From owner-freebsd-bugs@FreeBSD.ORG Tue Feb 26 13:50:04 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F1601065674 for ; Tue, 26 Feb 2008 13:50:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 52BC413C428 for ; Tue, 26 Feb 2008 13:50:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1QDo4UV098375 for ; Tue, 26 Feb 2008 13:50:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1QDo453098374; Tue, 26 Feb 2008 13:50:04 GMT (envelope-from gnats) Date: Tue, 26 Feb 2008 13:50:04 GMT Message-Id: <200802261350.m1QDo453098374@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Marcelo Araujo Cc: Subject: Re: kern/121108: [ipfw] [patch] add support to ToS IP PRECEDENCE fields X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Marcelo Araujo List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2008 13:50:04 -0000 The following reply was made to PR kern/121108; it has been noted by GNATS. From: Marcelo Araujo To: Maxim Konovalov Cc: bug-followup@freebsd.org, Ion-Mihai Tetcu , stas@mbsd.msk.ru, Boris Samorodov , Roman Bogorodskiy Subject: Re: kern/121108: [ipfw] [patch] add support to ToS IP PRECEDENCE fields Date: Tue, 26 Feb 2008 10:39:34 -0300 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigEFB958632A87BA2B77182DFC Content-Type: multipart/mixed; boundary="------------020303030608020802080703" This is a multi-part message in MIME format. --------------020303030608020802080703 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I solved the problem with the revision conflicts and I removed all unnecessary comments. Best Regards. --=20 Marcelo Araujo (__) araujo@FreeBSD.org \\\'',) http://www.FreeBSD.org \/ \ ^ Power To Server. .\. /_) --------------020303030608020802080703 Content-Type: text/x-patch; name="ipfw-ToS8bits.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="ipfw-ToS8bits.diff" Index: sbin/ipfw/ipfw2.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v retrieving revision 1.117 diff -u -r1.117 ipfw2.c --- sbin/ipfw/ipfw2.c 24 Feb 2008 15:37:45 -0000 1.117 +++ sbin/ipfw/ipfw2.c 26 Feb 2008 12:54:54 -0000 @@ -177,6 +177,18 @@ { NULL, 0 } }; =20 +static struct _s_x f_iptospre[] =3D { + { "netcontrol", IPTOSPRE_NETCONTROL}, + { "intercontrol", IPTOSPRE_INTERCONTROL}, + { "criticecp", IPTOSPRE_CRITICECP}, + { "flashover", IPTOSPRE_FLASHOVER}, + { "flash", IPTOSPRE_FLASH}, + { "immediate", IPTOSPRE_IMMEDIATE}, + { "priority", IPTOSPRE_PRIORITY}, + { "routine", IPTOSPRE_ROUTINE}, + { NULL, 0} +}; + static struct _s_x f_iptos[] =3D { { "lowdelay", IPTOS_LOWDELAY}, { "throughput", IPTOS_THROUGHPUT}, @@ -282,6 +294,7 @@ TOK_IPLEN, TOK_IPID, TOK_IPPRECEDENCE, + TOK_IPTOSPRE, TOK_IPTOS, TOK_IPTTL, TOK_IPVER, @@ -317,6 +330,7 @@ TOK_GRED, TOK_DROPTAIL, TOK_PROTO, + TOK_SETIPTOSPRE, TOK_WEIGHT, TOK_IP, TOK_IF, @@ -411,6 +425,7 @@ { "unreach6", TOK_UNREACH6 }, { "unreach", TOK_UNREACH }, { "check-state", TOK_CHECKSTATE }, + { "iptospre", TOK_SETIPTOSPRE }, { "//", TOK_COMMENT }, { "nat", TOK_NAT }, { NULL, 0 } /* terminator */ @@ -449,6 +464,7 @@ { "ipid", TOK_IPID }, { "ipprecedence", TOK_IPPRECEDENCE }, { "iptos", TOK_IPTOS }, + { "iptospre", TOK_IPTOSPRE }, { "ipttl", TOK_IPTTL }, { "ipversion", TOK_IPVER }, { "ipver", TOK_IPVER }, @@ -1599,6 +1615,10 @@ } break; =20 + case O_SETIPTOSPRE: + printf("iptospre %s", match_value(f_iptospre, cmd->arg1)); + break; + case O_LOG: /* O_LOG is printed last */ logptr =3D (ipfw_insn_log *)cmd; break; @@ -1910,6 +1930,10 @@ printf(" established"); break; =20 + case O_IPTOSPRE: + printf(" iptospre %s", match_value(f_iptospre, cmd->arg1)); + break; + case O_TCPDATALEN: if (F_LEN(cmd) =3D=3D 1) printf(" tcpdatalen %u", cmd->arg1 ); @@ -2712,7 +2736,7 @@ "RULE-BODY: check-state [PARAMS] | ACTION [PARAMS] ADDR [OPTION_LIST]\n"= "ACTION: check-state | allow | count | deny | unreach{,6} CODE |\n" " skipto N | {divert|tee} PORT | forward ADDR |\n" -" pipe N | queue N | nat N\n" +" pipe N | queue N | iptospre CODE | nat N\n" "PARAMS: [log [logamount LOGLIMIT]] [altq QUEUE_NAME]\n" "ADDR: [ MAC dst src ether_type ] \n" " [ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n" @@ -2725,6 +2749,7 @@ "OPTION: bridged | diverted | diverted-loopback | diverted-output |\n" " {dst-ip|src-ip} IPADDR | {dst-ip6|src-ip6|dst-ipv6|src-ipv6} IP6ADDR |= \n" " {dst-port|src-port} LIST |\n" +" iptospre CODE | {dst-ip|src-ip} IPADDR |\n" " estab | frag | {gid|uid} N | icmptypes LIST | in | out | ipid LIST |\n= " " iplen LIST | ipoptions SPEC | ipprecedence | ipsec | iptos SPEC |\n" " ipttl LIST | ipversion VER | keep-state | layer2 | limit ... |\n" @@ -4848,6 +4873,12 @@ action->opcode =3D O_COUNT; break; =20 + case TOK_SETIPTOSPRE: + NEED1("need iptospre arg\n"); + fill_flags(action, O_SETIPTOSPRE, f_iptospre, *av); + ac--; av++; + break; + case TOK_NAT: action->opcode =3D O_NAT; action->len =3D F_INSN_SIZE(ipfw_insn_nat); @@ -5334,6 +5365,12 @@ ac--; av++; break; =20 + case TOK_IPTOSPRE: + NEED1("missing argument for iptospre"); + fill_flags(cmd, O_IPTOSPRE, f_iptospre, *av); + ac--; av++; + break; + case TOK_IPTOS: NEED1("missing argument for iptos"); fill_flags(cmd, O_IPTOS, f_iptos, *av); Index: sys/netinet/ip_fw.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet/ip_fw.h,v retrieving revision 1.111 diff -u -r1.111 ip_fw.h --- sys/netinet/ip_fw.h 25 Jan 2008 14:38:27 -0000 1.111 +++ sys/netinet/ip_fw.h 26 Feb 2008 12:54:54 -0000 @@ -161,6 +161,9 @@ O_TAG, /* arg1=3Dtag number */ O_TAGGED, /* arg1=3Dtag number */ =20 + O_SETIPTOSPRE, /* Add ToS PRECEDENCE support. */ + O_IPTOSPRE, /* Add ToS PRECEDENCE support. */ + O_LAST_OPCODE /* not an opcode! */ }; =20 @@ -510,6 +513,18 @@ #define IP_FW_IPOPT_RR 0x04 #define IP_FW_IPOPT_TS 0x08 =20 +/* Definitions for IP ToS PRECEDENCE. */=20 +/* Thanks to: http://www.easycalculation.com/binary-converter.php */ +#define IPTOSPRE_NETCONTROL 224 /* bin =3D 111 dec =3D 224 hex =3D 0xe0= */ +#define IPTOSPRE_INTERCONTROL 192 /* bin =3D 110 dec =3D 192 hex =3D 0xc= 0 */ +#define IPTOSPRE_CRITICECP 160 /* bin =3D 101 dec =3D 160 hex =3D 0xa0 = */ +#define IPTOSPRE_FLASHOVER 128 /* bin =3D 100 dec =3D 128 hex =3D 0x80 = */ +#define IPTOSPRE_FLASH 96 /* bin =3D 011 dec =3D 96 hex =3D 0x60 */ +#define IPTOSPRE_IMMEDIATE 64 /* bin =3D 010 dec =3D 64 hex =3D 0x40 = */ +#define IPTOSPRE_PRIORITY 32 /* bin =3D 001 dec =3D 32 hex =3D 0x20 *= / +#define IPTOSPRE_ROUTINE 0 /* bin =3D 000 dec =3D 0 hex =3D 0x00 */= +/* Definitions for IP ToS PRECEDENCE. */=20 + /* * Definitions for TCP option names. */ @@ -626,5 +641,22 @@ extern ip_fw_chk_t *ip_fw_chk_ptr; #define IPFW_LOADED (ip_fw_chk_ptr !