diff options
| author | luigi <luigi@FreeBSD.org> | 2010-11-12 13:05:17 +0000 |
|---|---|---|
| committer | luigi <luigi@FreeBSD.org> | 2010-11-12 13:05:17 +0000 |
| commit | e7ccc85b8fa77badd0aebc86e7657d29f3710e08 (patch) | |
| tree | fe24fb085ca1922cd3a49053ea6e53a072b83c11 /sbin | |
| parent | d5e8d236f4009fc2611f996c317e94b2c8649cf5 (diff) | |
| download | FreeBSD-src-e7ccc85b8fa77badd0aebc86e7657d29f3710e08.zip FreeBSD-src-e7ccc85b8fa77badd0aebc86e7657d29f3710e08.tar.gz | |
The first customer of the SO_USER_COOKIE option:
the "sockarg" ipfw option matches packets associated to
a local socket and with a non-zero so_user_cookie value.
The value is made available as tablearg, so it can be used
as a skipto target or pipe number in ipfw/dummynet rules.
Code by Paul Joe, manpage by me.
Submitted by: Paul Joe
MFC after: 1 week
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipfw/ipfw.8 | 11 | ||||
| -rw-r--r-- | sbin/ipfw/ipfw2.c | 7 | ||||
| -rw-r--r-- | sbin/ipfw/ipfw2.h | 1 |
3 files changed, 19 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index a954c1d..a984f70 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1510,6 +1510,17 @@ interface. Matches TCP packets that have the SYN bit set but no ACK bit. This is the short form of .Dq Li tcpflags\ syn,!ack . +.It Cm sockarg +Matches packets that are associated to a local socket and +for which the SO_USER_COOKIE socket option has been set +to a non-zero value. As a side effect, the value of the +option is made available as +.Cm tablearg +value, which in turn can be used as +.Cm skipto +or +.Cm pipe +number. .It Cm src-ip Ar ip-address Matches IPv4 packets whose source IP is one of the address(es) specified as an argument. diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index f313b51..9f2fe69 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -266,6 +266,7 @@ static struct _s_x rule_options[] = { { "estab", TOK_ESTAB }, { "established", TOK_ESTAB }, { "setup", TOK_SETUP }, + { "sockarg", TOK_SOCKARG }, { "tcpdatalen", TOK_TCPDATALEN }, { "tcpflags", TOK_TCPFLAGS }, { "tcpflgs", TOK_TCPFLAGS }, @@ -1338,6 +1339,9 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) case O_FIB: printf(" fib %u", cmd->arg1 ); break; + case O_SOCKARG: + printf(" sockarg"); + break; case O_IN: printf(cmd->len & F_NOT ? " out" : " in"); @@ -3531,6 +3535,9 @@ read_options: fill_cmd(cmd, O_FIB, 0, strtoul(*av, NULL, 0)); av++; break; + case TOK_SOCKARG: + fill_cmd(cmd, O_SOCKARG, 0, 0); + break; case TOK_LOOKUP: { ipfw_insn_u32 *c = (ipfw_insn_u32 *)cmd; diff --git a/sbin/ipfw/ipfw2.h b/sbin/ipfw/ipfw2.h index 8566cde..2ba091f 100644 --- a/sbin/ipfw/ipfw2.h +++ b/sbin/ipfw/ipfw2.h @@ -199,6 +199,7 @@ enum tokens { TOK_FIB, TOK_SETFIB, TOK_LOOKUP, + TOK_SOCKARG, }; /* * the following macro returns an error message if we run out of |
