diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_fw.h | 2 | ||||
-rw-r--r-- | sys/netinet/ip_fw2.c | 30 |
2 files changed, 25 insertions, 7 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 14ca1d5..086ce8e 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -521,6 +521,8 @@ struct ip_fw_args { struct inpcb *inp; struct _ip6dn_args dummypar; /* dummynet->ip6_output */ + struct sockaddr_in hopstore; /* store here if cannot use a pointer */ + }; /* diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index e9b24df..47fc7f6 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -738,7 +738,7 @@ static u_int64_t norule_counter; /* counter for ipfw_log(NULL...) */ */ static void ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args, - struct mbuf *m, struct ifnet *oif, u_short offset) + struct mbuf *m, struct ifnet *oif, u_short offset, uint32_t tablearg) { struct ether_header *eh = args->eh; char *action; @@ -831,9 +831,15 @@ ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args, case O_FORWARD_IP: { ipfw_insn_sa *sa = (ipfw_insn_sa *)cmd; int len; + struct in_addr dummyaddr; + if (sa->sa.sin_addr.s_addr == INADDR_ANY) + dummyaddr.s_addr = htonl(tablearg); + else + dummyaddr.s_addr = sa->sa.sin_addr.s_addr; len = snprintf(SNPARGS(action2, 0), "Forward to %s", - inet_ntoa(sa->sa.sin_addr)); + inet_ntoa(dummyaddr)); + if (sa->sa.sin_port) snprintf(SNPARGS(action2, len), ":%d", sa->sa.sin_port); @@ -2785,7 +2791,7 @@ check_body: case O_LOG: if (fw_verbose) - ipfw_log(f, hlen, args, m, oif, offset); + ipfw_log(f, hlen, args, m, oif, offset, tablearg); match = 1; break; @@ -3141,13 +3147,23 @@ check_body: retval = IP_FW_DENY; goto done; - case O_FORWARD_IP: + case O_FORWARD_IP: { + struct sockaddr_in *sa; + sa = &(((ipfw_insn_sa *)cmd)->sa); if (args->eh) /* not valid on layer2 pkts */ break; - if (!q || dyn_dir == MATCH_FORWARD) - args->next_hop = - &((ipfw_insn_sa *)cmd)->sa; + if (!q || dyn_dir == MATCH_FORWARD) { + if (sa->sin_addr.s_addr == INADDR_ANY) { + bcopy(sa, &args->hopstore, + sizeof(*sa)); + args->hopstore.sin_addr.s_addr = htonl(tablearg); + args->next_hop = &args->hopstore; + } else { + args->next_hop = sa; + } + } retval = IP_FW_PASS; + } goto done; case O_NETGRAPH: |