diff options
| author | andre <andre@FreeBSD.org> | 2013-08-19 11:08:36 +0000 |
|---|---|---|
| committer | andre <andre@FreeBSD.org> | 2013-08-19 11:08:36 +0000 |
| commit | fd76db45877685066364d0c4b173b1f41b3ee7ad (patch) | |
| tree | fac6ab0d7a67a1bf183271f92dea7e7b2a746546 | |
| parent | 1b3e4b45e506f2e415262de0bfe93bf190033f2e (diff) | |
| download | FreeBSD-src-fd76db45877685066364d0c4b173b1f41b3ee7ad.zip FreeBSD-src-fd76db45877685066364d0c4b173b1f41b3ee7ad.tar.gz | |
Move the global M_SKIP_FIREWALL mbuf flags to a protocol layer specific
flag instead. The flag is only used within the IP and IPv6 layer 3
protocols.
Because some firewall packages treat IPv4 and IPv6 packets the same the
flag should have the same value for both.
Discussed with: trociny, glebius
| -rw-r--r-- | sys/netinet/ip_var.h | 4 | ||||
| -rw-r--r-- | sys/netinet6/ip6_var.h | 7 | ||||
| -rw-r--r-- | sys/sys/mbuf.h | 4 |
3 files changed, 11 insertions, 4 deletions
diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index 80c60d6..519f9cd 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -163,10 +163,12 @@ void kmod_ipstat_dec(int statnum); #define IP_ALLOWBROADCAST SO_BROADCAST /* 0x20 can send broadcast packets */ /* - * mbuf flag used by ip_fastfwd + * IPv4 protocol layer specific mbuf flags. */ #define M_FASTFWD_OURS M_PROTO1 /* changed dst to local */ #define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop */ +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing, + keep in sync with IP6 */ #define M_IP_FRAG M_PROTO4 /* fragment reassembly */ #ifdef __NO_STRICT_ALIGNMENT diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index a02928c..1c22cc9 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -293,7 +293,12 @@ struct ip6aux { #define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */ #define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */ -#define M_IP6_NEXTHOP M_PROTO7 /* explicit ip nexthop */ +/* + * IPv6 protocol layer specific mbuf flags. + */ +#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop */ +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing, + keep in sync with IPv4 */ #ifdef __NO_STRICT_ALIGNMENT #define IP6_HDR_ALIGNED_P(ip) 1 diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h index cef9f04..5efeb72 100644 --- a/sys/sys/mbuf.h +++ b/sys/sys/mbuf.h @@ -196,7 +196,7 @@ struct mbuf { #define M_FRAG 0x00000800 /* packet is a fragment of a larger packet */ #define M_FIRSTFRAG 0x00001000 /* packet is first fragment */ #define M_LASTFRAG 0x00002000 /* packet is last fragment */ -#define M_SKIP_FIREWALL 0x00004000 /* skip firewall processing */ + /* 0x00004000 free */ /* 0x00008000 free */ #define M_VLANTAG 0x00010000 /* ether_vtag is valid */ #define M_PROMISC 0x00020000 /* packet was not for us */ @@ -253,7 +253,7 @@ struct mbuf { * Flags preserved when copying m_pkthdr. */ #define M_COPYFLAGS \ - (M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_SKIP_FIREWALL|M_BCAST|M_MCAST|\ + (M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_BCAST|M_MCAST|\ M_FRAG|M_FIRSTFRAG|M_LASTFRAG|M_VLANTAG|M_PROMISC|M_HASHTYPEBITS) /* |
