diff options
| author | Luigi Rizzo <luigi@FreeBSD.org> | 2010-03-23 09:58:59 +0000 |
|---|---|---|
| committer | Luigi Rizzo <luigi@FreeBSD.org> | 2010-03-23 09:58:59 +0000 |
| commit | 8018e843a306400d5d6ad3d57f9bcf932d5df52b (patch) | |
| tree | 003b5213e062bbdc0758d00a9edc114e010723bd /sys/netgraph | |
| parent | 521dd44db5984f54a173250e431554f9674d5911 (diff) | |
Notes
Diffstat (limited to 'sys/netgraph')
| -rw-r--r-- | sys/netgraph/ng_ipfw.c | 51 | ||||
| -rw-r--r-- | sys/netgraph/ng_ipfw.h | 24 |
2 files changed, 24 insertions, 51 deletions
diff --git a/sys/netgraph/ng_ipfw.c b/sys/netgraph/ng_ipfw.c index 46bac8eb9bcf..d331828160d0 100644 --- a/sys/netgraph/ng_ipfw.c +++ b/sys/netgraph/ng_ipfw.c @@ -43,9 +43,10 @@ #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/in_var.h> +#include <netinet/ip_var.h> #include <netinet/ip_fw.h> +#include <netinet/ipfw/ip_fw_private.h> #include <netinet/ip.h> -#include <netinet/ip_var.h> #include <netgraph/ng_message.h> #include <netgraph/ng_parse.h> @@ -220,21 +221,23 @@ ng_ipfw_findhook1(node_p node, u_int16_t rulenum) static int ng_ipfw_rcvdata(hook_p hook, item_p item) { - struct ng_ipfw_tag *ngit; + struct ipfw_rule_ref *tag; struct mbuf *m; NGI_GET_M(item, m); NG_FREE_ITEM(item); - if ((ngit = (struct ng_ipfw_tag *)m_tag_locate(m, NGM_IPFW_COOKIE, 0, - NULL)) == NULL) { + tag = (struct ipfw_rule_ref *) + m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL); + if (tag == NULL) { NG_FREE_M(m); return (EINVAL); /* XXX: find smth better */ }; - switch (ngit->dir) { - case NG_IPFW_OUT: - { + if (tag->info & IPFW_INFO_IN) { + ip_input(m); + return (0); + } else { struct ip *ip; if (m->m_len < sizeof(struct ip) && @@ -243,27 +246,16 @@ ng_ipfw_rcvdata(hook_p hook, item_p item) ip = mtod(m, struct ip *); - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); + SET_HOST_IPLEN(ip); return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL); } - case NG_IPFW_IN: - ip_input(m); - return (0); - default: - panic("ng_ipfw_rcvdata: bad dir %u", ngit->dir); - } - - /* not reached */ - return (0); } static int ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee) { struct mbuf *m; - struct ng_ipfw_tag *ngit; struct ip *ip; hook_p hook; int error = 0; @@ -272,7 +264,7 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee) * Node must be loaded and corresponding hook must be present. */ if (fw_node == NULL || - (hook = ng_ipfw_findhook1(fw_node, fwa->cookie)) == NULL) { + (hook = ng_ipfw_findhook1(fw_node, fwa->rule.info)) == NULL) { if (tee == 0) m_freem(*m0); return (ESRCH); /* no hook associated with this rule */ @@ -284,20 +276,21 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee) * a copy of a packet and forward it into netgraph without a tag. */ if (tee == 0) { + struct m_tag *tag; + struct ipfw_rule_ref *r; m = *m0; *m0 = NULL; /* it belongs now to netgraph */ - if ((ngit = (struct ng_ipfw_tag *)m_tag_alloc(NGM_IPFW_COOKIE, - 0, TAGSIZ, M_NOWAIT|M_ZERO)) == NULL) { + tag = m_tag_alloc(MTAG_IPFW_RULE, 0, sizeof(*r), + M_NOWAIT|M_ZERO); + if (tag == NULL) { m_freem(m); return (ENOMEM); } - ngit->rule = fwa->rule; - ngit->rule_id = fwa->rule_id; - ngit->chain_id = fwa->chain_id; - ngit->dir = dir; - ngit->ifp = fwa->oif; - m_tag_prepend(m, &ngit->mt); + r = (struct ipfw_rule_ref *)(tag + 1); + *r = fwa->rule; + r->info = dir ? IPFW_INFO_IN : IPFW_INFO_OUT; + m_tag_prepend(m, tag); } else if ((m = m_dup(*m0, M_DONTWAIT)) == NULL) @@ -308,8 +301,6 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee) return (EINVAL); ip = mtod(m, struct ip *); - ip->ip_len = htons(ip->ip_len); - ip->ip_off = htons(ip->ip_off); NG_SEND_DATA_ONLY(error, hook, m); diff --git a/sys/netgraph/ng_ipfw.h b/sys/netgraph/ng_ipfw.h index 29039f2f7a60..c2cab6a03960 100644 --- a/sys/netgraph/ng_ipfw.h +++ b/sys/netgraph/ng_ipfw.h @@ -26,26 +26,8 @@ * $FreeBSD$ */ +#ifndef _NG_IPFW_H +#define _NG_IPFW_H #define NG_IPFW_NODE_TYPE "ipfw" #define NGM_IPFW_COOKIE 1105988990 - -#ifdef _KERNEL - -typedef int ng_ipfw_input_t(struct mbuf **, int, struct ip_fw_args *, int); -extern ng_ipfw_input_t *ng_ipfw_input_p; -#define NG_IPFW_LOADED (ng_ipfw_input_p != NULL) - -struct ng_ipfw_tag { - struct m_tag mt; /* tag header */ - struct ip_fw *rule; /* matching rule */ - uint32_t rule_id; /* matching rule id */ - uint32_t chain_id; /* ruleset id */ - struct ifnet *ifp; /* interface, for ip_output */ - int dir; -#define NG_IPFW_OUT 0 -#define NG_IPFW_IN 1 -}; - -#define TAGSIZ (sizeof(struct ng_ipfw_tag) - sizeof(struct m_tag)) - -#endif /* _KERNEL */ +#endif /* _NG_IPFW_H */ |