diff options
| author | ae <ae@FreeBSD.org> | 2016-05-17 07:47:23 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2016-05-17 07:47:23 +0000 |
| commit | f79f8e9de833c40831a97da242c164c934e5545f (patch) | |
| tree | 05982837ffaa99ea3b631bc237aa7da86ff75cf6 /sbin | |
| parent | eba4e792410a58591e672dc7b07805b617a7db7a (diff) | |
| download | FreeBSD-src-f79f8e9de833c40831a97da242c164c934e5545f.zip FreeBSD-src-f79f8e9de833c40831a97da242c164c934e5545f.tar.gz | |
Make named objects set-aware. Now it is possible to create named
objects with the same name in different sets.
Add optional manage_sets() callback to objects rewriting framework.
It is intended to implement handler for moving and swapping named
object's sets. Add ipfw_obj_manage_sets() function that implements
generic sets handler. Use new callback to implement sets support for
lookup tables.
External actions objects are global and they don't support sets.
Modify eaction_findbyname() to reflect this.
ipfw(8) now may fail to move rules or sets, because some named objects
in target set may have conflicting names.
Note that ipfw_obj_ntlv type was changed, but since lookup tables
actually didn't support sets, this change is harmless.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipfw/ipfw2.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 5389268..42d321d 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -2280,6 +2280,9 @@ ipfw_sets_handler(char *av[]) if (!isdigit(*(av[2])) || rt.new_set > RESVD_SET) errx(EX_DATAERR, "invalid dest. set %s\n", av[1]); i = do_range_cmd(cmd, &rt); + if (i < 0) + err(EX_OSERR, "failed to move %s", + cmd == IP_FW_SET_MOVE ? "set": "rule"); } else if (_substrcmp(*av, "disable") == 0 || _substrcmp(*av, "enable") == 0 ) { int which = _substrcmp(*av, "enable") == 0 ? 1 : 0; |
