From owner-svn-src-stable@FreeBSD.ORG  Wed Mar 31 01:51:09 2010
Return-Path: <owner-svn-src-stable@FreeBSD.ORG>
Delivered-To: svn-src-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1C8131065674;
	Wed, 31 Mar 2010 01:51:09 +0000 (UTC)
	(envelope-from luigi@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 0AC998FC12;
	Wed, 31 Mar 2010 01:51:09 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o2V1p8eb058663;
	Wed, 31 Mar 2010 01:51:08 GMT (envelope-from luigi@svn.freebsd.org)
Received: (from luigi@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o2V1p8QW058661;
	Wed, 31 Mar 2010 01:51:08 GMT (envelope-from luigi@svn.freebsd.org)
Message-Id: <201003310151.o2V1p8QW058661@svn.freebsd.org>
From: Luigi Rizzo <luigi@FreeBSD.org>
Date: Wed, 31 Mar 2010 01:51:08 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r205953 - stable/8/sys/netinet/ipfw
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
	<svn-src-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>, 
	<mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
	<mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2010 01:51:09 -0000

Author: luigi
Date: Wed Mar 31 01:51:08 2010
New Revision: 205953
URL: http://svn.freebsd.org/changeset/base/205953

Log:
  A last-minute change in the previous commit broke rule deletion,
  so i am fixing it, this time with a more detailed description
  of what the code is supposed to do.

Modified:
  stable/8/sys/netinet/ipfw/ip_fw_sockopt.c

Modified: stable/8/sys/netinet/ipfw/ip_fw_sockopt.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_fw_sockopt.c	Wed Mar 31 00:42:18 2010	(r205952)
+++ stable/8/sys/netinet/ipfw/ip_fw_sockopt.c	Wed Mar 31 01:51:08 2010	(r205953)
@@ -239,12 +239,12 @@ ipfw_reap_rules(struct ip_fw *head)
  * The argument is an u_int32_t. The low 16 bit are the rule or set number,
  * the next 8 bits are the new set, the top 8 bits are the command:
  *
- *	0	delete rules with given number
- *	1	delete rules with given set number
- *	2	move rules with given number to new set
- *	3	move rules with given set number to new set
- *	4	swap sets with given numbers
- *	5	delete rules with given number and with given set number
+ *	0	delete rules numbered "rulenum"
+ *	1	delete rules in set "rulenum"
+ *	2	move rules "rulenum" to set "new_set"
+ *	3	move rules from set "rulenum" to set "new_set"
+ *	4	swap sets "rulenum" and "new_set"
+ *	5	delete rules "rulenum" and set "new_set"
  */
 static int
 del_entry(struct ip_fw_chain *chain, u_int32_t arg)
@@ -274,7 +274,7 @@ del_entry(struct ip_fw_chain *chain, u_i
 	chain->reap = NULL;	/* prepare for deletions */
 
 	switch (cmd) {
-	case 0:	/* delete rules number N (N == 0 means all) */
+	case 0:	/* delete rules "rulenum" (rulenum == 0 matches all) */
 	case 1:	/* delete all rules in set N */
 	case 5: /* delete rules with number N and set "new_set". */
 
@@ -287,7 +287,7 @@ del_entry(struct ip_fw_chain *chain, u_i
 		if (cmd == 1) { /* look for a specific set, must scan all */
 			new_set = rulenum;
 			for (start = -1, i = 0; i < chain->n_rules; i++) {
-				if (chain->map[i]->set != rulenum)
+				if (chain->map[i]->set != new_set)
 					continue;
 				if (start < 0)
 					start = i;
@@ -321,16 +321,21 @@ del_entry(struct ip_fw_chain *chain, u_i
 		 * and then bcopy the final part.
 		 * Once we are done we can swap maps and clean up the
 		 * deleted rules (unfortunately we need to repeat a
-		 * convoluted test).
+		 * convoluted test). Rules to keep are
+		 *	(set == RESVD_SET || !match_set || !match_rule)
+		 * where
+		 *   match_set ::= (cmd == 0 || rule->set == new_set)
+		 *   match_rule ::= (cmd == 1 || rule->rulenum == rulenum)
 		 */
 		if (start > 0)
 			bcopy(chain->map, map, start * sizeof(struct ip_fw *));
 		for (i = ofs = start; i < end; i++) {
 			rule = chain->map[i];
-			if (rule->set == RESVD_SET || cmd == 0 ||
-			    (rule->set == new_set &&
-			     (cmd == 1 || rule->rulenum == rulenum)))
+			if (rule->set == RESVD_SET ||
+			    !(cmd == 0 || rule->set == new_set) ||
+			    !(cmd == 1 || rule->rulenum == rulenum) ) {
 				map[ofs++] = chain->map[i];
+			}
 		}
 		bcopy(chain->map + end, map + ofs,
 			(chain->n_rules - end) * sizeof(struct ip_fw *));
@@ -341,9 +346,9 @@ del_entry(struct ip_fw_chain *chain, u_i
 			int l;
 			rule = map[i];
 			/* same test as above */
-                        if (rule->set == RESVD_SET || cmd == 0 ||
-                            (rule->set == new_set && 
-                             (cmd == 1 || rule->rulenum == rulenum)))
+			if (rule->set == RESVD_SET ||
+			    !(cmd == 0 || rule->set == new_set) ||
+			    !(cmd == 1 || rule->rulenum == rulenum) )
 				continue;
 
 			l = RULESIZE(rule);