diff options
| author | luigi <luigi@FreeBSD.org> | 2009-12-28 10:47:04 +0000 |
|---|---|---|
| committer | luigi <luigi@FreeBSD.org> | 2009-12-28 10:47:04 +0000 |
| commit | 483862a5a29b9346fa21b1e610575cc357fe333b (patch) | |
| tree | 60f53a5bf8cc566164152cc4aafa059ac6abaa67 /sys/netgraph | |
| parent | ffe8fa8dada6df26645bc5af9810d8e7e565187b (diff) | |
| download | FreeBSD-src-483862a5a29b9346fa21b1e610575cc357fe333b.zip FreeBSD-src-483862a5a29b9346fa21b1e610575cc357fe333b.tar.gz | |
bring in several cleanups tested in ipfw3-head branch, namely:
r201011
- move most of ng_ipfw.h into ip_fw_private.h, as this code is
ipfw-specific. This removes a dependency on ng_ipfw.h from some files.
- move many equivalent definitions of direction (IN, OUT) for
reinjected packets into ip_fw_private.h
- document the structure of the packet tags used for dummynet
and netgraph;
r201049
- merge some common code to attach/detach hooks into
a single function.
r201055
- remove some duplicated code in ip_fw_pfil. The input
and output processing uses almost exactly the same code so
there is no need to use two separate hooks.
ip_fw_pfil.o goes from 2096 to 1382 bytes of .text
r201057 (see the svn log for full details)
- macros to make the conversion of ip_len and ip_off
between host and network format more explicit
r201113 (the remaining parts)
- readability fixes -- put braces around some large for() blocks,
localize variables so the compiler does not think they are uninitialized,
do not insist on precise allocation size if we have more than we need.
r201119
- when doing a lookup, keys must be in big endian format because
this is what the radix code expects (this fixes a bug in the
recently-introduced 'lookup' option)
No ABI changes in this commit.
MFC after: 1 week
Diffstat (limited to 'sys/netgraph')
| -rw-r--r-- | sys/netgraph/ng_ipfw.c | 6 | ||||
| -rw-r--r-- | sys/netgraph/ng_ipfw.h | 26 |
2 files changed, 6 insertions, 26 deletions
diff --git a/sys/netgraph/ng_ipfw.c b/sys/netgraph/ng_ipfw.c index 974f48f..c02ca75 100644 --- a/sys/netgraph/ng_ipfw.c +++ b/sys/netgraph/ng_ipfw.c @@ -234,7 +234,7 @@ ng_ipfw_rcvdata(hook_p hook, item_p item) }; switch (ngit->dir) { - case NG_IPFW_OUT: + case DIR_OUT: { struct ip *ip; @@ -249,7 +249,7 @@ ng_ipfw_rcvdata(hook_p hook, item_p item) return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL); } - case NG_IPFW_IN: + case DIR_IN: ip_input(m); return (0); default: @@ -298,7 +298,7 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee) ngit->rule_id = fwa->rule_id; ngit->chain_id = fwa->chain_id; ngit->dir = dir; - ngit->ifp = fwa->oif; +// ngit->ifp = fwa->oif; /* XXX do we use it ? */ m_tag_prepend(m, &ngit->mt); } else diff --git a/sys/netgraph/ng_ipfw.h b/sys/netgraph/ng_ipfw.h index 9fb4cf7..c463d6a 100644 --- a/sys/netgraph/ng_ipfw.h +++ b/sys/netgraph/ng_ipfw.h @@ -26,27 +26,7 @@ * $FreeBSD$ */ +#ifndef _NG_IPFW_H +#define _NG_IPFW_H #define NG_IPFW_NODE_TYPE "ipfw" -#define NGM_IPFW_COOKIE 1105988990 - -#ifdef _KERNEL - -typedef int ng_ipfw_input_t(struct mbuf **, int, struct ip_fw_args *, int); -extern ng_ipfw_input_t *ng_ipfw_input_p; -#define NG_IPFW_LOADED (ng_ipfw_input_p != NULL) - -struct ng_ipfw_tag { - struct m_tag mt; /* tag header */ - uint32_t slot; /* slot for next rule */ - uint32_t rulenum; /* matching rule number */ - uint32_t rule_id; /* matching rule id */ - uint32_t chain_id; /* ruleset id */ - struct ifnet *ifp; /* interface, for ip_output */ - int dir; -#define NG_IPFW_OUT 0 -#define NG_IPFW_IN 1 -}; - -#define TAGSIZ (sizeof(struct ng_ipfw_tag) - sizeof(struct m_tag)) - -#endif /* _KERNEL */ +#endif /* _NG_IPFW_H */ |
