Date: Fri, 5 Jun 2009 18:14:51 +0000 (UTC) From: Luigi Rizzo <luigi@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r193528 - in user/luigi/ipfw_80: sbin/ipfw sys/netinet Message-ID: <200906051814.n55IEpTu034059@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: luigi Date: Fri Jun 5 18:14:51 2009 New Revision: 193528 URL: http://svn.freebsd.org/changeset/base/193528 Log: sync with head Modified: user/luigi/ipfw_80/sbin/ipfw/ipfw2.c user/luigi/ipfw_80/sys/netinet/ip_fw.h Modified: user/luigi/ipfw_80/sbin/ipfw/ipfw2.c ============================================================================== --- user/luigi/ipfw_80/sbin/ipfw/ipfw2.c Fri Jun 5 17:44:43 2009 (r193527) +++ user/luigi/ipfw_80/sbin/ipfw/ipfw2.c Fri Jun 5 18:14:51 2009 (r193528) @@ -2859,7 +2859,7 @@ chkarg: if (have_tag) errx(EX_USAGE, "tag and untag cannot be " "specified more than once"); - GET_UINT_ARG(tag, 1, IPFW_DEFAULT_RULE - 1, i, + GET_UINT_ARG(tag, IPFW_ARG_MIN, IPFW_ARG_MAX, i, rule_action_params); have_tag = cmd; fill_cmd(cmd, O_TAG, (i == TOK_TAG) ? 0: F_NOT, tag); @@ -3336,7 +3336,7 @@ read_options: if (c->limit_mask == 0) errx(EX_USAGE, "limit: missing limit mask"); - GET_UINT_ARG(c->conn_limit, 1, IPFW_DEFAULT_RULE - 1, + GET_UINT_ARG(c->conn_limit, IPFW_ARG_MIN, IPFW_ARG_MAX, TOK_LIMIT, rule_options); ac--; av++; @@ -3464,7 +3464,7 @@ read_options: else { uint16_t tag; - GET_UINT_ARG(tag, 1, IPFW_DEFAULT_RULE - 1, + GET_UINT_ARG(tag, IPFW_ARG_MIN, IPFW_ARG_MAX, TOK_TAGGED, rule_options); fill_cmd(cmd, O_TAGGED, 0, tag); } Modified: user/luigi/ipfw_80/sys/netinet/ip_fw.h ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_fw.h Fri Jun 5 17:44:43 2009 (r193527) +++ user/luigi/ipfw_80/sys/netinet/ip_fw.h Fri Jun 5 18:14:51 2009 (r193528) @@ -47,6 +47,20 @@ #define IPFW_TABLES_MAX 128 /* + * Most commands (queue, pipe, tag, untag, limit...) can have a 16-bit + * argument between 1 and 65534. The value 0 is unused, the value + * 65535 (IP_FW_TABLEARG) is used to represent 'tablearg', i.e. the + * can be 1..65534, or 65535 to indicate the use of a 'tablearg' + * result of the most recent table() lookup. + * Note that 16bit is only a historical limit, resulting from + * the use of a 16-bit fields for that value. In reality, we can have + * 2^32 pipes, queues, tag values and so on, and use 0 as a tablearg. + */ +#define IPFW_ARG_MIN 1 +#define IPFW_ARG_MAX 65534 +#define IP_FW_TABLEARG 65535 /* XXX should use 0 */ + +/* * The kernel representation of ipfw rules is made of a list of * 'instructions' (for all practical purposes equivalent to BPF * instructions), which specify which fields of the packet @@ -243,8 +257,6 @@ typedef struct _ipfw_insn { /* template */ #define F_INSN_SIZE(t) ((sizeof (t))/sizeof(u_int32_t)) -#define MTAG_IPFW 1148380143 /* IPFW-tagged cookie */ - /* * This is used to store an array of 16-bit entries (ports etc.) */ @@ -562,6 +574,4 @@ typedef struct _ipfw_table { ipfw_table_entry ent[0]; /* entries */ } ipfw_table; -#define IP_FW_TABLEARG 65535 - #endif /* _IPFW2_H */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906051814.n55IEpTu034059>