From 3b6ebdc3129ecf13bf221b96b809ef5cc598fa7f Mon Sep 17 00:00:00 2001 From: Bill Yuan Date: Thu, 1 Oct 2015 14:32:35 +0800 Subject: [PATCH] ipfw3: shorten func show_filter and MACRO --- lib/libipfw3/basic/ipfw3_basic.c | 68 +++++++++---------------- lib/libipfw3/dummynet/ipfw3_dummynet.c | 4 +- lib/libipfw3/layer2/ipfw3_layer2.c | 4 +- lib/libipfw3/layer4/ipfw3_layer4.c | 10 ++-- lib/libipfw3/nat/ipfw3_nat.c | 2 +- sbin/ipfw3/ipfw3.c | 92 +++++++++++++++------------------- sys/net/ipfw3/ip_fw3.h | 21 +++++--- 7 files changed, 89 insertions(+), 112 deletions(-) diff --git a/lib/libipfw3/basic/ipfw3_basic.c b/lib/libipfw3/basic/ipfw3_basic.c index e1030228e7..25c4ae1103 100644 --- a/lib/libipfw3/basic/ipfw3_basic.c +++ b/lib/libipfw3/basic/ipfw3_basic.c @@ -826,118 +826,98 @@ show_untag(ipfw_insn *cmd, int show_or) void load_module(register_func function, register_keyword keyword) { - keyword(MODULE_BASIC_ID, O_BASIC_COUNT, "count", - IPFW_KEYWORD_TYPE_ACTION); + keyword(MODULE_BASIC_ID, O_BASIC_COUNT, "count", ACTION); function(MODULE_BASIC_ID, O_BASIC_COUNT, (parser_func)parse_count, (shower_func)show_count); - keyword(MODULE_BASIC_ID, O_BASIC_SKIPTO, "skipto", - IPFW_KEYWORD_TYPE_ACTION); + keyword(MODULE_BASIC_ID, O_BASIC_SKIPTO, "skipto", ACTION); function(MODULE_BASIC_ID, O_BASIC_SKIPTO, (parser_func)parse_skipto, (shower_func)show_skipto); - keyword(MODULE_BASIC_ID, O_BASIC_FORWARD, "forward", - IPFW_KEYWORD_TYPE_ACTION); + keyword(MODULE_BASIC_ID, O_BASIC_FORWARD, "forward", ACTION); function(MODULE_BASIC_ID, O_BASIC_FORWARD, (parser_func)parse_forward, (shower_func)show_forward); - keyword(MODULE_BASIC_ID, O_BASIC_IN, "in", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IN, "in", FILTER); function(MODULE_BASIC_ID, O_BASIC_IN, (parser_func)parse_in, (shower_func)show_in); - keyword(MODULE_BASIC_ID, O_BASIC_OUT, "out", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_OUT, "out", FILTER); function(MODULE_BASIC_ID, O_BASIC_OUT, (parser_func)parse_out, (shower_func)show_out); - keyword(MODULE_BASIC_ID, O_BASIC_VIA, "via", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_VIA, "via", FILTER); function(MODULE_BASIC_ID, O_BASIC_VIA, (parser_func)parse_via, (shower_func)show_via); - keyword(MODULE_BASIC_ID, O_BASIC_XMIT, "xmit", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_XMIT, "xmit", FILTER); function(MODULE_BASIC_ID, O_BASIC_XMIT, (parser_func)parse_via, (shower_func)show_via); - keyword(MODULE_BASIC_ID, O_BASIC_RECV, "recv", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_RECV, "recv", FILTER); function(MODULE_BASIC_ID, O_BASIC_RECV, (parser_func)parse_via, (shower_func)show_via); - keyword(MODULE_BASIC_ID, O_BASIC_IP_SRC, "from", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IP_SRC, "from", FROM); function(MODULE_BASIC_ID, O_BASIC_IP_SRC, (parser_func)parse_from, (shower_func)show_from); - keyword(MODULE_BASIC_ID, O_BASIC_IP_SRC_LOOKUP, "[from table]", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IP_SRC_LOOKUP, "[from table]", FROM); function(MODULE_BASIC_ID, O_BASIC_IP_SRC_LOOKUP, (parser_func)parse_from, (shower_func)show_from_lookup); - keyword(MODULE_BASIC_ID, O_BASIC_IP_SRC_ME, "[from