Sync with the bridge/dummynet/ipfw code already tested in stable.

In ip_fw.[ch] change a couple of variable and field names to
avoid having types, variables and fields with the same name.

1 files changed, 41 insertions, 43 deletions

diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 19dfb74..66dc6f1 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -89,7 +89,7 @@ struct ipfw_flow_id last_pkt ;
 
 #define	IPFW_DEFAULT_RULE	((u_int)(u_short)~0)
 
-LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
+LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain_head;
 
 MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
 
@@ -903,10 +903,10 @@ lookup_next_rule(struct ip_fw_chain *me)
     int rule = me->rule->fw_skipto_rule ; /* guess... */
 
     if ( (me->rule->fw_flg & IP_FW_F_COMMAND) == IP_FW_F_SKIPTO )
-	for (chain = LIST_NEXT(me, chain); chain ; chain = LIST_NEXT(chain, chain) )
+	for (chain = LIST_NEXT(me,next); chain ; chain = LIST_NEXT(chain,next))
 	    if (chain->rule->fw_number >= rule)
                 return chain ;
-    return LIST_NEXT(me, chain) ; /* failure or not a skipto */
+    return LIST_NEXT(me,next) ; /* failure or not a skipto */
 }
 
 /*
@@ -924,6 +924,7 @@ lookup_next_rule(struct ip_fw_chain *me)
  *
  * Return value:
  *
+ *	IP_FW_PORT_DENY_FLAG	the packet must be dropped.
  *	0	The packet is to be accepted and routed normally OR
  *      	the packet was denied/rejected and has been dropped;
  *		in the latter case, *m is equal to NULL upon return.
@@ -1038,7 +1039,7 @@ ip_fw_chk(struct ip **pip, int hlen,
 		 * Packet has already been tagged. Look for the next rule
 		 * to restart processing.
 		 */
-		chain = LIST_NEXT(*flow_id, chain);
+		chain = LIST_NEXT(*flow_id, next);
 
 		if ((chain = (*flow_id)->rule->next_rule_ptr) == NULL)
 			chain = (*flow_id)->rule->next_rule_ptr =
@@ -1050,19 +1051,19 @@ ip_fw_chk(struct ip **pip, int hlen,
 		 * Go down the chain, looking for enlightment.
 		 * If we've been asked to start at a given rule, do so.
 		 */
-		chain = LIST_FIRST(&ip_fw_chain);
+		chain = LIST_FIRST(&ip_fw_chain_head);
 		if (skipto != 0) {
 			if (skipto >= IPFW_DEFAULT_RULE)
 				goto dropit;
 			while (chain && chain->rule->fw_number <= skipto)
-				chain = LIST_NEXT(chain, chain);
+				chain = LIST_NEXT(chain, next);
 			if (chain == NULL)
 				goto dropit;
 		}
 	}
 
 
-	for (; chain; chain = LIST_NEXT(chain, chain)) {
+	for (; chain; chain = LIST_NEXT(chain, next)) {
 again:
 		f = chain->rule;
 		if (f->fw_number == IPFW_DEFAULT_RULE)
@@ -1093,7 +1094,7 @@ again:
 		}
 
 		/* Check if rule only valid for bridged packets */
-		if ((f->fw_flg & IP_FW_BRIDGED) != 0 && ! (BRIDGED) )
+		if ((f->fw_flg & IP_FW_BRIDGED) != 0 && !(BRIDGED))
 			continue;
 
 		if (oif) {
@@ -1444,9 +1445,7 @@ dropit:
 	/*
 	 * Finally, drop the packet.
 	 */
-	if (*m)
-		return(IP_FW_PORT_DENY_FLAG);
-	return(0);
+	return(IP_FW_PORT_DENY_FLAG);
 #undef BRIDGED
 }
 
@@ -1461,7 +1460,7 @@ flush_rule_ptrs()
 {
     struct ip_fw_chain *fcp ;
 
-    LIST_FOREACH(fcp, &ip_fw_chain, chain) {
+    LIST_FOREACH(fcp, &ip_fw_chain_head, next) {
 	fcp->rule->next_rule_ptr = NULL ;
     }
 }
@@ -1501,14 +1500,14 @@ add_entry(struct ip_fw_head *chainptr, struct ip_fw *frwl)
 	s = splnet();
 
 	if (LIST_FIRST(chainptr) == 0) {
-		LIST_INSERT_HEAD(chainptr, fwc, chain);
+		LIST_INSERT_HEAD(chainptr, fwc, next);
 		splx(s);
 		return(0);
         }
 
 	/* If entry number is 0, find highest numbered rule and add 100 */
 	if (ftmp->fw_number == 0) {
-		LIST_FOREACH(fcp, chainptr, chain) {
+		LIST_FOREACH(fcp, chainptr, next) {
 			if (fcp->rule->fw_number != (u_short)-1)
 				nbr = fcp->rule->fw_number;
 			else
@@ -1520,12 +1519,12 @@ add_entry(struct ip_fw_head *chainptr, struct ip_fw *frwl)
 	}
 
