diff options
author | ae <ae@FreeBSD.org> | 2011-05-30 05:37:26 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2011-05-30 05:37:26 +0000 |
commit | 5251d374e6bf12e432d3d911ba9be1ba950711bd (patch) | |
tree | 9cb3d9828f584d16f0e0e24c97a40faf6f54c123 | |
parent | 1d72c8b97a4c5966263541277038a012dbc50ea8 (diff) | |
download | FreeBSD-src-5251d374e6bf12e432d3d911ba9be1ba950711bd.zip FreeBSD-src-5251d374e6bf12e432d3d911ba9be1ba950711bd.tar.gz |
Add tablearg support for ipfw setfib.
PR: kern/156410
MFC after: 2 weeks
-rw-r--r-- | sbin/ipfw/ipfw.8 | 9 | ||||
-rw-r--r-- | sbin/ipfw/ipfw2.c | 21 | ||||
-rw-r--r-- | sys/netinet/ipfw/ip_fw2.c | 13 | ||||
-rw-r--r-- | sys/netinet/ipfw/ip_fw_sockopt.c | 2 |
4 files changed, 30 insertions, 15 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 710996b..fa9c543 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 27, 2010 +.Dd May 30, 2011 .Dt IPFW 8 .Os .Sh NAME @@ -871,13 +871,16 @@ for more information on and .Cm ngtee actions. -.It Cm setfib Ar fibnum +.It Cm setfib Ar fibnum | tablearg The packet is tagged so as to use the FIB (routing table) .Ar fibnum in any subsequent forwarding decisions. Initially this is limited to the values 0 through 15, see .Xr setfib 1 . Processing continues at the next rule. +It is possible to use the +.Cm tablearg +keyword with a setfib. If tablearg value is not within compiled FIB range packet fib is set to 0. .It Cm reass Queue and reassemble ip fragments. If the packet is not fragmented, counters are updated and processing continues with the next rule. @@ -1711,7 +1714,7 @@ is used. The .Cm tablearg argument can be used with the following actions: -.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto +.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto, setfib, action parameters: .Cm tag, untag, rule options: diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index ad871fe..3e85de3 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -2835,14 +2835,19 @@ chkarg: size_t intsize = sizeof(int); action->opcode = O_SETFIB; - NEED1("missing fib number"); - action->arg1 = strtoul(*av, NULL, 10); - if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1) - errx(EX_DATAERR, "fibs not suported.\n"); - if (action->arg1 >= numfibs) /* Temporary */ - errx(EX_DATAERR, "fib too large.\n"); - av++; - break; + NEED1("missing fib number"); + if (_substrcmp(*av, "tablearg") == 0) { + action->arg1 = IP_FW_TABLEARG; + } else { + action->arg1 = strtoul(*av, NULL, 10); + if (sysctlbyname("net.fibs", &numfibs, &intsize, + NULL, 0) == -1) + errx(EX_DATAERR, "fibs not suported.\n"); + if (action->arg1 >= numfibs) /* Temporary */ + errx(EX_DATAERR, "fib too large.\n"); + } + av++; + break; } case TOK_REASS: diff --git a/sys/netinet/ipfw/ip_fw2.c b/sys/netinet/ipfw/ip_fw2.c index 9a75cf5..85ae1b2 100644 --- a/sys/netinet/ipfw/ip_fw2.c +++ b/sys/netinet/ipfw/ip_fw2.c @@ -2137,14 +2137,21 @@ do { \ done = 1; /* exit outer loop */ break; - case O_SETFIB: + case O_SETFIB: { + uint32_t fib; + f->pcnt++; /* update stats */ f->bcnt += pktlen; f->timestamp = time_uptime; - M_SETFIB(m, cmd->arg1); - args->f_id.fib = cmd->arg1; + fib = (cmd->arg1 == IP_FW_TABLEARG) ? tablearg: + cmd->arg1; + if (fib >= rt_numfibs) + fib = 0; + M_SETFIB(m, fib); + args->f_id.fib = fib; l = 0; /* exit inner loop */ break; + } case O_NAT: if (!IPFW_NAT_LOADED) { diff --git a/sys/netinet/ipfw/ip_fw_sockopt.c b/sys/netinet/ipfw/ip_fw_sockopt.c index 0c903ee..d359de3 100644 --- a/sys/netinet/ipfw/ip_fw_sockopt.c +++ b/sys/netinet/ipfw/ip_fw_sockopt.c @@ -606,7 +606,7 @@ check_ipfw_struct(struct ip_fw *rule, int size) case O_SETFIB: if (cmdlen != F_INSN_SIZE(ipfw_insn)) goto bad_size; - if (cmd->arg1 >= rt_numfibs) { + if ((cmd->arg1 != IP_FW_TABLEARG) && (cmd->arg1 >= rt_numfibs)) { printf("ipfw: invalid fib number %d\n", cmd->arg1); return EINVAL; |