From a4b4ccad078cd04c874f35be2814b7314a45552b Mon Sep 17 00:00:00 2001
From: piso <piso@FreeBSD.org>
Date: Sun, 24 Feb 2008 15:37:45 +0000
Subject: Add table/tablearg support to ipfw's nat.

MFC After: 1 week
---
 sbin/ipfw/ipfw.8     |  2 +-
 sbin/ipfw/ipfw2.c    | 14 +++++---------
 sys/netinet/ip_fw2.c |  6 ++++--
 3 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 0ea3b7a..fa7a0c5 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -1609,7 +1609,7 @@ This can significantly reduce number of rules in some configurations.
 The
 .Cm tablearg
 argument can be used with the following actions:
-.Cm pipe , queue, divert, tee, netgraph, ngtee, fwd
+.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd
 action parameters:
 .Cm tag, untag,
 rule options:
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index fa326b8..91e7932 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -1612,7 +1612,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
 			break;
 
 		case O_NAT:
- 			printf("nat %u", cmd->arg1);
+			PRINT_UINT_ARG("nat ", cmd->arg1);
  			break;
 			
 		default:
@@ -4848,6 +4848,10 @@ add(int ac, char *av[])
 		action->opcode = O_COUNT;
 		break;
 
+	case TOK_NAT:
+ 		action->opcode = O_NAT;
+ 		action->len = F_INSN_SIZE(ipfw_insn_nat);
+		goto chkarg;
 	case TOK_QUEUE:
 		action->opcode = O_QUEUE;
 		goto chkarg;
@@ -4929,14 +4933,6 @@ chkarg:
 		action->opcode = O_COUNT;
 		ac++; av--;	/* go back... */
 		break;
-
-	case TOK_NAT:
- 		action->opcode = O_NAT;
- 		action->len = F_INSN_SIZE(ipfw_insn_nat);
- 		NEED1("missing nat number");
- 	        action->arg1 = strtoul(*av, NULL, 10);
- 		ac--; av++;
- 		break;
 		
 	default:
 		errx(EX_DATAERR, "invalid action %s\n", av[-1]);
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index a094a17..e8c8c81 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -3486,7 +3486,7 @@ check_body:
 				struct cfg_nat *t;
 				struct mbuf *mcl;
 				/* XXX - libalias duct tape */
-				int ldt; 
+				int ldt, nat_id;
 				char *c;
 				
 				ldt = 0;
@@ -3494,7 +3494,9 @@ check_body:
 				retval = 0;
 				t = ((ipfw_insn_nat *)cmd)->nat;
 				if (t == NULL) {
-					t = lookup_nat(cmd->arg1);
+					nat_id = (cmd->arg1 == IP_FW_TABLEARG) ?
+					    tablearg : cmd->arg1;
+					t = lookup_nat(nat_id);
 					if (t == NULL) {
 						retval = IP_FW_DENY;
 						goto done;
-- 
cgit v1.1