Date: Mon, 15 May 2017 21:27:55 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 219316] Wildcard matching of ipfw flow tables Message-ID: <bug-219316-8-EcFpwgjSf5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-219316-8@https.bugs.freebsd.org/bugzilla/> References: <bug-219316-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219316 --- Comment #4 from lutz@donnerhacke.de --- I do only need the real functionality in the flow tables, so this patch provides only this partial implementation. I do reuse the already existing = flow masks. Index: sys/netpfil/ipfw/ip_fw_table_algo.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/netpfil/ipfw/ip_fw_table_algo.c (revision 314807) +++ sys/netpfil/ipfw/ip_fw_table_algo.c (working copy) @@ -186,6 +187,17 @@ * entry not found: returns ENOENT * * + * -set_mask: set generic input mask specifed in @tei + * typedef int ta_set_mask(void *ta_state, struct table_info *ti, + * ipfw_obj_tentry *tent); + * OPTIONAL, locked (UH+WLOCK). (M_NOWAIT). Returns 0 on success. + * + * Finds entry specified by given key. + * * Caller is required to do the following: + * entry found: returns 0, export entry to @tent + * entry not found: returns ENOENT + * + * * -need_modify: checks if @ti has enough space to hold another @count ite= ms. * typedef int (ta_need_modify)(void *ta_state, struct table_info *ti, * uint32_t count, uint64_t *pflags); @@ -3099,6 +3111,7 @@ size_t items; struct fhashentry4 fe4; struct fhashentry6 fe6; + uint8_t flags; }; struct ta_buf_fhash { @@ -3274,6 +3292,7 @@ cfg =3D malloc(sizeof(struct fhash_cfg), M_IPFW, M_WAITOK | M_ZERO); cfg->size =3D 512; + cfg->flags =3D tflags; cfg->head =3D malloc(sizeof(struct fhashbhead) * cfg->size, M_IPFW, M_WAITOK | M_ZERO); @@ -3475,6 +3494,69 @@ return (ENOENT); } +static int +ta_set_fhash_mask(void *ta_state, struct table_info *ti, + ipfw_obj_tentry *tent) +{ + struct fhash_cfg *cfg; + struct fhashentry *ent; + struct fhashentry6 fe6, *pm6; + struct fhashentry4 *pm4; + struct tentry_info tei; + int error; + + cfg =3D (struct fhash_cfg *)ta_state; + + ent =3D &fe6.e; + pm6 =3D &fe6; + pm4 =3D (struct fhashentry4 *) &fe6; + + memset(&fe6, 0, sizeof(fe6)); + memset(&tei, 0, sizeof(tei)); + + tei.paddr =3D &tent->k.flow; + tei.subtype =3D tent->subtype; + + if ((error =3D tei_to_fhash_ent(&tei, ent)) !=3D 0) + return (error); + + /* Fill in fe masks based on @tflags */ + switch(ent->af) { +#ifdef INET + case AF_INET: + if (cfg->flags & IPFW_TFFLAG_SRCIP) + cfg->fe4.sip =3D pm4->sip; + if (cfg->flags & IPFW_TFFLAG_DSTIP) + cfg->fe4.dip =3D pm4->dip; + if (cfg->flags & IPFW_TFFLAG_SRCPORT) + cfg->fe4.e.sport =3D ent->sport; + if (cfg->flags & IPFW_TFFLAG_DSTPORT) + cfg->fe4.e.dport =3D ent->dport; + if (cfg->flags & IPFW_TFFLAG_PROTO) + cfg->fe4.e.proto =3D ent->proto; + break; +#endif +#ifdef INET6 + case AF_INET6: + if (cfg->flags & IPFW_TFFLAG_SRCIP) + cfg->fe6.sip6 =3D pm6->sip6; + if (cfg->flags & IPFW_TFFLAG_DSTIP) + cfg->fe6.dip6 =3D pm6->dip6; + if (cfg->flags & IPFW_TFFLAG_SRCPORT) + cfg->fe6.e.sport =3D ent->sport; + if (cfg->flags & IPFW_TFFLAG_DSTPORT) + cfg->fe6.e.dport =3D ent->dport; + if (cfg->flags & IPFW_TFFLAG_PROTO) + cfg->fe6.e.proto =3D ent->proto; + break; +#endif + default: + return (EINVAL); + } + + return (0); +} + static void ta_foreach_fhash(void *ta_state, struct table_info *ti, ta_foreach_f *f, void *arg) @@ -3771,6 +3853,7 @@ .fill_mod =3D ta_fill_mod_fhash, .modify =3D ta_modify_fhash, .flush_mod =3D ta_flush_mod_fhash, + .set_mask =3D ta_set_fhash_mask, }; /* --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219316-8-EcFpwgjSf5>