clean up the changes made to ipfw over the last weeks

(should make the ipfw lkm work again)

6 files changed, 52 insertions, 101 deletions

diff --git a/sys/netinet/in.h b/sys/netinet/in.h
index e5c68af..a5422cf 100644
--- a/sys/netinet/in.h
+++ b/sys/netinet/in.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)in.h	8.3 (Berkeley) 1/3/94
- * $Id: in.h,v 1.32 1998/05/10 20:51:46 jb Exp $
+ * $Id: in.h,v 1.33 1998/05/19 14:04:18 dg Exp $
  */
 
 #ifndef _NETINET_IN_H_
@@ -431,7 +431,7 @@ char 	*inet_ntoa __P((struct in_addr)); /* in libkern */
 
 /* Firewall hooks */
 struct ip;
-typedef	int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, int, struct mbuf**));
+typedef	int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, int*, struct mbuf**));
 typedef	int ip_fw_ctl_t __P((int, struct mbuf**));
 extern	ip_fw_chk_t *ip_fw_chk_ptr;
 extern	ip_fw_ctl_t *ip_fw_ctl_ptr;
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index 9b32f6d..62be4df 100644
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: ip_divert.c,v 1.26 1998/05/25 10:37:43 julian Exp $
+ *	$Id: ip_divert.c,v 1.27 1998/06/05 22:39:52 julian Exp $
  */
 
 #include "opt_inet.h"
@@ -91,20 +91,14 @@ u_short ip_divert_port;
  * The user process can send it back to help the caller know something
  * about where the packet came from.
  *
- * If IPFW is the caller then the IN cookie is the rule that sent
- * us here and the OUT cookie is the rule after which processing
+ * If IPFW is the caller then the cookie is the rule that sent
+ * us here. On reinjection is is the rule after which processing
  * should continue. Leaving it the same will make processing start
  * at the rule number after that which sent it here. Setting it to
  * 0 will restart processing at the beginning. 
  * #endif 
  */
-#ifdef IPFW_DIVERT_OLDRESTART
-u_short ip_divert_ignore;
-#else
-
-u_short ip_divert_in_cookie;
-u_short ip_divert_out_cookie;
-#endif /* IPFW_DIVERT_OLDRESTART */
+u_short ip_divert_cookie;
 
 /* Internal variables */
 
@@ -171,8 +165,8 @@ div_input(struct mbuf *m, int hlen)
 #ifdef IPFW_DIVERT_OLDRESTART
 	divsrc.sin_port = htons(ip_divert_port);
 #else
-	divsrc.sin_port = ip_divert_in_cookie;
-	ip_divert_in_cookie = 0;
+	divsrc.sin_port = ip_divert_cookie;
+	ip_divert_cookie = 0;
 #endif /* IPFW_DIVERT_OLDRESTART */
 
 	/* Restore packet header fields */
@@ -274,19 +268,15 @@ div_output(so, m, addr, control)
 		m_freem(control);		/* XXX */
 
 	/* Loopback avoidance */
-#ifdef IPFW_DIVERT_OLDRESTART
 	if (sin) {
-		ip_divert_ignore = ntohs(sin->sin_port);
-	} else {
-		ip_divert_ignore = 0;
-	}
+#ifdef IPFW_DIVERT_OLDRESTART
+		ip_divert_cookie = ntohs(sin->sin_port);
 #else
-	if (sin) {
-		ip_divert_out_cookie = sin->sin_port;
+		ip_divert_cookie = sin->sin_port;
+#endif /* IPFW_DIVERT_OLDRESTART */
 	} else {
-		ip_divert_out_cookie = 0;
+		ip_divert_cookie = 0;
 	}
-#endif /* IPFW_DIVERT_OLDRESTART */
 
 	/* Reinject packet into the system as incoming or outgoing */
 	if (!sin || sin->sin_addr.s_addr == 0) {
@@ -344,19 +334,11 @@ div_output(so, m, addr, control)
 	}
 
 	/* Reset for next time (and other packets) */
-#ifdef IPFW_DIVERT_OLDRESTART
-	ip_divert_ignore = 0;
-#else
-	ip_divert_out_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
+	ip_divert_cookie = 0;
 	return error;
 
 cantsend:
-#ifdef IPFW_DIVERT_OLDRESTART
-	ip_divert_ignore = 0;
-#else
-	ip_divert_out_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
+	ip_divert_cookie = 0;
 	m_freem(m);
 	return error;
 }
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 53f2856..0d978b4 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -12,7 +12,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_fw.c,v 1.85 1998/06/05 22:39:53 julian Exp $
+ *	$Id: ip_fw.c,v 1.86 1998/06/05 23:33:26 julian Exp $
  */
 
 /*
@@ -103,13 +103,8 @@ static ip_fw_chk_t *old_chk_ptr;
 static ip_fw_ctl_t *old_ctl_ptr;
 #endif
 
