From owner-cvs-src-old@FreeBSD.ORG Fri Jun 5 16:18:13 2009 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7A161065680 for ; Fri, 5 Jun 2009 16:18:13 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 9474B8FC23 for ; Fri, 5 Jun 2009 16:18:13 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n55GIBOO014619 for ; Fri, 5 Jun 2009 16:18:11 GMT (envelope-from luigi@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n55GIANr014617 for cvs-src-old@freebsd.org; Fri, 5 Jun 2009 16:18:10 GMT (envelope-from luigi@repoman.freebsd.org) Message-Id: <200906051618.n55GIANr014617@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to luigi@repoman.freebsd.org using -f From: Luigi Rizzo Date: Fri, 5 Jun 2009 16:16:07 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sbin/ipfw ipfw2.c src/sys/netinet ip_fw.h X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 16:18:14 -0000 luigi 2009-06-05 16:16:07 UTC FreeBSD src repository Modified files: sbin/ipfw ipfw2.c sys/netinet ip_fw.h Log: SVN rev 193516 on 2009-06-05 16:16:07Z by luigi Several ipfw options and actions use a 16-bit argument to indicate pipes, queues, tags, rule numbers and so on. These are all different namespaces, and the only thing they have in common is the fact they use a 16-bit slot to represent the argument. There is some confusion in the code, mostly for historical reasons, on how the values 0 and 65535 should be used. At the moment, 0 is forbidden almost everywhere, while 65535 is used to represent a 'tablearg' argument, i.e. the result of the most recent table() lookup. For now, try to use explicit constants for the min and max allowed values, and do not overload the default rule number for that. Also, make the MTAG_IPFW declaration only visible to the kernel. NOTE: I think the issue needs to be revisited before 8.0 is out: the 2^16 namespace limit for rule numbers and pipe/queue is annoying, and we can easily bump the limit to 2^32 which gives a lot more flexibility in partitioning the namespace. MFC after: 5 days Revision Changes Path 1.148 +3 -3 src/sbin/ipfw/ipfw2.c 1.129 +17 -5 src/sys/netinet/ip_fw.h