ipfilter commands, in this case ipf(8), passes its operations and rules

via an ioctl interface. Rules can be added or removed and stats and
counters can be zeroed out. As the ipfilter interprets these
instructions or operations they are stored in an integer called
addrem (add/remove). 1 is add, 2 is remove, and 3 is clear stats and
counters. Much of this is not documented. This commit documents these
operations by replacing simple integers with a self documenting
enum along with a few basic comments.

MFC after:	1 week
This commit is contained in:
Cy Schubert 2019-07-11 00:08:46 +00:00
parent f84a04c8bc
commit d37052fc86

View File

@ -4472,7 +4472,12 @@ frrequest(softc, unit, req, data, set, makecopy)
int set, makecopy;
caddr_t data;
{
int error = 0, in, family, addrem, need_free = 0;
int error = 0, in, family, need_free = 0;
enum { OP_UNDEF, /* undefined */
OP_ADD, /* add rule */
OP_REM, /* remove rule */
OP_ZERO /* zero statistics and counters */ }
addrem = OP_UNDEF;
frentry_t frd, *fp, *f, **fprev, **ftail;
void *ptr, *uptr, *cptr;
u_int *p, *pp;
@ -4540,11 +4545,11 @@ frrequest(softc, unit, req, data, set, makecopy)
if (req == (ioctlcmd_t)SIOCINAFR || req == (ioctlcmd_t)SIOCINIFR ||
req == (ioctlcmd_t)SIOCADAFR || req == (ioctlcmd_t)SIOCADIFR)
addrem = 0;
addrem = OP_ADD; /* Add rule */
else if (req == (ioctlcmd_t)SIOCRMAFR || req == (ioctlcmd_t)SIOCRMIFR)
addrem = 1;
addrem = OP_REM; /* Remove rule */
else if (req == (ioctlcmd_t)SIOCZRLST)
addrem = 2;
addrem = OP_ZERO; /* Zero statistics and counters */
else {
IPFERROR(9);
error = EINVAL;
@ -4578,7 +4583,7 @@ frrequest(softc, unit, req, data, set, makecopy)
goto donenolock;
}
if (addrem == 0) {
if (addrem == OP_UNDEF) {
error = ipf_funcinit(softc, fp);
if (error != 0)
goto donenolock;
@ -4642,7 +4647,7 @@ frrequest(softc, unit, req, data, set, makecopy)
* them to be created if they don't already exit.
*/
group = FR_NAME(fp, fr_group);
if (addrem == 0) {
if (addrem == OP_UNDEF) {
fg = ipf_group_add(softc, group, NULL,
fp->fr_flags, unit, set);
fp->fr_grp = fg;
@ -4947,7 +4952,7 @@ frrequest(softc, unit, req, data, set, makecopy)
/*
* If zero'ing statistics, copy current to caller and zero.
*/
if (addrem == 2) {
if (addrem == OP_ZERO) {
if (f == NULL) {
IPFERROR(27);
error = ESRCH;
@ -5040,7 +5045,7 @@ frrequest(softc, unit, req, data, set, makecopy)
/*
* Request to remove a rule.
*/
if (addrem == 1) {
if (addrem == OP_REM) {
if (f == NULL) {
IPFERROR(29);
error = ESRCH;
@ -5106,7 +5111,7 @@ frrequest(softc, unit, req, data, set, makecopy)
if (fp->fr_next != NULL)
fp->fr_next->fr_pnext = &fp->fr_next;
*ftail = fp;
if (addrem == 0)
if (addrem == OP_UNDEF)
ipf_fixskip(ftail, fp, 1);
fp->fr_icmpgrp = NULL;