addition to ipfw table..

[Andrey V. Elsukov]

Julian Elischer wrote:
> I do know it won't handle non contiguous masks well but as the
> ipfw ABI code only accepts a network mask length instead of a
> mask, there's not much that can be done.
> I may suggest a later fix for that but it will break the ABI.
> 
> comments?

What you think about my patch?

-- 
WBR, Andrey V. Elsukov
-------------- next part --------------
Index: src/sbin/ipfw/ipfw2.c
===================================================================
RCS file: /ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.118
diff -u -p -r1.118 ipfw2.c
--- src/sbin/ipfw/ipfw2.c	27 Feb 2008 13:52:33 -0000	1.118
+++ src/sbin/ipfw/ipfw2.c	17 Apr 2008 05:45:27 -0000
@@ -5833,7 +5833,7 @@ table_handler(int ac, char *av[])
 	ipfw_table_entry ent;
 	ipfw_table *tbl;
 	int do_add;
-	char *p;
+	char *p, md;
 	socklen_t l;
 	uint32_t a;
 
@@ -5850,10 +5850,22 @@ table_handler(int ac, char *av[])
 		ac--; av++;
 		if (!ac)
 			errx(EX_USAGE, "IP address required");
-		p = strchr(*av, '/');
+		p = strpbrk(*av, "/:");
 		if (p) {
+			md = *p;
 			*p++ = '\0';
-			ent.masklen = atoi(p);
+			switch (md) {
+			case ':':
+				if (!inet_aton(p, (struct in_addr *)&a))
+					errx(EX_DATAERR, "bad netmask ``%s''", p);
+				ent.masklen = contigmask((uint8_t *)&a, 32);
+				if (ent.masklen > 32)
+					errx(EX_DATAERR,
+						"netmask ``%s'' is not contiguous", p);
+				break;
+			case '/':
+				ent.masklen = atoi(p);
+			}
 			if (ent.masklen > 32)
 				errx(EX_DATAERR, "bad width ``%s''", p);
 		} else