diff options
author | luigi <luigi@FreeBSD.org> | 2010-01-04 19:01:22 +0000 |
---|---|---|
committer | luigi <luigi@FreeBSD.org> | 2010-01-04 19:01:22 +0000 |
commit | 40024ff7c3bf948cb45283aec877bd552ee934d7 (patch) | |
tree | e632a2ed87ca91743db2bb3ace9525de5d414d89 /sys/net/if_ethersubr.c | |
parent | d2744b88e92689da349b5de750666f235ea9a4ce (diff) | |
download | FreeBSD-src-40024ff7c3bf948cb45283aec877bd552ee934d7.zip FreeBSD-src-40024ff7c3bf948cb45283aec877bd552ee934d7.tar.gz |
Various cleanup done in ipfw3-head branch including:
- use a uniform mtag format for all packets that exit and re-enter
the firewall in the middle of a rulechain. On reentry, all tags
containing reinject info are renamed to MTAG_IPFW_RULE so the
processing is simpler.
- make ipfw and dummynet use ip_len and ip_off in network format
everywhere. Conversion is done only once instead of tracking
the format in every place.
- use a macro FREE_PKT to dispose of mbufs. This eases portability.
On passing i also removed a few typos, staticise or localise variables,
remove useless declarations and other minor things.
Overall the code shrinks a bit and is hopefully more readable.
I have tested functionality for all but ng_ipfw and if_bridge/if_ethersubr.
For ng_ipfw i am actually waiting for feedback from glebius@ because
we might have some small changes to make.
For if_bridge and if_ethersubr feedback would be welcome
(there are still some redundant parts in these two modules that
I would like to remove, but first i need to check functionality).
Diffstat (limited to 'sys/net/if_ethersubr.c')
-rw-r--r-- | sys/net/if_ethersubr.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 5fd53e8..7b32e5b 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -469,21 +469,20 @@ ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, int shared) struct ip_fw_args args; struct m_tag *mtag; - mtag = m_tag_find(*m0, PACKET_TAG_DUMMYNET, NULL); + /* fetch start point from rule, if any */ + mtag = m_tag_locate(*m0, MTAG_IPFW_RULE, 0, NULL); if (mtag == NULL) { - args.slot = 0; + args.rule.slot = 0; } else { struct dn_pkt_tag *dn_tag; + /* XXX can we free it after use ? */ mtag->m_tag_id = PACKET_TAG_NONE; dn_tag = (struct dn_pkt_tag *)(mtag + 1); - if (dn_tag->slot != 0 && V_fw_one_pass) + if (dn_tag->rule.slot != 0 && V_fw_one_pass) /* dummynet packet, already partially processed */ return (1); - args.slot = dn_tag->slot; /* matching rule to restart */ - args.rulenum = dn_tag->rulenum; - args.rule_id = dn_tag->rule_id; - args.chain_id = dn_tag->chain_id; + args.rule = dn_tag->rule; } /* |