summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sbin/ipfw/ipfw.814
-rw-r--r--sbin/ipfw/ipfw2.c23
-rw-r--r--sys/netinet/ip_fw.h1
-rw-r--r--sys/netinet/ip_fw2.c13
4 files changed, 27 insertions, 24 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 6321589..9a746a0 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -689,8 +689,8 @@ Change the next-hop on matching packets to
.Ar ipaddr ,
which can be an IP address or a host name.
The next hop can also be supplied by the last table
-looked up for the packet by using the
-.Em tablearg
+looked up for the packet by using the
+.Cm tablearg
keyword instead of an explicit address.
The search terminates if this rule matches.
.Pp
@@ -1594,8 +1594,10 @@ action parameters:
rule options:
.Cm limit, tagged.
.Pp
-When used with 'fwd' it is possible to supply table entries with values
-that are in the form of IP addresses or hostnames.
+When used with
+.Cm fwd
+it is possible to supply table entries with values
+that are in the form of IP addresses or hostnames.
See the
.Sx EXAMPLES
Section for example usage of tables and the tablearg keyword.
@@ -2388,7 +2390,9 @@ Then we classify traffic using a single rule:
.Dl "..."
.Dl "ipfw pipe tablearg ip from table(1) to any"
.Pp
-Using the fwd action, the table entries may include hostnames and IP addresses.
+Using the
+.Cn fwd
+action, the table entries may include hostnames and IP addresses.
.Pp
.Dl "ipfw table 1 add 192.168.2.0/24 10.23.2.1"
.Dl "ipfw table 1 add 192.168.0.0/27 router1.dmz"
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index a486fbe..a461f76 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -4034,11 +4034,10 @@ chkarg:
"illegal forwarding port ``%s''", s);
p->sa.sin_port = (u_short)i;
}
- if (_substrcmp(*av, "tablearg") == 0) {
- p->sa.sin_addr.s_addr = INADDR_ANY; /* htonl not needed */
- } else {
+ if (_substrcmp(*av, "tablearg") == 0)
+ p->sa.sin_addr.s_addr = INADDR_ANY;
+ else
lookup_host(*av, &(p->sa.sin_addr));
- }
ac--; av++;
break;
}
@@ -4998,23 +4997,21 @@ table_handler(int ac, char *av[])
err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
for (a = 0; a < tbl->cnt; a++) {
/* Heuristic to print it the right way */
- /* valuse < 64k are printed as numbers */
+ /* values < 64k are printed as numbers */
unsigned int tval;
tval = tbl->ent[a].value;
if (tval > 0xffff) {
char tbuf[128];
- strncpy(tbuf,
- inet_ntoa(*(struct in_addr *)
- &tbl->ent[a].addr), 127);
+ strncpy(tbuf, inet_ntoa(*(struct in_addr *)
+ &tbl->ent[a].addr), 127);
/* inet_ntoa expects host order */
tval = htonl(tval);
- printf("%s/%u %s\n",
- tbuf, tbl->ent[a].masklen,
- inet_ntoa(*(struct in_addr *)&tval));
+ printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen,
+ inet_ntoa(*(struct in_addr *)&tval));
} else {
printf("%s/%u %u\n",
- inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
- tbl->ent[a].masklen, tbl->ent[a].value);
+ inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
+ tbl->ent[a].masklen, tbl->ent[a].value);
}
}
} else
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h
index 086ce8e..1f50e56 100644
--- a/sys/netinet/ip_fw.h
+++ b/sys/netinet/ip_fw.h
@@ -522,7 +522,6 @@ struct ip_fw_args {
struct _ip6dn_args dummypar; /* dummynet->ip6_output */
struct sockaddr_in hopstore; /* store here if cannot use a pointer */
-
};
/*
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index 47fc7f6..e7d1405 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -2791,7 +2791,8 @@ check_body:
case O_LOG:
if (fw_verbose)
- ipfw_log(f, hlen, args, m, oif, offset, tablearg);
+ ipfw_log(f, hlen, args, m,
+ oif, offset, tablearg);
match = 1;
break;
@@ -3156,15 +3157,17 @@ check_body:
if (sa->sin_addr.s_addr == INADDR_ANY) {
bcopy(sa, &args->hopstore,
sizeof(*sa));
- args->hopstore.sin_addr.s_addr = htonl(tablearg);
- args->next_hop = &args->hopstore;
+ args->hopstore.sin_addr.s_addr =
+ htonl(tablearg);
+ args->next_hop =
+ &args->hopstore;
} else {
args->next_hop = sa;
}
}
retval = IP_FW_PASS;
- }
- goto done;
+ }
+ goto done;
case O_NETGRAPH:
case O_NGTEE:
OpenPOWER on IntegriCloud