 	/* Got a valid number; now insert it, keeping the list ordered */
-	LIST_FOREACH(fcp, chainptr, chain) {
+	LIST_FOREACH(fcp, chainptr, next) {
 		if (fcp->rule->fw_number > ftmp->fw_number) {
 			if (fcpl) {
-				LIST_INSERT_AFTER(fcpl, fwc, chain);
+				LIST_INSERT_AFTER(fcpl, fwc, next);
 			} else {
-				LIST_INSERT_HEAD(chainptr, fwc, chain);
+				LIST_INSERT_HEAD(chainptr, fwc, next);
 			}
 			break;
 		} else {
@@ -1545,7 +1544,7 @@ del_entry(struct ip_fw_head *chainptr, u_short number)
 
 	fcp = LIST_FIRST(chainptr);
 	if (number != (u_short)-1) {
-		for (; fcp; fcp = LIST_NEXT(fcp, chain)) {
+		for (; fcp; fcp = LIST_NEXT(fcp, next)) {
 			if (fcp->rule->fw_number == number) {
 				int s;
 
@@ -1555,8 +1554,8 @@ del_entry(struct ip_fw_head *chainptr, u_short number)
 					struct ip_fw_chain *next;
 
 					remove_dyn_rule(fcp, 1 /* delete */);
-					next = LIST_NEXT(fcp, chain);
-					LIST_REMOVE(fcp, chain);
+					next = LIST_NEXT(fcp, next);
+					LIST_REMOVE(fcp, next);
 #ifdef DUMMYNET
 					dn_rule_delete(fcp) ;
 #endif
@@ -1582,7 +1581,7 @@ zero_entry(struct ip_fw *frwl)
 
 	if (frwl == 0) {
 		s = splnet();
-		LIST_FOREACH(fcp, &ip_fw_chain, chain) {
+		LIST_FOREACH(fcp, &ip_fw_chain_head, next) {
 			fcp->rule->fw_bcnt = fcp->rule->fw_pcnt = 0;
 			fcp->rule->fw_loghighest = fcp->rule->fw_logamount;
 			fcp->rule->timestamp = 0;
@@ -1597,7 +1596,7 @@ zero_entry(struct ip_fw *frwl)
 		 *	same number, so we don't stop after finding the first
 		 *	match if zeroing a specific entry.
 		 */
-		LIST_FOREACH(fcp, &ip_fw_chain, chain)
+		LIST_FOREACH(fcp, &ip_fw_chain_head, next)
 			if (frwl->fw_number == fcp->rule->fw_number) {
 				s = splnet();
 				while (fcp && frwl->fw_number == fcp->rule->fw_number) {
@@ -1605,7 +1604,7 @@ zero_entry(struct ip_fw *frwl)
 					fcp->rule->fw_loghighest =
 					    fcp->rule->fw_logamount;
 					fcp->rule->timestamp = 0;
-					fcp = LIST_NEXT(fcp, chain);
+					fcp = LIST_NEXT(fcp, next);
 				}
 				splx(s);
 				cleared = 1;
@@ -1636,7 +1635,7 @@ resetlog_entry(struct ip_fw *frwl)
 	if (frwl == 0) {
 		s = splnet();
 		counter = 0;
-		LIST_FOREACH(fcp, &ip_fw_chain, chain)
+		LIST_FOREACH(fcp, &ip_fw_chain_head, next)
 			fcp->rule->fw_loghighest = fcp->rule->fw_pcnt +
 			    fcp->rule->fw_logamount;
 		splx(s);
@@ -1649,14 +1648,14 @@ resetlog_entry(struct ip_fw *frwl)
 		 *	same number, so we don't stop after finding the first
 		 *	match if zeroing a specific entry.
 		 */
-		LIST_FOREACH(fcp, &ip_fw_chain, chain)
+		LIST_FOREACH(fcp, &ip_fw_chain_head, next)
 			if (frwl->fw_number == fcp->rule->fw_number) {
 				s = splnet();
 				while (fcp && frwl->fw_number == fcp->rule->fw_number) {
 					fcp->rule->fw_loghighest =
 					    fcp->rule->fw_pcnt +
 					    fcp->rule->fw_logamount;
-					fcp = LIST_NEXT(fcp, chain);
+					fcp = LIST_NEXT(fcp, next);
 				}
 				splx(s);
 				cleared = 1;
@@ -1835,9 +1834,9 @@ ip_fw_ctl(struct sockopt *sopt)
 
 	switch (sopt->sopt_name) {
 	case IP_FW_GET:
-		for (fcp = LIST_FIRST(&ip_fw_chain), size = 0; fcp;
-		     fcp = LIST_NEXT(fcp, chain))
-			size += sizeof *fcp->rule;
+		size = 0 ;
+		LIST_FOREACH(fcp, &ip_fw_chain_head, next)
+		    size += sizeof(struct ip_fw) ;
 		if (ipfw_dyn_v) {
 		    int i ;
 		    struct ipfw_dyn_rule *p ;
@@ -1852,8 +1851,8 @@ ip_fw_ctl(struct sockopt *sopt)
 			break;
 		}
 
