diff options
author | glebius <glebius@FreeBSD.org> | 2012-02-06 11:35:29 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2012-02-06 11:35:29 +0000 |
commit | d050a38ab423c57cd15f6818d1d27faf9a35b352 (patch) | |
tree | 2eb43c8c15636e42b731b89be197bba24de15363 /sbin | |
parent | 52c17430bc70cd8c1e6dc2ff5c7786cc3f4871e4 (diff) | |
download | FreeBSD-src-d050a38ab423c57cd15f6818d1d27faf9a35b352.zip FreeBSD-src-d050a38ab423c57cd15f6818d1d27faf9a35b352.tar.gz |
Make the 'tcpwin' option of ipfw(8) accept ranges and lists.
Submitted by: sem
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 10 | ||||
-rw-r--r-- | sbin/ipfw/ipfw2.c | 15 |
2 files changed, 18 insertions, 7 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 0270802..3badfa9 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1652,10 +1652,12 @@ option for details on matching fragmented packets. TCP packets only. Match if the TCP header sequence number field is set to .Ar seq . -.It Cm tcpwin Ar win -TCP packets only. -Match if the TCP header window field is set to -.Ar win . +.It Cm tcpwin Ar tcpwin-list +Matches TCP packets whose header window field is set to +.Ar tcpwin-list , +which is either a single value or a list of values or ranges +specified in the same way as +.Ar ports . .It Cm tcpoptions Ar spec TCP packets only. Match if the TCP header contains the comma separated list of diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 6b0e0f0..ac0632e 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -512,6 +512,7 @@ static struct _s_x _port_name[] = { {"ipttl", O_IPTTL}, {"mac-type", O_MAC_TYPE}, {"tcpdatalen", O_TCPDATALEN}, + {"tcpwin", O_TCPWIN}, {"tagged", O_TAGGED}, {NULL, 0} }; @@ -1480,7 +1481,11 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) break; case O_TCPWIN: - printf(" tcpwin %d", ntohs(cmd->arg1)); + if (F_LEN(cmd) == 1) + printf(" tcpwin %u", cmd->arg1); + else + print_newports((ipfw_insn_u16 *)cmd, 0, + O_TCPWIN); break; case O_TCPACK: @@ -3447,8 +3452,12 @@ read_options: case TOK_TCPWIN: NEED1("tcpwin requires length"); - fill_cmd(cmd, O_TCPWIN, 0, - htons(strtoul(*av, NULL, 0))); + if (strpbrk(*av, "-,")) { + if (!add_ports(cmd, *av, 0, O_TCPWIN)) + errx(EX_DATAERR, "invalid tcpwin len %s", *av); + } else + fill_cmd(cmd, O_TCPWIN, 0, + strtoul(*av, NULL, 0)); av++; break; |