From cc4d3c30ea28e1526158a603a09ae63333e4eacd Mon Sep 17 00:00:00 2001 From: Luigi Rizzo Date: Tue, 2 Mar 2010 17:40:48 +0000 Subject: Bring in the most recent version of ipfw and dummynet, developed and tested over the past two months in the ipfw3-head branch. This also happens to be the same code available in the Linux and Windows ports of ipfw and dummynet. The major enhancement is a completely restructured version of dummynet, with support for different packet scheduling algorithms (loadable at runtime), faster queue/pipe lookup, and a much cleaner internal architecture and kernel/userland ABI which simplifies future extensions. In addition to the existing schedulers (FIFO and WF2Q+), we include a Deficit Round Robin (DRR or RR for brevity) scheduler, and a new, very fast version of WF2Q+ called QFQ. Some test code is also present (in sys/netinet/ipfw/test) that lets you build and test schedulers in userland. Also, we have added a compatibility layer that understands requests from the RELENG_7 and RELENG_8 versions of the /sbin/ipfw binaries, and replies correctly (at least, it does its best; sometimes you just cannot tell who sent the request and how to answer). The compatibility layer should make it possible to MFC this code in a relatively short time. Some minor glitches (e.g. handling of ipfw set enable/disable, and a workaround for a bug in RELENG_7's /sbin/ipfw) will be fixed with separate commits. CREDITS: This work has been partly supported by the ONELAB2 project, and mostly developed by Riccardo Panicucci and myself. The code for the qfq scheduler is mostly from Fabio Checconi, and Marta Carbone and Francesco Magno have helped with testing, debugging and some bug fixes. --- sys/netinet/ipfw/ip_fw_pfil.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'sys/netinet/ipfw/ip_fw_pfil.c') diff --git a/sys/netinet/ipfw/ip_fw_pfil.c b/sys/netinet/ipfw/ip_fw_pfil.c index a7aa5aa4f3a0..b4e31d4c8c80 100644 --- a/sys/netinet/ipfw/ip_fw_pfil.c +++ b/sys/netinet/ipfw/ip_fw_pfil.c @@ -77,6 +77,9 @@ int ipfw_chg_hook(SYSCTL_HANDLER_ARGS); static int ipfw_divert(struct mbuf **, int, struct ipfw_rule_ref *, int); #ifdef SYSCTL_NODE + +SYSBEGIN(f1) + SYSCTL_DECL(_net_inet_ip_fw); SYSCTL_VNET_PROC(_net_inet_ip_fw, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_enable), 0, @@ -87,6 +90,9 @@ SYSCTL_VNET_PROC(_net_inet6_ip6_fw, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw6_enable), 0, ipfw_chg_hook, "I", "Enable ipfw+6"); #endif /* INET6 */ + +SYSEND + #endif /* SYSCTL_NODE */ /* @@ -94,7 +100,7 @@ SYSCTL_VNET_PROC(_net_inet6_ip6_fw, OID_AUTO, enable, * dummynet, divert, netgraph or other modules. * The packet may be consumed. */ -static int +int ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir, struct inpcb *inp) { -- cgit v1.2.3 From 6ba1ccc0f29eb64b529034ca224ce2c1e8f74fd8 Mon Sep 17 00:00:00 2001 From: Luigi Rizzo Date: Mon, 19 Apr 2010 16:17:30 +0000 Subject: whitespace fixes (trailing whitespace, bad indentation after a merge, etc.) --- sys/netinet/ipfw/ip_fw_pfil.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'sys/netinet/ipfw/ip_fw_pfil.c') diff --git a/sys/netinet/ipfw/ip_fw_pfil.c b/sys/netinet/ipfw/ip_fw_pfil.c index b4e31d4c8c80..e87a4c973fe4 100644 --- a/sys/netinet/ipfw/ip_fw_pfil.c +++ b/sys/netinet/ipfw/ip_fw_pfil.c @@ -147,8 +147,8 @@ again: switch (ipfw) { case IP_FW_PASS: /* next_hop may be set by ipfw_chk */ - if (args.next_hop == NULL) - break; /* pass */ + if (args.next_hop == NULL) + break; /* pass */ #ifndef IPFIREWALL_FORWARD ret = EACCES; #else @@ -347,14 +347,14 @@ ipfw_attach_hooks(int arg) if (arg == 0) /* detach */ ipfw_hook(0, AF_INET); - else if (V_fw_enable && ipfw_hook(1, AF_INET) != 0) { + else if (V_fw_enable && ipfw_hook(1, AF_INET) != 0) { error = ENOENT; /* see ip_fw_pfil.c::ipfw_hook() */ printf("ipfw_hook() error\n"); } #ifdef INET6 if (arg == 0) /* detach */ ipfw_hook(0, AF_INET6); - else if (V_fw6_enable && ipfw_hook(1, AF_INET6) != 0) { + else if (V_fw6_enable && ipfw_hook(1, AF_INET6) != 0) { error = ENOENT; printf("ipfw6_hook() error\n"); } -- cgit v1.2.3