From owner-svn-src-stable@freebsd.org Thu Jul 18 11:43:10 2019 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B548FA67AD; Thu, 18 Jul 2019 11:43:10 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 979C685BA7; Thu, 18 Jul 2019 11:43:10 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 69D0F71AB; Thu, 18 Jul 2019 11:43:10 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x6IBhAn5076801; Thu, 18 Jul 2019 11:43:10 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x6IBhAho076800; Thu, 18 Jul 2019 11:43:10 GMT (envelope-from cy@FreeBSD.org) Message-Id: <201907181143.x6IBhAho076800@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Thu, 18 Jul 2019 11:43:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r350110 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet X-SVN-Group: stable-11 X-SVN-Commit-Author: cy X-SVN-Commit-Paths: in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet X-SVN-Commit-Revision: 350110 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 979C685BA7 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.98)[-0.979,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jul 2019 11:43:10 -0000 Author: cy Date: Thu Jul 18 11:43:09 2019 New Revision: 350110 URL: https://svnweb.freebsd.org/changeset/base/350110 Log: MFC r349898, r349916: ipfilter commands, in this case ipf(8), passes its operations and rules via an ioctl interface. Rules can be added or removed and stats and counters can be zeroed out. As the ipfilter interprets these instructions or operations they are stored in an integer called addrem (add/remove). 0 is add, 1 is remove, and 2 is clear stats and counters. Much of this is not documented. This commit documents these operations by replacing simple integers with a self documenting enum along with a few basic comments. Modified: stable/11/sys/contrib/ipfilter/netinet/fil.c Directory Properties: stable/11/ (props changed) Changes in other areas also in this revision: Modified: stable/12/sys/contrib/ipfilter/netinet/fil.c Directory Properties: stable/12/ (props changed) Modified: stable/11/sys/contrib/ipfilter/netinet/fil.c ============================================================================== --- stable/11/sys/contrib/ipfilter/netinet/fil.c Thu Jul 18 07:37:26 2019 (r350109) +++ stable/11/sys/contrib/ipfilter/netinet/fil.c Thu Jul 18 11:43:09 2019 (r350110) @@ -4476,7 +4476,11 @@ frrequest(softc, unit, req, data, set, makecopy) int set, makecopy; caddr_t data; { - int error = 0, in, family, addrem, need_free = 0; + int error = 0, in, family, need_free = 0; + enum { OP_ADD, /* add rule */ + OP_REM, /* remove rule */ + OP_ZERO /* zero statistics and counters */ } + addrem = OP_ADD; frentry_t frd, *fp, *f, **fprev, **ftail; void *ptr, *uptr, *cptr; u_int *p, *pp; @@ -4544,11 +4548,11 @@ frrequest(softc, unit, req, data, set, makecopy) if (req == (ioctlcmd_t)SIOCINAFR || req == (ioctlcmd_t)SIOCINIFR || req == (ioctlcmd_t)SIOCADAFR || req == (ioctlcmd_t)SIOCADIFR) - addrem = 0; + addrem = OP_ADD; /* Add rule */ else if (req == (ioctlcmd_t)SIOCRMAFR || req == (ioctlcmd_t)SIOCRMIFR) - addrem = 1; + addrem = OP_REM; /* Remove rule */ else if (req == (ioctlcmd_t)SIOCZRLST) - addrem = 2; + addrem = OP_ZERO; /* Zero statistics and counters */ else { IPFERROR(9); error = EINVAL; @@ -4582,7 +4586,7 @@ frrequest(softc, unit, req, data, set, makecopy) goto donenolock; } - if (addrem == 0) { + if (addrem == OP_ADD) { error = ipf_funcinit(softc, fp); if (error != 0) goto donenolock; @@ -4646,7 +4650,7 @@ frrequest(softc, unit, req, data, set, makecopy) * them to be created if they don't already exit. */ group = FR_NAME(fp, fr_group); - if (addrem == 0) { + if (addrem == OP_ADD) { fg = ipf_group_add(softc, group, NULL, fp->fr_flags, unit, set); fp->fr_grp = fg; @@ -4951,7 +4955,7 @@ frrequest(softc, unit, req, data, set, makecopy) /* * If zero'ing statistics, copy current to caller and zero. */ - if (addrem == 2) { + if (addrem == OP_ZERO) { if (f == NULL) { IPFERROR(27); error = ESRCH; @@ -5044,7 +5048,7 @@ frrequest(softc, unit, req, data, set, makecopy) /* * Request to remove a rule. */ - if (addrem == 1) { + if (addrem == OP_REM) { if (f == NULL) { IPFERROR(29); error = ESRCH; @@ -5110,7 +5114,7 @@ frrequest(softc, unit, req, data, set, makecopy) if (fp->fr_next != NULL) fp->fr_next->fr_pnext = &fp->fr_next; *ftail = fp; - if (addrem == 0) + if (addrem == OP_ADD) ipf_fixskip(ftail, fp, 1); fp->fr_icmpgrp = NULL;