{
#ifndef __FreeBSD__
return cred_check(insn, proto, oif,
- dst_ip, dst_port, src_ip, src_port,
- (struct bsd_ucred *)uc, ugid_lookupp, ((struct mbuf *)inp)->m_skb);
+ dst_ip, dst_port, src_ip, src_port,
+ (struct bsd_ucred *)uc, ugid_lookupp, ((struct mbuf *)inp)->m_skb);
#else /* FreeBSD */
struct inpcbinfo *pi;
int wildcard;
}
case O_LOG:
- ipfw_log(f, hlen, args, m,
+ ipfw_log(f, hlen, args, m,
oif, offset, tablearg, ip);
match = 1;
break;
break;
case O_SKIPTO:
- f->pcnt++; /* update stats */
- f->bcnt += pktlen;
- f->timestamp = time_uptime;
+ f->pcnt++; /* update stats */
+ f->bcnt += pktlen;
+ f->timestamp = time_uptime;
/* If possible use cached f_pos (in f->next_rule),
* whose version is written in f->next_rule
* (horrible hacks to avoid changing the ABI).
if (cmd->arg1 != IP_FW_TABLEARG &&
(uintptr_t)f->x_next == chain->id) {
f_pos = (uintptr_t)f->next_rule;
- } else {
+ } else {
int i = (cmd->arg1 == IP_FW_TABLEARG) ?
tablearg : cmd->arg1;
/* make sure we do not jump backward */
f->x_next =
(void *)(uintptr_t)chain->id;
}
- }
- /*
+ }
+ /*
* Skip disabled rules, and re-enter
* the inner loop with the correct
* f_pos, f, l and cmd.
- * Also clear cmdlen and skip_or
- */
+ * Also clear cmdlen and skip_or
+ */
for (; f_pos < chain->n_rules - 1 &&
(V_set_disable &
(1 << chain->map[f_pos]->set));
f_pos++)
;
- /* prepare to enter the inner loop */
+ /* Re-enter the inner loop at the skipto rule. */
f = chain->map[f_pos];
- l = f->cmd_len;
- cmd = f->cmd;
- match = 1;
- cmdlen = 0;
- skip_or = 0;
- break;
+ l = f->cmd_len;
+ cmd = f->cmd;
+ match = 1;
+ cmdlen = 0;
+ skip_or = 0;
+ continue;
+ break; /* not reached */
case O_REJECT:
/*
set_match(args, f_pos, chain);
args->rule.info = (cmd->arg1 == IP_FW_TABLEARG) ?
tablearg : cmd->arg1;
+ if (V_fw_one_pass)
+ args->rule.info |= IPFW_ONEPASS;
retval = (cmd->opcode == O_NETGRAPH) ?
IP_FW_NETGRAPH : IP_FW_NGTEE;
l = 0; /* exit inner loop */