From owner-p4-projects@FreeBSD.ORG  Sun Jun 29 23:46:50 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id C815E106567A; Sun, 29 Jun 2008 23:46:49 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 70FF71065672
	for <perforce@freebsd.org>; Sun, 29 Jun 2008 23:46:49 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 5FCA08FC0A
	for <perforce@freebsd.org>; Sun, 29 Jun 2008 23:46:49 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m5TNknGE035904
	for <perforce@freebsd.org>; Sun, 29 Jun 2008 23:46:49 GMT
	(envelope-from julian@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m5TNknh9035902
	for perforce@freebsd.org; Sun, 29 Jun 2008 23:46:49 GMT
	(envelope-from julian@freebsd.org)
Date: Sun, 29 Jun 2008 23:46:49 GMT
Message-Id: <200806292346.m5TNknh9035902@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	julian@freebsd.org using -f
From: Julian Elischer <julian@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 144319 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jun 2008 23:46:50 -0000

http://perforce.freebsd.org/chv.cgi?CH=144319

Change 144319 by julian@julian_trafmon1 on 2008/06/29 23:46:11

	attempt to integrate the changed version

Affected files ...

.. //depot/projects/vimage-commit3/src/sys/netinet/ip_fw.h#3 integrate

Differences ...

==== //depot/projects/vimage-commit3/src/sys/netinet/ip_fw.h#3 (text+ko) ====

@@ -28,6 +28,9 @@
 #ifndef _IPFW2_H
 #define _IPFW2_H
 
+#include <sys/rwlock.h>
+#include <net/radix.h>
+
 /*
  * The kernel representation of ipfw rules is made of a list of
  * 'instructions' (for all practical purposes equivalent to BPF
@@ -549,7 +552,40 @@
  * Main firewall chains definitions and global var's definitions.
  */
 #ifdef _KERNEL
+#ifdef NOTYET /* still in ip_fw2.c */
+
+/*
+ * Data structure to cache our ucred related
+ * information. This structure only gets used if
+ * the user specified UID/GID based constraints in
+ * a firewall rule.
+ */
+struct ip_fw_ugid {
+	gid_t		fw_groups[NGROUPS];
+	int		fw_ngroups;
+	uid_t		fw_uid;
+	int		fw_prid;
+};
+#endif
+
+
+#define	IPFW_TABLES_MAX		128
+struct ip_fw_chain {
+	struct ip_fw	*rules;		/* list of rules */
+	struct ip_fw	*reap;		/* list of rules to reap */
+	LIST_HEAD(, cfg_nat) nat;	/* list of nat entries */
+	struct radix_node_head *tables[IPFW_TABLES_MAX];
+	struct rwlock	rwmtx;
+};
 
+#ifdef NOTYET /* still in ip_fw2.c */
+struct table_entry {
+	struct radix_node	rn[2];
+	struct sockaddr_in	addr, mask;
+	u_int32_t		value;
+};
+#endif
+
 /* Return values from ipfw_chk() */
 enum {
 	IP_FW_PASS = 0,
@@ -616,14 +652,18 @@
 
 int ipfw_init(void);
 void ipfw_destroy(void);
+void ipfw_nat_destroy(void);
 
 typedef int ip_fw_ctl_t(struct sockopt *);
 extern ip_fw_ctl_t *ip_fw_ctl_ptr;
+
+#ifndef VIMAGE
 extern int fw_one_pass;
 extern int fw_enable;
 #ifdef INET6
 extern int fw6_enable;
 #endif
+#endif
 
 /* For kernel ipfw_ether and ipfw_bridge. */
 typedef	int ip_fw_chk_t(struct ip_fw_args *args);
@@ -632,14 +672,6 @@
 
 #ifdef IPFW_INTERNAL
 
-#define	IPFW_TABLES_MAX		128
-struct ip_fw_chain {
-	struct ip_fw	*rules;		/* list of rules */
-	struct ip_fw	*reap;		/* list of rules to reap */
-	LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
-	struct radix_node_head *tables[IPFW_TABLES_MAX];
-	struct rwlock	rwmtx;
-};
 #define	IPFW_LOCK_INIT(_chain) \
 	rw_init(&(_chain)->rwmtx, "IPFW static rules")
 #define	IPFW_LOCK_DESTROY(_chain)	rw_destroy(&(_chain)->rwmtx)
@@ -663,10 +695,52 @@
 #endif
 
 /*
+ * Stack virtualization support.
+ */
+#ifdef VIMAGE
+struct vnet_ipfw {
+	int	_fw_one_pass;
+	int	_fw_enable;
+	int	_fw6_enable;
+
+	u_int32_t _set_disable;
+	int	_fw_deny_unknown_exthdrs;
+	int	_fw_verbose;
+	int	_verbose_limit;
+	int	_fw_debug;
+	int	_autoinc_step;
+
+	ipfw_dyn_rule **_ipfw_dyn_v;
+	struct ip_fw_chain _layer3_chain;
+	u_int32_t _dyn_buckets;
+	u_int32_t _curr_dyn_buckets;
+
+	u_int32_t _dyn_ack_lifetime;
+	u_int32_t _dyn_syn_lifetime;
+	u_int32_t _dyn_fin_lifetime;
+	u_int32_t _dyn_rst_lifetime;
+	u_int32_t _dyn_udp_lifetime;
+	u_int32_t _dyn_short_lifetime;
+	u_int32_t _dyn_keepalive_interval;
+	u_int32_t _dyn_keepalive_period;
+	u_int32_t _dyn_keepalive;
+	u_int32_t _static_count;
+	u_int32_t _static_len;
+	u_int32_t _dyn_count;
+	u_int32_t _dyn_max;
+
+	u_int64_t _norule_counter;
+
+	struct callout _ipfw_timeout;
+};
+#endif
+
+/*
  * Symbol translation macros
  */
 
-#define INIT_VNET_IPFW(vnet)	int vnet_ipfw;
+#define INIT_VNET_IPFW(vnet) \
+	INIT_FROM_VNET(vnet, VNET_MOD_IPFW, struct vnet_ipfw, vnet_ipfw)
  
 #define VNET_IPFW(sym)		VSYM(vnet_ipfw, sym)