From owner-svn-src-user@FreeBSD.ORG Fri Jun 5 18:14:51 2009 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B51B3106566C; Fri, 5 Jun 2009 18:14:51 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 890F68FC16; Fri, 5 Jun 2009 18:14:51 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n55IEpuq034061; Fri, 5 Jun 2009 18:14:51 GMT (envelope-from luigi@svn.freebsd.org) Received: (from luigi@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n55IEpTu034059; Fri, 5 Jun 2009 18:14:51 GMT (envelope-from luigi@svn.freebsd.org) Message-Id: <200906051814.n55IEpTu034059@svn.freebsd.org> From: Luigi Rizzo Date: Fri, 5 Jun 2009 18:14:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r193528 - in user/luigi/ipfw_80: sbin/ipfw sys/netinet X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 18:14:52 -0000 Author: luigi Date: Fri Jun 5 18:14:51 2009 New Revision: 193528 URL: http://svn.freebsd.org/changeset/base/193528 Log: sync with head Modified: user/luigi/ipfw_80/sbin/ipfw/ipfw2.c user/luigi/ipfw_80/sys/netinet/ip_fw.h Modified: user/luigi/ipfw_80/sbin/ipfw/ipfw2.c ============================================================================== --- user/luigi/ipfw_80/sbin/ipfw/ipfw2.c Fri Jun 5 17:44:43 2009 (r193527) +++ user/luigi/ipfw_80/sbin/ipfw/ipfw2.c Fri Jun 5 18:14:51 2009 (r193528) @@ -2859,7 +2859,7 @@ chkarg: if (have_tag) errx(EX_USAGE, "tag and untag cannot be " "specified more than once"); - GET_UINT_ARG(tag, 1, IPFW_DEFAULT_RULE - 1, i, + GET_UINT_ARG(tag, IPFW_ARG_MIN, IPFW_ARG_MAX, i, rule_action_params); have_tag = cmd; fill_cmd(cmd, O_TAG, (i == TOK_TAG) ? 0: F_NOT, tag); @@ -3336,7 +3336,7 @@ read_options: if (c->limit_mask == 0) errx(EX_USAGE, "limit: missing limit mask"); - GET_UINT_ARG(c->conn_limit, 1, IPFW_DEFAULT_RULE - 1, + GET_UINT_ARG(c->conn_limit, IPFW_ARG_MIN, IPFW_ARG_MAX, TOK_LIMIT, rule_options); ac--; av++; @@ -3464,7 +3464,7 @@ read_options: else { uint16_t tag; - GET_UINT_ARG(tag, 1, IPFW_DEFAULT_RULE - 1, + GET_UINT_ARG(tag, IPFW_ARG_MIN, IPFW_ARG_MAX, TOK_TAGGED, rule_options); fill_cmd(cmd, O_TAGGED, 0, tag); } Modified: user/luigi/ipfw_80/sys/netinet/ip_fw.h ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_fw.h Fri Jun 5 17:44:43 2009 (r193527) +++ user/luigi/ipfw_80/sys/netinet/ip_fw.h Fri Jun 5 18:14:51 2009 (r193528) @@ -47,6 +47,20 @@ #define IPFW_TABLES_MAX 128 /* + * Most commands (queue, pipe, tag, untag, limit...) can have a 16-bit + * argument between 1 and 65534. The value 0 is unused, the value + * 65535 (IP_FW_TABLEARG) is used to represent 'tablearg', i.e. the + * can be 1..65534, or 65535 to indicate the use of a 'tablearg' + * result of the most recent table() lookup. + * Note that 16bit is only a historical limit, resulting from + * the use of a 16-bit fields for that value. In reality, we can have + * 2^32 pipes, queues, tag values and so on, and use 0 as a tablearg. + */ +#define IPFW_ARG_MIN 1 +#define IPFW_ARG_MAX 65534 +#define IP_FW_TABLEARG 65535 /* XXX should use 0 */ + +/* * The kernel representation of ipfw rules is made of a list of * 'instructions' (for all practical purposes equivalent to BPF * instructions), which specify which fields of the packet @@ -243,8 +257,6 @@ typedef struct _ipfw_insn { /* template */ #define F_INSN_SIZE(t) ((sizeof (t))/sizeof(u_int32_t)) -#define MTAG_IPFW 1148380143 /* IPFW-tagged cookie */ - /* * This is used to store an array of 16-bit entries (ports etc.) */ @@ -562,6 +574,4 @@ typedef struct _ipfw_table { ipfw_table_entry ent[0]; /* entries */ } ipfw_table; -#define IP_FW_TABLEARG 65535 - #endif /* _IPFW2_H */