Various cleanup done in ipfw3-head branch including:

- use a uniform mtag format for all packets that exit and re-enter
  the firewall in the middle of a rulechain. On reentry, all tags
  containing reinject info are renamed to MTAG_IPFW_RULE so the
  processing is simpler.

- make ipfw and dummynet use ip_len and ip_off in network format
  everywhere. Conversion is done only once instead of tracking
  the format in every place.

- use a macro FREE_PKT to dispose of mbufs. This eases portability.

On passing i also removed a few typos, staticise or localise variables,
remove useless declarations and other minor things.

Overall the code shrinks a bit and is hopefully more readable.

I have tested functionality for all but ng_ipfw and if_bridge/if_ethersubr.
For ng_ipfw i am actually waiting for feedback from glebius@ because
we might have some small changes to make.
For if_bridge and if_ethersubr feedback would be welcome
(there are still some redundant parts in these two modules that
I would like to remove, but first i need to check functionality).

1 files changed, 19 insertions, 30 deletions

diff --git a/sys/netgraph/ng_ipfw.c b/sys/netgraph/ng_ipfw.c
index c02ca75..0112f66 100644
--- a/sys/netgraph/ng_ipfw.c
+++ b/sys/netgraph/ng_ipfw.c
@@ -221,21 +221,23 @@ ng_ipfw_findhook1(node_p node, u_int16_t rulenum)
 static int
 ng_ipfw_rcvdata(hook_p hook, item_p item)
 {
-	struct ng_ipfw_tag	*ngit;
+	struct ipfw_rule_ref	*tag;
 	struct mbuf *m;
 
 	NGI_GET_M(item, m);
 	NG_FREE_ITEM(item);
 
-	if ((ngit = (struct ng_ipfw_tag *)m_tag_locate(m, NGM_IPFW_COOKIE, 0,
-	    NULL)) == NULL) {
+	tag = (struct ipfw_rule_ref *)
+		m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL);
+	if (tag == NULL) {
 		NG_FREE_M(m);
 		return (EINVAL);	/* XXX: find smth better */
 	};
 
-	switch (ngit->dir) {
-	case DIR_OUT:
-	    {
+	if (tag->info & IPFW_INFO_IN) {
+		ip_input(m);
+		return (0);
+	} else {
 		struct ip *ip;
 
 		if (m->m_len < sizeof(struct ip) &&
@@ -244,27 +246,16 @@ ng_ipfw_rcvdata(hook_p hook, item_p item)
 
 		ip = mtod(m, struct ip *);
 
-		ip->ip_len = ntohs(ip->ip_len);
-		ip->ip_off = ntohs(ip->ip_off);
+		SET_HOST_IPLEN(ip);
 
 		return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
-	    }
-	case DIR_IN:
-		ip_input(m);
-		return (0);
-	default:
-		panic("ng_ipfw_rcvdata: bad dir %u", ngit->dir);
 	}	
-
-	/* not reached */
-	return (0);
 }
 
 static int
 ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
 {
 	struct mbuf *m;
-	struct ng_ipfw_tag *ngit;
 	struct ip *ip;
 	hook_p	hook;
 	int error = 0;
@@ -273,7 +264,7 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
 	 * Node must be loaded and corresponding hook must be present.
 	 */
 	if (fw_node == NULL || 
-	   (hook = ng_ipfw_findhook1(fw_node, fwa->cookie)) == NULL) {
+	   (hook = ng_ipfw_findhook1(fw_node, fwa->rule.info)) == NULL) {
 		if (tee == 0)
 			m_freem(*m0);
 		return (ESRCH);		/* no hook associated with this rule */
@@ -285,21 +276,21 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
 	 * a copy of a packet and forward it into netgraph without a tag.
 	 */
 	if (tee == 0) {
+		struct m_tag *tag;
+		struct ipfw_rule_ref *r;
 		m = *m0;
 		*m0 = NULL;	/* it belongs now to netgraph */
 
-		if ((ngit = (struct ng_ipfw_tag *)m_tag_alloc(NGM_IPFW_COOKIE,
-		    0, TAGSIZ, M_NOWAIT|M_ZERO)) == NULL) {
+		tag = m_tag_alloc(MTAG_IPFW_RULE, 0, sizeof(*r),
+			M_NOWAIT|M_ZERO);
+		if (tag == NULL) {
 			m_freem(m);
 			return (ENOMEM);
 		}
-		ngit->slot = fwa->slot;
-		ngit->rulenum = fwa->rulenum;
-		ngit->rule_id = fwa->rule_id;
-		ngit->chain_id = fwa->chain_id;
-		ngit->dir = dir;
-//		ngit->ifp = fwa->oif; /* XXX do we use it ? */
-		m_tag_prepend(m, &ngit->mt);
+		r = (struct ipfw_rule_ref *)(tag + 1);
+		*r = fwa->rule;
+		r->info = dir ? IPFW_INFO_IN : IPFW_INFO_OUT;
+		m_tag_prepend(m, tag);
 
 	} else
 		if ((m = m_dup(*m0, M_DONTWAIT)) == NULL)
@@ -310,8 +301,6 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
 		return (EINVAL);
 
 	ip = mtod(m, struct ip *);
-	ip->ip_len = htons(ip->ip_len);
-	ip->ip_off = htons(ip->ip_off);
 
 	NG_SEND_DATA_ONLY(error, hook, m);