Date: Fri, 19 Sep 2008 18:48:42 GMT From: Marko Zec <zec@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 150134 for review Message-ID: <200809191848.m8JImgIo052274@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=150134 Change 150134 by zec@zec_tpx32 on 2008/09/19 18:47:47 Diff reduction. Affected files ... .. //depot/projects/vimage-commit2/src/sys/netinet/ip_fw.h#7 edit Differences ... ==== //depot/projects/vimage-commit2/src/sys/netinet/ip_fw.h#7 (text+ko) ==== @@ -28,8 +28,6 @@ #ifndef _IPFW2_H #define _IPFW2_H -#include <sys/rwlock.h> -#include <net/radix.h> /* * The default rule number. By the design of ip_fw, the default rule * is the last one, so its number can also serve as the highest number @@ -559,40 +557,7 @@ * Main firewall chains definitions and global var's definitions. */ #ifdef _KERNEL -#ifdef NOTYET /* still in ip_fw2.c */ -/* - * Data structure to cache our ucred related - * information. This structure only gets used if - * the user specified UID/GID based constraints in - * a firewall rule. - */ -struct ip_fw_ugid { - gid_t fw_groups[NGROUPS]; - int fw_ngroups; - uid_t fw_uid; - int fw_prid; -}; -#endif - - -#define IPFW_TABLES_MAX 128 -struct ip_fw_chain { - struct ip_fw *rules; /* list of rules */ - struct ip_fw *reap; /* list of rules to reap */ - LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ - struct radix_node_head *tables[IPFW_TABLES_MAX]; - struct rwlock rwmtx; -}; - -#ifdef NOTYET /* still in ip_fw2.c */ -struct table_entry { - struct radix_node rn[2]; - struct sockaddr_in addr, mask; - u_int32_t value; -}; -#endif - /* Return values from ipfw_chk() */ enum { IP_FW_PASS = 0, @@ -681,6 +646,14 @@ #ifdef IPFW_INTERNAL +#define IPFW_TABLES_MAX 128 +struct ip_fw_chain { + struct ip_fw *rules; /* list of rules */ + struct ip_fw *reap; /* list of rules to reap */ + LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ + struct radix_node_head *tables[IPFW_TABLES_MAX]; + struct rwlock rwmtx; +}; #define IPFW_LOCK_INIT(_chain) \ rw_init(&(_chain)->rwmtx, "IPFW static rules") #define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx) @@ -711,19 +684,16 @@ int _fw_one_pass; int _fw_enable; int _fw6_enable; - u_int32_t _set_disable; int _fw_deny_unknown_exthdrs; int _fw_verbose; int _verbose_limit; int _fw_debug; int _autoinc_step; - ipfw_dyn_rule **_ipfw_dyn_v; struct ip_fw_chain _layer3_chain; u_int32_t _dyn_buckets; u_int32_t _curr_dyn_buckets; - u_int32_t _dyn_ack_lifetime; u_int32_t _dyn_syn_lifetime; u_int32_t _dyn_fin_lifetime; @@ -737,9 +707,7 @@ u_int32_t _static_len; u_int32_t _dyn_count; u_int32_t _dyn_max; - u_int64_t _norule_counter; - struct callout _ipfw_timeout; eventhandler_tag _ifaddr_event_tag; }; @@ -748,7 +716,6 @@ /* * Symbol translation macros */ - #define INIT_VNET_IPFW(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_IPFW, struct vnet_ipfw, vnet_ipfw)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809191848.m8JImgIo052274>