Date: Mon, 15 May 2017 21:18:05 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 219316] Wildcard matching of ipfw flow tables Message-ID: <bug-219316-8-gSa3aYzlsN@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-219316-8@https.bugs.freebsd.org/bugzilla/> References: <bug-219316-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219316 --- Comment #1 from lutz@donnerhacke.de --- First of all, the ipfw command needs to be extended. Index: sbin/ipfw/ipfw.8 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sbin/ipfw/ipfw.8 (revision 314807) +++ sbin/ipfw/ipfw.8 (working copy) @@ -66,6 +66,8 @@ .Nm .Oo Cm set Ar N Oc Cm table Ar name Cm lookup Ar addr .Nm +.Oo Cm set Ar N Oc Cm table Ar name Cm setmask Ar addr +.Nm .Oo Cm set Ar N Oc Cm table Ar name Cm lock .Nm .Oo Cm set Ar N Oc Cm table Ar name Cm unlock Index: sbin/ipfw/ipfw2.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sbin/ipfw/ipfw2.h (revision 314807) +++ sbin/ipfw/ipfw2.h (working copy) @@ -231,6 +231,7 @@ TOK_FIB, TOK_SETFIB, TOK_LOOKUP, + TOK_SETMASK, TOK_SOCKARG, TOK_SETDSCP, TOK_FLOW, Index: sbin/ipfw/tables.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sbin/ipfw/tables.c (revision 314807) +++ sbin/ipfw/tables.c (working copy) @@ -49,6 +49,7 @@ static void table_create(ipfw_obj_header *oh, int ac, char *av[]); static void table_modify(ipfw_obj_header *oh, int ac, char *av[]); static void table_lookup(ipfw_obj_header *oh, int ac, char *av[]); +static void table_setmask(ipfw_obj_header *oh, int ac, char *av[]); static void table_lock(ipfw_obj_header *oh, int lock); static int table_swap(ipfw_obj_header *oh, char *second); static int table_get_info(ipfw_obj_header *oh, ipfw_xtable_info *i); @@ -114,6 +115,7 @@ { "atomic", TOK_ATOMIC }, { "lock", TOK_LOCK }, { "unlock", TOK_UNLOCK }, + { "setmask", TOK_SETMASK }, { NULL, 0 } }; @@ -142,6 +144,7 @@ * ipfw table NAME add [addr[/masklen] value] [addr[/masklen] value] .. * ipfw table NAME delete addr[/masklen] [addr[/masklen]] .. * ipfw table NAME lookup addr + * ipfw table NAME setmask addr * ipfw table {NAME | all} flush * ipfw table {NAME | all} list * ipfw table {NAME | all} info @@ -289,6 +292,10 @@ ac--; av++; table_lookup(&oh, ac, av); break; + case TOK_SETMASK: + ac--; av++; + table_setmask(&oh, ac, av); + break; } } @@ -1043,8 +1050,8 @@ } static int -table_do_lookup(ipfw_obj_header *oh, char *key, ipfw_xtable_info *xi, - ipfw_obj_tentry *xtent) +table_do_lookup_or_setmask(ipfw_obj_header *oh, char *key, ipfw_xtable_info *xi, + ipfw_obj_tentry *xtent, int opcode) { char xbuf[sizeof(ipfw_obj_header) + sizeof(ipfw_obj_tentry)]; ipfw_obj_tentry *tent; @@ -1064,7 +1071,7 @@ oh->ntlv.type =3D type; sz =3D sizeof(xbuf); - if (do_get3(IP_FW_TABLE_XFIND, &oh->opheader, &sz) !=3D 0) + if (do_get3(opcode, &oh->opheader, &sz) !=3D 0) return (errno); if (sz < sizeof(xbuf)) @@ -1089,7 +1096,7 @@ strlcpy(key, *av, sizeof(key)); memset(&xi, 0, sizeof(xi)); - error =3D table_do_lookup(oh, key, &xi, &xtent); + error =3D table_do_lookup_or_setmask(oh, key, &xi, &xtent, IP_FW_TABLE_XFIND); switch (error) { case 0: @@ -1109,6 +1116,32 @@ } static void +table_setmask(ipfw_obj_header *oh, int ac, char *av[]) +{ + ipfw_obj_tentry xtent; + ipfw_xtable_info xi; + char key[64]; + int error; + + if (ac =3D=3D 0) + errx(EX_USAGE, "mask required"); + + strlcpy(key, *av, sizeof(key)); + + memset(&xi, 0, sizeof(xi)); + error =3D table_do_lookup_or_setmask(oh, key, &xi, &xtent, IP_FW_TABLE_XSETMASK); + + switch (error) { + case 0: + break; + case ESRCH: + errx(EX_UNAVAILABLE, "Table %s not found", oh->ntlv.name); + default: + err(EX_OSERR, "getsockopt(IP_FW_TABLE_XSETMASK)"); + } +} + +static void tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type, uint8_t tflags) { --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219316-8-gSa3aYzlsN>