kern/121108: [ipfw] [patch] add support to ToS IP PRECEDENCE
fields
Marcelo Araujo
araujobsdport at gmail.com
Tue Feb 26 13:50:04 UTC 2008
The following reply was made to PR kern/121108; it has been noted by GNATS.
From: Marcelo Araujo <araujobsdport at gmail.com>
To: Maxim Konovalov <maxim at macomnet.ru>
Cc: bug-followup at freebsd.org, Ion-Mihai Tetcu <itetcu at FreeBSD.org>,
stas at mbsd.msk.ru, Boris Samorodov <bsam at ipt.ru>,
Roman Bogorodskiy <novel at FreeBSD.org>
Subject: Re: kern/121108: [ipfw] [patch] add support to ToS IP PRECEDENCE
fields
Date: Tue, 26 Feb 2008 10:39:34 -0300
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEFB958632A87BA2B77182DFC
Content-Type: multipart/mixed;
boundary="------------020303030608020802080703"
This is a multi-part message in MIME format.
--------------020303030608020802080703
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
I solved the problem with the revision conflicts and I removed all
unnecessary comments.
Best Regards.
--=20
Marcelo Araujo (__)
araujo at FreeBSD.org \\\'',)
http://www.FreeBSD.org \/ \ ^
Power To Server. .\. /_)
--------------020303030608020802080703
Content-Type: text/x-patch;
name="ipfw-ToS8bits.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline;
filename="ipfw-ToS8bits.diff"
Index: sbin/ipfw/ipfw2.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.117
diff -u -r1.117 ipfw2.c
--- sbin/ipfw/ipfw2.c 24 Feb 2008 15:37:45 -0000 1.117
+++ sbin/ipfw/ipfw2.c 26 Feb 2008 12:54:54 -0000
@@ -177,6 +177,18 @@
{ NULL, 0 }
};
=20
+static struct _s_x f_iptospre[] =3D {
+ { "netcontrol", IPTOSPRE_NETCONTROL},
+ { "intercontrol", IPTOSPRE_INTERCONTROL},
+ { "criticecp", IPTOSPRE_CRITICECP},
+ { "flashover", IPTOSPRE_FLASHOVER},
+ { "flash", IPTOSPRE_FLASH},
+ { "immediate", IPTOSPRE_IMMEDIATE},
+ { "priority", IPTOSPRE_PRIORITY},
+ { "routine", IPTOSPRE_ROUTINE},
+ { NULL, 0}
+};
+
static struct _s_x f_iptos[] =3D {
{ "lowdelay", IPTOS_LOWDELAY},
{ "throughput", IPTOS_THROUGHPUT},
@@ -282,6 +294,7 @@
TOK_IPLEN,
TOK_IPID,
TOK_IPPRECEDENCE,
+ TOK_IPTOSPRE,
TOK_IPTOS,
TOK_IPTTL,
TOK_IPVER,
@@ -317,6 +330,7 @@
TOK_GRED,
TOK_DROPTAIL,
TOK_PROTO,
+ TOK_SETIPTOSPRE,
TOK_WEIGHT,
TOK_IP,
TOK_IF,
@@ -411,6 +425,7 @@
{ "unreach6", TOK_UNREACH6 },
{ "unreach", TOK_UNREACH },
{ "check-state", TOK_CHECKSTATE },
+ { "iptospre", TOK_SETIPTOSPRE },
{ "//", TOK_COMMENT },
{ "nat", TOK_NAT },
{ NULL, 0 } /* terminator */
@@ -449,6 +464,7 @@
{ "ipid", TOK_IPID },
{ "ipprecedence", TOK_IPPRECEDENCE },
{ "iptos", TOK_IPTOS },
+ { "iptospre", TOK_IPTOSPRE },
{ "ipttl", TOK_IPTTL },
{ "ipversion", TOK_IPVER },
{ "ipver", TOK_IPVER },
@@ -1599,6 +1615,10 @@
}
break;
=20
+ case O_SETIPTOSPRE:
+ printf("iptospre %s", match_value(f_iptospre, cmd->arg1));
+ break;
+
case O_LOG: /* O_LOG is printed last */
logptr =3D (ipfw_insn_log *)cmd;
break;
@@ -1910,6 +1930,10 @@
printf(" established");
break;
=20
+ case O_IPTOSPRE:
+ printf(" iptospre %s", match_value(f_iptospre, cmd->arg1));
