diff options
author | luigi <luigi@FreeBSD.org> | 2001-02-10 00:10:18 +0000 |
---|---|---|
committer | luigi <luigi@FreeBSD.org> | 2001-02-10 00:10:18 +0000 |
commit | bc66105b1dd64dd9599a78cd769be24fc39b89ea (patch) | |
tree | f2ecbab7993f781ecaad9607cce4fad0163a4001 /sys/netinet/ip_fw.c | |
parent | ca76da11764ea0bc1e044049f7a5c30eedfc8c7e (diff) | |
download | FreeBSD-src-bc66105b1dd64dd9599a78cd769be24fc39b89ea.zip FreeBSD-src-bc66105b1dd64dd9599a78cd769be24fc39b89ea.tar.gz |
Sync with the bridge/dummynet/ipfw code already tested in stable.
In ip_fw.[ch] change a couple of variable and field names to
avoid having types, variables and fields with the same name.
Diffstat (limited to 'sys/netinet/ip_fw.c')
-rw-r--r-- | sys/netinet/ip_fw.c | 84 |
1 files changed, 41 insertions, 43 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 19dfb74..66dc6f1 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -89,7 +89,7 @@ struct ipfw_flow_id last_pkt ; #define IPFW_DEFAULT_RULE ((u_int)(u_short)~0) -LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain; +LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain_head; MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's"); @@ -903,10 +903,10 @@ lookup_next_rule(struct ip_fw_chain *me) int rule = me->rule->fw_skipto_rule ; /* guess... */ if ( (me->rule->fw_flg & IP_FW_F_COMMAND) == IP_FW_F_SKIPTO ) - for (chain = LIST_NEXT(me, chain); chain ; chain = LIST_NEXT(chain, chain) ) + for (chain = LIST_NEXT(me,next); chain ; chain = LIST_NEXT(chain,next)) if (chain->rule->fw_number >= rule) return chain ; - return LIST_NEXT(me, chain) ; /* failure or not a skipto */ + return LIST_NEXT(me,next) ; /* failure or not a skipto */ } /* @@ -924,6 +924,7 @@ lookup_next_rule(struct ip_fw_chain *me) * * Return value: * + * IP_FW_PORT_DENY_FLAG the packet must be dropped. * 0 The packet is to be accepted and routed normally OR * the packet was denied/rejected and has been dropped; * in the latter case, *m is equal to NULL upon return. @@ -1038,7 +1039,7 @@ ip_fw_chk(struct ip **pip, int hlen, * Packet has already been tagged. Look for the next rule * to restart processing. */ - chain = LIST_NEXT(*flow_id, chain); + chain = LIST_NEXT(*flow_id, next); if ((chain = (*flow_id)->rule->next_rule_ptr) == NULL) chain = (*flow_id)->rule->next_rule_ptr = @@ -1050,19 +1051,19 @@ ip_fw_chk(struct ip **pip, int hlen, * Go down the chain, looking for enlightment. * If we've been asked to start at a given rule, do so. */ - chain = LIST_FIRST(&ip_fw_chain); + chain = LIST_FIRST(&ip_fw_chain_head); if (skipto != 0) { if (skipto >= IPFW_DEFAULT_RULE) goto dropit; while (chain && chain->rule->fw_number <= skipto) - chain = LIST_NEXT(chain, chain); + chain = LIST_NEXT(chain, next); if (chain == NULL) goto dropit; } } - for (; chain; chain = LIST_NEXT(chain, chain)) { + for (; chain; chain = LIST_NEXT(chain, next)) { again: f = chain->rule; if (f->fw_number == IPFW_DEFAULT_RULE) @@ -1093,7 +1094,7 @@ again: } /* Check if rule only valid for bridged packets */ - if ((f->fw_flg & IP_FW_BRIDGED) != 0 && ! (BRIDGED) ) + if ((f->fw_flg & IP_FW_BRIDGED) != 0 && !