info) {
-	case DIR_OUT:
-	    {
+	if (tag->info & IPFW_INFO_IN) {
+		ip_input(m);
+		return (0);
+	} else {
 		struct ip *ip;
 
 		if (m->m_len < sizeof(struct ip) &&
@@ -248,23 +249,13 @@ ng_ipfw_rcvdata(hook_p hook, item_p item
 		SET_HOST_IPLEN(ip);
 
 		return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
-	    }
-	case DIR_IN:
-		ip_input(m);
-		return (0);
-	default:
-		panic("ng_ipfw_rcvdata: bad dir %u", ngit->dir);
 	}	
-
-	/* not reached */
-	return (0);
 }
 
 static int
 ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
 {
 	struct mbuf *m;
-	struct ipfw_start_info *ngit;
 	struct ip *ip;
 	hook_p	hook;
 	int error = 0;
@@ -273,7 +264,7 @@ ng_ipfw_input(struct mbuf **m0, int dir,
 	 * Node must be loaded and corresponding hook must be present.
 	 */
 	if (fw_node == NULL || 
-	   (hook = ng_ipfw_findhook1(fw_node, fwa->cookie)) == NULL) {
+	   (hook = ng_ipfw_findhook1(fw_node, fwa->rule.info)) == NULL) {
 		if (tee == 0)
 			m_freem(*m0);
 		return (ESRCH);		/* no hook associated with this rule */
@@ -286,19 +277,19 @@ ng_ipfw_input(struct mbuf **m0, int dir,
 	 */
 	if (tee == 0) {
 		struct m_tag *tag;
-		struct ipfw_start_info *ngit;
+		struct ipfw_rule_ref *r;
 		m = *m0;
 		*m0 = NULL;	/* it belongs now to netgraph */
 
-		tag = m_tag_alloc(NGM_IPFW_COOKIE, sizeof(*mt),
+		tag = m_tag_alloc(MTAG_IPFW_RULE, 0, sizeof(*r),
 			M_NOWAIT|M_ZERO);
-		if (tagn == NULL) {
+		if (tag == NULL) {
 			m_freem(m);
 			return (ENOMEM);
 		}
-		ngit = (struct ipfw_start_info *)(tag + 1);
-		*ngit = fwa->start
-		ngit->info = dir;
+		r = (struct ipfw_rule_ref *)(tag + 1);
+		*r = fwa->rule;
+		r->info = dir ? IPFW_INFO_IN : IPFW_INFO_OUT;
 		m_tag_prepend(m, tag);
 
 	} else

Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_dummynet.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_dummynet.c	Mon Jan  4 22:45:20 2010	(r201541)
+++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_dummynet.c	Mon Jan  4 22:57:33 2010	(r201542)
@@ -462,15 +462,10 @@ heap_free(struct dn_heap *h)
  */
 
 /*
- * Dispose a packet in dummynet. Use an inline functions so if we
+ * Dispose a list of packet. Use an inline functions so if we
  * need to free extra state associated to a packet, this is a
  * central point to do it.
  */
-static __inline void *dn_free_pkt(struct mbuf *m)
-{
-	FREE_PKT(m);
-	return NULL;
-}
 
 static __inline void dn_free_pkts(struct mbuf *mnext)
 {
@@ -478,7 +473,7 @@ static __inline void dn_free_pkts(struct
 
 	while ((m = mnext) != NULL) {
 		mnext = m->m_nextpkt;
-		dn_free_pkt(m);
+		FREE_PKT(m);
 	}
 }
 
@@ -1032,12 +1027,12 @@ dummynet_send(struct mbuf *m)
 
 		case DIR_DROP:
 			/* drop the packet after some time */
-			dn_free_pkt(m);
+			FREE_PKT(m);
 			break;
 
 		default:
 			printf("dummynet: bad switch %d!\n", dst);
-			dn_free_pkt(m);
+			FREE_PKT(m);
 			break;
 		}
 	}
@@ -1564,7 +1559,8 @@ dropit:
 	if (q)
 		q->drops++;
 	DUMMYNET_UNLOCK();
-	*m0 = dn_free_pkt(m);
+	FREE_PKT(m);
+	*m0 = NULL;
 	return ((fs && (fs->flags_fs & DN_NOERROR)) ? 0 : ENOBUFS);
 }
 

Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_sockopt.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_sockopt.c	Mon Jan  4 22:45:20 2010	(r201541)
+++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_sockopt.c	Mon Jan  4 22:57:33 2010	(r201542)
@@ -303,6 +303,8 @@ del_entry(struct ip_fw_chain *chain, u_i
 					n++;
 			}
 		}
+		if (n == 0 && arg == 0)
+			break; /* special case, flush on empty ruleset */
 		/* allocate the map, if needed */
 		if (n > 0)
 			map = get_map(chain, -n, 1 /* locked */);

More information about the svn-src-user mailing list