diff options
author | yar <yar@FreeBSD.org> | 2001-12-21 18:43:02 +0000 |
---|---|---|
committer | yar <yar@FreeBSD.org> | 2001-12-21 18:43:02 +0000 |
commit | ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6 (patch) | |
tree | 043b8f7decfa9194d9e34d8c26f1ad6eb604f0b9 /sys/netinet | |
parent | 57964384334cb1b2e1b6d282b56b1a5c054801b0 (diff) | |
download | FreeBSD-src-ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6.zip FreeBSD-src-ca1cc6602bf2df156dc2bc753ae9a312fbd4afd6.tar.gz |
Implement matching IP precedence in ipfw(4).
Submitted by: Igor Timkin <ivt@gamma.ru>
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_fw.c | 5 | ||||
-rw-r--r-- | sys/netinet/ip_fw.h | 3 |
2 files changed, 6 insertions, 2 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 3405a48..6051b95 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -390,7 +390,7 @@ iptos_match(struct ip *ip, struct ip_fw *f) u_int flags = (ip->ip_tos & 0x1f); u_char opts, nopts, nopts_sve; - opts = f->fw_iptos; + opts = (f->fw_iptos & 0x1f); nopts = nopts_sve = f->fw_ipntos; while (flags != 0) { @@ -1307,6 +1307,9 @@ again: continue; if (f->fw_ipflg & IP_FW_IF_IPID && f->fw_ipid != ntohs(ip->ip_id)) continue; + if (f->fw_ipflg & IP_FW_IF_IPPRE && + (f->fw_iptos & 0xe0) != (ip->ip_tos & 0xe0)) + continue; if (f->fw_ipflg & IP_FW_IF_IPTOS && !iptos_match(ip, f)) continue; if (f->fw_ipflg & IP_FW_IF_IPTTL && f->fw_ipttl != ip->ip_ttl) diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 07d659f..25b303c 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -258,7 +258,8 @@ struct ipfw_dyn_rule { #define IP_FW_IF_IPTOS 0x00000800 /* ip type of service */ #define IP_FW_IF_IPTTL 0x00001000 /* ip time to live */ #define IP_FW_IF_IPVER 0x00002000 /* ip version */ -#define IP_FW_IF_IPMSK 0x00003f00 /* mask of all ip values */ +#define IP_FW_IF_IPPRE 0x00004000 /* ip precedence */ +#define IP_FW_IF_IPMSK 0x00007f00 /* mask of all ip values */ #define IP_FW_IF_MSK 0x0000ffff /* All possible bits mask */ /* |