another batch of small changes to move ipfw-related stuff

into its own directory, and reduce header dependencies.

sys/net/if_bridge.c

@@ -3060,7 +3060,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 		if (*mp == NULL)
 			return (error);
 
-		if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) {
+		if (ip_dn_io_ptr && (i == IP_FW_DUMMYNET)) {
 
 			/* put the Ethernet header back on */
 			M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);

sys/net/if_ethersubr.c

@@ -524,7 +524,7 @@ ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst,
 	if (i == IP_FW_PASS) /* a PASS rule.  */
 		return 1;
 
-	if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) {
+	if (ip_dn_io_ptr && (i == IP_FW_DUMMYNET)) {
 		/*
 		 * Pass the pkt to dummynet, which consumes it.
 		 * If shared, make a copy and keep the original.

sys/netinet/ip_divert.c

@@ -76,7 +76,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/ip_divert.h>
 #include <netinet/ip_var.h>
 #include <netinet/ip_fw.h>
-#include <netinet/ipfw/ip_fw_var.h>
+#include <netinet/ipfw/ip_fw_var.h>	/* IP_FW_DIVERT_*_FLAG */
 #include <netinet/vinet.h>
 #ifdef SCTP
 #include <netinet/sctp_crc32.h>

sys/netinet/ip_input.c

@@ -213,12 +213,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, output_flowtable_size,
     CTLFLAG_RDTUN, ip_output_flowtable_size, 2048,
     "number of entries in the per-cpu output flow caches");
 
-/*
- * ipfw_ether and ipfw_bridge hooks.
- * XXX: Temporary until those are converted to pfil_hooks as well.
- */
-ip_fw_chk_t *ip_fw_chk_ptr = NULL;
-ip_dn_io_t *ip_dn_io_ptr = NULL;
 #ifdef VIMAGE_GLOBALS
 int fw_one_pass;
 #endif

sys/netinet/ip_var.h

@@ -224,24 +224,16 @@ extern	struct pfil_head inet_pfil_hook;	/* packet filter hooks */
 
 void	in_delayed_cksum(struct mbuf *m);
 
-/* Prototypes for ipfw and dummynet hooks */
-typedef int ip_fw_ctl_t(struct sockopt *);
-extern ip_fw_ctl_t *ip_fw_ctl_ptr;
-/* For kernel ipfw_ether and ipfw_bridge. */
+/* ipfw and dummynet hooks */
+extern int (*ip_fw_ctl_ptr)(struct sockopt *);
 struct ip_fw_args;
-typedef int ip_fw_chk_t(struct ip_fw_args *args);
-extern  ip_fw_chk_t     *ip_fw_chk_ptr;
+extern  int (*ip_fw_chk_ptr)(struct ip_fw_args *args);
 #define IPFW_LOADED     (ip_fw_chk_ptr != NULL)
 
-typedef int ip_dn_ctl_t(struct sockopt *); /* raw_ip.c */
-typedef void ip_dn_ruledel_t(void *); /* ip_fw.c */
-typedef int ip_dn_io_t(struct mbuf **m, int dir, struct ip_fw_args *fwa);
-extern  ip_dn_ctl_t *ip_dn_ctl_ptr;
-extern  ip_dn_ruledel_t *ip_dn_ruledel_ptr;
-extern  ip_dn_io_t *ip_dn_io_ptr;
-#define DUMMYNET_LOADED (ip_dn_io_ptr != NULL)
-
-
+extern  int (*ip_dn_ctl_ptr)(struct sockopt *); /* raw_ip.c */
+extern int (*ip_dn_io_ptr)(struct mbuf **m, int dir, struct ip_fw_args *fwa);
+//typedef void ip_dn_ruledel_t(void *); /* ip_fw_pfil.c */
+extern  void (*ip_dn_ruledel_ptr)(void *); /* ip_fw_pfil.c */
 #endif /* _KERNEL */
 
 #endif /* !_NETINET_IP_VAR_H_ */

sys/netinet/ipfw/ip_dummynet.c

@@ -244,7 +244,7 @@ static void	dummynet(void *);
 static void	dummynet_flush(void);
 static void	dummynet_send(struct mbuf *);
 void		dummynet_drain(void);
-static ip_dn_io_t dummynet_io;
+static int	dummynet_io(struct mbuf **, int , struct ip_fw_args *);
 static void	dn_rule_delete(void *);
 
