diff options
| author | ae <ae@FreeBSD.org> | 2016-11-22 10:09:04 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2016-11-22 10:09:04 +0000 |
| commit | 4188db2d72044b0a0307b91499f5de0f9b4d9a94 (patch) | |
| tree | c1c17a9be2488486d182db44b3f8d9ec04813c4e /sbin/ipfw | |
| parent | c232728cc81fcdd747362e299e3ae0453d02326e (diff) | |
| download | FreeBSD-src-4188db2d72044b0a0307b91499f5de0f9b4d9a94.zip FreeBSD-src-4188db2d72044b0a0307b91499f5de0f9b4d9a94.tar.gz | |
MFC r308673:
Add missing support of named lookup tables to the IPv6 code.
PR: 214419
Diffstat (limited to 'sbin/ipfw')
| -rw-r--r-- | sbin/ipfw/ipfw2.c | 13 | ||||
| -rw-r--r-- | sbin/ipfw/ipfw2.h | 9 | ||||
| -rw-r--r-- | sbin/ipfw/ipv6.c | 23 |
3 files changed, 20 insertions, 25 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 42b020a..6a69a43 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -2883,8 +2883,9 @@ pack_table(struct tidx *tstate, char *name) return (pack_object(tstate, name, IPFW_TLV_TBL_NAME)); } -static void -fill_table(ipfw_insn *cmd, char *av, uint8_t opcode, struct tidx *tstate) +void +fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode, + struct tidx *tstate) { uint32_t *d = ((ipfw_insn_u32 *)cmd)->d; uint16_t uidx; @@ -3543,7 +3544,7 @@ add_src(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate) if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || inet_pton(AF_INET6, host, &a) == 1) - ret = add_srcip6(cmd, av, cblen); + ret = add_srcip6(cmd, av, cblen, tstate); /* XXX: should check for IPv4, not !IPv6 */ if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || inet_pton(AF_INET6, host, &a) != 1)) @@ -3574,7 +3575,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate) if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || inet_pton(AF_INET6, host, &a) == 1) - ret = add_dstip6(cmd, av, cblen); + ret = add_dstip6(cmd, av, cblen, tstate); /* XXX: should check for IPv4, not !IPv6 */ if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || inet_pton(AF_INET6, host, &a) != 1)) @@ -4578,14 +4579,14 @@ read_options: case TOK_SRCIP6: NEED1("missing source IP6"); - if (add_srcip6(cmd, *av, cblen)) { + if (add_srcip6(cmd, *av, cblen, tstate)) { av++; } break; case TOK_DSTIP6: NEED1("missing destination IP6"); - if (add_dstip6(cmd, *av, cblen)) { + if (add_dstip6(cmd, *av, cblen, tstate)) { av++; } break; diff --git a/sbin/ipfw/ipfw2.h b/sbin/ipfw/ipfw2.h index b7f8c0b..c89a1c5 100644 --- a/sbin/ipfw/ipfw2.h +++ b/sbin/ipfw/ipfw2.h @@ -363,8 +363,11 @@ void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd); void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd); void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd ); -struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen); -struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen); +struct tidx; +struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen, + struct tidx *tstate); +struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen, + struct tidx *tstate); void fill_flow6(struct _ipfw_insn_u32 *cmd, char *av, int cblen); void fill_unreach6_code(u_short *codep, char *str); @@ -373,6 +376,8 @@ int fill_ext6hdr(struct _ipfw_insn *cmd, char *av); /* ipfw2.c */ void bp_flush(struct buf_pr *b); +void fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode, + struct tidx *tstate); /* tables.c */ struct _ipfw_obj_ctlv; diff --git a/sbin/ipfw/ipv6.c b/sbin/ipfw/ipv6.c index 6d884ee..f6b858d 100644 --- a/sbin/ipfw/ipv6.c +++ b/sbin/ipfw/ipv6.c @@ -334,7 +334,7 @@ lookup_host6 (char *host, struct in6_addr *ip6addr) * Return 1 on success, 0 on failure. */ static int -fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen) +fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen, struct tidx *tstate) { int len = 0; struct in6_addr *d = &(cmd->addr6); @@ -360,18 +360,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen) } if (strncmp(av, "table(", 6) == 0) { - char *p = strchr(av + 6, ','); - uint32_t *dm = ((ipfw_insn_u32 *)cmd)->d; - - if (p) - *p++ = '\0'; - cmd->o.opcode = O_IP_DST_LOOKUP; - cmd->o.arg1 = strtoul(av + 6, NULL, 0); - if (p) { - cmd->o.len |= F_INSN_SIZE(ipfw_insn_u32); - dm[0] = strtoul(p, NULL, 0); - } else - cmd->o.len |= F_INSN_SIZE(ipfw_insn); + fill_table(&cmd->o, av, O_IP_DST_LOOKUP, tstate); return (1); } @@ -492,10 +481,10 @@ fill_flow6( ipfw_insn_u32 *cmd, char *av, int cblen) } ipfw_insn * -add_srcip6(ipfw_insn *cmd, char *av, int cblen) +add_srcip6(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate) { - fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen); + fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen, tstate); if (cmd->opcode == O_IP_DST_SET) /* set */ cmd->opcode = O_IP_SRC_SET; else if (cmd->opcode == O_IP_DST_LOOKUP) /* table */ @@ -514,10 +503,10 @@ add_srcip6(ipfw_insn *cmd, char *av, int cblen) } ipfw_insn * -add_dstip6(ipfw_insn *cmd, char *av, int cblen) +add_dstip6(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate) { - fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen); + fill_ip6((ipfw_insn_ip6 *)cmd, av, cblen, tstate); if (cmd->opcode == O_IP_DST_SET) /* set */ ; else if (cmd->opcode == O_IP_DST_LOOKUP) /* table */ |