me]", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IP_SRC_ME, "[from me]", FROM); function(MODULE_BASIC_ID, O_BASIC_IP_SRC_ME, (parser_func)parse_from, (shower_func)show_from_me); - keyword(MODULE_BASIC_ID, O_BASIC_IP_SRC_MASK, "[from mask]", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IP_SRC_MASK, "[from mask]", FROM); function(MODULE_BASIC_ID, O_BASIC_IP_SRC_MASK, (parser_func)parse_from, (shower_func)show_from_mask); - keyword(MODULE_BASIC_ID, O_BASIC_IP_DST, "to", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IP_DST, "to", TO); function(MODULE_BASIC_ID, O_BASIC_IP_DST, (parser_func)parse_to, (shower_func)show_to); - keyword(MODULE_BASIC_ID, O_BASIC_IP_DST_LOOKUP, "[to table]", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IP_DST_LOOKUP, "[to table]", TO); function(MODULE_BASIC_ID, O_BASIC_IP_DST_LOOKUP, (parser_func)parse_to, (shower_func)show_to_lookup); - keyword(MODULE_BASIC_ID, O_BASIC_IP_DST_ME, "[to me]", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IP_DST_ME, "[to me]", TO); function(MODULE_BASIC_ID, O_BASIC_IP_DST_ME, (parser_func)parse_to, (shower_func)show_to_me); - keyword(MODULE_BASIC_ID, O_BASIC_IP_DST_MASK, "[to mask]", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_IP_DST_MASK, "[to mask]", TO); function(MODULE_BASIC_ID, O_BASIC_IP_DST_MASK, (parser_func)parse_to, (shower_func)show_to_mask); - keyword(MODULE_BASIC_ID, O_BASIC_PROTO, "proto", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_PROTO, "proto", PROTO); function(MODULE_BASIC_ID, O_BASIC_PROTO, (parser_func)parse_proto, (shower_func)show_proto); - keyword(MODULE_BASIC_ID, O_BASIC_PROB, "prob", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_PROB, "prob", FILTER); function(MODULE_BASIC_ID, O_BASIC_PROB, (parser_func)parse_prob, (shower_func)show_prob); - keyword(MODULE_BASIC_ID, O_BASIC_KEEP_STATE, "keep-state", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_KEEP_STATE, "keep-state", FILTER); function(MODULE_BASIC_ID, O_BASIC_KEEP_STATE, (parser_func)parse_keep_state, (shower_func)show_keep_state); - keyword(MODULE_BASIC_ID, O_BASIC_CHECK_STATE, "check-state", - IPFW_KEYWORD_TYPE_OTHERS); + keyword(MODULE_BASIC_ID, O_BASIC_CHECK_STATE, "check-state", ACTION); function(MODULE_BASIC_ID, O_BASIC_CHECK_STATE, (parser_func)parse_check_state, (shower_func)show_check_state); - keyword(MODULE_BASIC_ID, O_BASIC_TAG, "tag", IPFW_KEYWORD_TYPE_OTHERS); + keyword(MODULE_BASIC_ID, O_BASIC_TAG, "tag", ACTION); function(MODULE_BASIC_ID, O_BASIC_TAG, (parser_func)parse_tag, (shower_func)show_tag); - keyword(MODULE_BASIC_ID, O_BASIC_UNTAG, "untag", - IPFW_KEYWORD_TYPE_OTHERS); + keyword(MODULE_BASIC_ID, O_BASIC_UNTAG, "untag", ACTION); function(MODULE_BASIC_ID, O_BASIC_UNTAG, (parser_func)parse_untag, (shower_func)show_untag); - keyword(MODULE_BASIC_ID, O_BASIC_TAGGED, "tagged", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_TAGGED, "tagged", FILTER); function(MODULE_BASIC_ID, O_BASIC_TAGGED, (parser_func)parse_tagged, (shower_func)show_tagged); - keyword(MODULE_BASIC_ID, O_BASIC_COMMENT, "//", - IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_BASIC_ID, O_BASIC_COMMENT, "//", AFTER); function(MODULE_BASIC_ID, O_BASIC_COMMENT, (parser_func)parse_comment, (shower_func)show_comment); } diff --git a/lib/libipfw3/dummynet/ipfw3_dummynet.c b/lib/libipfw3/dummynet/ipfw3_dummynet.c index 5c07751c18..07dd9a6bcf 100644 --- a/lib/libipfw3/dummynet/ipfw3_dummynet.c +++ b/lib/libipfw3/dummynet/ipfw3_dummynet.c @@ -81,11 +81,11 @@ show_queue(ipfw_insn *cmd, int show_or) void load_module(register_func function, register_keyword keyword) { - keyword(MODULE_DUMMYNET_ID,O_DUMMYNET_PIPE,"pipe", IPFW_KEYWORD_TYPE_ACTION); + keyword(MODULE_DUMMYNET_ID,O_DUMMYNET_PIPE,"pipe", ACTION); function(MODULE_DUMMYNET_ID,O_DUMMYNET_PIPE, (parser_func)parse_pipe, (shower_func)show_pipe); - keyword(MODULE_DUMMYNET_ID,O_DUMMYNET_QUEUE,"queue", IPFW_KEYWORD_TYPE_ACTION); + keyword(MODULE_DUMMYNET_ID,O_DUMMYNET_QUEUE,"queue", ACTION); function(MODULE_DUMMYNET_ID,O_DUMMYNET_QUEUE, (parser_func)parse_queue, (shower_func)show_queue); } diff --git a/lib/libipfw3/layer2/ipfw3_layer2.c b/lib/libipfw3/layer2/ipfw3_layer2.c index 2314407416..546ee5f4e8 100644 --- a/lib/libipfw3/layer2/ipfw3_layer2.c +++ b/lib/libipfw3/layer2/ipfw3_layer2.c @@ -172,11 +172,11 @@ show_mac(ipfw_insn *cmd, int show_or) void load_module(register_func function, register_keyword keyword) { - keyword(MODULE_LAYER2_ID, O_LAYER2_LAYER2, "layer2", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_LAYER2_ID, O_LAYER2_LAYER2, "layer2", FILTER); function(MODULE_LAYER2_ID, O_LAYER2_LAYER2, (parser_func)parse_layer2, (shower_func)show_layer2); - keyword(MODULE_LAYER2_ID, O_LAYER2_MAC, "mac", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_LAYER2_ID, O_LAYER2_MAC, "mac", FILTER); function(MODULE_LAYER2_ID, O_LAYER2_MAC, (parser_func)parse_mac,(shower_func)show_mac); } diff --git a/lib/libipfw3/layer4/ipfw3_layer4.c b/lib/libipfw3/layer4/ipfw3_layer4.c index 6624b38936..04099f76c3 100644 --- a/lib/libipfw3/layer4/ipfw3_layer4.c +++ b/lib/libipfw3/layer4/ipfw3_layer4.c @@ -206,19 +206,19 @@ show_bpf(ipfw_insn *cmd, int show_or) void load_module(register_func function, register_keyword keyword) { - keyword(MODULE_LAYER4_ID, O_LAYER4_TCPFLAG, "tcpflag", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_LAYER4_ID, O_LAYER4_TCPFLAG, "tcpflag", FILTER); function(MODULE_LAYER4_ID, O_LAYER4_TCPFLAG, (parser_func)parse_tcpflag, (shower_func)show_tcpflag); - keyword(MODULE_LAYER4_ID, O_LAYER4_UID, "uid", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_LAYER4_ID, O_LAYER4_UID, "uid", FILTER); function(MODULE_LAYER4_ID, O_LAYER4_UID, (parser_func)parse_uid, (shower_func)show_uid); - keyword(MODULE_LAYER4_ID, O_LAYER4_GID, "gid", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_LAYER4_ID, O_LAYER4_GID, "gid", FILTER); function(MODULE_LAYER4_ID, O_LAYER4_GID, (parser_func)parse_gid, (shower_func)show_gid); - keyword(MODULE_LAYER4_ID, O_LAYER4_ESTABLISHED, "established", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_LAYER4_ID, O_LAYER4_ESTABLISHED, "established", FILTER); function(MODULE_LAYER4_ID, O_LAYER4_ESTABLISHED, (parser_func)parse_established, (shower_func)show_established); - keyword(MODULE_LAYER4_ID, O_LAYER4_BPF, "bpf", IPFW_KEYWORD_TYPE_FILTER); + keyword(MODULE_LAYER4_ID, O_LAYER4_BPF, "bpf", FILTER); function(MODULE_LAYER4_ID, O_LAYER4_BPF, (parser_func)parse_bpf, (shower_func)show_bpf); } diff --git a/lib/libipfw3/nat/ipfw3_nat.c b/lib/libipfw3/nat/ipfw3_nat.c index e9c82b833a..5264dddfa3 100644 --- a/lib/libipfw3/nat/ipfw3_nat.c +++ b/lib/libipfw3/nat/ipfw3_nat.c @@ -66,7 +66,7 @@ show_nat(ipfw_insn *cmd, int show_or) void load_module(register_func function, register_keyword keyword) { - keyword(MODULE_NAT_ID, O_NAT_NAT, "nat", IPFW_KEYWORD_TYPE_ACTION); + keyword(MODULE_NAT_ID, O_NAT_NAT, "nat", ACTION); function(MODULE_NAT_ID, O_NAT_NAT, (parser_func)parse_nat, (shower_func)show_nat); } diff --git a/sbin/ipfw3/ipfw3.c b/sbin/ipfw3/ipfw3.c index fdb25087c6..cad8f5d0e6 100644 --- a/sbin/ipfw3/ipfw3.c +++ b/sbin/ipfw3/ipfw3.c @@ -352,17 +352,13 @@ void prepare_default_funcs(void) { /* register allow*/ - register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_ACCEPT, - "allow", IPFW_KEYWORD_TYPE_ACTION); - register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_ACCEPT, - "accept", IPFW_KEYWORD_TYPE_ACTION); + register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_ACCEPT, "allow", ACTION); + register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_ACCEPT, "accept", ACTION); register_ipfw_func(MODULE_BASIC_ID, O_BASIC_ACCEPT, (parser_func)parse_accept, (shower_func)show_accept); /* register deny*/ - register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_DENY, "deny", - IPFW_KEYWORD_TYPE_ACTION); - register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_DENY, "reject", - IPFW_KEYWORD_TYPE_ACTION); + register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_DENY, "deny", ACTION); + register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_DENY, "reject", ACTION); register_ipfw_func(MODULE_BASIC_ID, O_BASIC_DENY, (parser_func)parse_deny, (shower_func)show_deny); } @@ -374,7 +370,7 @@ register_ipfw_keyword(int module, int opcode, char *word, int type) tmp=keywords; for(;;) { - if (tmp->type == IPFW_KEYWORD_TYPE_NONE) { + if (tmp->type == NONE) { strcpy(tmp->word, word); tmp->module = module; tmp->opcode = opcode; @@ -396,12 +392,12 @@ register_ipfw_func(int module, int opcode, parser_func parser, shower_func showe tmp = mappings; while (1) { - if (tmp->type == IPFW_MAPPING_TYPE_NONE) { + if (tmp->type == NONE) { tmp->module = module; tmp->opcode = opcode; tmp->parser = parser; tmp->shower = shower; - tmp->type = IPFW_MAPPING_TYPE_IN_USE; + tmp->type = IN_USE; break; } else { if (tmp->opcode == opcode && tmp->module == module) { @@ -416,11 +412,10 @@ register_ipfw_func(int module, int opcode, parser_func parser, shower_func showe } /* - * check whether 'or' need to be printed, - * - * first filter with 'or', print name without 'or' - * same as previous, then print or and no filter name - * not first but different from previous, print name without 'or' + * this func need to check whether 'or' need to be printed, + * when the filter is the first filter with 'or' when dont print + * when not first and same as previous, then print or and no filter name + * when not first but different from previous, print name without 'or' * show_or = 1: show or and ignore filter name * show_or = 0: show filter name ignore or */ @@ -429,16 +424,16 @@ void prev_show_chk(ipfw_insn *cmd, uint8_t *prev_module, uint8_t *prev_opcode, { if (cmd->len & F_OR) { if (*prev_module == 0 && *prev_opcode == 0) { - /* if first or */ + /* first cmd with 'or' flag */ *show_or = 0; *prev_module = cmd->module; *prev_opcode = cmd->opcode; - } else if (cmd->module == *prev_module && cmd->opcode == - *prev_opcode) { - /* if same as previous */ + } else if (cmd->module == *prev_module && + cmd->opcode == *prev_opcode) { + /* cmd same as previous, same module and opcode */ *show_or = 1; } else { - /* then different */ + /* cmd different from prev*/ *show_or = 0; *prev_module = cmd->module; *prev_opcode = cmd->opcode; @@ -450,6 +445,7 @@ void prev_show_chk(ipfw_insn *cmd, uint8_t *prev_module, uint8_t *prev_opcode, *prev_opcode = 0; } } + /* * word can be: proto from to other * proto show proto @@ -462,28 +458,17 @@ int show_filter(ipfw_insn *cmd, char *word, int type) struct ipfw_keyword *k; struct ipfw_mapping *m; shower_func fn; - int i, j; - int need_check, show_or; + int i, j, show_or; uint8_t prev_module, prev_opcode; k = keywords; m = mappings; - for (i = 1; i< KEYWORD_SIZE; i++, k++) { - if (strcmp(word, "proto") == 0 || - strcmp(word, "from") == 0 || - strcmp(word, "to") == 0) { - need_check = strcmp(k->word, word) == 0; - } else { - need_check = strcmp(k->word, "proto") != 0 && - strcmp(k->word, "from")!=0 && - strcmp(k->word, "to")!=0; - } - if (k->type == type && need_check) { + for (i = 1; i < KEYWORD_SIZE; i++, k++) { + if (k->type == type) { if (k->module == cmd->module && k->opcode == cmd->opcode) { - for (j = 1; j< MAPPING_SIZE; j++, m++) { - if (m->type == - IPFW_MAPPING_TYPE_IN_USE && + for (j = 1; j < MAPPING_SIZE; j++, m++) { + if (m->type == IN_USE && k->module == m->module && k->opcode == m->opcode) { prev_show_chk(cmd, &prev_module, @@ -565,7 +550,7 @@ show_rules(struct ipfw_ioc_rule *rule, int pcwidth, int bcwidth) for (i = 1; i< KEYWORD_SIZE; i++, k++) { if ( k->module == cmd->module && k->opcode == cmd->opcode ) { for (j = 1; j< MAPPING_SIZE; j++, m++) { - if (m->type == IPFW_MAPPING_TYPE_IN_USE && + if (m->type == IN_USE && m->module == cmd->module && m->opcode == cmd->opcode) { if (cmd->module == MODULE_BASIC_ID && @@ -595,7 +580,7 @@ show_rules(struct ipfw_ioc_rule *rule, int pcwidth, int bcwidth) changed=0; for (l = rule->act_ofs, cmd = rule->cmd; l > 0; l -= F_LEN(cmd), cmd = (ipfw_insn *)((uint32_t *)cmd + F_LEN(cmd))) { - changed = show_filter(cmd, "proto", IPFW_KEYWORD_TYPE_FILTER); + changed = show_filter(cmd, "proto", PROTO); } if (!changed && !do_quiet) printf(" ip"); @@ -606,7 +591,7 @@ show_rules(struct ipfw_ioc_rule *rule, int pcwidth, int bcwidth) changed = 0; for (l = rule->act_ofs, cmd = rule->cmd; l > 0; l -= F_LEN(cmd), cmd = (ipfw_insn *)((uint32_t *)cmd + F_LEN(cmd))) { - changed = show_filter(cmd, "from", IPFW_KEYWORD_TYPE_FILTER); + changed = show_filter(cmd, "from", FROM); } if (!changed && !do_quiet) printf(" from any"); @@ -617,7 +602,7 @@ show_rules(struct ipfw_ioc_rule *rule, int pcwidth, int bcwidth) changed = 0; for (l = rule->act_ofs, cmd = rule->cmd; l > 0; l -= F_LEN(cmd), cmd = (ipfw_insn *)((uint32_t *)cmd + F_LEN(cmd))) { - changed = show_filter(cmd, "to", IPFW_KEYWORD_TYPE_FILTER); + changed = show_filter(cmd, "to", TO); } if (!changed && !do_quiet) printf(" to any"); @@ -628,7 +613,7 @@ show_rules(struct ipfw_ioc_rule *rule, int pcwidth, int bcwidth) for (l = rule->act_ofs, cmd = rule->cmd, m = mappings; l > 0; l -= F_LEN(cmd), cmd=(ipfw_insn *)((uint32_t *)cmd + F_LEN(cmd))) { - show_filter(cmd, "other", IPFW_KEYWORD_TYPE_FILTER); + show_filter(cmd, "other", FILTER); } /* show the comment in the end */ @@ -2133,15 +2118,15 @@ add(int ac, char *av[]) } /* - * parse others + * parse before */ for (;;) { for (i = 0, key = keywords; i < KEYWORD_SIZE; i++, key++) { - if (key->type == IPFW_KEYWORD_TYPE_OTHERS && + if (key->type == BEFORE && strcmp(key->word, *av) == 0) { for (j = 0, map = mappings; j < MAPPING_SIZE; j++, map++) { - if (map->type == IPFW_MAPPING_TYPE_IN_USE && + if (map->type == IN_USE && map->module == key->module && map->opcode == key->opcode ) { fn = map->parser; @@ -2171,10 +2156,10 @@ add(int ac, char *av[]) */ NEED1("missing action"); for (i = 0, key = keywords; i < KEYWORD_SIZE; i++, key++) { - if (ac > 0 && key->type == IPFW_KEYWORD_TYPE_ACTION && + if (ac > 0 && key->type == ACTION && strcmp(key->word, *av) == 0) { for (j = 0, map = mappings; jtype == IPFW_MAPPING_TYPE_IN_USE && + if (map->type == IN_USE && map->module == key->module && map->opcode == key->opcode) { fn = map->parser; @@ -2197,10 +2182,10 @@ add(int ac, char *av[]) NEED1("missing protocol"); for (i = 0, key = keywords; i < KEYWORD_SIZE; i++, key++) { - if (key->type == IPFW_KEYWORD_TYPE_FILTER && + if (key->type == PROTO && strcmp(key->word, "proto") == 0) { for (j = 0, map = mappings; jtype == IPFW_MAPPING_TYPE_IN_USE && + if (map->type == IN_USE && map->module == key->module && map->opcode == key->opcode ) { fn = map->parser; @@ -2240,11 +2225,14 @@ add(int ac, char *av[]) } cur = *av; for (i = 0, key = keywords; i < KEYWORD_SIZE; i++, key++) { - if (key->type == IPFW_KEYWORD_TYPE_FILTER && + if ((key->type == FILTER || + key->type == AFTER || + key->type == FROM || + key->type == TO) && strcmp(key->word, cur) == 0) { for (j = 0, map = mappings; j< MAPPING_SIZE; j++, map++) { - if (map->type == IPFW_MAPPING_TYPE_IN_USE && + if (map->type == IN_USE && map->module == key->module && map->opcode == key->opcode ) { fn = map->parser; @@ -2253,7 +2241,7 @@ add(int ac, char *av[]) } } break; - } else if (i == KEYWORD_SIZE-1) { + } else if (i == KEYWORD_SIZE - 1) { errx(EX_USAGE, "bad command `%s'", cur); } } diff --git a/sys/net/ipfw3/ip_fw3.h b/sys/net/ipfw3/ip_fw3.h index 17a57ff981..940dab712e 100644 --- a/sys/net/ipfw3/ip_fw3.h +++ b/sys/net/ipfw3/ip_fw3.h @@ -481,13 +481,22 @@ struct ipfw_module{ char name[20]; }; -#define IPFW_KEYWORD_TYPE_NONE 0 -#define IPFW_KEYWORD_TYPE_ACTION 1 -#define IPFW_KEYWORD_TYPE_FILTER 2 -#define IPFW_KEYWORD_TYPE_OTHERS 3 +/* + * type of the keyword, it indecates the position of the keyword in the rule + * BEFORE ACTION FROM TO FILTER OTHER + */ +#define NONE 0 +#define BEFORE 1 +#define ACTION 2 +#define PROTO 3 +#define FROM 4 +#define TO 5 +#define FILTER 6 +#define AFTER 7 + +#define NOT_IN_USE 0 +#define IN_USE 1 -#define IPFW_MAPPING_TYPE_NONE 0 -#define IPFW_MAPPING_TYPE_IN_USE 1 #define NEED1(msg) {if (ac < 1) errx(EX_USAGE, msg);} #define NEED2(msg) {if (ac < 2) errx(EX_USAGE, msg);} -- 2.11.4.GIT