-		for (fcp = LIST_FIRST(&ip_fw_chain), bp = buf; fcp;
-		     fcp = LIST_NEXT(fcp, chain)) {
+		bp = buf ;
+		LIST_FOREACH(fcp, &ip_fw_chain_head, next) {
 			bcopy(fcp->rule, bp, sizeof *fcp->rule);
 			bp->pipe_ptr = (void *)(intptr_t)
 			    ((struct ip_fw_ext *)fcp->rule)->dont_match_prob;
@@ -1888,11 +1887,10 @@ ip_fw_ctl(struct sockopt *sopt)
 		s = splnet();
 		remove_dyn_rule(NULL, 1 /* force delete */);
 		splx(s);
-		for (fcp = LIST_FIRST(&ip_fw_chain); 
-		     fcp != 0 && fcp->rule->fw_number != IPFW_DEFAULT_RULE;
-		     fcp = LIST_FIRST(&ip_fw_chain)) {
+		while ( (fcp = LIST_FIRST(&ip_fw_chain_head)) &&
+		     fcp->rule->fw_number != IPFW_DEFAULT_RULE ) {
 			s = splnet();
-			LIST_REMOVE(fcp, chain);
+			LIST_REMOVE(fcp, next);
 #ifdef DUMMYNET
 			dn_rule_delete(fcp);
 #endif
@@ -1923,7 +1921,7 @@ ip_fw_ctl(struct sockopt *sopt)
 				 (unsigned)IPFW_DEFAULT_RULE));
 			error = EINVAL;
 		} else {
-			error = add_entry(&ip_fw_chain, &frwl);
+			error = add_entry(&ip_fw_chain_head, &frwl);
 			if (!error && sopt->sopt_dir == SOPT_GET)
 				error = sooptcopyout(sopt, &frwl, sizeof frwl);
 		}
@@ -1939,7 +1937,7 @@ ip_fw_ctl(struct sockopt *sopt)
 				 (unsigned)IPFW_DEFAULT_RULE));
 			error = EINVAL;
 		} else {
-			error = del_entry(&ip_fw_chain, frwl.fw_number);
+			error = del_entry(&ip_fw_chain_head, frwl.fw_number);
 		}
 		break;
 
@@ -1971,7 +1969,7 @@ ip_fw_init(void)
 
 	ip_fw_chk_ptr = ip_fw_chk;
 	ip_fw_ctl_ptr = ip_fw_ctl;
-	LIST_INIT(&ip_fw_chain);
+	LIST_INIT(&ip_fw_chain_head);
 
 	bzero(&default_rule, sizeof default_rule);
 	default_rule.fw_prot = IPPROTO_IP;
@@ -1983,10 +1981,10 @@ ip_fw_init(void)
 #endif
 	default_rule.fw_flg |= IP_FW_F_IN | IP_FW_F_OUT;
 	if (check_ipfw_struct(&default_rule) != 0 ||
-	    add_entry(&ip_fw_chain, &default_rule))
+	    add_entry(&ip_fw_chain_head, &default_rule))
 		panic("ip_fw_init");
 
-	ip_fw_default_rule = LIST_FIRST(&ip_fw_chain) ;
+	ip_fw_default_rule = LIST_FIRST(&ip_fw_chain_head) ;
 	printf("IP packet filtering initialized, "
 #ifdef IPDIVERT
 		"divert enabled, "
@@ -2021,6 +2019,7 @@ static int
 ipfw_modevent(module_t mod, int type, void *unused)
 {
 	int s;
+	struct ip_fw_chain *fcp;
 	
 	switch (type) {
 	case MOD_LOAD:
@@ -2037,9 +2036,8 @@ ipfw_modevent(module_t mod, int type, void *unused)
 		ip_fw_chk_ptr =  old_chk_ptr;
 		ip_fw_ctl_ptr =  old_ctl_ptr;
 		remove_dyn_rule(NULL, 1 /* force delete */);
-		while (LIST_FIRST(&ip_fw_chain) != NULL) {
-			struct ip_fw_chain *fcp = LIST_FIRST(&ip_fw_chain);
-			LIST_REMOVE(LIST_FIRST(&ip_fw_chain), chain);
+		while ( (fcp = LIST_FIRST(&ip_fw_chain_head)) != NULL) {
+			LIST_REMOVE(fcp, next);
 #ifdef DUMMYNET
 			dn_rule_delete(fcp);
 #endif