From f79f8e9de833c40831a97da242c164c934e5545f Mon Sep 17 00:00:00 2001 From: ae Date: Tue, 17 May 2016 07:47:23 +0000 Subject: Make named objects set-aware. Now it is possible to create named objects with the same name in different sets. Add optional manage_sets() callback to objects rewriting framework. It is intended to implement handler for moving and swapping named object's sets. Add ipfw_obj_manage_sets() function that implements generic sets handler. Use new callback to implement sets support for lookup tables. External actions objects are global and they don't support sets. Modify eaction_findbyname() to reflect this. ipfw(8) now may fail to move rules or sets, because some named objects in target set may have conflicting names. Note that ipfw_obj_ntlv type was changed, but since lookup tables actually didn't support sets, this change is harmless. Obtained from: Yandex LLC Sponsored by: Yandex LLC --- sbin/ipfw/ipfw2.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sbin') diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 5389268..42d321d 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -2280,6 +2280,9 @@ ipfw_sets_handler(char *av[]) if (!isdigit(*(av[2])) || rt.new_set > RESVD_SET) errx(EX_DATAERR, "invalid dest. set %s\n", av[1]); i = do_range_cmd(cmd, &rt); + if (i < 0) + err(EX_OSERR, "failed to move %s", + cmd == IP_FW_SET_MOVE ? "set": "rule"); } else if (_substrcmp(*av, "disable") == 0 || _substrcmp(*av, "enable") == 0 ) { int which = _substrcmp(*av, "enable") == 0 ? 1 : 0; -- cgit v1.1