svn commit: r308673 - head/sbin/ipfw

Andrey V. Elsukov ae at FreeBSD.org
Tue Nov 15 07:13:18 UTC 2016 

Author: ae
Date: Tue Nov 15 07:13:16 2016
New Revision: 308673
URL: https://svnweb.freebsd.org/changeset/base/308673

Log:
  Add missing support of named lookup tables to the IPv6 code.
  
  PR:		214419
  MFC after:	1 week
  Sponsored by:	Yandex LLC

Modified:
  head/sbin/ipfw/ipfw2.c
  head/sbin/ipfw/ipfw2.h
  head/sbin/ipfw/ipv6.c

Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c	Tue Nov 15 07:08:33 2016	(r308672)
+++ head/sbin/ipfw/ipfw2.c	Tue Nov 15 07:13:16 2016	(r308673)
@@ -2910,8 +2910,9 @@ pack_table(struct tidx *tstate, char *na
 	return (pack_object(tstate, name, IPFW_TLV_TBL_NAME));
 }
 
-static void
-fill_table(ipfw_insn *cmd, char *av, uint8_t opcode, struct tidx *tstate)
+void
+fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode,
+    struct tidx *tstate)
 {
 	uint32_t *d = ((ipfw_insn_u32 *)cmd)->d;
 	uint16_t uidx;
@@ -3570,7 +3571,7 @@ add_src(ipfw_insn *cmd, char *av, u_char
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
 	    inet_pton(AF_INET6, host, &a) == 1)
-		ret = add_srcip6(cmd, av, cblen);
+		ret = add_srcip6(cmd, av, cblen, tstate);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
 	    inet_pton(AF_INET6, host, &a) != 1))
@@ -3601,7 +3602,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
 	    inet_pton(AF_INET6, host, &a) == 1)
-		ret = add_dstip6(cmd, av, cblen);
+		ret = add_dstip6(cmd, av, cblen, tstate);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
 	    inet_pton(AF_INET6, host, &a) != 1))
@@ -4670,14 +4671,14 @@ read_options:
 
 		case TOK_SRCIP6:
 			NEED1("missing source IP6");
-			if (add_srcip6(cmd, *av, cblen)) {
+			if (add_srcip6(cmd, *av, cblen, tstate)) {
 				av++;
 			}
 			break;
 
 		case TOK_DSTIP6:
 			NEED1("missing destination IP6");
-			if (add_dstip6(cmd, *av, cblen)) {
+			if (add_dstip6(cmd, *av, cblen, tstate)) {
 				av++;
 			}
 			break;

Modified: head/sbin/ipfw/ipfw2.h
==============================================================================
--- head/sbin/ipfw/ipfw2.h	Tue Nov 15 07:08:33 2016	(r308672)
+++ head/sbin/ipfw/ipfw2.h	Tue Nov 15 07:13:16 2016	(r308673)
@@ -396,8 +396,11 @@ void print_flow6id(struct buf_pr *bp, st
 void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
 void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd );
 
-struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen);
-struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen);
+struct tidx;
+struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen,
+    struct tidx *tstate);
+struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen,
+    struct tidx *tstate);
 
 void fill_flow6(struct _ipfw_insn_u32 *cmd, char *av, int cblen);
 void fill_unreach6_code(u_short *codep, char *str);
@@ -406,6 +409,8 @@ int fill_ext6hdr(struct _ipfw_insn *cmd,
 
 /* ipfw2.c */
 void bp_flush(struct buf_pr *b);
+void fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode,
+    struct tidx *tstate);
 
 /* tables.c */
 struct _ipfw_obj_ctlv;

Modified: head/sbin/ipfw/ipv6.c
==============================================================================
--- head/sbin/ipfw/ipv6.c	Tue Nov 15 07:08:33 2016	(r308672)
+++ head/sbin/ipfw/ipv6.c	Tue Nov 15 07:13:16 2016	(r308673)
@@ -335,7 +335,7 @@ lookup_host6 (char *host, struct in6_add
  * Return 1 on success, 0 on failure.
  */
 static int
-fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen)
+fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen, struct tidx *tstate)
 {
 	int len = 0;
 	struct in6_addr *d = &(cmd->addr6);
@@ -361,18 +361,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, i
 	}
 
 	if (strncmp(av, "table(", 6) == 0) {
-		char *p = strchr(av + 6, ',');
-		uint32_t *dm = ((ipfw_insn_u32 *)cmd)->d;
-
-		if (p)
-			*p++ = '\0';
-		cmd->o.opcode = O_IP_DST_LOOKUP;
-		cmd->o.arg1 = strtoul(av + 6, NULL, 0);
-		if (p) {
-			cmd->o.len |= F_INSN_SIZE(ipfw_insn_u32);
-			dm[0] = strtoul(p, NULL, 0);
-		} else
-			cmd->o.len |= F_INSN_SIZE(ipfw_insn);
+		fill_table(&cmd->o, av, O_IP_DST_LOOKUP, tstate);
 		return (1);
 	}
 
@@ -498,10 +487,10 @@ fill_flow6( ipfw_insn_u32 *cmd, char *av
 }
 
 ipfw_insn *
-add_srcip6(ipfw_insn *cmd, char *av, int cblen)
+add_srcip6(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate)
 {
 
-	fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen);
+	fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen, tstate);
 	if (cmd->opcode == O_IP_DST_SET)			/* set */
 		cmd->opcode = O_IP_SRC_SET;
 	else if (cmd->opcode == O_IP_DST_LOOKUP)		/* table */
@@ -520,10 +509,10 @@ add_srcip6(ipfw_insn *cmd, char *av, int
 }
 
 ipfw_insn *
-add_dstip6(ipfw_insn *cmd, char *av, int cblen)
+add_dstip6(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate)
 {
 
-	fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen);
+	fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen, tstate);
 	if (cmd->opcode == O_IP_DST_SET)			/* set */
 		;
 	else if (cmd->opcode == O_IP_DST_LOOKUP)		/* table */

More information about the svn-src-head mailing list