X-Git-Url: http://git.onelab.eu/?p=ipfw.git;a=blobdiff_plain;f=dummynet2%2Fip_fw2.c;fp=dummynet2%2Fip_fw2.c;h=c55bc0fe02524d589316d58f70afb8c39e8cae51;hp=b64624535bf3c3bd08a78ae58758f72f7e34f91b;hb=28a7fe9d930667786b902af6697c01eb87694173;hpb=2a8b6c544cf5ea3c84f763144c7ecfa79daea969

diff --git a/dummynet2/ip_fw2.c b/dummynet2/ip_fw2.c
index b646245..c55bc0f 100644
--- a/dummynet2/ip_fw2.c
+++ b/dummynet2/ip_fw2.c
@@ -652,8 +652,8 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif,
 {
 #ifndef __FreeBSD__
 	return cred_check(insn, proto, oif,
-	dst_ip, dst_port, src_ip, src_port,
-	(struct bsd_ucred *)uc, ugid_lookupp, ((struct mbuf *)inp)->m_skb);
+	    dst_ip, dst_port, src_ip, src_port,
+	    (struct bsd_ucred *)uc, ugid_lookupp, ((struct mbuf *)inp)->m_skb);
 #else  /* FreeBSD */
 	struct inpcbinfo *pi;
 	int wildcard;
@@ -1649,7 +1649,7 @@ do {								\
 			}
 
 			case O_LOG:
-					ipfw_log(f, hlen, args, m,
+				ipfw_log(f, hlen, args, m,
 					    oif, offset, tablearg, ip);
 				match = 1;
 				break;
@@ -1976,9 +1976,9 @@ do {								\
 				break;
 
 			case O_SKIPTO:
-				f->pcnt++;	/* update stats */
-				f->bcnt += pktlen;
-				f->timestamp = time_uptime;
+			    f->pcnt++;	/* update stats */
+			    f->bcnt += pktlen;
+			    f->timestamp = time_uptime;
 			    /* If possible use cached f_pos (in f->next_rule),
 			     * whose version is written in f->next_rule
 			     * (horrible hacks to avoid changing the ABI).
@@ -1986,7 +1986,7 @@ do {								\
 			    if (cmd->arg1 != IP_FW_TABLEARG &&
 				    (uintptr_t)f->x_next == chain->id) {
 				f_pos = (uintptr_t)f->next_rule;
-				} else {
+			    } else {
 				int i = (cmd->arg1 == IP_FW_TABLEARG) ?
 					tablearg : cmd->arg1;
 				/* make sure we do not jump backward */
@@ -2000,26 +2000,27 @@ do {								\
 				    f->x_next =
 					(void *)(uintptr_t)chain->id;
 				}
-				}
-				/*
+			    }
+			    /*
 			     * Skip disabled rules, and re-enter
 			     * the inner loop with the correct
 			     * f_pos, f, l and cmd.
-				 * Also clear cmdlen and skip_or
-				 */
+			     * Also clear cmdlen and skip_or
+			     */
 			    for (; f_pos < chain->n_rules - 1 &&
 				    (V_set_disable &
 				     (1 << chain->map[f_pos]->set));
 				    f_pos++)
 				;
-			    /* prepare to enter the inner loop */
+			    /* Re-enter the inner loop at the skipto rule. */
 			    f = chain->map[f_pos];
-					l = f->cmd_len;
-					cmd = f->cmd;
-				match = 1;
-				cmdlen = 0;
-				skip_or = 0;
-				break;
+			    l = f->cmd_len;
+			    cmd = f->cmd;
+			    match = 1;
+			    cmdlen = 0;
+			    skip_or = 0;
+			    continue;
+			    break;	/* not reached */
 
 			case O_REJECT:
 				/*
@@ -2083,6 +2084,8 @@ do {								\
 				set_match(args, f_pos, chain);
 				args->rule.info = (cmd->arg1 == IP_FW_TABLEARG) ?
 					tablearg : cmd->arg1;
+				if (V_fw_one_pass)
+					args->rule.info |= IPFW_ONEPASS;
 				retval = (cmd->opcode == O_NETGRAPH) ?
 				    IP_FW_NETGRAPH : IP_FW_NGTEE;
 				l = 0;          /* exit inner loop */