From 1f3693d89c1c88e895721e21751c354e74b99627 Mon Sep 17 00:00:00 2001 From: marta Date: Thu, 26 Nov 2009 10:34:05 +0000 Subject: [PATCH] Added spec file comments. Minor fixes: use tabs instead of spaces. --- Makefile | 2 +- dummynet/Makefile | 10 +++--- dummynet/include/sys/malloc.h | 2 +- dummynet/ip_dummynet.c | 6 ++-- dummynet/ip_fw2.c | 68 +++++++++++++++++------------------ dummynet/ipfw2_mod.c | 28 +++++++-------- glue.h | 2 +- ipfw-slice.spec | 3 ++ ipfw.spec | 3 ++ 9 files changed, 65 insertions(+), 59 deletions(-) diff --git a/Makefile b/Makefile index 2410b3d..0442810 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,7 @@ # To build on system with non standard Kernel sources or userland files, # you should run this with # -# make KERNELPATH=/path/to/linux-2.x.y.z USRDIR=/path/to/usr +# make KERNELPATH=/path/to/linux-2.x.y.z USRDIR=/path/to/usr # # We assume that $(USRDIR) contains include/ and lib/ used to build userland. diff --git a/dummynet/Makefile b/dummynet/Makefile index 126c2ff..7cbddca 100644 --- a/dummynet/Makefile +++ b/dummynet/Makefile @@ -18,14 +18,14 @@ # O_TARGET the link target, for openwrt # EXTRA_CFLAGS as the name says... in openwrt # EXTRA_CFLAGS is used in 2.6.22 module kernel compilation too -# KERNELPATH the path to the kernel sources or headers +# KERNELPATH the path to the kernel sources or headers # # Not sure about this (the name might be reserved) # ipfw-cflags our flags for building the module # # Other variables are only private and can be renamed. They include: # -# VER linux version we are building for (2.4 2.6 or openwrt) +# VER linux version we are building for (2.4 2.6 or openwrt) #--- $(warning including dummynet/Makefile) @@ -40,10 +40,10 @@ obj-m := ipfw_mod.o ipfw-cflags += -DIPFIREWALL_DEFAULT_TO_ACCEPT -DTRACE # _BSD_SOURCE enables __FAVOR_BSD (udp/tcp bsd structs instead of posix) ipfw-cflags += -D_BSD_SOURCE -ipfw-cflags += -DKERNEL_MODULE # build linux kernel module +ipfw-cflags += -DKERNEL_MODULE # build linux kernel module # the two header trees for empty and override files ipfw-cflags += -I $(M)/include_e -I $(M)/include -ipfw-cflags += -include $(M)/../glue.h # headers +ipfw-cflags += -include $(M)/../glue.h # headers $(warning "---- Building dummynet kernel module for Version $(VER)") # We have three sections for OpenWrt, Linux 2.4 and Linux 2.6 @@ -99,7 +99,7 @@ ifneq ($(shell echo $(VER)|grep '2.4'),) ccflags-y += -O1 -DLINUX_24 CFLAGS = -DMODULE -D__KERNEL__ -nostdinc \ - -isystem ${KERNELPATH}/include -isystem $(MYGCC_INCLUDE) ${ccflags-y} + -isystem ${KERNELPATH}/include -isystem $(MYGCC_INCLUDE) ${ccflags-y} # The Main target all: mod24 diff --git a/dummynet/include/sys/malloc.h b/dummynet/include/sys/malloc.h index b6c4ac5..285e789 100644 --- a/dummynet/include/sys/malloc.h +++ b/dummynet/include/sys/malloc.h @@ -10,7 +10,7 @@ /* * XXX On zeroshell (2.6.25.17) we get a load error - * __you_cannot_kmalloc_that_much + * __you_cannot_kmalloc_that_much * which is triggered when kmalloc() is called with a large * compile-time constant argument (include/linux/slab_def.h) * diff --git a/dummynet/ip_dummynet.c b/dummynet/ip_dummynet.c index c0399bb..836d1e1 100644 --- a/dummynet/ip_dummynet.c +++ b/dummynet/ip_dummynet.c @@ -1540,7 +1540,7 @@ dropit: pkt = dn_tag_get(m); pkt->dn_dir = DN_TO_DROP; } - dummynet_send(m); /* drop the packet */ + dummynet_send(m); /* drop the packet */ *m0 = NULL; return ((fs && (fs->flags_fs & DN_NOERROR)) ? 