Date: Thu, 18 Jul 2019 11:43:10 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r350110 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet Message-ID: <201907181143.x6IBhABd076807@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Thu Jul 18 11:43:09 2019 New Revision: 350110 URL: https://svnweb.freebsd.org/changeset/base/350110 Log: MFC r349898, r349916: ipfilter commands, in this case ipf(8), passes its operations and rules via an ioctl interface. Rules can be added or removed and stats and counters can be zeroed out. As the ipfilter interprets these instructions or operations they are stored in an integer called addrem (add/remove). 0 is add, 1 is remove, and 2 is clear stats and counters. Much of this is not documented. This commit documents these operations by replacing simple integers with a self documenting enum along with a few basic comments. Modified: stable/12/sys/contrib/ipfilter/netinet/fil.c Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/sys/contrib/ipfilter/netinet/fil.c Directory Properties: stable/11/ (props changed) Modified: stable/12/sys/contrib/ipfilter/netinet/fil.c ============================================================================== --- stable/12/sys/contrib/ipfilter/netinet/fil.c Thu Jul 18 07:37:26 2019 (r350109) +++ stable/12/sys/contrib/ipfilter/netinet/fil.c Thu Jul 18 11:43:09 2019 (r350110) @@ -4476,7 +4476,11 @@ frrequest(softc, unit, req, data, set, makecopy) int set, makecopy; caddr_t data; { - int error = 0, in, family, addrem, need_free = 0; + int error = 0, in, family, need_free = 0; + enum { OP_ADD, /* add rule */ + OP_REM, /* remove rule */ + OP_ZERO /* zero statistics and counters */ } + addrem = OP_ADD; frentry_t frd, *fp, *f, **fprev, **ftail; void *ptr, *uptr, *cptr; u_int *p, *pp; @@ -4544,11 +4548,11 @@ frrequest(softc, unit, req, data, set, makecopy) if (req == (ioctlcmd_t)SIOCINAFR || req == (ioctlcmd_t)SIOCINIFR || req == (ioctlcmd_t)SIOCADAFR || req == (ioctlcmd_t)SIOCADIFR) - addrem = 0; + addrem = OP_ADD; /* Add rule */ else if (req == (ioctlcmd_t)SIOCRMAFR || req == (ioctlcmd_t)SIOCRMIFR) - addrem = 1; + addrem = OP_REM; /* Remove rule */ else if (req == (ioctlcmd_t)SIOCZRLST) - addrem = 2; + addrem = OP_ZERO; /* Zero statistics and counters */ else { IPFERROR(9); error = EINVAL; @@ -4582,7 +4586,7 @@ frrequest(softc, unit, req, data, set, makecopy) goto donenolock; } - if (addrem == 0) { + if (addrem == OP_ADD) { error = ipf_funcinit(softc, fp); if (error != 0) goto donenolock; @@ -4646,7 +4650,7 @@ frrequest(softc, unit, req, data, set, makecopy) * them to be created if they don't already exit. */ group = FR_NAME(fp, fr_group); - if (addrem == 0) { + if (addrem == OP_ADD) { fg = ipf_group_add(softc, group, NULL, fp->fr_flags, unit, set); fp->fr_grp = fg; @@ -4951,7 +4955,7 @@ frrequest(softc, unit, req, data, set, makecopy) /* * If zero'ing statistics, copy current to caller and zero. */ - if (addrem == 2) { + if (addrem == OP_ZERO) { if (f == NULL) { IPFERROR(27); error = ESRCH; @@ -5044,7 +5048,7 @@ frrequest(softc, unit, req, data, set, makecopy) /* * Request to remove a rule. */ - if (addrem == 1) { + if (addrem == OP_REM) { if (f == NULL) { IPFERROR(29); error = ESRCH; @@ -5110,7 +5114,7 @@ frrequest(softc, unit, req, data, set, makecopy) if (fp->fr_next != NULL) fp->fr_next->fr_pnext = &fp->fr_next; *ftail = fp; - if (addrem == 0) + if (addrem == OP_ADD) ipf_fixskip(ftail, fp, 1); fp->fr_icmpgrp = NULL;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907181143.x6IBhABd076807>