Reverted the changes to the log() function, deleting the void* cast. The problem...

[ipfw.git] / dummynet / include / netinet / ip_fw.h

diff --git a/dummynet/include/netinet/ip_fw.h b/dummynet/include/netinet/ip_fw.h
index a19a6df..743d908 100644 (file)
--- a/dummynet/include/netinet/ip_fw.h
+++ b/dummynet/include/netinet/ip_fw.h
@@ -645,25 +645,27 @@ int ipfw_check_out(void *, struct mbuf **, struct ifnet *, int, struct inpcb *in
 
 int ipfw_chk(struct ip_fw_args *);
 
-int ipfw_init(void);
-void ipfw_destroy(void);
-
-typedef int ip_fw_ctl_t(struct sockopt *);
-extern ip_fw_ctl_t *ip_fw_ctl_ptr;
-extern int fw_one_pass;
-extern int fw_enable;
-#ifdef INET6
-extern int fw6_enable;
+int ipfw_hook(void);
+int ipfw6_hook(void);
+int ipfw_unhook(void);
+int ipfw6_unhook(void);
+#ifdef NOTYET
+void ipfw_nat_destroy(void);
 #endif
 
-/* For kernel ipfw_ether and ipfw_bridge. */
-typedef        int ip_fw_chk_t(struct ip_fw_args *args);
-extern ip_fw_chk_t     *ip_fw_chk_ptr;
+VNET_DECLARE(int, fw_one_pass);
+VNET_DECLARE(int, fw_enable);
+#define        V_fw_one_pass           VNET(fw_one_pass)
+#define        V_fw_enable             VNET(fw_enable)
 
-#ifdef IPFW_INTERNAL
+#ifdef INET6
+VNET_DECLARE(int, fw6_enable);
+#define        V_fw6_enable            VNET(fw6_enable)
+#endif
 
 struct ip_fw_chain {
        struct ip_fw    *rules;         /* list of rules */
+       struct ip_fw    *default_rule;
        struct ip_fw    *reap;          /* list of rules to reap */
        LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
        struct radix_node_head *tables[IPFW_TABLES_MAX];
@@ -673,7 +675,24 @@ struct ip_fw_chain {
        struct rwlock   rwmtx;
 #endif /* !__linux__ */
        uint32_t        id;             /* ruleset id */
+       /*
+        * To optimize jumps, we use a table with skipto_entries pointers
+        * (a power of 2, set with a sysctl depending on available memory).
+        * Entry i points to the first rule i*64k/n <= n < (i+1)*64k/n.
+        * On insert/delete we simply update the relevant entry
+        * with O(1) additional cost. Updates to the sysctl variable
+        * that controls the table are managed at the next add/delete.
+        */
+       int skipto_shift; /* shifts to compute the index in skipto-ptrs */
+       int skipto_size; /* number of entries in the table */
+       struct ip_fw **skipto_ptrs;
+#ifdef IPFW_HASHTABLES
+       struct ipfw_ht *hashtab[IPFW_TABLES_MAX];
+#endif
 };
+
+#ifdef IPFW_INTERNAL
+
 #define        IPFW_LOCK_INIT(_chain) \
        rw_init(&(_chain)->rwmtx, "IPFW static rules")
 #define        IPFW_LOCK_DESTROY(_chain)       rw_destroy(&(_chain)->rwmtx)
@@ -696,5 +715,8 @@ typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *);
 typedef int ipfw_nat_cfg_t(struct sockopt *);
 #endif
 
+VNET_DECLARE(struct ip_fw_chain, layer3_chain);
+#define        V_layer3_chain          VNET(layer3_chain)
+
 #endif /* _KERNEL */
 #endif /* _IPFW2_H */