From owner-svn-src-all@FreeBSD.ORG Thu Dec 17 17:27:13 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 075AB106566C; Thu, 17 Dec 2009 17:27:13 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id E003C8FC19; Thu, 17 Dec 2009 17:27:12 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id nBHHRCxK042530; Thu, 17 Dec 2009 17:27:12 GMT (envelope-from luigi@svn.freebsd.org) Received: (from luigi@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id nBHHRCnj042528; Thu, 17 Dec 2009 17:27:12 GMT (envelope-from luigi@svn.freebsd.org) Message-Id: <200912171727.nBHHRCnj042528@svn.freebsd.org> From: Luigi Rizzo Date: Thu, 17 Dec 2009 17:27:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r200634 - head/sys/netinet/ipfw X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Dec 2009 17:27:13 -0000 Author: luigi Date: Thu Dec 17 17:27:12 2009 New Revision: 200634 URL: http://svn.freebsd.org/changeset/base/200634 Log: simplify and document lookup_next_rule() Modified: head/sys/netinet/ipfw/ip_fw2.c Modified: head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw2.c Thu Dec 17 17:03:47 2009 (r200633) +++ head/sys/netinet/ipfw/ip_fw2.c Thu Dec 17 17:27:12 2009 (r200634) @@ -630,50 +630,27 @@ send_reject(struct ip_fw_args *args, int } /** - * Given an ip_fw *, lookup_next_rule will return a pointer - * to the next rule, which can be either the jump - * target (for skipto instructions) or the next one in the list (in - * all other cases including a missing jump target). - * The result is also written in the "next_rule" field of the rule. - * Backward jumps are not allowed, so we start the search from the - * rule following the current one. + * Return the pointer to the skipto target. + * + * IMPORTANT: this should only be called on SKIPTO rules, and the + * jump target is taken from the 'rulenum' argument, which may come + * from the rule itself (direct skipto) or not (tablearg) * * The function never returns NULL: if the requested rule is not * present, it returns the next rule in the chain. - * As a side effect, the rule pointer is also set so next time - * the jump will not require a scan of the list. + * This also happens in case of a bogus argument > 65535 */ - static struct ip_fw * -lookup_next_rule(struct ip_fw *me, u_int32_t tablearg) +lookup_next_rule(struct ip_fw *me, uint32_t rulenum) { - struct ip_fw *rule = NULL; - ipfw_insn *cmd; - u_int16_t rulenum; - - /* look for action, in case it is a skipto */ - cmd = ACTION_PTR(me); - if (cmd->opcode == O_LOG) - cmd += F_LEN(cmd); - if (cmd->opcode == O_ALTQ) - cmd += F_LEN(cmd); - if (cmd->opcode == O_TAG) - cmd += F_LEN(cmd); - if (cmd->opcode == O_SKIPTO ) { - if (tablearg != 0) { - rulenum = (u_int16_t)tablearg; - } else { - rulenum = cmd->arg1; - } - for (rule = me->next; rule ; rule = rule->next) { - if (rule->rulenum >= rulenum) { - break; - } - } + struct ip_fw *rule; + + for (rule = me->next; rule ; rule = rule->next) { + if (rule->rulenum >= rulenum) + break; } if (rule == NULL) /* failure or not a skipto */ - rule = me->next; - me->next_rule = rule; + rule = me->next ? me->next : me; return rule; } @@ -2013,13 +1990,15 @@ do { \ l = 0; /* exit inner loop */ break; } - /* handle skipto */ + /* skipto: */ if (cmd->arg1 == IP_FW_TABLEARG) { - f = lookup_next_rule(f, tablearg); - } else { - if (f->next_rule == NULL) - lookup_next_rule(f, 0); - f = f->next_rule; + f = lookup_next_rule(f, tablearg); + } else { /* direct skipto */ + /* update f->next_rule if not set */ + if (f->next_rule == NULL) + f->next_rule = + lookup_next_rule(f, cmd->arg1); + f = f->next_rule; } /* * Skip disabled rules, and @@ -2032,7 +2011,7 @@ do { \ if (f) { /* found a valid rule */ l = f->cmd_len; cmd = f->cmd; - } else { + } else { /* should not happen */ l = 0; /* exit inner loop */ } match = 1;