ipfw

Luigi Rizzo Thu, 17 Dec 2009 04:28:20 -0800

Author: luigi
Date: Thu Dec 17 12:27:54 2009
New Revision: 200629
URL: http://svn.freebsd.org/changeset/base/200629


Log:
  simplify the code that finds the next rule after reinjections
  
  MFC after:    1 week

Modified:
  head/sys/netinet/ipfw/ip_fw2.c

Modified: head/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw2.c      Thu Dec 17 08:42:44 2009        
(r200628)
+++ head/sys/netinet/ipfw/ip_fw2.c      Thu Dec 17 12:27:54 2009        
(r200629)
@@ -1183,31 +1183,29 @@ do {                                                    
        \
        mtag = m_tag_find(m, PACKET_TAG_DIVERT, NULL);
        if (args->rule) {
                /*
-                * Packet has already been tagged. Look for the next rule
-                * to restart processing. Make sure that args->rule still
-                * exists and not changed.
-                * If fw_one_pass != 0 then just accept it.
-                * XXX should not happen here, but optimized out in
-                * the caller.
+                * Packet has already been tagged as a result of a previous
+                * match on rule args->rule aka args->rule_id (PIPE, QUEUE,
+                * REASS, NETGRAPH and similar, never a skipto).
+                * Validate the pointer and continue from args->rule->next
+                * if still present, otherwise use the default rule.
+                * XXX If fw_one_pass != 0 then just accept it, though
+                * the caller should never pass us such packets.
                 */
                if (V_fw_one_pass) {
                        IPFW_RUNLOCK(chain);
                        return (IP_FW_PASS);
                }
-               if (chain->id != args->chain_id) {
+               if (chain->id == args->chain_id) { /* pointer still valid */
+                       f = args->rule->next;
+               } else { /* must revalidate the pointer */
                        for (f = chain->rules; f != NULL; f = f->next)
-                               if (f == args->rule && f->id == args->rule_id)
+                               if (f == args->rule && f->id == args->rule_id) {
+                                       f = args->rule->next;
                                        break;
-
-                       if (f != NULL)
-                               f = f->next_rule;
-                       else
-                               f = V_layer3_chain.default_rule;
-               } else 
-                       f = args->rule->next_rule;
-
-               if (f == NULL)
-                       f = lookup_next_rule(args->rule, 0);
+                               }
+               }
+               if (f == NULL) /* in case of errors, use default; */
+                       f = chain->default_rule;
        } else {
                /*
                 * Find the starting rule. It can be either the first
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r200629 - head/sys/netinet/ipfw

Reply via email to