From 72e02d4dac95bbbc0fd31e50d62f03ea1db9b3d6 Mon Sep 17 00:00:00 2001 From: Luigi Rizzo Date: Sat, 12 Jul 2003 05:54:17 +0000 Subject: [PATCH] Implement comments embedded into ipfw2 instructions. Since we already had 'O_NOP' instructions which always match, all I needed to do is allow the NOP command to have arbitrary length (i.e. move its label in a different part of the switch() which validates instructions). The kernel must know nothing about comments, everything else is done in userland (which will be described in the upcoming ipfw2.c commit). --- sys/netinet/ip_fw2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 1a1fdd4d1c57..fd30c5c65ea4 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -2389,7 +2389,6 @@ check_ipfw_struct(struct ip_fw *rule, int size) } DEB(printf("ipfw: opcode %d\n", cmd->opcode);) switch (cmd->opcode) { - case O_NOP: case O_PROBE_STATE: case O_KEEP_STATE: case O_PROTO: @@ -2462,6 +2461,7 @@ check_ipfw_struct(struct ip_fw *rule, int size) goto bad_size; break; + case O_NOP: case O_IPID: case O_IPTTL: case O_IPLEN: