From d37052fc86b3c7cbda1681e1d745528576db4e55 Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Thu, 11 Jul 2019 00:08:46 +0000 Subject: [PATCH] ipfilter commands, in this case ipf(8), passes its operations and rules via an ioctl interface. Rules can be added or removed and stats and counters can be zeroed out. As the ipfilter interprets these instructions or operations they are stored in an integer called addrem (add/remove). 1 is add, 2 is remove, and 3 is clear stats and counters. Much of this is not documented. This commit documents these operations by replacing simple integers with a self documenting enum along with a few basic comments. MFC after: 1 week --- sys/contrib/ipfilter/netinet/fil.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c index dc6a3be5d12..42dbc53e12d 100644 --- a/sys/contrib/ipfilter/netinet/fil.c +++ b/sys/contrib/ipfilter/netinet/fil.c @@ -4472,7 +4472,12 @@ frrequest(softc, unit, req, data, set, makecopy) int set, makecopy; caddr_t data; { - int error = 0, in, family, addrem, need_free = 0; + int error = 0, in, family, need_free = 0; + enum { OP_UNDEF, /* undefined */ + OP_ADD, /* add rule */ + OP_REM, /* remove rule */ + OP_ZERO /* zero statistics and counters */ } + addrem = OP_UNDEF; frentry_t frd, *fp, *f, **fprev, **ftail; void *ptr, *uptr, *cptr; u_int *p, *pp; @@ -4540,11 +4545,11 @@ frrequest(softc, unit, req, data, set, makecopy) if (req == (ioctlcmd_t)SIOCINAFR || req == (ioctlcmd_t)SIOCINIFR || req == (ioctlcmd_t)SIOCADAFR || req == (ioctlcmd_t)SIOCADIFR) - addrem = 0; + addrem = OP_ADD; /* Add rule */ else if (req == (ioctlcmd_t)SIOCRMAFR || req == (ioctlcmd_t)SIOCRMIFR) - addrem = 1; + addrem = OP_REM; /* Remove rule */ else if (req == (ioctlcmd_t)SIOCZRLST) - addrem = 2; + addrem = OP_ZERO; /* Zero statistics and counters */ else { IPFERROR(9); error = EINVAL; @@ -4578,7 +4583,7 @@ frrequest(softc, unit, req, data, set, makecopy) goto donenolock; } - if (addrem == 0) { + if (addrem == OP_UNDEF) { error = ipf_funcinit(softc, fp); if (error != 0) goto donenolock; @@ -4642,7 +4647,7 @@ frrequest(softc, unit, req, data, set, makecopy) * them to be created if they don't already exit. */ group = FR_NAME(fp, fr_group); - if (addrem == 0) { + if (addrem == OP_UNDEF) { fg = ipf_group_add(softc, group, NULL, fp->fr_flags, unit, set); fp->fr_grp = fg; @@ -4947,7 +4952,7 @@ frrequest(softc, unit, req, data, set, makecopy) /* * If zero'ing statistics, copy current to caller and zero. */ - if (addrem == 2) { + if (addrem == OP_ZERO) { if (f == NULL) { IPFERROR(27); error = ESRCH; @@ -5040,7 +5045,7 @@ frrequest(softc, unit, req, data, set, makecopy) /* * Request to remove a rule. */ - if (addrem == 1) { + if (addrem == OP_REM) { if (f == NULL) { IPFERROR(29); error = ESRCH; @@ -5106,7 +5111,7 @@ frrequest(softc, unit, req, data, set, makecopy) if (fp->fr_next != NULL) fp->fr_next->fr_pnext = &fp->fr_next; *ftail = fp; - if (addrem == 0) + if (addrem == OP_UNDEF) ipf_fixskip(ftail, fp, 1); fp->fr_icmpgrp = NULL;