From owner-svn-src-all@FreeBSD.ORG Tue Mar 2 10:43:41 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C062F1065673; Tue, 2 Mar 2010 10:43:41 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id AF4188FC08; Tue, 2 Mar 2010 10:43:41 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o22Ahfs7002081; Tue, 2 Mar 2010 10:43:41 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o22AhfCS002080; Tue, 2 Mar 2010 10:43:41 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201003021043.o22AhfCS002080@svn.freebsd.org> From: Gleb Smirnoff Date: Tue, 2 Mar 2010 10:43:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r204574 - head/share/man/man4 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 10:43:41 -0000 Author: glebius Date: Tue Mar 2 10:43:41 2010 New Revision: 204574 URL: http://svn.freebsd.org/changeset/base/204574 Log: Sync with recent changes from luigi - struct ng_ipfw_tag superceeded by more general ipfw_rule_ref. The latter isn't documented here, since it should be documented in ipfw.4. Modified: head/share/man/man4/ng_ipfw.4 Modified: head/share/man/man4/ng_ipfw.4 ============================================================================== --- head/share/man/man4/ng_ipfw.4 Tue Mar 2 10:41:34 2010 (r204573) +++ head/share/man/man4/ng_ipfw.4 Tue Mar 2 10:43:41 2010 (r204574) @@ -24,13 +24,14 @@ .\" .\" $FreeBSD$ .\" -.Dd June 10, 2009 +.Dd March 2, 2010 .Dt NG_IPFW 4 .Os .Sh NAME .Nm ng_ipfw .Nd interface between netgraph and IP firewall .Sh SYNOPSIS +.In netinet/ip_var.h .In netgraph/ng_ipfw.h .Sh DESCRIPTION The @@ -73,30 +74,18 @@ If no hook matches, packets are discarde Packets injected via the .Cm netgraph command are tagged with -.Vt "struct ng_ipfw_tag" . +.Vt "struct ipfw_rule_ref" . This tag contains information that helps the packet to re-enter .Xr ipfw 4 processing, should the packet come back from .Xr netgraph 4 to .Xr ipfw 4 . -.Bd -literal -offset 4n -struct ng_ipfw_tag { - struct m_tag mt; /* tag header */ - struct ip_fw *rule; /* matching rule */ - uint32_t rule_id; /* matching rule id */ - uint32_t chain_id; /* ruleset id */ - struct ifnet *ifp; /* interface, for ip_output */ - int dir; /* packet direction */ -#define NG_IPFW_OUT 0 -#define NG_IPFW_IN 1 -}; -.Ed .Pp Packets received by a node from .Xr netgraph 4 -must be tagged with -.Vt "struct ng_ipfw_tag" +subsystem must be tagged with +.Vt "struct ipfw_rule_ref" tag. Packets re-enter IP firewall processing at the next rule. If no tag is supplied, packets are discarded.