-#ifdef IPFW_DIVERT_OLDRESTART
-static int	ip_fw_chk __P((struct ip **pip, int hlen,
-			struct ifnet *oif, int ignport, struct mbuf **m));
-#else
 static int	ip_fw_chk __P((struct ip **pip, int hlen,
-			struct ifnet *oif, int pastrule, struct mbuf **m));
-#endif /* IPFW_DIVERT_OLDRESTART */
+			struct ifnet *oif, int *cookie, struct mbuf **m));
 static int	ip_fw_ctl __P((int stage, struct mbuf **mm));
 
 static char err_prefix[] = "ip_fw_ctl:";
@@ -387,9 +382,9 @@ ipfw_report(struct ip_fw *f, struct ip *ip,
  *	hlen	Packet header length
  *	oif	Outgoing interface, or NULL if packet is incoming
  * #ifdef IPFW_DIVERT_OLDRESTART
- *	ignport	Ignore all divert/tee rules to this port (if non-zero)
+ *	*ignport	Ignore all divert/tee rules to this port (if non-zero)
  * #else
- *	pastrule Skip up to the first rule past this rule number;
+ *	*cookie Skip up to the first rule past this rule number;
  * #endif
  *	*m	The packet; we set to NULL when/if we nuke it.
  *
@@ -402,13 +397,8 @@ ipfw_report(struct ip_fw *f, struct ip *ip,
  */
 
 static int 
-#ifdef IPFW_DIVERT_OLDRESTART
-ip_fw_chk(struct ip **pip, int hlen,
-	struct ifnet *oif, int ignport, struct mbuf **m)
-#else
 ip_fw_chk(struct ip **pip, int hlen,
-	struct ifnet *oif, int pastrule, struct mbuf **m)
-#endif /* IPFW_DIVERT_OLDRESTART */
+	struct ifnet *oif, int *cookie, struct mbuf **m)
 {
 	struct ip_fw_chain *chain;
 	struct ip_fw *rule = NULL;
@@ -416,7 +406,13 @@ ip_fw_chk(struct ip **pip, int hlen,
 	struct ifnet *const rif = (*m)->m_pkthdr.rcvif;
 	u_short offset = (ip->ip_off & IP_OFFMASK);
 	u_short src_port, dst_port;
+#ifdef	IPFW_DIVERT_OLDRESTART
+	int ignport = *cookie;
+#else
+	int skipto = *cookie;
+#endif /* IPFW_DIVERT_OLDRESTART */
 
+	*cookie = 0;
 	/*
 	 * Go down the chain, looking for enlightment
 	 * #ifndef IPFW_DIVERT_OLDRESTART
@@ -424,13 +420,14 @@ ip_fw_chk(struct ip **pip, int hlen,
 	 * #endif
 	 */
 #ifdef IPFW_DIVERT_OLDRESTART
-	for (chain=LIST_FIRST(&ip_fw_chain); chain; chain = LIST_NEXT(chain, chain)) {
+	for (chain=LIST_FIRST(&ip_fw_chain); chain;
+			chain = LIST_NEXT(chain, chain)) {
 #else
-	chain=LIST_FIRST(&ip_fw_chain);
-	if ( pastrule ) {
-		if (pastrule >= 65535)
+	chain = LIST_FIRST(&ip_fw_chain);
+	if ( skipto ) {
+		if (skipto >= 65535)
 			goto dropit;
-		while (chain && (chain->rule->fw_number <= pastrule)) {
+		while (chain && (chain->rule->fw_number <= skipto)) {
 			chain = LIST_NEXT(chain, chain);
 		}
 		if (! chain) goto dropit;
@@ -613,8 +610,10 @@ got_match:
 		case IP_FW_F_COUNT:
 			continue;
 		case IP_FW_F_DIVERT:
-#ifndef IPFW_DIVERT_OLDRESTART
-			ip_divert_in_cookie = f->fw_number;
+#ifdef IPFW_DIVERT_OLDRESTART
+			*cookie = f->fw_divert_port;
+#else
+			*cookie = f->fw_number;
 #endif /* IPFW_DIVERT_OLDRESTART */
 			return(f->fw_divert_port);
 		case IP_FW_F_TEE:
@@ -702,6 +701,7 @@ dropit:
 	/*
 	 * Finally, drop the packet.
 	 */
+	*cookie = 0;
 	if (*m) {
 		m_freem(*m);
 		*m = NULL;
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 6280050..5f43a95 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
- * $Id: ip_input.c,v 1.85 1998/05/25 10:37:45 julian Exp $
+ * $Id: ip_input.c,v 1.86 1998/06/05 22:39:55 julian Exp $
  *	$ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
  */
 
@@ -362,22 +362,15 @@ tooshort:
 #ifdef IPDIVERT
 		u_short port;
 
-#ifdef IPFW_DIVERT_OLDRESTART
-		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, ip_divert_ignore, &m);
-		ip_divert_ignore = 0;
-#else
-		ip_divert_in_cookie = 0;
-		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL,
-					ip_divert_out_cookie, &m);
-		ip_divert_out_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
+		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, &ip_divert_cookie, &m);
 		if (port) {			/* Divert packet */
 			frag_divert_port = port;
 			goto ours;
 		}
 #else
+		int	dummy;
 		/* If ipfw says divert, we have to just drop packet */
-		if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, 0, &m)) {
+		if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, &dummy, &m)) {
 			m_freem(m);
 			m = NULL;
 		}
@@ -503,6 +496,7 @@ ours:
 				ipstat.ips_toosmall++;
 #ifdef IPDIVERT
 				frag_divert_port = 0;
+				ip_divert_cookie = 0;
 #endif
 				return;
 			}
@@ -602,11 +596,6 @@ found:
 		goto bad;
 	}
 
