[Bug 219316] Wildcard matching of ipfw flow tables
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon May 15 21:18:05 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219316
--- Comment #1 from lutz at donnerhacke.de ---
First of all, the ipfw command needs to be extended.
Index: sbin/ipfw/ipfw.8
===================================================================
--- sbin/ipfw/ipfw.8 (revision 314807)
+++ sbin/ipfw/ipfw.8 (working copy)
@@ -66,6 +66,8 @@
.Nm
.Oo Cm set Ar N Oc Cm table Ar name Cm lookup Ar addr
.Nm
+.Oo Cm set Ar N Oc Cm table Ar name Cm setmask Ar addr
+.Nm
.Oo Cm set Ar N Oc Cm table Ar name Cm lock
.Nm
.Oo Cm set Ar N Oc Cm table Ar name Cm unlock
Index: sbin/ipfw/ipfw2.h
===================================================================
--- sbin/ipfw/ipfw2.h (revision 314807)
+++ sbin/ipfw/ipfw2.h (working copy)
@@ -231,6 +231,7 @@
TOK_FIB,
TOK_SETFIB,
TOK_LOOKUP,
+ TOK_SETMASK,
TOK_SOCKARG,
TOK_SETDSCP,
TOK_FLOW,
Index: sbin/ipfw/tables.c
===================================================================
--- sbin/ipfw/tables.c (revision 314807)
+++ sbin/ipfw/tables.c (working copy)
@@ -49,6 +49,7 @@
static void table_create(ipfw_obj_header *oh, int ac, char *av[]);
static void table_modify(ipfw_obj_header *oh, int ac, char *av[]);
static void table_lookup(ipfw_obj_header *oh, int ac, char *av[]);
+static void table_setmask(ipfw_obj_header *oh, int ac, char *av[]);
static void table_lock(ipfw_obj_header *oh, int lock);
static int table_swap(ipfw_obj_header *oh, char *second);
static int table_get_info(ipfw_obj_header *oh, ipfw_xtable_info *i);
@@ -114,6 +115,7 @@
{ "atomic", TOK_ATOMIC },
{ "lock", TOK_LOCK },
{ "unlock", TOK_UNLOCK },
+ { "setmask", TOK_SETMASK },
{ NULL, 0 }
};
@@ -142,6 +144,7 @@
* ipfw table NAME add [addr[/masklen] value] [addr[/masklen] value] ..
* ipfw table NAME delete addr[/masklen] [addr[/masklen]] ..
* ipfw table NAME lookup addr
+ * ipfw table NAME setmask addr
* ipfw table {NAME | all} flush
* ipfw table {NAME | all} list
* ipfw table {NAME | all} info
@@ -289,6 +292,10 @@
ac--; av++;
table_lookup(&oh, ac, av);
break;
+ case TOK_SETMASK:
+ ac--; av++;
+ table_setmask(&oh, ac, av);
+ break;
}
}
@@ -1043,8 +1050,8 @@
}
static int
-table_do_lookup(ipfw_obj_header *oh, char *key, ipfw_xtable_info *xi,
- ipfw_obj_tentry *xtent)
+table_do_lookup_or_setmask(ipfw_obj_header *oh, char *key, ipfw_xtable_info
*xi,
+ ipfw_obj_tentry *xtent, int opcode)
{
char xbuf[sizeof(ipfw_obj_header) + sizeof(ipfw_obj_tentry)];
ipfw_obj_tentry *tent;
@@ -1064,7 +1071,7 @@
oh->ntlv.type = type;
sz = sizeof(xbuf);
- if (do_get3(IP_FW_TABLE_XFIND, &oh->opheader, &sz) != 0)
+ if (do_get3(opcode, &oh->opheader, &sz) != 0)
return (errno);
if (sz < sizeof(xbuf))
@@ -1089,7 +1096,7 @@
strlcpy(key, *av, sizeof(key));
memset(&xi, 0, sizeof(xi));
- error = table_do_lookup(oh, key, &xi, &xtent);
+ error = table_do_lookup_or_setmask(oh, key, &xi, &xtent,
IP_FW_TABLE_XFIND);
switch (error) {
case 0:
@@ -1109,6 +1116,32 @@
}
static void
+table_setmask(ipfw_obj_header *oh, int ac, char *av[])
+{
+ ipfw_obj_tentry xtent;
+ ipfw_xtable_info xi;
+ char key[64];
+ int error;
+
+ if (ac == 0)
+ errx(EX_USAGE, "mask required");
+
+ strlcpy(key, *av, sizeof(key));
+
+ memset(&xi, 0, sizeof(xi));
+ error = table_do_lookup_or_setmask(oh, key, &xi, &xtent,
IP_FW_TABLE_XSETMASK);
+
+ switch (error) {
+ case 0:
+ break;
+ case ESRCH:
+ errx(EX_UNAVAILABLE, "Table %s not found", oh->ntlv.name);
+ default:
+ err(EX_OSERR, "getsockopt(IP_FW_TABLE_XSETMASK)");
+ }
+}
+
+static void
tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
uint8_t tflags)
{
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list