From 4f70622005bf8214002abf3a3dcd4f7614f2dd59 Mon Sep 17 00:00:00 2001
From: green <green@FreeBSD.org>
Date: Sun, 3 Oct 2004 00:26:35 +0000
Subject: Add support to IPFW for classification based on "diverted" status
 (that is, input via a divert socket).

---
 sbin/ipfw/ipfw2.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

(limited to 'sbin')

diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index e9b8e81..bfc0fc4 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -217,6 +217,9 @@ enum tokens {
 	TOK_KEEPSTATE,
 	TOK_LAYER2,
 	TOK_OUT,
+	TOK_DIVERTED,
+	TOK_DIVERTEDLOOPBACK,
+	TOK_DIVERTEDOUTPUT,
 	TOK_XMIT,
 	TOK_RECV,
 	TOK_VIA,
@@ -325,6 +328,9 @@ struct _s_x rule_options[] = {
 	{ "bridged",		TOK_LAYER2 },
 	{ "layer2",		TOK_LAYER2 },
 	{ "out",		TOK_OUT },
+	{ "diverted",		TOK_DIVERTED },
+	{ "diverted-loopback",	TOK_DIVERTEDLOOPBACK },
+	{ "diverted-output",	TOK_DIVERTEDOUTPUT },
 	{ "xmit",		TOK_XMIT },
 	{ "recv",		TOK_RECV },
 	{ "via",		TOK_VIA },
@@ -1302,6 +1308,23 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
 				printf(cmd->len & F_NOT ? " out" : " in");
 				break;
 
+			case O_DIVERTED:
+				switch (cmd->arg1) {
+				case 3:
+					printf(" diverted");
+					break;
+				case 1:
+					printf(" diverted-loopback");
+					break;
+				case 2:
+					printf(" diverted-output");
+					break;
+				default:
+					printf(" diverted-?<%u>", cmd->arg1);
+					break;
+				}
+				break;
+
 			case O_LAYER2:
 				printf(" layer2");
 				break;
@@ -3360,6 +3383,18 @@ read_options:
 			fill_cmd(cmd, O_IN, 0, 0);
 			break;
 
+		case TOK_DIVERTED:
+			fill_cmd(cmd, O_DIVERTED, 0, 3);
+			break;
+
+		case TOK_DIVERTEDLOOPBACK:
+			fill_cmd(cmd, O_DIVERTED, 0, 1);
+			break;
+
+		case TOK_DIVERTEDOUTPUT:
+			fill_cmd(cmd, O_DIVERTED, 0, 2);
+			break;
+
 		case TOK_FRAG:
 			fill_cmd(cmd, O_FRAG, 0, 0);
 			break;
-- 
cgit v1.1