Work on the radix code, added support to compile on OpenWRT,

[ipfw.git] / dummynet / include / netinet / ip_fw.h

diff --git a/dummynet/include/netinet/ip_fw.h b/dummynet/include/netinet/ip_fw.h
index 694983a..743d908 100644 (file)
--- a/dummynet/include/netinet/ip_fw.h
+++ b/dummynet/include/netinet/ip_fw.h
@@ -653,13 +653,6 @@ int ipfw6_unhook(void);
 void ipfw_nat_destroy(void);
 #endif
 
-#define IPFW_HAVE_SKIPTO_TABLE
-
-struct _rulepointer {
-       struct ip_fw *rule;
-       uint32_t id;
-};
-
 VNET_DECLARE(int, fw_one_pass);
 VNET_DECLARE(int, fw_enable);
 #define        V_fw_one_pass           VNET(fw_one_pass)
@@ -672,6 +665,7 @@ VNET_DECLARE(int, fw6_enable);
 
 struct ip_fw_chain {
        struct ip_fw    *rules;         /* list of rules */
+       struct ip_fw    *default_rule;
        struct ip_fw    *reap;          /* list of rules to reap */
        LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
        struct radix_node_head *tables[IPFW_TABLES_MAX];
@@ -681,8 +675,20 @@ struct ip_fw_chain {
        struct rwlock   rwmtx;
 #endif /* !__linux__ */
        uint32_t        id;             /* ruleset id */
-       struct _rulepointer skipto_pointers[64*1024];
-       struct new_hash_table *global_tables[128];
+       /*
+        * To optimize jumps, we use a table with skipto_entries pointers
+        * (a power of 2, set with a sysctl depending on available memory).
+        * Entry i points to the first rule i*64k/n <= n < (i+1)*64k/n.
+        * On insert/delete we simply update the relevant entry
+        * with O(1) additional cost. Updates to the sysctl variable
+        * that controls the table are managed at the next add/delete.
+        */
+       int skipto_shift; /* shifts to compute the index in skipto-ptrs */
+       int skipto_size; /* number of entries in the table */
+       struct ip_fw **skipto_ptrs;
+#ifdef IPFW_HASHTABLES
+       struct ipfw_ht *hashtab[IPFW_TABLES_MAX];
+#endif
 };
 
 #ifdef IPFW_INTERNAL