diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 4f9b774ca0d..7aa16453e15 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -443,12 +443,20 @@ __END_DECLS #define IP_ONESBCAST 23 /* bool: send all-ones broadcast */ #define IP_BINDANY 24 /* bool: allow bind to any address */ +/* + * Options for controlling the firewall and dummynet. + * Historical options (from 40 to 64) will eventually be + * replaced by only two options, IP_FW3 and IP_DUMMYNET3. + */ #define IP_FW_TABLE_ADD 40 /* add entry */ #define IP_FW_TABLE_DEL 41 /* delete entry */ #define IP_FW_TABLE_FLUSH 42 /* flush table */ #define IP_FW_TABLE_GETSIZE 43 /* get table size */ #define IP_FW_TABLE_LIST 44 /* list table contents */ +#define IP_FW3 48 /* generic ipfw v.3 sockopts */ +#define IP_DUMMYNET3 49 /* generic dummynet v.3 sockopts */ + #define IP_FW_ADD 50 /* add a firewall rule to chain */ #define IP_FW_DEL 51 /* delete a firewall rule from chain */ #define IP_FW_FLUSH 52 /* flush firewall rule chain */ diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 9967a29607b..1e6feb4d3c1 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -237,7 +237,7 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ * */ typedef struct _ipfw_insn { /* template for instructions */ - enum ipfw_opcodes opcode:8; + u_int8_t opcode; u_int8_t len; /* number of 32-bit words */ #define F_NOT 0x80 #define F_OR 0x40 diff --git a/sys/netinet/ipfw/ip_fw2.c b/sys/netinet/ipfw/ip_fw2.c index a17a64792e8..d5d49ca80e2 100644 --- a/sys/netinet/ipfw/ip_fw2.c +++ b/sys/netinet/ipfw/ip_fw2.c @@ -185,6 +185,7 @@ SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, default_to_accept, CTLFLAG_RDTUN, &default_to_accept, 0, "Make the default rule accept all packets."); TUNABLE_INT("net.inet.ip.fw.default_to_accept", &default_to_accept); + #ifdef INET6 SYSCTL_DECL(_net_inet6_ip6); SYSCTL_NODE(_net_inet6_ip6, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); @@ -194,8 +195,9 @@ SYSCTL_VNET_PROC(_net_inet6_ip6_fw, OID_AUTO, enable, SYSCTL_VNET_INT(_net_inet6_ip6_fw, OID_AUTO, deny_unknown_exthdrs, CTLFLAG_RW | CTLFLAG_SECURE, &VNET_NAME(fw_deny_unknown_exthdrs), 0, "Deny packets with unknown IPv6 Extension Headers"); -#endif -#endif +#endif /* INET6 */ + +#endif /* SYSCTL_NODE */ /* * Description of dynamic rules. @@ -2243,6 +2245,7 @@ ipfw_chk(struct ip_fw_args *args) return (IP_FW_PASS); /* accept */ dst_ip.s_addr = 0; /* make sure it is initialized */ + src_ip.s_addr = 0; /* make sure it is initialized */ pktlen = m->m_pkthdr.len; args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */ proto = args->f_id.proto = 0; /* mark f_id invalid */ @@ -2254,15 +2257,15 @@ ipfw_chk(struct ip_fw_args *args) * pointer might become stale after other pullups (but we never use it * this way). */ -#define PULLUP_TO(len, p, T) \ +#define PULLUP_TO(_len, p, T) \ do { \ - int x = (len) + sizeof(T); \ + int x = (_len) + sizeof(T); \ if ((m)->m_len < x) { \ args->m = m = m_pullup(m, x); \ if (m == NULL) \ goto pullup_failed; \ } \ - p = (mtod(m, char *) + (len)); \ + p = (mtod(m, char *) + (_len)); \ } while (0) /* diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 60824d92697..15a8fe4360b 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -535,6 +535,7 @@ rip_ctloutput(struct socket *so, struct sockopt *sopt) error = sooptcopyout(sopt, &optval, sizeof optval); break; + case IP_FW3: /* generic ipfw v.3 functions */ case IP_FW_ADD: /* ADD actually returns the body... */ case IP_FW_GET: case IP_FW_TABLE_GETSIZE: @@ -547,6 +548,7 @@ rip_ctloutput(struct socket *so, struct sockopt *sopt) error = ENOPROTOOPT; break; + case IP_DUMMYNET3: /* generic dummynet v.3 functions */ case IP_DUMMYNET_GET: if (ip_dn_ctl_ptr != NULL) error = ip_dn_ctl_ptr(sopt); @@ -592,6 +594,7 @@ rip_ctloutput(struct socket *so, struct sockopt *sopt) inp->inp_flags &= ~INP_HDRINCL; break; + case IP_FW3: /* generic ipfw v.3 functions */ case IP_FW_ADD: case IP_FW_DEL: case IP_FW_FLUSH: @@ -608,6 +611,7 @@ rip_ctloutput(struct socket *so, struct sockopt *sopt) error = ENOPROTOOPT; break; + case IP_DUMMYNET3: /* generic dummynet v.3 functions */ case IP_DUMMYNET_CONFIGURE: case IP_DUMMYNET_DEL: case IP_DUMMYNET_FLUSH: