27c27
< __FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw2.c 231852 2012-02-17 02:39:58Z bz $");
---
> __FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw2.c 232865 2012-03-12 14:07:57Z melifaro $");
118a119,121
> /* Use 128 tables by default */
> VNET_DEFINE(int, fw_tables_max) = IPFW_TABLES_MAX;
>
148d150
< uint32_t dummy_tables_max = IPFW_TABLES_MAX;
169c171
< &dummy_tables_max, 0,
---
> &V_fw_tables_max, 0,
174a177
> TUNABLE_INT("net.inet.ip.fw.tables_max", &V_fw_tables_max);
344c347
< iface_match(struct ifnet *ifp, ipfw_insn_if *cmd)
---
> iface_match(struct ifnet *ifp, ipfw_insn_if *cmd, struct ip_fw_chain *chain, uint32_t *tablearg)
349a353,355
> if (cmd->name[0] == '\1') /* use tablearg to match */
> return ipfw_lookup_table_extended(chain, cmd->p.glob,
> ifp->if_xname, tablearg, IPFW_TABLE_INTERFACE);
1315c1321
< (ipfw_insn_if *)cmd);
---
> (ipfw_insn_if *)cmd, chain, &tablearg);
1319c1325,1326
< match = iface_match(oif, (ipfw_insn_if *)cmd);
---
> match = iface_match(oif, (ipfw_insn_if *)cmd,
> chain, &tablearg);
1324c1331,1332
< m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd);
---
> m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd,
> chain, &tablearg);
1450a1459,1469
> } else if (is_ipv6) {
> uint32_t v = 0;
> void *pkey = (cmd->opcode == O_IP_DST_LOOKUP) ?
> &args->f_id.dst_ip6: &args->f_id.src_ip6;
> match = ipfw_lookup_table_extended(chain,
> cmd->arg1, pkey, &v,
> IPFW_TABLE_CIDR);
> if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))
> match = ((ipfw_insn_u32 *)cmd)->d[0] == v;
> if (match)
> tablearg = v;
2568a2588,2593
> /* Check user-supplied number for validness */
> if (V_fw_tables_max < 0)
> V_fw_tables_max = IPFW_TABLES_MAX;
> if (V_fw_tables_max > 65534)
> V_fw_tables_max = 65534;
>
2572c2597
< chain->map = malloc(sizeof(struct ip_fw *), M_IPFW, M_NOWAIT | M_ZERO);
---
> chain->map = malloc(sizeof(struct ip_fw *), M_IPFW, M_WAITOK | M_ZERO);
2574,2581c2599
< rule = malloc(chain->static_len, M_IPFW, M_NOWAIT | M_ZERO);
< if (rule == NULL) {
< if (chain->map)
< free(chain->map, M_IPFW);
< printf("ipfw2: ENOSPC initializing default rule "
< "(support disabled)\n");
< return (ENOSPC);
< }
---
> rule = malloc(chain->static_len, M_IPFW, M_WAITOK | M_ZERO);
2584c2602,2605
< panic("init_tables"); /* XXX Marko fix this ! */
---
> printf("ipfw2: setting up tables failed\n");
> free(chain->map, M_IPFW);
> free(rule, M_IPFW);
> return (ENOSPC);
2646a2668
> ipfw_dyn_uninit(0); /* run the callout_drain */
2648d2669
< IPFW_WLOCK(chain);
2650d2670
< ipfw_dyn_uninit(0); /* run the callout_drain */
2652a2673
> IPFW_WLOCK(chain);
< __FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw2.c 231852 2012-02-17 02:39:58Z bz $");
---
> __FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw2.c 232865 2012-03-12 14:07:57Z melifaro $");
118a119,121
> /* Use 128 tables by default */
> VNET_DEFINE(int, fw_tables_max) = IPFW_TABLES_MAX;
>
148d150
< uint32_t dummy_tables_max = IPFW_TABLES_MAX;
169c171
< &dummy_tables_max, 0,
---
> &V_fw_tables_max, 0,
174a177
> TUNABLE_INT("net.inet.ip.fw.tables_max", &V_fw_tables_max);
344c347
< iface_match(struct ifnet *ifp, ipfw_insn_if *cmd)
---
> iface_match(struct ifnet *ifp, ipfw_insn_if *cmd, struct ip_fw_chain *chain, uint32_t *tablearg)
349a353,355
> if (cmd->name[0] == '\1') /* use tablearg to match */
> return ipfw_lookup_table_extended(chain, cmd->p.glob,
> ifp->if_xname, tablearg, IPFW_TABLE_INTERFACE);
1315c1321
< (ipfw_insn_if *)cmd);
---
> (ipfw_insn_if *)cmd, chain, &tablearg);
1319c1325,1326
< match = iface_match(oif, (ipfw_insn_if *)cmd);
---
> match = iface_match(oif, (ipfw_insn_if *)cmd,
> chain, &tablearg);
1324c1331,1332
< m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd);
---
> m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd,
> chain, &tablearg);
1450a1459,1469
> } else if (is_ipv6) {
> uint32_t v = 0;
> void *pkey = (cmd->opcode == O_IP_DST_LOOKUP) ?
> &args->f_id.dst_ip6: &args->f_id.src_ip6;
> match = ipfw_lookup_table_extended(chain,
> cmd->arg1, pkey, &v,
> IPFW_TABLE_CIDR);
> if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))
> match = ((ipfw_insn_u32 *)cmd)->d[0] == v;
> if (match)
> tablearg = v;
2568a2588,2593
> /* Check user-supplied number for validness */
> if (V_fw_tables_max < 0)
> V_fw_tables_max = IPFW_TABLES_MAX;
> if (V_fw_tables_max > 65534)
> V_fw_tables_max = 65534;
>
2572c2597
< chain->map = malloc(sizeof(struct ip_fw *), M_IPFW, M_NOWAIT | M_ZERO);
---
> chain->map = malloc(sizeof(struct ip_fw *), M_IPFW, M_WAITOK | M_ZERO);
2574,2581c2599
< rule = malloc(chain->static_len, M_IPFW, M_NOWAIT | M_ZERO);
< if (rule == NULL) {
< if (chain->map)
< free(chain->map, M_IPFW);
< printf("ipfw2: ENOSPC initializing default rule "
< "(support disabled)\n");
< return (ENOSPC);
< }
---
> rule = malloc(chain->static_len, M_IPFW, M_WAITOK | M_ZERO);
2584c2602,2605
< panic("init_tables"); /* XXX Marko fix this ! */
---
> printf("ipfw2: setting up tables failed\n");
> free(chain->map, M_IPFW);
> free(rule, M_IPFW);
> return (ENOSPC);
2646a2668
> ipfw_dyn_uninit(0); /* run the callout_drain */
2648d2669
< IPFW_WLOCK(chain);
2650d2670
< ipfw_dyn_uninit(0); /* run the callout_drain */
2652a2673
> IPFW_WLOCK(chain);