diff options
author | Jonathan Lemon <jlemon@FreeBSD.org> | 2001-12-14 19:34:11 +0000 |
---|---|---|
committer | Jonathan Lemon <jlemon@FreeBSD.org> | 2001-12-14 19:34:11 +0000 |
commit | aa1f5daa31cf2ba877e97955ac493ad9549f4b9b (patch) | |
tree | 8bb41a9bd0c3b5cb6c856a1c43d3c001eaf25777 /sys/netinet/ip_output.c | |
parent | 6f00486cfdfe18ea3510804d230b93ed3342cdc4 (diff) | |
download | src-aa1f5daa31cf2ba877e97955ac493ad9549f4b9b.tar.gz src-aa1f5daa31cf2ba877e97955ac493ad9549f4b9b.zip |
whitespace and style fixes recovered from -stable.
Notes
Notes:
svn path=/head/; revision=87916
Diffstat (limited to 'sys/netinet/ip_output.c')
-rw-r--r-- | sys/netinet/ip_output.c | 68 |
1 files changed, 35 insertions, 33 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index ecf0faa90a09..58ffb5e00c32 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -596,48 +596,50 @@ skip_ipsec: /* * On return we must do the following: * m == NULL -> drop the pkt (old interface, deprecated) - * (off & 0x40000) -> drop the pkt (new interface) - * 1<=off<= 0xffff -> DIVERT - * (off & 0x10000) -> send to a DUMMYNET pipe - * (off & 0x20000) -> TEE the packet - * dst != old -> IPFIREWALL_FORWARD - * off==0, dst==old -> accept - * If some of the above modules is not compiled in, then + * (off & IP_FW_PORT_DENY_FLAG) -> drop the pkt (new interface) + * 1<=off<= 0xffff -> DIVERT + * (off & IP_FW_PORT_DYNT_FLAG) -> send to a DUMMYNET pipe + * (off & IP_FW_PORT_TEE_FLAG) -> TEE the packet + * dst != old -> IPFIREWALL_FORWARD + * off==0, dst==old -> accept + * If some of the above modules are not compiled in, then * we should't have to check the corresponding condition * (because the ipfw control socket should not accept * unsupported rules), but better play safe and drop * packets in case of doubt. */ if (off & IP_FW_PORT_DENY_FLAG) { /* XXX new interface-denied */ - if (m) - m_freem(m); - error = EACCES ; - goto done; + if (m) + m_freem(m); + error = EACCES; + goto done; } - if (!m) { /* firewall said to reject */ - static int __debug=10; - if (__debug >0) { - printf("firewall returns NULL, please update!\n"); - __debug-- ; - } - error = EACCES; - goto done; + if (!m) { /* firewall said to reject */ + static int __debug=10; + + if (__debug > 0) { + printf( + "firewall returns NULL, please update!\n"); + __debug--; + } + error = EACCES; + goto done; } - if (off == 0 && dst == old) /* common case */ - goto pass ; + if (off == 0 && dst == old) /* common case */ + goto pass; if (DUMMYNET_LOADED && (off & IP_FW_PORT_DYNT_FLAG) != 0) { - /* - * pass the pkt to dummynet. Need to include - * pipe number, m, ifp, ro, dst because these are - * not recomputed in the next pass. - * All other parameters have been already used and - * so they are not needed anymore. - * XXX note: if the ifp or ro entry are deleted - * while a pkt is in dummynet, we are in trouble! - */ - error = ip_dn_io_ptr(off & 0xffff, DN_TO_IP_OUT, m, - ifp,ro,dst,rule, flags); - goto done; + /* + * pass the pkt to dummynet. Need to include + * pipe number, m, ifp, ro, dst because these are + * not recomputed in the next pass. + * All other parameters have been already used and + * so they are not needed anymore. + * XXX note: if the ifp or ro entry are deleted + * while a pkt is in dummynet, we are in trouble! + */ + error = ip_dn_io_ptr(off & 0xffff, DN_TO_IP_OUT, m, + ifp, ro, dst, rule, flags); + goto done; } #ifdef IPDIVERT if (off != 0 && (off & IP_FW_PORT_DYNT_FLAG) == 0) { |