From owner-p4-projects@FreeBSD.ORG  Wed Oct  1 00:00:34 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 4681910656A4; Wed,  1 Oct 2008 00:00:34 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 09FAC10656A3
	for <perforce@freebsd.org>; Wed,  1 Oct 2008 00:00:34 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id ECA118FC1A
	for <perforce@freebsd.org>; Wed,  1 Oct 2008 00:00:33 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id m9100XJ3007427
	for <perforce@freebsd.org>; Wed, 1 Oct 2008 00:00:33 GMT
	(envelope-from julian@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id m9100Xxh007419
	for perforce@freebsd.org; Wed, 1 Oct 2008 00:00:33 GMT
	(envelope-from julian@freebsd.org)
Date: Wed, 1 Oct 2008 00:00:33 GMT
Message-Id: <200810010000.m9100Xxh007419@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	julian@freebsd.org using -f
From: Julian Elischer <julian@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 150734 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2008 00:00:34 -0000

http://perforce.freebsd.org/chv.cgi?CH=150734

Change 150734 by julian@julian_trafmon1 on 2008/09/30 23:59:56

	slight mismerges and ommisions

Affected files ...

.. //depot/projects/vimage/src/sys/netinet/ip_fw.h#18 edit
.. //depot/projects/vimage/src/sys/netinet/ip_fw2.c#47 edit

Differences ...

==== //depot/projects/vimage/src/sys/netinet/ip_fw.h#18 (text+ko) ====

@@ -564,6 +564,34 @@
  */
 #ifdef _KERNEL
 
+/*
+ * Data structure to cache our ucred related
+ * information. This structure only gets used if
+ * the user specified UID/GID based constraints in
+ * a firewall rule.
+ */
+struct ip_fw_ugid {
+	gid_t		fw_groups[NGROUPS];
+	int		fw_ngroups;
+	uid_t		fw_uid;
+	int		fw_prid;
+};
+
+#define	IPFW_TABLES_MAX		128
+struct ip_fw_chain {
+	struct ip_fw	*rules;		/* list of rules */
+	struct ip_fw	*reap;		/* list of rules to reap */
+	LIST_HEAD(, cfg_nat) nat;	/* list of nat entries */
+	struct radix_node_head *tables[IPFW_TABLES_MAX];
+	struct rwlock	rwmtx;
+};
+
+struct table_entry {
+	struct radix_node	rn[2];
+	struct sockaddr_in	addr, mask;
+	u_int32_t		value;
+};
+
 /* Return values from ipfw_chk() */
 enum {
 	IP_FW_PASS = 0,
@@ -648,14 +676,6 @@
 extern	ip_fw_chk_t	*ip_fw_chk_ptr;
 #define	IPFW_LOADED	(ip_fw_chk_ptr != NULL)
 
-struct ip_fw_chain {
-	struct ip_fw	*rules;		/* list of rules */
-	struct ip_fw	*reap;		/* list of rules to reap */
-	LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
-	struct radix_node_head *tables[IPFW_TABLES_MAX];
-	struct rwlock	rwmtx;
-};
-
 #ifdef IPFW_INTERNAL
 
 #define	IPFW_LOCK_INIT(_chain) \
@@ -714,6 +734,7 @@
 	u_int64_t _norule_counter;
 	struct callout _ipfw_timeout;
 	eventhandler_tag _ifaddr_event_tag;
+	struct ip_fw_ugid _fw_ugid_cache;
 };
 #endif
 
@@ -753,7 +774,9 @@
 #define	V_dyn_max		VNET_IPFW(dyn_max)
 #define	V_norule_counter	VNET_IPFW(norule_counter)
 #define	V_ipfw_timeout		VNET_IPFW(ipfw_timeout)
+#define	V_ipfw_timeout		VNET_IPFW(ipfw_timeout)
 #define	V_ifaddr_event_tag	VNET_IPFW(ifaddr_event_tag)
+#define	V_fw_ugid_cache		VNET_IPFW(fw_ugid_cache)
 
 #endif /* _KERNEL */
 #endif /* _IPFW2_H */

==== //depot/projects/vimage/src/sys/netinet/ip_fw2.c#47 (text+ko) ====

@@ -74,7 +74,6 @@
 
 #define	IPFW_INTERNAL	/* Access to protected data structures in ip_fw.h. */
 
-#include <netinet/vinet.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/in_var.h>
@@ -94,6 +93,7 @@
 #include <netinet/udp.h>
 #include <netinet/udp_var.h>
 #include <netinet/sctp.h>
+#include <netinet/vinet.h>
 #include <netgraph/ng_ipfw.h>
 
 #include <altq/if_altq.h>
@@ -2162,7 +2162,7 @@
 	 * these types of constraints, as well as decrease contention
 	 * on pcb related locks.
 	 */
-#if 0
+#ifndef VIMAGE 
 	struct ip_fw_ugid fw_ugid_cache;	/* XXX Marko revisit this */
 #endif
 	int ugid_lookup = 0;
@@ -2623,7 +2623,8 @@
 						    (ipfw_insn_u32 *)cmd,
 						    proto, oif,
 						    dst_ip, dst_port,
-						    src_ip, src_port, &fw_ugid_cache,
+						    src_ip, src_port,
+						    &V_fw_ugid_cache,
 						    &ugid_lookup, args->inp);
 				break;