0 : ENOBUFS); } @@ -1554,7 +1554,7 @@ dropit: netisr_dispatch(-1, _m); \ } while (0) #else -#define DN_FREE_PKT(_m) do { \ +#define DN_FREE_PKT(_m) do { \ m_freem(_m); \ } while (0) #endif @@ -2278,7 +2278,7 @@ ip_dn_ctl(struct sockopt *sopt) switch (sopt->sopt_name) { default : printf("dummynet: -- unknown option %d", sopt->sopt_name); - error = EINVAL ; + error = EINVAL ; break ; case IP_DUMMYNET_GET : diff --git a/dummynet/ip_fw2.c b/dummynet/ip_fw2.c index 4c9b0a3..d05fa74 100644 --- a/dummynet/ip_fw2.c +++ b/dummynet/ip_fw2.c @@ -2022,7 +2022,7 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, match = (ugp->fw_groups[1] == (uid_t)insn->d[0]); else if (insn->o.opcode == O_GID) match = (ugp->fw_groups[0] == (uid_t)insn->d[0]); - + return match; #else /* FreeBSD */ @@ -3201,8 +3201,8 @@ do { \ (ipfw_insn_limit *)cmd, args, tablearg)) { retval = IP_FW_DENY; /* was goto done; */ /* error/limit violation */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ } match = 1; break; @@ -3235,8 +3235,8 @@ do { \ l = f->cmd_len - f->act_ofs; IPFW_DYN_UNLOCK(); /* previously was goto check_body; */ - cmdlen = 0; /* make null for() changes */ - match = 1; /* do not break to the external loop */ + cmdlen = 0; /* make null for() changes */ + match = 1; /* do not break to the external loop */ break; } /* @@ -3252,8 +3252,8 @@ do { \ case O_ACCEPT: retval = 0; /* accept */ /* was goto done; */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ break; case O_PIPE: @@ -3265,8 +3265,8 @@ do { \ args->cookie = cmd->arg1; retval = IP_FW_DUMMYNET; /* was goto done; */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ break; #if 0 @@ -3295,8 +3295,8 @@ do { \ retval = (cmd->opcode == O_DIVERT) ? IP_FW_DIVERT : IP_FW_TEE; /* was goto done; */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ break; } #endif @@ -3308,8 +3308,8 @@ do { \ f->timestamp = time_uptime; if (cmd->opcode == O_COUNT) { /* was goto next_rule; */ - l = 0; /* exit the inner loop */ - match = 1; /* do not break the loop */ + l = 0; /* exit the inner loop */ + match = 1; /* do not break the loop */ break; } /* handle skipto */ @@ -3330,15 +3330,15 @@ do { \ while (f && (set_disable & (1 << f->set))) f = f->next; /* prepare to re-enter the inner loop. */ - if (f) { /* better safe than sorry */ + if (f) { /* better safe than sorry */ l = f->cmd_len; cmd = f->cmd; } else { - l = 0; /* this will break the inner loop */ + l = 0; /* this will break the inner loop */ } - cmdlen = 0; /* reset loop condition */ + cmdlen = 0; /* reset loop condition */ skip_or = 0; - match = 1; /* do not break the loop */ + match = 1; /* do not break the loop */ break; case O_REJECT: @@ -3374,8 +3374,8 @@ do { \ case O_DENY: retval = IP_FW_DENY; /* goto done; */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ break; case O_FORWARD_IP: { @@ -3396,11 +3396,11 @@ do { \ } } retval = IP_FW_PASS; - } - /* goto done; */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ - break; + } + /* goto done; */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ + break; case O_NETGRAPH: case O_NGTEE: @@ -3412,8 +3412,8 @@ do { \ retval = (cmd->opcode == O_NETGRAPH) ? IP_FW_NETGRAPH : IP_FW_NGTEE; /* goto done; */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ break; #if 0 @@ -3442,8 +3442,8 @@ do { \ if (t == NULL) { retval = IP_FW_DENY; /* goto done; */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ break; } if (cmd->arg1 != IP_FW_TABLEARG) @@ -3453,8 +3453,8 @@ do { \ } else retval = IP_FW_DENY; /* goto done; */ - l = 0; /* break the inner loop */ - done = 1; /* break the external loop */ + l = 0; /* break the inner loop */ + done = 1; /* break the external loop */ break; } #endif @@ -3480,7 +3480,7 @@ do { \ if (done) break; -/* next_rule:; */ /* try next rule */ +/* next_rule:; */ /* try next rule */ } /* end of outer for, scan rules */ if (done) { @@ -4209,7 +4209,7 @@ ipfw_getrules(struct ip_fw_chain *chain, void *buf, size_t space) int i; time_t boot_seconds; - boot_seconds = boottime.tv_sec; + boot_seconds = boottime.tv_sec; /* XXX this can take a long time and locking will block packet flow */ IPFW_RLOCK(chain); @@ -4252,7 +4252,7 @@ ipfw_getdynrules(struct ip_fw_chain *chain, void *buf, size_t space) char *bp = buf; char *ep = bp + space; int i; - time_t