diff options
| author | luigi <luigi@FreeBSD.org> | 2001-09-27 23:44:27 +0000 |
|---|---|---|
| committer | luigi <luigi@FreeBSD.org> | 2001-09-27 23:44:27 +0000 |
| commit | 0fb106cc3f40524759012ac12baf28dccec9e571 (patch) | |
| tree | a41a22ccd419ef5d2a0238988e2c3fae83a51ade /sys/net | |
| parent | 2854bb2840809c802db31285bc55e9fc5e73ac20 (diff) | |
| download | FreeBSD-src-0fb106cc3f40524759012ac12baf28dccec9e571.zip FreeBSD-src-0fb106cc3f40524759012ac12baf28dccec9e571.tar.gz | |
Two main changes here:
+ implement "limit" rules, which permit to limit the number of sessions
between certain host pairs (according to masks). These are a special
type of stateful rules, which might be of interest in some cases.
See the ipfw manpage for details.
+ merge the list pointers and ipfw rule descriptors in the kernel, so
the code is smaller, faster and more readable. This patch basically
consists in replacing "foo->rule->bar" with "rule->bar" all over
the place.
I have been willing to do this for ages!
MFC after: 1 week
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/bridge.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/bridge.c b/sys/net/bridge.c index 6909277..f63a751 100644 --- a/sys/net/bridge.c +++ b/sys/net/bridge.c @@ -616,7 +616,7 @@ bdg_forward(struct mbuf *m0, struct ether_header *const eh, struct ifnet *dst) int once = 0; /* loop only once */ struct ifnet *real_dst = dst ; /* real dst from ether_output */ #ifdef IPFIREWALL - struct ip_fw_chain *rule = NULL ; /* did we match a firewall rule ? */ + struct ip_fw *rule = NULL ; /* did we match a firewall rule ? */ #endif /* @@ -631,7 +631,7 @@ bdg_forward(struct mbuf *m0, struct ether_header *const eh, struct ifnet *dst) #if defined(IPFIREWALL) && defined(DUMMYNET) if (m0->m_type == MT_DUMMYNET) { /* extract info from dummynet header */ - rule = (struct ip_fw_chain *)(m0->m_data) ; + rule = (struct ip_fw *)(m0->m_data) ; m0 = m0->m_next ; src = m0->m_pkthdr.rcvif; shared = 0 ; /* For sure this is our own mbuf. */ |