 /*
@@ -1640,8 +1640,9 @@ dn_rule_delete_fs(struct dn_flow_set *fs, void *r)
 		    pkt->rule = ip_fw_default_rule ;
 	    }
 }
+
 /*
- * when a firewall rule is deleted, scan all queues and remove the flow-id
+ * when a firewall rule is deleted, scan all queues and remove the rule-id
  * from packets matching this rule.
  */
 void
@@ -2339,7 +2340,7 @@ dummynet_modevent(module_t mod, int type, void *data)
 
 	switch (type) {
 	case MOD_LOAD:
-		if (DUMMYNET_LOADED) {
+		if (ip_dn_io_ptr) {
 		    printf("DUMMYNET already loaded\n");
 		    return EEXIST ;
 		}

sys/netinet/ipfw/ip_fw2.c

@@ -3605,6 +3605,12 @@ remove_rule(struct ip_fw_chain *chain, struct ip_fw *rule,
 	return n;
 }
 
+/*
+ * Hook for rule delete.
+ * Set/cleared when dummynet module is loaded.
+ */
+void	(*ip_dn_ruledel_ptr)(void *) = NULL;
+
 /**
  * Reclaim storage associated with a list of rules.  This is
  * typically the list created using remove_rule.
@@ -3616,7 +3622,7 @@ reap_rules(struct ip_fw *head)
 
 	while ((rule = head) != NULL) {
 		head = head->next;
-		if (DUMMYNET_LOADED)
+		if (ip_dn_ruledel_ptr)
 			ip_dn_ruledel_ptr(rule);
 		free(rule, M_IPFW);
 	}

sys/netinet/ipfw/ip_fw_pfil.c

@@ -79,9 +79,6 @@ int fw6_enable = 1;
 
 int ipfw_chg_hook(SYSCTL_HANDLER_ARGS);
 
-/* Dummynet hooks. */
-ip_dn_ruledel_t	*ip_dn_ruledel_ptr = NULL;
-
 /* Divert hooks. */
 ip_divert_packet_t *ip_divert_ptr = NULL;
 
@@ -169,7 +166,7 @@ ipfw_check_in(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 		break;			/* not reached */
 
 	case IP_FW_DUMMYNET:
-		if (!DUMMYNET_LOADED)
+		if (ip_dn_io_ptr == NULL)
 			goto drop;
 		if (mtod(*m0, struct ip *)->ip_v == 4)
 			ip_dn_io_ptr(m0, DN_TO_IP_IN, &args);
@@ -304,7 +301,7 @@ ipfw_check_out(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 		break;  		/* not reached */
 
 	case IP_FW_DUMMYNET:
-		if (!DUMMYNET_LOADED)
+		if (ip_dn_io_ptr == NULL)
 			break;
 		if (mtod(*m0, struct ip *)->ip_v == 4)
 			ip_dn_io_ptr(m0, DN_TO_IP_OUT, &args);

sys/netinet/raw_ip.c

@@ -83,9 +83,15 @@ struct	inpcbhead ripcb;
 struct	inpcbinfo ripcbinfo;
 #endif
 
-/* control hooks for ipfw and dummynet */
-ip_fw_ctl_t *ip_fw_ctl_ptr = NULL;
-ip_dn_ctl_t *ip_dn_ctl_ptr = NULL;
+/*
+ * Control and data hooks for ipfw and dummynet.
+ * The data hooks are not used here but it is convenient
+ * to keep them all in one place.
+ */
+int (*ip_fw_ctl_ptr)(struct sockopt *) = NULL;
+int (*ip_dn_ctl_ptr)(struct sockopt *) = NULL;
+int (*ip_fw_chk_ptr)(struct ip_fw_args *args) = NULL;
+int (*ip_dn_io_ptr)(struct mbuf **m, int dir, struct ip_fw_args *fwa) = NULL;
 
 /*
  * Hooks for multicast routing. They all default to NULL, so leave them not