boot_seconds; + time_t boot_seconds; printf("dynrules requested\n"); boot_seconds = boottime.tv_sec; @@ -4290,7 +4290,7 @@ ipfw_getdynrules(struct ip_fw_chain *chain, void *buf, size_t space) 0 : dst->expire - time_uptime ; bp += sizeof(ipfw_dyn_rule); } else { - p = NULL; /* break the loop */ + p = NULL; /* break the loop */ i = curr_dyn_buckets; } } diff --git a/dummynet/ipfw2_mod.c b/dummynet/ipfw2_mod.c index c6a0699..0765718 100644 --- a/dummynet/ipfw2_mod.c +++ b/dummynet/ipfw2_mod.c @@ -156,7 +156,7 @@ fini_children(void) mods[i].mod->evhand(NULL, MOD_UNLOAD, mods[i].mod->priv); } } -/*--- end of module bindinghelper functions ---*/ +/*--- end of module binding helper functions ---*/ /*--- * Control hooks: @@ -256,18 +256,18 @@ static struct nf_sockopt_ops ipfw_sockopts = { * - the hook names change between macros (NF_IP*) and enum NF_INET_* * * - the second argument to the netfilter hook is - * struct sk_buff ** in kernels <= 2.6.22 - * struct sk_buff * in kernels > 2.6.22 + * struct sk_buff ** in kernels <= 2.6.22 + * struct sk_buff * in kernels > 2.6.22 * * - NF_STOP is not defined before 2.6 so we remap it to NF_ACCEPT * * - the packet descriptor passed to the queue handler is - * struct nf_info in kernels <= 2.6.24 - * struct nf_queue_entry in kernels <= 2.6.24 + * struct nf_info in kernels <= 2.6.24 + * struct nf_queue_entry in kernels <= 2.6.24 * * - the arguments to the queue handler also change; */ - + /* * declare hook to grab packets from the netfilter interface. * The NF_* names change in different versions of linux, in some @@ -464,15 +464,15 @@ ip_output(struct mbuf *m, struct mbuf __unused *opt, * * The chain is the following * sk_buff* sock* socket* file* - * skb -> sk ->sk_socket->file ->f_owner ->pid - * skb -> sk ->sk_socket->file ->f_uid (direct) - * skb -> sk ->sk_socket->file ->f_cred->fsuid (2.6.29+) + * skb -> sk ->sk_socket->file ->f_owner ->pid + * skb -> sk ->sk_socket->file ->f_uid (direct) + * skb -> sk ->sk_socket->file ->f_cred->fsuid (2.6.29+) * * Related headers: - * linux/skbuff.h struct skbuff - * net/sock.h struct sock - * linux/net.h struct socket - * linux/fs.h struct file + * linux/skbuff.h struct skbuff + * net/sock.h struct sock + * linux/net.h struct socket + * linux/fs.h struct file * * With vserver we may have sk->sk_xid and sk->sk_nid that * which we store in fw_groups[1] (matches O_JAIL) and fw_groups[2] @@ -512,7 +512,7 @@ linux_lookup(const int proto, const __be32 saddr, const __be16 sport, #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26) /* there is no dev_net() on 2.6.25 */ #define _OPT_NET_ARG (skb->dev->nd_net), -#else /* 2.6.26 and above */ +#else /* 2.6.26 and above */ #define _OPT_NET_ARG dev_net(skb->dev), #endif #endif diff --git a/glue.h b/glue.h index 86b229a..a3548bd 100644 --- a/glue.h +++ b/glue.h @@ -205,7 +205,7 @@ struct clockinfo { int profhz; /* profiling clock frequency */ }; -/* +/* * linux does not have a reentrant version of qsort, * so we the FreeBSD stdlib version. */ diff --git a/ipfw-slice.spec b/ipfw-slice.spec index 364107a..43684e4 100644 --- a/ipfw-slice.spec +++ b/ipfw-slice.spec @@ -56,6 +56,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/ipfw.8* %changelog +* Thu Nov 26 2009 Marta Carbone - ipfw-0.9-6 +- completely move netconfig checks into the backend + * Mon Nov 09 2009 Thierry Parmentelat - ipfw-0.9-5 - additional features on matching packets, including uid match diff --git a/ipfw.spec b/ipfw.spec index 6eaece1..ae46ba5 100644 --- a/ipfw.spec +++ b/ipfw.spec @@ -75,6 +75,9 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/cron.d/ipfw.cron %changelog +* Thu Nov 26 2009 Marta Carbone - ipfw-0.9-6 +- removed goto into the main ipfw switch, enabled slice_id matching + * Mon Nov 09 2009 Thierry Parmentelat - ipfw-0.9-5 - additional features on matching packets, including uid match -- 2.43.0