git://git.onelab.eu
/
ipfw.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
integrated
[ipfw.git]
/
dummynet2
/
ip_fw2.c
diff --git
a/dummynet2/ip_fw2.c
b/dummynet2/ip_fw2.c
index
b646245
..
c55bc0f
100644
(file)
--- a/
dummynet2/ip_fw2.c
+++ b/
dummynet2/ip_fw2.c
@@
-652,8
+652,8
@@
check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif,
{
#ifndef __FreeBSD__
return cred_check(insn, proto, oif,
{
#ifndef __FreeBSD__
return cred_check(insn, proto, oif,
- dst_ip, dst_port, src_ip, src_port,
- (struct bsd_ucred *)uc, ugid_lookupp, ((struct mbuf *)inp)->m_skb);
+
dst_ip, dst_port, src_ip, src_port,
+
(struct bsd_ucred *)uc, ugid_lookupp, ((struct mbuf *)inp)->m_skb);
#else /* FreeBSD */
struct inpcbinfo *pi;
int wildcard;
#else /* FreeBSD */
struct inpcbinfo *pi;
int wildcard;
@@
-1649,7
+1649,7
@@
do { \
}
case O_LOG:
}
case O_LOG:
-
ipfw_log(f, hlen, args, m,
+ ipfw_log(f, hlen, args, m,
oif, offset, tablearg, ip);
match = 1;
break;
oif, offset, tablearg, ip);
match = 1;
break;
@@
-1976,9
+1976,9
@@
do { \
break;
case O_SKIPTO:
break;
case O_SKIPTO:
-
f->pcnt++;
/* update stats */
-
f->bcnt += pktlen;
-
f->timestamp = time_uptime;
+
f->pcnt++;
/* update stats */
+ f->bcnt += pktlen;
+ f->timestamp = time_uptime;
/* If possible use cached f_pos (in f->next_rule),
* whose version is written in f->next_rule
* (horrible hacks to avoid changing the ABI).
/* If possible use cached f_pos (in f->next_rule),
* whose version is written in f->next_rule
* (horrible hacks to avoid changing the ABI).
@@
-1986,7
+1986,7
@@
do { \
if (cmd->arg1 != IP_FW_TABLEARG &&
(uintptr_t)f->x_next == chain->id) {
f_pos = (uintptr_t)f->next_rule;
if (cmd->arg1 != IP_FW_TABLEARG &&
(uintptr_t)f->x_next == chain->id) {
f_pos = (uintptr_t)f->next_rule;
-
} else {
+ } else {
int i = (cmd->arg1 == IP_FW_TABLEARG) ?
tablearg : cmd->arg1;
/* make sure we do not jump backward */
int i = (cmd->arg1 == IP_FW_TABLEARG) ?
tablearg : cmd->arg1;
/* make sure we do not jump backward */
@@
-2000,26
+2000,27
@@
do { \
f->x_next =
(void *)(uintptr_t)chain->id;
}
f->x_next =
(void *)(uintptr_t)chain->id;
}
-
}
-
/*
+ }
+ /*
* Skip disabled rules, and re-enter
* the inner loop with the correct
* f_pos, f, l and cmd.
* Skip disabled rules, and re-enter
* the inner loop with the correct
* f_pos, f, l and cmd.
-
* Also clear cmdlen and skip_or
-
*/
+ * Also clear cmdlen and skip_or
+ */
for (; f_pos < chain->n_rules - 1 &&
(V_set_disable &
(1 << chain->map[f_pos]->set));
f_pos++)
;
for (; f_pos < chain->n_rules - 1 &&
(V_set_disable &
(1 << chain->map[f_pos]->set));
f_pos++)
;
- /*
prepare to enter the inner loop
*/
+ /*
Re-enter the inner loop at the skipto rule.
*/
f = chain->map[f_pos];
f = chain->map[f_pos];
- l = f->cmd_len;
- cmd = f->cmd;
- match = 1;
- cmdlen = 0;
- skip_or = 0;
- break;
+ l = f->cmd_len;
+ cmd = f->cmd;
+ match = 1;
+ cmdlen = 0;
+ skip_or = 0;
+ continue;
+ break; /* not reached */
case O_REJECT:
/*
case O_REJECT:
/*
@@
-2083,6
+2084,8
@@
do { \
set_match(args, f_pos, chain);
args->rule.info = (cmd->arg1 == IP_FW_TABLEARG) ?
tablearg : cmd->arg1;
set_match(args, f_pos, chain);
args->rule.info = (cmd->arg1 == IP_FW_TABLEARG) ?
tablearg : cmd->arg1;
+ if (V_fw_one_pass)
+ args->rule.info |= IPFW_ONEPASS;
retval = (cmd->opcode == O_NETGRAPH) ?
IP_FW_NETGRAPH : IP_FW_NGTEE;
l = 0; /* exit inner loop */
retval = (cmd->opcode == O_NETGRAPH) ?
IP_FW_NETGRAPH : IP_FW_NGTEE;
l = 0; /* exit inner loop */