diff options
author | mlaier <mlaier@FreeBSD.org> | 2005-06-03 01:10:28 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2005-06-03 01:10:28 +0000 |
commit | f2254cf7022e4e6909272699c8e1f774b7e4e3f1 (patch) | |
tree | 82a1c38b6f93efa59971e10db9eb13be00fab807 /sys/netinet | |
parent | 96eb8edf03f8039525c5e6b9dafe2b9ef138f3d5 (diff) | |
download | FreeBSD-src-f2254cf7022e4e6909272699c8e1f774b7e4e3f1.zip FreeBSD-src-f2254cf7022e4e6909272699c8e1f774b7e4e3f1.tar.gz |
Add support for IPv4 only rules to IPFW2 now that it supports IPv6 as well.
This is the last requirement before we can retire ip6fw.
Reviewed by: dwhite, brooks(earlier version)
Submitted by: dwhite (manpage)
Silence from: -ipfw
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_fw.h | 2 | ||||
-rw-r--r-- | sys/netinet/ip_fw2.c | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 01d91f1..5c5fd6e 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -153,6 +153,8 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ O_NETGRAPH, /* send to ng_ipfw */ O_NGTEE, /* copy to ng_ipfw */ + O_IP4, + O_LAST_OPCODE /* not an opcode! */ }; diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 0c1d2a2..8211977 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -1961,6 +1961,7 @@ ipfw_chk(struct ip_fw_args *args) int is_ipv6 = 0; u_int16_t ext_hd = 0; /* bits vector for extension header filtering */ /* end of ipv6 variables */ + int is_ipv4 = 0; if (m->m_flags & M_SKIP_FIREWALL) return (IP_FW_PASS); /* accept */ @@ -2076,6 +2077,7 @@ do { \ } else if (pktlen >= sizeof(struct ip) && (args->eh == NULL || ntohs(args->eh->ether_type) == ETHERTYPE_IP) && mtod(m, struct ip *)->ip_v == 4) { + is_ipv4 = 1; ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; args->f_id.addr_type = 4; @@ -2677,6 +2679,10 @@ check_body: break; #endif + case O_IP4: + match = is_ipv4; + break; + /* * The second set of opcodes represents 'actions', * i.e. the terminal part of a rule once the packet @@ -3322,6 +3328,7 @@ check_ipfw_struct(struct ip_fw *rule, int size) case O_IP6_DST_ME: case O_EXT_HDR: case O_IP6: + case O_IP4: if (cmdlen != F_INSN_SIZE(ipfw_insn)) goto bad_size; break; |