Date: Sun, 14 Aug 2016 16:32:23 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r304084 - in releng/11.0: sbin/ipfw sys/netinet sys/netpfil/ipfw Message-ID: <201608141632.u7EGWNEv091251@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Sun Aug 14 16:32:23 2016 New Revision: 304084 URL: https://svnweb.freebsd.org/changeset/base/304084 Log: Merge from stable/11 r304079: Restore "nat global" support. Now zero value of arg1 used to specify "tablearg", use the old "tablearg" value for "nat global". Introduce new macro IP_FW_NAT44_GLOBAL to replace hardcoded magic number to specify "nat global". Also replace 65535 magic number with corresponding macro. Fix typo in comments. PR: 211256 Approved by: re (kib) Modified: releng/11.0/sbin/ipfw/ipfw2.c releng/11.0/sys/netinet/ip_fw.h releng/11.0/sys/netpfil/ipfw/ip_fw2.c releng/11.0/sys/netpfil/ipfw/ip_fw_sockopt.c Directory Properties: releng/11.0/ (props changed) Modified: releng/11.0/sbin/ipfw/ipfw2.c ============================================================================== --- releng/11.0/sbin/ipfw/ipfw2.c Sun Aug 14 15:52:00 2016 (r304083) +++ releng/11.0/sbin/ipfw/ipfw2.c Sun Aug 14 16:32:23 2016 (r304084) @@ -1575,7 +1575,7 @@ show_static_rule(struct cmdline_opts *co break; case O_NAT: - if (cmd->arg1 != 0) + if (cmd->arg1 != IP_FW_NAT44_GLOBAL) bprint_uint_arg(bp, "nat ", cmd->arg1); else bprintf(bp, "nat global"); @@ -3733,7 +3733,7 @@ compile_rule(char *av[], uint32_t *rbuf, action->len = F_INSN_SIZE(ipfw_insn_nat); CHECK_ACTLEN; if (*av != NULL && _substrcmp(*av, "global") == 0) { - action->arg1 = 0; + action->arg1 = IP_FW_NAT44_GLOBAL; av++; break; } else Modified: releng/11.0/sys/netinet/ip_fw.h ============================================================================== --- releng/11.0/sys/netinet/ip_fw.h Sun Aug 14 15:52:00 2016 (r304083) +++ releng/11.0/sys/netinet/ip_fw.h Sun Aug 14 16:32:23 2016 (r304084) @@ -60,6 +60,7 @@ #define IPFW_ARG_MAX 65534 #define IP_FW_TABLEARG 65535 /* Compat value for old clients */ #define IP_FW_TARG 0 /* Current tablearg value */ +#define IP_FW_NAT44_GLOBAL 65535 /* arg1 value for "nat global" */ /* * Number of entries in the call stack of the call/return commands. Modified: releng/11.0/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- releng/11.0/sys/netpfil/ipfw/ip_fw2.c Sun Aug 14 15:52:00 2016 (r304083) +++ releng/11.0/sys/netpfil/ipfw/ip_fw2.c Sun Aug 14 16:32:23 2016 (r304084) @@ -2489,7 +2489,7 @@ do { \ set_match(args, f_pos, chain); /* Check if this is 'global' nat rule */ - if (cmd->arg1 == 0) { + if (cmd->arg1 == IP_FW_NAT44_GLOBAL) { retval = ipfw_nat_ptr(args, NULL, m); break; } Modified: releng/11.0/sys/netpfil/ipfw/ip_fw_sockopt.c ============================================================================== --- releng/11.0/sys/netpfil/ipfw/ip_fw_sockopt.c Sun Aug 14 15:52:00 2016 (r304083) +++ releng/11.0/sys/netpfil/ipfw/ip_fw_sockopt.c Sun Aug 14 16:32:23 2016 (r304084) @@ -524,9 +524,11 @@ import_rule0(struct rule_check_info *ci) /* * Alter opcodes: - * 1) convert tablearg value from 65335 to 0 - * 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room for targ). + * 1) convert tablearg value from 65535 to 0 + * 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room + * for targ). * 3) convert table number in iface opcodes to u16 + * 4) convert old `nat global` into new 65535 */ l = krule->cmd_len; cmd = krule->cmd; @@ -548,19 +550,21 @@ import_rule0(struct rule_check_info *ci) case O_NETGRAPH: case O_NGTEE: case O_NAT: - if (cmd->arg1 == 65535) + if (cmd->arg1 == IP_FW_TABLEARG) cmd->arg1 = IP_FW_TARG; + else if (cmd->arg1 == 0) + cmd->arg1 = IP_FW_NAT44_GLOBAL; break; case O_SETFIB: case O_SETDSCP: - if (cmd->arg1 == 65535) + if (cmd->arg1 == IP_FW_TABLEARG) cmd->arg1 = IP_FW_TARG; else cmd->arg1 |= 0x8000; break; case O_LIMIT: lcmd = (ipfw_insn_limit *)cmd; - if (lcmd->conn_limit == 65535) + if (lcmd->conn_limit == IP_FW_TABLEARG) lcmd->conn_limit = IP_FW_TARG; break; /* Interface tables */ @@ -606,7 +610,7 @@ export_rule0(struct ip_fw *krule, struct /* * Alter opcodes: - * 1) convert tablearg value from 0 to 65335 + * 1) convert tablearg value from 0 to 65535 * 2) Remove highest bit from O_SETFIB/O_SETDSCP values. * 3) convert table number in iface opcodes to int */ @@ -631,19 +635,21 @@ export_rule0(struct ip_fw *krule, struct case O_NGTEE: case O_NAT: if (cmd->arg1 == IP_FW_TARG) - cmd->arg1 = 65535; + cmd->arg1 = IP_FW_TABLEARG; + else if (cmd->arg1 == IP_FW_NAT44_GLOBAL) + cmd->arg1 = 0; break; case O_SETFIB: case O_SETDSCP: if (cmd->arg1 == IP_FW_TARG) - cmd->arg1 = 65535; + cmd->arg1 = IP_FW_TABLEARG; else cmd->arg1 &= ~0x8000; break; case O_LIMIT: lcmd = (ipfw_insn_limit *)cmd; if (lcmd->conn_limit == IP_FW_TARG) - lcmd->conn_limit = 65535; + lcmd->conn_limit = IP_FW_TABLEARG; break; /* Interface tables */ case O_XMIT:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608141632.u7EGWNEv091251>