svn commit: r328161 - head/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Fri Jan 19 12:50:05 UTC 2018
Author: ae
Date: Fri Jan 19 12:50:03 2018
New Revision: 328161
URL: https://svnweb.freebsd.org/changeset/base/328161
Log:
Add UDPLite support to ipfw(4).
Now it is possible to use UDPLite's port numbers in rules,
create dynamic states for UDPLite packets and see "UDPLite" for matched
packets in log.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/ip_fw2.c
head/sys/netpfil/ipfw/ip_fw_dynamic.c
head/sys/netpfil/ipfw/ip_fw_log.c
Modified: head/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw2.c Fri Jan 19 08:48:14 2018 (r328160)
+++ head/sys/netpfil/ipfw/ip_fw2.c Fri Jan 19 12:50:03 2018 (r328161)
@@ -1088,6 +1088,9 @@ check_uidgid(ipfw_insn_u32 *insn, struct ip_fw_args *a
} else if (id->proto == IPPROTO_UDP) {
lookupflags = INPLOOKUP_WILDCARD;
pi = &V_udbinfo;
+ } else if (id->proto == IPPROTO_UDPLITE) {
+ lookupflags = INPLOOKUP_WILDCARD;
+ pi = &V_ulitecbinfo;
} else
return 0;
lookupflags |= INPLOOKUP_RLOCKPCB;
@@ -1458,6 +1461,7 @@ do { \
break;
case IPPROTO_UDP:
+ case IPPROTO_UDPLITE:
PULLUP_TO(hlen, ulp, struct udphdr);
dst_port = UDP(ulp)->uh_dport;
src_port = UDP(ulp)->uh_sport;
@@ -1646,6 +1650,7 @@ do { \
break;
case IPPROTO_UDP:
+ case IPPROTO_UDPLITE:
PULLUP_TO(hlen, ulp, struct udphdr);
dst_port = UDP(ulp)->uh_dport;
src_port = UDP(ulp)->uh_sport;
@@ -1777,7 +1782,8 @@ do { \
if (offset != 0)
break;
if (proto == IPPROTO_TCP ||
- proto == IPPROTO_UDP)
+ proto == IPPROTO_UDP ||
+ proto == IPPROTO_UDPLITE)
match = check_uidgid(
(ipfw_insn_u32 *)cmd,
args, &ucred_lookup,
@@ -1916,6 +1922,7 @@ do { \
/* Skip proto without ports */
if (proto != IPPROTO_TCP &&
proto != IPPROTO_UDP &&
+ proto != IPPROTO_UDPLITE &&
proto != IPPROTO_SCTP)
break;
if (vidx == 2 /* dst-port */)
@@ -2072,8 +2079,10 @@ do { \
* to guarantee that we have a
* packet with port info.
*/
- if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP ||
- proto==IPPROTO_SCTP) && offset == 0) {
+ if ((proto == IPPROTO_UDP ||
+ proto == IPPROTO_UDPLITE ||
+ proto == IPPROTO_TCP ||
+ proto == IPPROTO_SCTP) && offset == 0) {
u_int16_t x =
(cmd->opcode == O_IP_SRCPORT) ?
src_port : dst_port ;
@@ -2460,6 +2469,8 @@ do { \
pi = &V_tcbinfo;
else if (proto == IPPROTO_UDP)
pi = &V_udbinfo;
+ else if (proto == IPPROTO_UDPLITE)
+ pi = &V_ulitecbinfo;
else
break;
Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Jan 19 08:48:14 2018 (r328160)
+++ head/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Jan 19 12:50:03 2018 (r328161)
@@ -584,7 +584,8 @@ dyn_update_proto_state(ipfw_dyn_rule *q, const struct
q->expire = time_uptime + V_dyn_rst_lifetime;
break;
}
- } else if (id->proto == IPPROTO_UDP) {
+ } else if (id->proto == IPPROTO_UDP ||
+ id->proto == IPPROTO_UDPLITE) {
q->expire = time_uptime + V_dyn_udp_lifetime;
} else {
/* other protocols */
Modified: head/sys/netpfil/ipfw/ip_fw_log.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_log.c Fri Jan 19 08:48:14 2018 (r328160)
+++ head/sys/netpfil/ipfw/ip_fw_log.c Fri Jan 19 12:50:03 2018 (r328161)
@@ -338,7 +338,10 @@ ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u
break;
case IPPROTO_UDP:
- len = snprintf(SNPARGS(proto, 0), "UDP %s", src);
+ case IPPROTO_UDPLITE:
+ len = snprintf(SNPARGS(proto, 0), "UDP%s%s",
+ args->f_id.proto == IPPROTO_UDP ? " ": "Lite ",
+ src);
if (offset == 0)
snprintf(SNPARGS(proto, len), ":%d %s:%d",
ntohs(udp->uh_sport),
More information about the svn-src-head
mailing list