svn commit: r308970 - stable/11/sbin/ipfw

Tue Nov 22 10:09:05 UTC 2016

Author: ae
Date: Tue Nov 22 10:09:04 2016
New Revision: 308970
URL: https://svnweb.freebsd.org/changeset/base/308970

Log:
  MFC r308673:
    Add missing support of named lookup tables to the IPv6 code.
  
    PR:		214419

Modified:
  stable/11/sbin/ipfw/ipfw2.c
  stable/11/sbin/ipfw/ipfw2.h
  stable/11/sbin/ipfw/ipv6.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sbin/ipfw/ipfw2.c
==============================================================================

--- stable/11/sbin/ipfw/ipfw2.c	Tue Nov 22 10:06:39 2016	(r308969)
+++ stable/11/sbin/ipfw/ipfw2.c	Tue Nov 22 10:09:04 2016	(r308970)
@@ -2883,8 +2883,9 @@ pack_table(struct tidx *tstate, char *na
 	return (pack_object(tstate, name, IPFW_TLV_TBL_NAME));
 }
 
-static void
-fill_table(ipfw_insn *cmd, char *av, uint8_t opcode, struct tidx *tstate)
+void
+fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode,
+    struct tidx *tstate)
 {
 	uint32_t *d = ((ipfw_insn_u32 *)cmd)->d;
 	uint16_t uidx;
@@ -3543,7 +3544,7 @@ add_src(ipfw_insn *cmd, char *av, u_char
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
 	    inet_pton(AF_INET6, host, &a) == 1)
-		ret = add_srcip6(cmd, av, cblen);
+		ret = add_srcip6(cmd, av, cblen, tstate);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
 	    inet_pton(AF_INET6, host, &a) != 1))
@@ -3574,7 +3575,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
 	    inet_pton(AF_INET6, host, &a) == 1)
-		ret = add_dstip6(cmd, av, cblen);
+		ret = add_dstip6(cmd, av, cblen, tstate);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
 	    inet_pton(AF_INET6, host, &a) != 1))
@@ -4578,14 +4579,14 @@ read_options:
 
 		case TOK_SRCIP6:
 			NEED1("missing source IP6");
-			if (add_srcip6(cmd, *av, cblen)) {
+			if (add_srcip6(cmd, *av, cblen, tstate)) {
 				av++;
 			}
 			break;
 
 		case TOK_DSTIP6:
 			NEED1("missing destination IP6");
-			if (add_dstip6(cmd, *av, cblen)) {
+			if (add_dstip6(cmd, *av, cblen, tstate)) {
 				av++;
 			}
 			break;

Modified: stable/11/sbin/ipfw/ipfw2.h
==============================================================================
--- stable/11/sbin/ipfw/ipfw2.h	Tue Nov 22 10:06:39 2016	(r308969)
+++ stable/11/sbin/ipfw/ipfw2.h	Tue Nov 22 10:09:04 2016	(r308970)
@@ -363,8 +363,11 @@ void print_flow6id(struct buf_pr *bp, st
 void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
 void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd );
 
-struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen);
-struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen);
+struct tidx;
+struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen,
+    struct tidx *tstate);
+struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen,
+    struct tidx *tstate);
 
 void fill_flow6(struct _ipfw_insn_u32 *cmd, char *av, int cblen);
 void fill_unreach6_code(u_short *codep, char *str);
@@ -373,6 +376,8 @@ int fill_ext6hdr(struct _ipfw_insn *cmd,
 
 /* ipfw2.c */
 void bp_flush(struct buf_pr *b);
+void fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode,
+    struct tidx *tstate);
 
 /* tables.c */
 struct _ipfw_obj_ctlv;

Modified: stable/11/sbin/ipfw/ipv6.c
==============================================================================
--- stable/11/sbin/ipfw/ipv6.c	Tue Nov 22 10:06:39 2016	(r308969)
+++ stable/11/sbin/ipfw/ipv6.c	Tue Nov 22 10:09:04 2016	(r308970)
@@ -334,7 +334,7 @@ lookup_host6 (char *host, struct in6_add
  * Return 1 on success, 0 on failure.
  */
 static int
-fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen)
+fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen, struct tidx *tstate)
 {
 	int len = 0;
 	struct in6_addr *d = &(cmd->addr6);
@@ -360,18 +360,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, i
 	}
 
 	if (strncmp(av, "table(", 6) == 0) {
-		char *p = strchr(av + 6, ',');
-		uint32_t *dm = ((ipfw_insn_u32 *)cmd)->d;
-
-		if (p)
-			*p++ = '\0';
-		cmd->o.opcode = O_IP_DST_LOOKUP;
-		cmd->o.arg1 = strtoul(av + 6, NULL, 0);
-		if (p) {
-			cmd->o.len |= F_INSN_SIZE(ipfw_insn_u32);
-			dm[0] = strtoul(p, NULL, 0);
-		} else
-			cmd->o.len |= F_INSN_SIZE(ipfw_insn);
+		fill_table(&cmd->o, av, O_IP_DST_LOOKUP, tstate);
 		return (1);
 	}
 
@@ -492,10 +481,10 @@ fill_flow6( ipfw_insn_u32 *cmd, char *av
 }
 
 ipfw_insn *
-add_srcip6(ipfw_insn *cmd, char *av, int cblen)
+add_srcip6(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate)
 {
 
-	fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen);
+	fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen, tstate);
 	if (cmd->opcode == O_IP_DST_SET)			/* set */
 		cmd->opcode = O_IP_SRC_SET;
 	else if (cmd->opcode == O_IP_DST_LOOKUP)		/* table */
@@ -514,10 +503,10 @@ add_srcip6(ipfw_insn *cmd, char *av, int
 }
 
 ipfw_insn *
-add_dstip6(ipfw_insn *cmd, char *av, int cblen)
+add_dstip6(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate)
 {
 
-	fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen);
+	fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen, tstate);
 	if (cmd->opcode == O_IP_DST_SET)			/* set */
 		;
 	else if (cmd->opcode == O_IP_DST_LOOKUP)		/* table */