+ break;
+
case O_TCPDATALEN:
if (F_LEN(cmd) =3D=3D 1)
printf(" tcpdatalen %u", cmd->arg1 );
@@ -2712,7 +2736,7 @@
"RULE-BODY: check-state [PARAMS] | ACTION [PARAMS] ADDR [OPTION_LIST]\n"=
"ACTION: check-state | allow | count | deny | unreach{,6} CODE |\n"
" skipto N | {divert|tee} PORT | forward ADDR |\n"
-" pipe N | queue N | nat N\n"
+" pipe N | queue N | iptospre CODE | nat N\n"
"PARAMS: [log [logamount LOGLIMIT]] [altq QUEUE_NAME]\n"
"ADDR: [ MAC dst src ether_type ] \n"
" [ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"
@@ -2725,6 +2749,7 @@
"OPTION: bridged | diverted | diverted-loopback | diverted-output |\n"
" {dst-ip|src-ip} IPADDR | {dst-ip6|src-ip6|dst-ipv6|src-ipv6} IP6ADDR |=
\n"
" {dst-port|src-port} LIST |\n"
+" iptospre CODE | {dst-ip|src-ip} IPADDR |\n"
" estab | frag | {gid|uid} N | icmptypes LIST | in | out | ipid LIST |\n=
"
" iplen LIST | ipoptions SPEC | ipprecedence | ipsec | iptos SPEC |\n"
" ipttl LIST | ipversion VER | keep-state | layer2 | limit ... |\n"
@@ -4848,6 +4873,12 @@
action->opcode =3D O_COUNT;
break;
=20
+ case TOK_SETIPTOSPRE:
+ NEED1("need iptospre arg\n");
+ fill_flags(action, O_SETIPTOSPRE, f_iptospre, *av);
+ ac--; av++;
+ break;
+
case TOK_NAT:
action->opcode =3D O_NAT;
action->len =3D F_INSN_SIZE(ipfw_insn_nat);
@@ -5334,6 +5365,12 @@
ac--; av++;
break;
=20
+ case TOK_IPTOSPRE:
+ NEED1("missing argument for iptospre");
+ fill_flags(cmd, O_IPTOSPRE, f_iptospre, *av);
+ ac--; av++;
+ break;
+
case TOK_IPTOS:
NEED1("missing argument for iptos");
fill_flags(cmd, O_IPTOS, f_iptos, *av);
Index: sys/netinet/ip_fw.h
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/sys/netinet/ip_fw.h,v
retrieving revision 1.111
diff -u -r1.111 ip_fw.h
--- sys/netinet/ip_fw.h 25 Jan 2008 14:38:27 -0000 1.111
+++ sys/netinet/ip_fw.h 26 Feb 2008 12:54:54 -0000
@@ -161,6 +161,9 @@
O_TAG, /* arg1=3Dtag number */
O_TAGGED, /* arg1=3Dtag number */
=20
+ O_SETIPTOSPRE, /* Add ToS PRECEDENCE support. */
+ O_IPTOSPRE, /* Add ToS PRECEDENCE support. */
+
O_LAST_OPCODE /* not an opcode! */
};
=20
@@ -510,6 +513,18 @@
#define IP_FW_IPOPT_RR 0x04
#define IP_FW_IPOPT_TS 0x08
=20
+/* Definitions for IP ToS PRECEDENCE. */=20
+/* Thanks to: http://www.easycalculation.com/binary-converter.php */
+#define IPTOSPRE_NETCONTROL 224 /* bin =3D 111 dec =3D 224 hex =3D 0xe0=
*/
+#define IPTOSPRE_INTERCONTROL 192 /* bin =3D 110 dec =3D 192 hex =3D 0xc=
0 */
+#define IPTOSPRE_CRITICECP 160 /* bin =3D 101 dec =3D 160 hex =3D 0xa0 =
*/
+#define IPTOSPRE_FLASHOVER 128 /* bin =3D 100 dec =3D 128 hex =3D 0x80 =
*/
+#define IPTOSPRE_FLASH 96 /* bin =3D 011 dec =3D 96 hex =3D 0x60 */
+#define IPTOSPRE_IMMEDIATE 64 /* bin =3D 010 dec =3D 64 hex =3D 0x40 =
*/
+#define IPTOSPRE_PRIORITY 32 /* bin =3D 001 dec =3D 32 hex =3D 0x20 *=
/
+#define IPTOSPRE_ROUTINE 0 /* bin =3D 000 dec =3D 0 hex =3D 0x00 */=
+/* Definitions for IP ToS PRECEDENCE. */=20
+
/*
* Definitions for TCP option names.
