Implement matching IP precedence in ipfw(4).

Submitted by: Igor Timkin <ivt@gamma.ru>
author: yar <yar@FreeBSD.org> 2001-12-21 18:43:02 +0000
committer: yar <yar@FreeBSD.org> 2001-12-21 18:43:02 +0000
commit: ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6 (patch)
tree: 043b8f7decfa9194d9e34d8c26f1ad6eb604f0b9 /sys/netinet/ip_fw.c
parent: 57964384334cb1b2e1b6d282b56b1a5c054801b0 (diff)
download: FreeBSD-src-ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6.zip
FreeBSD-src-ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 3405a48..6051b95 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -390,7 +390,7 @@ iptos_match(struct ip *ip, struct ip_fw *f)
 	u_int flags = (ip->ip_tos & 0x1f);
 	u_char opts, nopts, nopts_sve;
 
-	opts = f->fw_iptos;
+	opts = (f->fw_iptos & 0x1f);
 	nopts = nopts_sve = f->fw_ipntos;
 
 	while (flags != 0) {
@@ -1307,6 +1307,9 @@ again:
 			continue;
 		if (f->fw_ipflg & IP_FW_IF_IPID && f->fw_ipid != ntohs(ip->ip_id))
 			continue;
+		if (f->fw_ipflg & IP_FW_IF_IPPRE &&
+		     (f->fw_iptos & 0xe0) != (ip->ip_tos & 0xe0))
+			continue;
 		if (f->fw_ipflg & IP_FW_IF_IPTOS && !iptos_match(ip, f))
 			continue;
 		if (f->fw_ipflg & IP_FW_IF_IPTTL && f->fw_ipttl != ip->ip_ttl)
author	yar <yar@FreeBSD.org>	2001-12-21 18:43:02 +0000
committer	yar <yar@FreeBSD.org>	2001-12-21 18:43:02 +0000
commit	ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6 (patch)
tree	043b8f7decfa9194d9e34d8c26f1ad6eb604f0b9 /sys/netinet/ip_fw.c
parent	57964384334cb1b2e1b6d282b56b1a5c054801b0 (diff)
download	FreeBSD-src-ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6.zip FreeBSD-src-ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6.tar.gz