[Bug 219316] Wildcard matching of ipfw flow tables
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon May 15 21:27:55 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219316
--- Comment #4 from lutz at donnerhacke.de ---
I do only need the real functionality in the flow tables, so this patch
provides only this partial implementation. I do reuse the already existing flow
masks.
Index: sys/netpfil/ipfw/ip_fw_table_algo.c
===================================================================
--- sys/netpfil/ipfw/ip_fw_table_algo.c (revision 314807)
+++ sys/netpfil/ipfw/ip_fw_table_algo.c (working copy)
@@ -186,6 +187,17 @@
* entry not found: returns ENOENT
*
*
+ * -set_mask: set generic input mask specifed in @tei
+ * typedef int ta_set_mask(void *ta_state, struct table_info *ti,
+ * ipfw_obj_tentry *tent);
+ * OPTIONAL, locked (UH+WLOCK). (M_NOWAIT). Returns 0 on success.
+ *
+ * Finds entry specified by given key.
+ * * Caller is required to do the following:
+ * entry found: returns 0, export entry to @tent
+ * entry not found: returns ENOENT
+ *
+ *
* -need_modify: checks if @ti has enough space to hold another @count items.
* typedef int (ta_need_modify)(void *ta_state, struct table_info *ti,
* uint32_t count, uint64_t *pflags);
@@ -3099,6 +3111,7 @@
size_t items;
struct fhashentry4 fe4;
struct fhashentry6 fe6;
+ uint8_t flags;
};
struct ta_buf_fhash {
@@ -3274,6 +3292,7 @@
cfg = malloc(sizeof(struct fhash_cfg), M_IPFW, M_WAITOK | M_ZERO);
cfg->size = 512;
+ cfg->flags = tflags;
cfg->head = malloc(sizeof(struct fhashbhead) * cfg->size, M_IPFW,
M_WAITOK | M_ZERO);
@@ -3475,6 +3494,69 @@
return (ENOENT);
}
+static int
+ta_set_fhash_mask(void *ta_state, struct table_info *ti,
+ ipfw_obj_tentry *tent)
+{
+ struct fhash_cfg *cfg;
+ struct fhashentry *ent;
+ struct fhashentry6 fe6, *pm6;
+ struct fhashentry4 *pm4;
+ struct tentry_info tei;
+ int error;
+
+ cfg = (struct fhash_cfg *)ta_state;
+
+ ent = &fe6.e;
+ pm6 = &fe6;
+ pm4 = (struct fhashentry4 *) &fe6;
+
+ memset(&fe6, 0, sizeof(fe6));
+ memset(&tei, 0, sizeof(tei));
+
+ tei.paddr = &tent->k.flow;
+ tei.subtype = tent->subtype;
+
+ if ((error = tei_to_fhash_ent(&tei, ent)) != 0)
+ return (error);
+
+ /* Fill in fe masks based on @tflags */
+ switch(ent->af) {
+#ifdef INET
+ case AF_INET:
+ if (cfg->flags & IPFW_TFFLAG_SRCIP)
+ cfg->fe4.sip = pm4->sip;
+ if (cfg->flags & IPFW_TFFLAG_DSTIP)
+ cfg->fe4.dip = pm4->dip;
+ if (cfg->flags & IPFW_TFFLAG_SRCPORT)
+ cfg->fe4.e.sport = ent->sport;
+ if (cfg->flags & IPFW_TFFLAG_DSTPORT)
+ cfg->fe4.e.dport = ent->dport;
+ if (cfg->flags & IPFW_TFFLAG_PROTO)
+ cfg->fe4.e.proto = ent->proto;
+ break;
+#endif
+#ifdef INET6
+ case AF_INET6:
+ if (cfg->flags & IPFW_TFFLAG_SRCIP)
+ cfg->fe6.sip6 = pm6->sip6;
+ if (cfg->flags & IPFW_TFFLAG_DSTIP)
+ cfg->fe6.dip6 = pm6->dip6;
+ if (cfg->flags & IPFW_TFFLAG_SRCPORT)
+ cfg->fe6.e.sport = ent->sport;
+ if (cfg->flags & IPFW_TFFLAG_DSTPORT)
+ cfg->fe6.e.dport = ent->dport;
+ if (cfg->flags & IPFW_TFFLAG_PROTO)
+ cfg->fe6.e.proto = ent->proto;
+ break;
+#endif
+ default:
+ return (EINVAL);
+ }
+
+ return (0);
+}
+
static void
ta_foreach_fhash(void *ta_state, struct table_info *ti, ta_foreach_f *f,
void *arg)
@@ -3771,6 +3853,7 @@
.fill_mod = ta_fill_mod_fhash,
.modify = ta_modify_fhash,
.flush_mod = ta_flush_mod_fhash,
+ .set_mask = ta_set_fhash_mask,
};
/*
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list