From owner-p4-projects@FreeBSD.ORG Fri Sep 19 18:48:43 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 206741065675; Fri, 19 Sep 2008 18:48:43 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D86DE1065673 for ; Fri, 19 Sep 2008 18:48:42 +0000 (UTC) (envelope-from zec@tel.fer.hr) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id C979A8FC17 for ; Fri, 19 Sep 2008 18:48:42 +0000 (UTC) (envelope-from zec@tel.fer.hr) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id m8JImg6E052299 for ; Fri, 19 Sep 2008 18:48:42 GMT (envelope-from zec@tel.fer.hr) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id m8JImgIo052274 for perforce@freebsd.org; Fri, 19 Sep 2008 18:48:42 GMT (envelope-from zec@tel.fer.hr) Date: Fri, 19 Sep 2008 18:48:42 GMT Message-Id: <200809191848.m8JImgIo052274@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to zec@tel.fer.hr using -f From: Marko Zec To: Perforce Change Reviews Cc: Subject: PERFORCE change 150134 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Sep 2008 18:48:43 -0000 http://perforce.freebsd.org/chv.cgi?CH=150134 Change 150134 by zec@zec_tpx32 on 2008/09/19 18:47:47 Diff reduction. Affected files ... .. //depot/projects/vimage-commit2/src/sys/netinet/ip_fw.h#7 edit Differences ... ==== //depot/projects/vimage-commit2/src/sys/netinet/ip_fw.h#7 (text+ko) ==== @@ -28,8 +28,6 @@ #ifndef _IPFW2_H #define _IPFW2_H -#include -#include /* * The default rule number. By the design of ip_fw, the default rule * is the last one, so its number can also serve as the highest number @@ -559,40 +557,7 @@ * Main firewall chains definitions and global var's definitions. */ #ifdef _KERNEL -#ifdef NOTYET /* still in ip_fw2.c */ -/* - * Data structure to cache our ucred related - * information. This structure only gets used if - * the user specified UID/GID based constraints in - * a firewall rule. - */ -struct ip_fw_ugid { - gid_t fw_groups[NGROUPS]; - int fw_ngroups; - uid_t fw_uid; - int fw_prid; -}; -#endif - - -#define IPFW_TABLES_MAX 128 -struct ip_fw_chain { - struct ip_fw *rules; /* list of rules */ - struct ip_fw *reap; /* list of rules to reap */ - LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ - struct radix_node_head *tables[IPFW_TABLES_MAX]; - struct rwlock rwmtx; -}; - -#ifdef NOTYET /* still in ip_fw2.c */ -struct table_entry { - struct radix_node rn[2]; - struct sockaddr_in addr, mask; - u_int32_t value; -}; -#endif - /* Return values from ipfw_chk() */ enum { IP_FW_PASS = 0, @@ -681,6 +646,14 @@ #ifdef IPFW_INTERNAL +#define IPFW_TABLES_MAX 128 +struct ip_fw_chain { + struct ip_fw *rules; /* list of rules */ + struct ip_fw *reap; /* list of rules to reap */ + LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ + struct radix_node_head *tables[IPFW_TABLES_MAX]; + struct rwlock rwmtx; +}; #define IPFW_LOCK_INIT(_chain) \ rw_init(&(_chain)->rwmtx, "IPFW static rules") #define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx) @@ -711,19 +684,16 @@ int _fw_one_pass; int _fw_enable; int _fw6_enable; - u_int32_t _set_disable; int _fw_deny_unknown_exthdrs; int _fw_verbose; int _verbose_limit; int _fw_debug; int _autoinc_step; - ipfw_dyn_rule **_ipfw_dyn_v; struct ip_fw_chain _layer3_chain; u_int32_t _dyn_buckets; u_int32_t _curr_dyn_buckets; - u_int32_t _dyn_ack_lifetime; u_int32_t _dyn_syn_lifetime; u_int32_t _dyn_fin_lifetime; @@ -737,9 +707,7 @@ u_int32_t _static_len; u_int32_t _dyn_count; u_int32_t _dyn_max; - u_int64_t _norule_counter; - struct callout _ipfw_timeout; eventhandler_tag _ifaddr_event_tag; }; @@ -748,7 +716,6 @@ /* * Symbol translation macros */ - #define INIT_VNET_IPFW(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_IPFW, struct vnet_ipfw, vnet_ipfw)