diff options
author | glebius <glebius@FreeBSD.org> | 2005-01-14 09:00:46 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2005-01-14 09:00:46 +0000 |
commit | 4db2b8d392653d006688b34d58bdb4ff6bc93523 (patch) | |
tree | d9fa7d7031281028b0d46da348135c088236c843 /sys/netinet/ip_fw.h | |
parent | 3c319ea2eac56f153a87df3c9616031973d63110 (diff) | |
download | FreeBSD-src-4db2b8d392653d006688b34d58bdb4ff6bc93523.zip FreeBSD-src-4db2b8d392653d006688b34d58bdb4ff6bc93523.tar.gz |
o Clean up interface between ip_fw_chk() and its callers:
- ip_fw_chk() returns action as function return value. Field retval is
removed from args structure. Action is not flag any more. It is one
of integer constants.
- Any action-specific cookies are returned either in new "cookie" field
in args structure (dummynet, future netgraph glue), or in mbuf tag
attached to packet (divert, tee, some future action).
o Convert parsing of return value from ip_fw_chk() in ipfw_check_{in,out}()
to a switch structure, so that the functions are more readable, and a future
actions can be added with less modifications.
Approved by: andre
MFC after: 2 months
Diffstat (limited to 'sys/netinet/ip_fw.h')
-rw-r--r-- | sys/netinet/ip_fw.h | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index e73d701..de92951 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -417,9 +417,17 @@ typedef struct _ipfw_table { */ #ifdef _KERNEL -#define IP_FW_PORT_DYNT_FLAG 0x00010000 -#define IP_FW_PORT_TEE_FLAG 0x00020000 -#define IP_FW_PORT_DENY_FLAG 0x00040000 +/* Return values from ipfw_chk() */ +enum { + IP_FW_PASS = 0, + IP_FW_DENY, + IP_FW_DIVERT, + IP_FW_TEE, + IP_FW_DUMMYNET, + IP_FW_NETGRAPH, +}; + +/* flags for divert mtag */ #define IP_FW_DIVERT_LOOPBACK_FLAG 0x00080000 #define IP_FW_DIVERT_OUTPUT_FLAG 0x00100000 @@ -438,7 +446,7 @@ struct ip_fw_args { int flags; /* for dummynet */ struct ipfw_flow_id f_id; /* grabbed from IP header */ - u_int32_t retval; + u_int32_t cookie; /* a cookie depending on rule action */ struct inpcb *inp; }; |