(BRIDGED)) continue; if (oif) { @@ -1444,9 +1445,7 @@ dropit: /* * Finally, drop the packet. */ - if (*m) - return(IP_FW_PORT_DENY_FLAG); - return(0); + return(IP_FW_PORT_DENY_FLAG); #undef BRIDGED } @@ -1461,7 +1460,7 @@ flush_rule_ptrs() { struct ip_fw_chain *fcp ; - LIST_FOREACH(fcp, &ip_fw_chain, chain) { + LIST_FOREACH(fcp, &ip_fw_chain_head, next) { fcp->rule->next_rule_ptr = NULL ; } } @@ -1501,14 +1500,14 @@ add_entry(struct ip_fw_head *chainptr, struct ip_fw *frwl) s = splnet(); if (LIST_FIRST(chainptr) == 0) { - LIST_INSERT_HEAD(chainptr, fwc, chain); + LIST_INSERT_HEAD(chainptr, fwc, next); splx(s); return(0); } /* If entry number is 0, find highest numbered rule and add 100 */ if (ftmp->fw_number == 0) { - LIST_FOREACH(fcp, chainptr, chain) { + LIST_FOREACH(fcp, chainptr, next) { if (fcp->rule->fw_number != (u_short)-1) nbr = fcp->rule->fw_number; else @@ -1520,12 +1519,12 @@ add_entry(struct ip_fw_head *chainptr, struct ip_fw *frwl) } /* Got a valid number; now insert it, keeping the list ordered */ - LIST_FOREACH(fcp, chainptr, chain) { + LIST_FOREACH(fcp, chainptr, next) { if (fcp->rule->fw_number > ftmp->fw_number) { if (fcpl) { - LIST_INSERT_AFTER(fcpl, fwc, chain); + LIST_INSERT_AFTER(fcpl, fwc, next); } else { - LIST_INSERT_HEAD(chainptr, fwc, chain); + LIST_INSERT_HEAD(chainptr, fwc, next); } break; } else { @@ -1545,7 +1544,7 @@ del_entry(struct ip_fw_head *chainptr, u_short number) fcp = LIST_FIRST(chainptr); if (number != (u_short)-1) { - for (; fcp; fcp = LIST_NEXT(fcp, chain)) { + for (; fcp; fcp = LIST_NEXT(fcp, next)) { if (fcp->rule->fw_number == number) { int s; @@ -1555,8 +1554,8 @@ del_entry(struct ip_fw_head *chainptr, u_short number) struct ip_fw_chain *next; remove_dyn_rule(fcp, 1 /* delete */); - next = LIST_NEXT(fcp, chain); - LIST_REMOVE(fcp, chain); + next = LIST_NEXT(fcp, next); + LIST_REMOVE(fcp, next); #ifdef DUMMYNET dn_rule_delete(fcp) ; #endif @@ -1582,7 +1581,7 @@ zero_entry(struct ip_fw *frwl) if (frwl == 0) { s = splnet(); - LIST_FOREACH(fcp, &ip_fw_chain, chain) { + LIST_FOREACH(fcp, &ip_fw_chain_head, next) { fcp->rule->fw_bcnt = fcp->rule->fw_pcnt = 0; fcp->rule->fw_loghighest = fcp->rule->fw_logamount; fcp->rule->timestamp = 0; @@ -1597,7 +1596,7 @@ zero_entry(struct ip_fw *frwl) * same number, so we don't stop after finding the first * match if zeroing a specific entry. */ - LIST_FOREACH(fcp, &ip_fw_chain, chain) + LIST_FOREACH(fcp, &ip_fw_chain_head, next) if (frwl->fw_number == fcp->rule->fw_number) { s = splnet(); while (fcp && frwl->fw_number == fcp->rule->fw_number) { @@ -1605,7 +1604,7 @@ zero_entry(struct ip_fw *frwl) fcp->rule->fw_loghighest = fcp->rule->fw_logamount; fcp->rule->timestamp = 0; - fcp = LIST_NEXT(fcp, chain); + fcp = LIST_NEXT(fcp, next); } splx(s); cleared = 1; @@ -1636,7 +1635,7 @@ resetlog_entry(struct ip_fw *frwl) if (frwl == 0) { s = splnet(); counter = 0; - LIST_FOREACH(fcp, &ip_fw_chain, chain) + LIST_FOREACH(fcp, &ip_fw_chain_head, next) fcp->rule->fw_loghighest = fcp->rule->fw_pcnt + fcp->rule->fw_logamount; splx(s); @@ -1649,14 +1648,14 @@ resetlog_entry(struct ip_fw *frwl) * same number, so we don't stop after finding the first * match if zeroing a specific entry. */ - LIST_FOREACH(fcp, &ip_fw_chain, chain) + LIST_FOREACH(fcp, &ip_fw_chain_head, next) if (frwl->fw_number == fcp->rule->fw_number) { s = splnet(); while (fcp && frwl->fw_number == fcp->rule->fw_number) { fcp->rule->fw_loghighest = fcp->rule->fw_pcnt + fcp->rule->fw_logamount; - fcp = LIST_NEXT(fcp, chain); + fcp = LIST_NEXT(fcp, next); } splx(s); cleared = 1; @@ -1835,9 +1834,9 @@ ip_fw_ctl(struct sockopt *sopt) switch (sopt->sopt_name) { case IP_FW_GET: - for (fcp = LIST_FIRST(&ip_fw_chain), size = 0; fcp; - fcp = LIST_NEXT(fcp, chain)) - size += sizeof *fcp->rule; + size = 0 ; + LIST_FOREACH(fcp, &ip_fw_chain_head, next) + size += sizeof(struct ip_fw) ; if (ipfw_dyn_v) { int i ; struct ipfw_dyn_rule *p ; @@ -1852,8 +1851,8 @@ ip_fw_ctl(struct sockopt *sopt) break; } - for (fcp = LIST_FIRST(&ip_fw_chain), bp = buf; fcp; - fcp = LIST_NEXT(fcp, chain)) { + bp = buf ; + LIST_FOREACH(fcp, &ip_fw_chain_head, next) { bcopy(fcp->rule, bp, sizeof *fcp->rule); bp->pipe_ptr = (void *)(intptr_t) ((struct ip_fw_ext *)fcp->rule)->dont_match_prob; @@ -1888,11 +1887,10 @@ ip_fw_ctl(struct sockopt *sopt) s = splnet(); remove_dyn_rule(NULL, 1 /* force delete */); splx(s); - for (fcp = LIST_FIRST(&ip_fw_chain); - fcp != 0 && fcp->rule->fw_number != IPFW_DEFAULT_RULE; - fcp = LIST_FIRST(&ip_fw_chain)) { + while ( (fcp = LIST_FIRST(&ip_fw_chain_head)) && + fcp->rule->fw_number != IPFW_DEFAULT_RULE ) { s = splnet(); - LIST_REMOVE(fcp, chain); + LIST_REMOVE(fcp, next); #ifdef DUMMYNET dn_rule_delete(fcp); #endif @@ -1923,7 +1921,7 @@ ip_fw_ctl(struct sockopt *sopt) (unsigned)IPFW_DEFAULT_RULE)); error = EINVAL; } else { - error = add_entry(&ip_fw_chain, &frwl); + error = add_entry(&ip_fw_chain_head, &frwl); if (!error && sopt->sopt_dir == SOPT_GET) error = sooptcopyout(sopt, &frwl, sizeof frwl); } @@ -1939,7 +1937,7 @@ ip_fw_ctl(struct sockopt *sopt) (unsigned)IPFW_DEFAULT_RULE)); error = EINVAL; } else { - error = del_entry(&ip_fw_chain, frwl.fw_number); + error = del_entry(&ip_fw_chain_head, frwl.fw_number); } break; @@ -1971,7 +1969,7 @@ ip_fw_init(void) ip_fw_chk_ptr = ip_fw_chk; ip_fw_ctl_ptr = ip_fw_ctl; - LIST_INIT(&ip_fw_chain); + LIST_INIT(&ip_fw_chain_head); bzero(&default_rule, sizeof default_rule); default_rule.fw_prot = IPPROTO_IP; @@ -1983,10 +1981,10 @@ ip_fw_init(void) #endif default_rule.fw_flg |= IP_FW_F_IN | IP_FW_F_OUT; if (check_ipfw_struct(&default_rule) != 0 || - add_entry(&ip_fw_chain, &default_rule)) + add_entry(&ip_fw_chain_head, &default_rule)) panic("ip_fw_init"); - ip_fw_default_rule = LIST_FIRST(&ip_fw_chain) ; + ip_fw_default_rule = LIST_FIRST(&ip_fw_chain_head) ; printf("IP packet filtering initialized, " #ifdef IPDIVERT "divert enabled, " @@ -2021,6 +2019,7 @@ static int ipfw_modevent(module_t mod, int type, void *unused) { int s; + struct ip_fw_chain *fcp; switch (type) { case MOD_LOAD: @@ -2037,9 +2036,8 @@ ipfw_modevent(module_t mod, int type, void *unused) ip_fw_chk_ptr = old_chk_ptr; ip_fw_ctl_ptr = old_ctl_ptr; remove_dyn_rule(NULL, 1 /* force delete */); - while (LIST_FIRST(&ip_fw_chain) != NULL) { - struct ip_fw_chain *fcp = LIST_FIRST(&ip_fw_chain); - LIST_REMOVE(LIST_FIRST(&ip_fw_chain), chain); + while ( (fcp = LIST_FIRST(&ip_fw_chain_head)) != NULL) { + LIST_REMOVE(fcp, next); #ifdef DUMMYNET dn_rule_delete(fcp); #endif |