diff options
| author | ae <ae@FreeBSD.org> | 2011-06-29 10:06:58 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2011-06-29 10:06:58 +0000 |
| commit | 6b5f802b89475290bd6d581f19f00d0326038be1 (patch) | |
| tree | 39ec2dc897c198c72a20dac2c11a69066b5cb64f /sys/netinet/ip_fw.h | |
| parent | 93c32fd0711f841f49c0349d8c693ccc83913e1d (diff) | |
| download | FreeBSD-src-6b5f802b89475290bd6d581f19f00d0326038be1.zip FreeBSD-src-6b5f802b89475290bd6d581f19f00d0326038be1.tar.gz | |
Add new rule actions "call" and "return" to ipfw. They make
possible to organize subroutines with rules.
The "call" action saves the current rule number in the internal
stack and rules processing continues from the first rule with
specified number (similar to skipto action). If later a rule with
"return" action is encountered, the processing returns to the first
rule with number of "call" rule saved in the stack plus one or higher.
Submitted by: Vadim Goncharov
Discussed by: ipfw@, luigi@
Diffstat (limited to 'sys/netinet/ip_fw.h')
| -rw-r--r-- | sys/netinet/ip_fw.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 06e107c..ff3a67f 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -57,6 +57,12 @@ #define IP_FW_TABLEARG 65535 /* XXX should use 0 */ /* + * Number of entries in the call stack of the call/return commands. + * Call stack currently is an uint16_t array with rule numbers. + */ +#define IPFW_CALLSTACK_SIZE 16 + +/* * The kernel representation of ipfw rules is made of a list of * 'instructions' (for all practical purposes equivalent to BPF * instructions), which specify which fields of the packet @@ -195,6 +201,8 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ O_SOCKARG, /* socket argument */ + O_CALLRETURN, /* arg1=called rule number */ + O_LAST_OPCODE /* not an opcode! */ }; |
