Date: Wed, 11 Jun 2014 17:59:45 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r269408 - soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw Message-ID: <201406111759.s5BHxjek029242@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Wed Jun 11 17:59:45 2014 New Revision: 269408 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269408 Log: Reorganized code to match the structure of ip_fw2.c:ipfw_chk(). Also added two missing function headers. Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Jun 11 17:00:42 2014 (r269407) +++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Jun 11 17:59:45 2014 (r269408) @@ -1355,7 +1355,7 @@ break; case O_MACADDR2: - rule_macaddr(&match, args, cmd); + rule_macaddr2(&match, args, cmd); break; case O_MAC_TYPE: @@ -1466,18 +1466,11 @@ break; case O_IP_SRC_ME: - if (is_ipv4) { - struct ifnet *tif; - - INADDR_TO_IFP(src_ip, tif); - match = (tif != NULL); - break; - } + rule_ip_sec_me(&match, src_ip, args); #ifdef INET6 /* FALLTHROUGH */ case O_IP6_SRC_ME: rule_ip6_src_me(&match, is_ipv6, args) - match= is_ipv6 && search_ip6_addr_net(&args->f_id.src_ip6); #endif break; Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h ============================================================================== --- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Wed Jun 11 17:00:42 2014 (r269407) +++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Wed Jun 11 17:59:45 2014 (r269408) @@ -59,7 +59,7 @@ } inline void -rule_macaddr(int *match, struct ip_fw_args *args, ipfw_insn *cmd) +rule_macaddr2(int *match, struct ip_fw_args *args, ipfw_insn *cmd) { if (args->eh != NULL) { /* have MAC header */ u_int32_t *want = (u_int32_t *) @@ -106,7 +106,7 @@ } inline void -rule_layertwo(int *match, struct ip_fw_args * args) +rule_layer2(int *match, struct ip_fw_args * args) { *match = (args->eh != NULL); } @@ -144,7 +144,7 @@ // XXX Finish this function. inline void -rule_ip_2_lookup(int *match, ipfw_insn *cmd, int cmdlen, int is_ipv4, int is_ipv6, struct ip *ip, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, u_short offset, uint8_t proto, int ucred_lookup, ucred_cache, struct ip_fw_chain *chain) +rule_2_lookup(int *match, ipfw_insn *cmd, int cmdlen, int is_ipv4, int is_ipv6, struct ip *ip, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, u_short offset, uint8_t proto, int ucred_lookup, ucred_cache, struct ip_fw_chain *chain) { if (is_ipv4) { uint32_t key = @@ -275,7 +275,7 @@ } inline void -rule_ip_dst(int *match, is_ipv4, ipfw_insn *cmd, struct in_addr *dst_ip) +rule_ip_dst(int *match, int is_ipv4, ipfw_insn *cmd, struct in_addr *dst_ip) { *match = is_ipv4 && (((ipfw_insn_ip *)cmd)->addr.s_addr == @@ -332,6 +332,17 @@ } inline void +rule_icmp6type(int *match, u_short offset, uint8_t proto, void *void *ulp, ipfw_insn *cmd) +{ + *match = is_ipv6 && offset == 0 && + proto==IPPROTO_ICMPV6 && + icmp6type_match( + ICMP6(void *ulp)->icmp6_type, + (ipfw_insn_u32 *)cmd); +} + + +inline void rule_ipopt(int *match, int is_ipv4, struct ip *ip, ipfw_insn *cmd) { *match = (is_ipv4 && @@ -600,39 +611,17 @@ *match = 1; } +#ifdef IPSEC inline void -rule_ip4(int *match, is_ipv4) -{ -} - -inline void -rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, ) -{ -} - -inline void -rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd) -{ -} - -inline void -rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag) +rule_ipsec(int *match, m) { + *match = (m_tag_find(m, + PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL); } - +#endif #ifdef INET6 inline void -rule_icmp6type(int *match, u_short offset, uint8_t proto, void *void *ulp, ipfw_insn *cmd) -{ - *match = is_ipv6 && offset == 0 && - proto==IPPROTO_ICMPV6 && - icmp6type_match( - ICMP6(void *ulp)->icmp6_type, - (ipfw_insn_u32 *)cmd); -} - -inline void rule_ip6_src(int *match, int is_ipv6, struct ip_fw_args *args, ipfw_insn *cmd) { *match = is_ipv6 && @@ -673,30 +662,35 @@ } inline void -rule_ip6_dst(int *match, int is_ipv6 flow_id6, ipfw_insn *cmd) +rule_flow6id(int *match, struct ip_fw_args *args, ipfw_insn *cmd) { } inline void -rule_is_ipv6(int *match, int is_ipv6 ext_hd, ipfw_insn *cmd) +rule_ext_hdr(int *match, int is_ipv6, uint16_t ext_hd, ipfw_insn *cmd) { } inline void -rule_ip6(int *match, is_ipv6) +rule_ip6(int *match, int is_ipv6) { } - #endif -#ifdef IPSEC inline void -rule_ipsec(int *match, m) +rule_ip4(int *match, int is_ipv4) +{ +} + +inline void +rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, ) +{ +} + +inline void +rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd) { - *match = (m_tag_find(m, - PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL); } -#endif #ifndef USERSPACE inline void @@ -705,8 +699,13 @@ } #endif /* !USERSPACE */ +inline void +rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag) +{ +} + /* - * The second round of actions. + * The second sets of opcodes. They represent the actions of a rule. */ inline void rule_keep_state(int *match, f, ipfw_insn *cmd, struct ip_fw_args *args, uint32_t *tablearg, retval, l, done) @@ -753,50 +752,51 @@ { } +#ifdef INET6 inline void -rule_deny(l, done, retval) +rule_unreach6(u_int hlen, int is_ipv4 u_short offset, uint8_t proto, icmp6_type, struct mbuf *m, struct ip_fw_args *args, ipfw_insn *cmd, struct ip *ip) { } +#endif /* INET6 */ + inline void -rule_forward_ip(args, q, dyn_dir, ipfw_insn *cmd, sa, retval, l, done) +rule_deny(l, done, retval) { } inline void -rule_ngtee(args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, V_fw_one_pass, retval, l, done) +rule_forward_ip(args, q, dyn_dir, ipfw_insn *cmd, sa, retval, l, done) { } +#ifdef INET6 inline void -rule_setfib(f, pktlen, ipfw_insn *cmd, rt_numfibs, struct mbuf *m, struct ip_fw_args *args, l) +rule_forward_ip6(args, q, f, dun_dir, ipfw_insn *cmd, struct ip_fw_args *args, retval, l, done) { } +#endif /* INET6 */ inline void -rule_setdscp(ipfw_insn *cmd, l, int is_ipv4 a, int is_ipv6 f, pktlen) +rule_ngtee(args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, V_fw_one_pass, retval, l, done) { } inline void -rule_nat(l, done, retval, struct ip_fw_args *args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, struct ip_fw_chain *chain) +rule_setfib(f, pktlen, ipfw_insn *cmd, rt_numfibs, struct mbuf *m, struct ip_fw_args *args, l) { } -inlinue void rule_reass(f, pktlen, l, ip_off, struct ip *ip, struct ip_fw_args *args, struct mbuf *m, retval, done) +inline void +rule_setdscp(ipfw_insn *cmd, l, int is_ipv4 a, int is_ipv6 f, pktlen) { } - -#ifdef INET6 inline void -rule_unreach6(u_int hlen, int is_ipv4 u_short offset, uint8_t proto, icmp6_type, struct mbuf *m, struct ip_fw_args *args, ipfw_insn *cmd, struct ip *ip) +rule_nat(l, done, retval, struct ip_fw_args *args, f_pos, struct ip_fw_chain *chain, ipfw_insn *cmd, struct ip_fw_chain *chain) { } -inline void -rule_forward_ip6(args, q, f, dun_dir, ipfw_insn *cmd, struct ip_fw_args *args, retval, l, done) +inlinue void rule_reass(f, pktlen, l, ip_off, struct ip *ip, struct ip_fw_args *args, struct mbuf *m, retval, done) { } - -#endif /* INET6 */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406111759.s5BHxjek029242>