Date: Tue, 20 Aug 2013 11:04:56 +0800 From: Julian Elischer <julian@freebsd.org> To: Andre Oppermann <andre@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r254519 - in head/sys: netinet netinet6 sys Message-ID: <5212DCD8.4050004@freebsd.org> In-Reply-To: <201308191108.r7JB8aQ4057777@svn.freebsd.org> References: <201308191108.r7JB8aQ4057777@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/19/13 7:08 PM, Andre Oppermann wrote: > Author: andre > Date: Mon Aug 19 11:08:36 2013 > New Revision: 254519 > URL: http://svnweb.freebsd.org/changeset/base/254519 > > Log: > Move the global M_SKIP_FIREWALL mbuf flags to a protocol layer specific > flag instead. The flag is only used within the IP and IPv6 layer 3 > protocols. weeeeelllll, "maybe" Layer 2 usage of ipfw could make use of this flag as well. Cisco were using L2 ipfw some years back. I don't know if this affects them at all. > > Because some firewall packages treat IPv4 and IPv6 packets the same the > flag should have the same value for both. > > Discussed with: trociny, glebius > > Modified: > head/sys/netinet/ip_var.h > head/sys/netinet6/ip6_var.h > head/sys/sys/mbuf.h > > Modified: head/sys/netinet/ip_var.h > ============================================================================== > --- head/sys/netinet/ip_var.h Mon Aug 19 10:34:10 2013 (r254518) > +++ head/sys/netinet/ip_var.h Mon Aug 19 11:08:36 2013 (r254519) > @@ -163,10 +163,12 @@ void kmod_ipstat_dec(int statnum); > #define IP_ALLOWBROADCAST SO_BROADCAST /* 0x20 can send broadcast packets */ > > /* > - * mbuf flag used by ip_fastfwd > + * IPv4 protocol layer specific mbuf flags. > */ > #define M_FASTFWD_OURS M_PROTO1 /* changed dst to local */ > #define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop */ > +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing, > + keep in sync with IP6 */ > #define M_IP_FRAG M_PROTO4 /* fragment reassembly */ > > #ifdef __NO_STRICT_ALIGNMENT > > Modified: head/sys/netinet6/ip6_var.h > ============================================================================== > --- head/sys/netinet6/ip6_var.h Mon Aug 19 10:34:10 2013 (r254518) > +++ head/sys/netinet6/ip6_var.h Mon Aug 19 11:08:36 2013 (r254519) > @@ -293,7 +293,12 @@ struct ip6aux { > #define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */ > #define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */ > > -#define M_IP6_NEXTHOP M_PROTO7 /* explicit ip nexthop */ > +/* > + * IPv6 protocol layer specific mbuf flags. > + */ > +#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop */ > +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing, > + keep in sync with IPv4 */ > > #ifdef __NO_STRICT_ALIGNMENT > #define IP6_HDR_ALIGNED_P(ip) 1 > > Modified: head/sys/sys/mbuf.h > ============================================================================== > --- head/sys/sys/mbuf.h Mon Aug 19 10:34:10 2013 (r254518) > +++ head/sys/sys/mbuf.h Mon Aug 19 11:08:36 2013 (r254519) > @@ -196,7 +196,7 @@ struct mbuf { > #define M_FRAG 0x00000800 /* packet is a fragment of a larger packet */ > #define M_FIRSTFRAG 0x00001000 /* packet is first fragment */ > #define M_LASTFRAG 0x00002000 /* packet is last fragment */ > -#define M_SKIP_FIREWALL 0x00004000 /* skip firewall processing */ > + /* 0x00004000 free */ > /* 0x00008000 free */ > #define M_VLANTAG 0x00010000 /* ether_vtag is valid */ > #define M_PROMISC 0x00020000 /* packet was not for us */ > @@ -253,7 +253,7 @@ struct mbuf { > * Flags preserved when copying m_pkthdr. > */ > #define M_COPYFLAGS \ > - (M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_SKIP_FIREWALL|M_BCAST|M_MCAST|\ > + (M_PKTHDR|M_EOR|M_RDONLY|M_PROTOFLAGS|M_BCAST|M_MCAST|\ > M_FRAG|M_FIRSTFRAG|M_LASTFRAG|M_VLANTAG|M_PROMISC|M_HASHTYPEBITS) > > /* > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5212DCD8.4050004>