Date: Sun, 27 Dec 2009 13:23:14 +0000 (UTC) From: Luigi Rizzo <luigi@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r201049 - user/luigi/ipfw3-head/sys/netinet/ipfw Message-ID: <200912271323.nBRDNEsj057622@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: luigi Date: Sun Dec 27 13:23:14 2009 New Revision: 201049 URL: http://svn.freebsd.org/changeset/base/201049 Log: merge some common code to attach/detach hooks into a single function. Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_pfil.c user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_private.h Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c Sun Dec 27 13:05:56 2009 (r201048) +++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c Sun Dec 27 13:23:14 2009 (r201049) @@ -1176,7 +1176,7 @@ do { \ IPFW_RUNLOCK(chain); return (IP_FW_DENY); /* invalid */ } - f_pos = ipfw_find_rule(chain, skipto, 0); + f_pos = ipfw_find_rule(chain, skipto+1, 0); } } /* reset divert rule to avoid confusion later */ @@ -2378,7 +2378,7 @@ vnet_ipfw_init(const void *unused) */ V_ip_fw_ctl_ptr = ipfw_ctl; V_ip_fw_chk_ptr = ipfw_chk; - error = ipfw_attach_hooks(); + error = ipfw_attach_hooks(1); return (error); } @@ -2398,10 +2398,7 @@ vnet_ipfw_uninit(const void *unused) * Then grab, release and grab again the WLOCK so we make * sure the update is propagated and nobody will be in. */ - ipfw_unhook(); -#ifdef INET6 - ipfw6_unhook(); -#endif + (void)ipfw_attach_hooks(0 /* detach */); V_ip_fw_chk_ptr = NULL; V_ip_fw_ctl_ptr = NULL; IPFW_UH_WLOCK(chain); Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_pfil.c ============================================================================== --- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_pfil.c Sun Dec 27 13:05:56 2009 (r201048) +++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_pfil.c Sun Dec 27 13:23:14 2009 (r201049) @@ -458,87 +458,44 @@ nodivert: return 1; } +/* + * attach or detach hooks for a given protocol family + */ static int -ipfw_hook(void) +ipfw_hook(int onoff, int pf) { - struct pfil_head *pfh_inet; + struct pfil_head *pfh; + int (*fn)(int (*pfil_func)(void *, struct mbuf **, + struct ifnet *, int, struct inpcb *), + void *, int, struct pfil_head *); - pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET); - if (pfh_inet == NULL) - return ENOENT; - - (void)pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, - pfh_inet); - (void)pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, - pfh_inet); - - return 0; -} -int -ipfw_unhook(void) -{ - struct pfil_head *pfh_inet; - - pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET); - if (pfh_inet == NULL) + pfh = pfil_head_get(PFIL_TYPE_AF, pf); + if (pfh == NULL) return ENOENT; - (void)pfil_remove_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, - pfh_inet); - (void)pfil_remove_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, - pfh_inet); + fn = (onoff) ? pfil_add_hook : pfil_remove_hook; + (void)fn(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh); + (void)fn(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh); return 0; } -#ifdef INET6 -static int -ipfw6_hook(void) -{ - struct pfil_head *pfh_inet6; - - pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); - if (pfh_inet6 == NULL) - return ENOENT; - - (void)pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, - pfh_inet6); - (void)pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, - pfh_inet6); - - return 0; -} - -int -ipfw6_unhook(void) -{ - struct pfil_head *pfh_inet6; - - pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); - if (pfh_inet6 == NULL) - return ENOENT; - - (void)pfil_remove_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, - pfh_inet6); - (void)pfil_remove_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, - pfh_inet6); - - return 0; -} -#endif /* INET6 */ - int -ipfw_attach_hooks(void) +ipfw_attach_hooks(int arg) { int error = 0; - if (V_fw_enable && ipfw_hook() != 0) { + if (arg == 0) /* detach */ + ipfw_hook(0, AF_INET); + else if (V_fw_enable && ipfw_hook(1, AF_INET) != 0) { error = ENOENT; /* see ip_fw_pfil.c::ipfw_hook() */ printf("ipfw_hook() error\n"); } #ifdef INET6 - if (V_fw6_enable && ipfw6_hook() != 0) { + if (arg == 0) /* detach */ + ipfw_hook(0, AF_INET6); + else if (V_fw6_enable && ipfw_hook(1, AF_INET6) != 0) { error = ENOENT; printf("ipfw6_hook() error\n"); } @@ -552,13 +509,16 @@ ipfw_chg_hook(SYSCTL_HANDLER_ARGS) int enable; int oldenable; int error; + int af; if (arg1 == &VNET_NAME(fw_enable)) { enable = V_fw_enable; + af = AF_INET; } #ifdef INET6 else if (arg1 == &VNET_NAME(fw6_enable)) { enable = V_fw6_enable; + af = AF_INET6; } #endif else @@ -576,19 +536,14 @@ ipfw_chg_hook(SYSCTL_HANDLER_ARGS) if (enable == oldenable) return (0); - if (arg1 == &VNET_NAME(fw_enable)) { - error = (enable) ? ipfw_hook() : ipfw_unhook(); - if (error) - return (error); + error = ipfw_hook(enable, af); + if (error) + return (error); + if (af == AF_INET) V_fw_enable = enable; - } #ifdef INET6 - else if (arg1 == &VNET_NAME(fw6_enable)) { - error = (enable) ? ipfw6_hook() : ipfw6_unhook(); - if (error) - return (error); + else if (af == AF_INET6) V_fw6_enable = enable; - } #endif return (0); Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_private.h ============================================================================== --- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_private.h Sun Dec 27 13:05:56 2009 (r201048) +++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_private.h Sun Dec 27 13:23:14 2009 (r201049) @@ -132,9 +132,8 @@ int ipfw_check_in(void *, struct mbuf ** int ipfw_check_out(void *, struct mbuf **, struct ifnet *, int, struct inpcb *inp); -int ipfw_attach_hooks(void); -int ipfw_unhook(void); -int ipfw6_unhook(void); +/* attach (arg = 1) or detach (arg = 0) hooks */ +int ipfw_attach_hooks(int); #ifdef NOTYET void ipfw_nat_destroy(void); #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912271323.nBRDNEsj057622>