diff options
| author | melifaro <melifaro@FreeBSD.org> | 2012-12-23 16:28:18 +0000 |
|---|---|---|
| committer | melifaro <melifaro@FreeBSD.org> | 2012-12-23 16:28:18 +0000 |
| commit | 911df5a3324405f742e5c9eebd47c0f0bd606d09 (patch) | |
| tree | 78b5126d080401531fc1669b823c5ad39ae2faa5 /sys/netpfil/ipfw | |
| parent | 97587080eadabbd5fde12c70cd32748fe67d4f19 (diff) | |
| download | FreeBSD-src-911df5a3324405f742e5c9eebd47c0f0bd606d09.zip FreeBSD-src-911df5a3324405f742e5c9eebd47c0f0bd606d09.tar.gz | |
Use unified IP_FW_ARG_TABLEARG() macro for most tablearg checks.
Log real value instead of IP_FW_TABLEARG (65535) in ipfw_log().
Noticed by: Vitaliy Tokarenko <rphone@ukr.net>
MFC after: 2 weeks
Diffstat (limited to 'sys/netpfil/ipfw')
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw2.c | 29 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_dynamic.c | 3 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_log.c | 8 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_private.h | 2 |
4 files changed, 17 insertions, 25 deletions
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 3cbb006..a542ffe 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -1850,8 +1850,7 @@ do { \ case O_TAG: { struct m_tag *mtag; - uint32_t tag = (cmd->arg1 == IP_FW_TABLEARG) ? - tablearg : cmd->arg1; + uint32_t tag = IP_FW_ARG_TABLEARG(cmd->arg1); /* Packet is already tagged with this tag? */ mtag = m_tag_locate(m, MTAG_IPFW, tag, NULL); @@ -1930,8 +1929,7 @@ do { \ case O_TAGGED: { struct m_tag *mtag; - uint32_t tag = (cmd->arg1 == IP_FW_TABLEARG) ? - tablearg : cmd->arg1; + uint32_t tag = IP_FW_ARG_TABLEARG(cmd->arg1); if (cmdlen == 1) { match = m_tag_locate(m, MTAG_IPFW, @@ -2069,8 +2067,7 @@ do { \ case O_PIPE: case O_QUEUE: set_match(args, f_pos, chain); - args->rule.info = (cmd->arg1 == IP_FW_TABLEARG) ? - tablearg : cmd->arg1; + args->rule.info = IP_FW_ARG_TABLEARG(cmd->arg1); if (cmd->opcode == O_PIPE) args->rule.info |= IPFW_IS_PIPE; if (V_fw_one_pass) @@ -2090,8 +2087,7 @@ do { \ retval = (cmd->opcode == O_DIVERT) ? IP_FW_DIVERT : IP_FW_TEE; set_match(args, f_pos, chain); - args->rule.info = (cmd->arg1 == IP_FW_TABLEARG) ? - tablearg : cmd->arg1; + args->rule.info = IP_FW_ARG_TABLEARG(cmd->arg1); break; case O_COUNT: @@ -2109,8 +2105,7 @@ do { \ (uintptr_t)f->x_next == chain->id) { f_pos = (uintptr_t)f->next_rule; } else { - int i = (cmd->arg1 == IP_FW_TABLEARG) ? - tablearg : cmd->arg1; + int i = IP_FW_ARG_TABLEARG(cmd->arg1); /* make sure we do not jump backward */ if (i <= f->rulenum) i = f->rulenum + 1; @@ -2215,9 +2210,8 @@ do { \ (uintptr_t)f->x_next == chain->id) { f_pos = (uintptr_t)f->next_rule; } else { - jmpto = (cmd->arg1 == - IP_FW_TABLEARG) ? tablearg: - cmd->arg1; + jmpto = IP_FW_ARG_TABLEARG( + cmd->arg1); f_pos = ipfw_find_rule(chain, jmpto, 0); /* update the cache */ @@ -2337,8 +2331,7 @@ do { \ case O_NETGRAPH: case O_NGTEE: set_match(args, f_pos, chain); - args->rule.info = (cmd->arg1 == IP_FW_TABLEARG) ? - tablearg : cmd->arg1; + args->rule.info = IP_FW_ARG_TABLEARG(cmd->arg1); if (V_fw_one_pass) args->rule.info |= IPFW_ONEPASS; retval = (cmd->opcode == O_NETGRAPH) ? @@ -2351,8 +2344,7 @@ do { \ uint32_t fib; IPFW_INC_RULE_COUNTER(f, pktlen); - fib = (cmd->arg1 == IP_FW_TABLEARG) ? tablearg: - cmd->arg1; + fib = IP_FW_ARG_TABLEARG(cmd->arg1); if (fib >= rt_numfibs) fib = 0; M_SETFIB(m, fib); @@ -2378,8 +2370,7 @@ do { \ } t = ((ipfw_insn_nat *)cmd)->nat; if (t == NULL) { - nat_id = (cmd->arg1 == IP_FW_TABLEARG) ? - tablearg : cmd->arg1; + nat_id = IP_FW_ARG_TABLEARG(cmd->arg1); t = (*lookup_nat_ptr)(&chain->nat, nat_id); if (t == NULL) { diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 5cccce9..656e826 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -696,8 +696,7 @@ ipfw_install_state(struct ip_fw *rule, ipfw_insn_limit *cmd, uint16_t limit_mask = cmd->limit_mask; int pindex; - conn_limit = (cmd->conn_limit == IP_FW_TABLEARG) ? - tablearg : cmd->conn_limit; + conn_limit = IP_FW_ARG_TABLEARG(cmd->conn_limit); DEB( if (cmd->conn_limit == IP_FW_TABLEARG) diff --git a/sys/netpfil/ipfw/ip_fw_log.c b/sys/netpfil/ipfw/ip_fw_log.c index c33e365..48e6791 100644 --- a/sys/netpfil/ipfw/ip_fw_log.c +++ b/sys/netpfil/ipfw/ip_fw_log.c @@ -338,19 +338,19 @@ ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args, break; case O_SETFIB: snprintf(SNPARGS(action2, 0), "SetFib %d", - cmd->arg1); + IP_FW_ARG_TABLEARG(cmd->arg1)); break; case O_SKIPTO: snprintf(SNPARGS(action2, 0), "SkipTo %d", - cmd->arg1); + IP_FW_ARG_TABLEARG(cmd->arg1)); break; case O_PIPE: snprintf(SNPARGS(action2, 0), "Pipe %d", - cmd->arg1); + IP_FW_ARG_TABLEARG(cmd->arg1)); break; case O_QUEUE: snprintf(SNPARGS(action2, 0), "Queue %d", - cmd->arg1); + IP_FW_ARG_TABLEARG(cmd->arg1)); break; case O_FORWARD_IP: { ipfw_insn_sa *sa = (ipfw_insn_sa *)cmd; diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h index 0ea0b35..44a7720 100644 --- a/sys/netpfil/ipfw/ip_fw_private.h +++ b/sys/netpfil/ipfw/ip_fw_private.h @@ -258,6 +258,8 @@ struct sockopt; /* used by tcp_var.h */ (_cntr)->pcnt = 0; \ (_cntr)->bcnt = 0; \ } while (0) + +#define IP_FW_ARG_TABLEARG(a) ((a) == IP_FW_TABLEARG) ? tablearg : (a) /* * The lock is heavily used by ip_fw2.c (the main file) and ip_fw_nat.c * so the variable and the macros must be here. |