*/
@@ -626,5 +641,22 @@
extern ip_fw_chk_t *ip_fw_chk_ptr;
#define IPFW_LOADED (ip_fw_chk_ptr !=3D NULL)
=20
+/* Some novel@ code. */
+#define ADJUST_CHECKSUM(acc, cksum) \
+ do { \
+ acc +=3D cksum; \
+ if (acc < 0) { \
+ acc =3D -acc; \
+ acc =3D (acc >> 16) + (acc & 0xffff); \
+ acc +=3D acc >> 16; \
+ cksum =3D (u_short) ~acc; \
+ } else { \
+ acc =3D (acc >> 16) + (acc & 0xffff); \
+ acc +=3D acc >> 16; \
+ cksum =3D (u_short) acc; \
+ } \
+ } while (0)
+/* Some novel@ code. */
+
#endif /* _KERNEL */
#endif /* _IPFW2_H */
Index: sys/netinet/ip_fw2.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.181
diff -u -r1.181 ip_fw2.c
--- sys/netinet/ip_fw2.c 24 Feb 2008 15:37:45 -0000 1.181
+++ sys/netinet/ip_fw2.c 26 Feb 2008 12:55:28 -0000
@@ -177,6 +177,21 @@
=20
extern int ipfw_chg_hook(SYSCTL_HANDLER_ARGS);
=20
+/* some @novel code. */
+static __inline int
+twowords(void *p) {
+ uint8_t *c =3D p;
+#if BYTE_ORDER =3D=3D LITTLE_ENDIAN
+ uint16_t s1 =3D ((uint16_t)c[1] << 8) + (uint16_t)c[0];
+ uint16_t s2 =3D ((uint16_t)c[3] << 8) + (uint16_t)c[2];
+#else
+ uint16_t s1 =3D ((uint16_t)c[0] << 8) + (uint16_t)c[1];
+ uint16_t s2 =3D ((uint16_t)c[2] << 8) + (uint16_t)c[3];
+#endif
+ return (s1 + s2);
+}
+/* some @novel code. */
+
#ifdef SYSCTL_NODE
SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable,
@@ -2700,6 +2715,7 @@
for (; f; f =3D f->next) {
ipfw_insn *cmd;
uint32_t tablearg =3D 0;
+ int accumulate; /* Novel@ code. */
int l, cmdlen, skip_or; /* skip rest of OR block */
=20
again:
@@ -3006,6 +3022,11 @@
flags_match(cmd, ip->ip_tos));
break;
=20
+ case O_IPTOSPRE:
+ match =3D (is_ipv4 &&
+ flags_match(cmd, ip->ip_tos));
+ break;
+
case O_TCPDATALEN:
if (proto =3D=3D IPPROTO_TCP && offset =3D=3D 0) {
struct tcphdr *tcp;
@@ -3322,6 +3343,18 @@
match =3D 1;
break;
=20
+ /* Insert within IP ToS PRECEDENCE field. */
+ case O_SETIPTOSPRE:
+ accumulate =3D twowords(&ip->ip_tos);
+ ip->ip_tos=3D cmd->arg1;
+ accumulate -=3D twowords(&ip->ip_tos);
+ ADJUST_CHECKSUM(accumulate, ip->ip_sum);
+ f->pcnt++; /* update stats */
+ f->bcnt +=3D pktlen;
+ f->timestamp =3D time_second;
+ goto next_rule;
+ /* Insert within IP ToS PRECEDENCE field. */
+
case O_PROBE_STATE:
case O_CHECK_STATE:
/*
@@ -4119,6 +4152,7 @@
case O_FRAG:
case O_DIVERTED:
case O_IPOPT:
+ case O_IPTOSPRE:
case O_IPTOS:
case O_IPPRECEDENCE:
case O_IPVER:
@@ -4142,6 +4176,10 @@
goto bad_size;
break;
=20
+ case O_SETIPTOSPRE:
+ have_action =3D 1;
+ break;
+
case O_UID:
case O_GID:
case O_JAIL:
--------------020303030608020802080703--
--------------enigEFB958632A87BA2B77182DFC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFHxBacovxJd1Pkz6gRAnKGAKCHs4KNB1M3IC0ii5JXvuiRXYJ9xACgiuMn
vKLCJEusdTaOviePhj8i0OM=
=lKcp
-----END PGP SIGNATURE-----
--------------enigEFB958632A87BA2B77182DFC--
More information about the freebsd-bugs
mailing list