=3D NULL) =20 +/* Some novel@ code. */ +#define ADJUST_CHECKSUM(acc, cksum) \ + do { \ + acc +=3D cksum; \ + if (acc < 0) { \ + acc =3D -acc; \ + acc =3D (acc >> 16) + (acc & 0xffff); \ + acc +=3D acc >> 16; \ + cksum =3D (u_short) ~acc; \ + } else { \ + acc =3D (acc >> 16) + (acc & 0xffff); \ + acc +=3D acc >> 16; \ + cksum =3D (u_short) acc; \ + } \ + } while (0) +/* Some novel@ code. */ + #endif /* _KERNEL */ #endif /* _IPFW2_H */ Index: sys/netinet/ip_fw2.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v retrieving revision 1.181 diff -u -r1.181 ip_fw2.c --- sys/netinet/ip_fw2.c 24 Feb 2008 15:37:45 -0000 1.181 +++ sys/netinet/ip_fw2.c 26 Feb 2008 12:55:28 -0000 @@ -177,6 +177,21 @@ =20 extern int ipfw_chg_hook(SYSCTL_HANDLER_ARGS); =20 +/* some @novel code. */ +static __inline int +twowords(void *p) { + uint8_t *c =3D p; +#if BYTE_ORDER =3D=3D LITTLE_ENDIAN + uint16_t s1 =3D ((uint16_t)c[1] << 8) + (uint16_t)c[0]; + uint16_t s2 =3D ((uint16_t)c[3] << 8) + (uint16_t)c[2]; +#else + uint16_t s1 =3D ((uint16_t)c[0] << 8) + (uint16_t)c[1]; + uint16_t s2 =3D ((uint16_t)c[2] << 8) + (uint16_t)c[3]; +#endif + return (s1 + s2); +} +/* some @novel code. */ + #ifdef SYSCTL_NODE SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, @@ -2700,6 +2715,7 @@ for (; f; f =3D f->next) { ipfw_insn *cmd; uint32_t tablearg =3D 0; + int accumulate; /* Novel@ code. */ int l, cmdlen, skip_or; /* skip rest of OR block */ =20 again: @@ -3006,6 +3022,11 @@ flags_match(cmd, ip->ip_tos)); break; =20 + case O_IPTOSPRE: + match =3D (is_ipv4 && + flags_match(cmd, ip->ip_tos)); + break; + case O_TCPDATALEN: if (proto =3D=3D IPPROTO_TCP && offset =3D=3D 0) { struct tcphdr *tcp; @@ -3322,6 +3343,18 @@ match =3D 1; break; =20 + /* Insert within IP ToS PRECEDENCE field. */ + case O_SETIPTOSPRE: + accumulate =3D twowords(&ip->ip_tos); + ip->ip_tos=3D cmd->arg1; + accumulate -=3D twowords(&ip->ip_tos); + ADJUST_CHECKSUM(accumulate, ip->ip_sum); + f->pcnt++; /* update stats */ + f->bcnt +=3D pktlen; + f->timestamp =3D time_second; + goto next_rule; + /* Insert within IP ToS PRECEDENCE field. */ + case O_PROBE_STATE: case O_CHECK_STATE: /* @@ -4119,6 +4152,7 @@ case O_FRAG: case O_DIVERTED: case O_IPOPT: + case O_IPTOSPRE: case O_IPTOS: case O_IPPRECEDENCE: case O_IPVER: @@ -4142,6 +4176,10 @@ goto bad_size; break; =20 + case O_SETIPTOSPRE: + have_action =3D 1; + break; + case O_UID: case O_GID: case O_JAIL: --------------020303030608020802080703-- --------------enigEFB958632A87BA2B77182DFC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHxBacovxJd1Pkz6gRAnKGAKCHs4KNB1M3IC0ii5JXvuiRXYJ9xACgiuMn vKLCJEusdTaOviePhj8i0OM= =lKcp -----END PGP SIGNATURE----- --------------enigEFB958632A87BA2B77182DFC--