-	/* Don't let packets divert themselves */
-	if (ip->ip_p == IPPROTO_DIVERT) {
-		ipstat.ips_noproto++;
-		goto bad;
-	}
 #endif
 
 	/*
@@ -682,9 +671,7 @@ ip_reass(ip, fp, where)
 		fp->ipq_dst = ((struct ip *)ip)->ip_dst;
 #ifdef IPDIVERT
 		fp->ipq_divert = 0;
-#ifndef IPFW_DIVERT_OLDRESTART
 		fp->ipq_div_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
 #endif
 		q = (struct ipasfrag *)fp;
 		goto insert;
@@ -741,11 +728,10 @@ insert:
 	 */
 	if (frag_divert_port != 0) {
 		fp->ipq_divert = frag_divert_port;
-#ifndef IPFW_DIVERT_OLDRESTART
-		fp->ipq_div_cookie = ip_divert_in_cookie;
-#endif /* IPFW_DIVERT_OLDRESTART */
+		fp->ipq_div_cookie = ip_divert_cookie;
 	}
 	frag_divert_port = 0;
+	ip_divert_cookie = 0;
 #endif
 
 	/*
@@ -789,12 +775,10 @@ insert:
 
 #ifdef IPDIVERT
 	/*
-	 * Record divert port for packet, if any
+	 * extract divert port for packet, if any
 	 */
 	frag_divert_port = fp->ipq_divert;
-#ifndef IPFW_DIVERT_OLDRESTART
-	ip_divert_in_cookie = fp->ipq_div_cookie;
-#endif /* IPFW_DIVERT_OLDRESTART */
+	ip_divert_cookie = fp->ipq_div_cookie;
 #endif
 
 	/*
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 5089b5c..9e28ffe 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_output.c	8.3 (Berkeley) 1/21/94
- *	$Id: ip_output.c,v 1.67 1998/05/25 10:37:47 julian Exp $
+ *	$Id: ip_output.c,v 1.68 1998/06/05 22:40:00 julian Exp $
  */
 
 #define _IP_VHL
@@ -371,23 +371,16 @@ sendit:
 	 */
 	if (ip_fw_chk_ptr) {
 #ifdef IPDIVERT
-#ifdef IPFW_DIVERT_OLDRESTART
 		ip_divert_port = (*ip_fw_chk_ptr)(&ip,
-		    hlen, ifp, ip_divert_ignore, &m);
-		ip_divert_ignore = 0;
-#else
-		ip_divert_in_cookie = 0;
-		ip_divert_port = (*ip_fw_chk_ptr)(&ip,
-		    hlen, ifp, ip_divert_out_cookie, &m);
-		ip_divert_out_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
+		    hlen, ifp, &ip_divert_cookie, &m);
 		if (ip_divert_port) {		/* Divert packet */
 			(*inetsw[ip_protox[IPPROTO_DIVERT]].pr_input)(m, 0);
 			goto done;
 		}
 #else
+		int 	dummy;
 		/* If ipfw says divert, we have to just drop packet */
-		if ((*ip_fw_chk_ptr)(&ip, hlen, ifp, 0, &m)) {
+		if ((*ip_fw_chk_ptr)(&ip, hlen, ifp, &dummy, &m)) {
 			m_freem(m);
 			goto done;
 		}
diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h
index ba3e8cc0..d68d2cf 100644
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_var.h	8.2 (Berkeley) 1/9/95
- *	$Id: ip_var.h,v 1.38 1998/05/25 10:37:48 julian Exp $
+ *	$Id: ip_var.h,v 1.39 1998/06/05 22:40:01 julian Exp $
  */
 
 #ifndef _NETINET_IP_VAR_H_
@@ -65,9 +65,7 @@ struct ipq {
 	struct	in_addr ipq_src,ipq_dst;
 #ifdef IPDIVERT
 	u_short ipq_divert;		/* divert protocol port */
-#ifndef IPFW_DIVERT_OLDRESTART
 	u_short ipq_div_cookie;		/* divert protocol cookie */
-#endif /* IPFW_DIVERT_OLDRESTART */
 #endif
 };
 
@@ -210,13 +208,7 @@ void	div_init __P((void));
 void	div_input __P((struct mbuf *, int));
 extern struct pr_usrreqs div_usrreqs;
 extern u_short ip_divert_port;
-#ifdef IPFW_DIVERT_OLDRESTART
-extern u_short ip_divert_ignore;
-#else
-extern u_short ip_divert_in_cookie;
-extern u_short ip_divert_out_cookie;
-
-#endif /* IPFW_DIVERT_OLDRESTART */
+extern u_short ip_divert_cookie;
 #endif /* IPDIVERT */
 
 #endif /* KERNEL */