From owner-svn-src-all@FreeBSD.ORG Sat Apr 14 10:20:35 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2E05F106564A; Sat, 14 Apr 2012 10:20:35 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 190198FC15; Sat, 14 Apr 2012 10:20:35 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q3EAKYGN024205; Sat, 14 Apr 2012 10:20:34 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q3EAKY7a024200; Sat, 14 Apr 2012 10:20:34 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201204141020.q3EAKY7a024200@svn.freebsd.org> From: Gleb Smirnoff Date: Sat, 14 Apr 2012 10:20:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r234278 - in stable/9: sbin/ipfw sys/netinet/ipfw X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Apr 2012 10:20:35 -0000 Author: glebius Date: Sat Apr 14 10:20:34 2012 New Revision: 234278 URL: http://svn.freebsd.org/changeset/base/234278 Log: Merge 231076,231078: Make the 'tcpwin' option of ipfw(8) accept ranges and lists. Submitted by: sem Modified: stable/9/sbin/ipfw/ipfw.8 stable/9/sbin/ipfw/ipfw2.c stable/9/sys/netinet/ipfw/ip_fw2.c stable/9/sys/netinet/ipfw/ip_fw_sockopt.c Directory Properties: stable/9/sbin/ipfw/ (props changed) stable/9/sys/ (props changed) Modified: stable/9/sbin/ipfw/ipfw.8 ============================================================================== --- stable/9/sbin/ipfw/ipfw.8 Sat Apr 14 10:13:36 2012 (r234277) +++ stable/9/sbin/ipfw/ipfw.8 Sat Apr 14 10:20:34 2012 (r234278) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 10, 2011 +.Dd February 6, 2012 .Dt IPFW 8 .Os .Sh NAME @@ -1652,10 +1652,12 @@ option for details on matching fragmente TCP packets only. Match if the TCP header sequence number field is set to .Ar seq . -.It Cm tcpwin Ar win -TCP packets only. -Match if the TCP header window field is set to -.Ar win . +.It Cm tcpwin Ar tcpwin-list +Matches TCP packets whose header window field is set to +.Ar tcpwin-list , +which is either a single value or a list of values or ranges +specified in the same way as +.Ar ports . .It Cm tcpoptions Ar spec TCP packets only. Match if the TCP header contains the comma separated list of Modified: stable/9/sbin/ipfw/ipfw2.c ============================================================================== --- stable/9/sbin/ipfw/ipfw2.c Sat Apr 14 10:13:36 2012 (r234277) +++ stable/9/sbin/ipfw/ipfw2.c Sat Apr 14 10:20:34 2012 (r234278) @@ -512,6 +512,7 @@ static struct _s_x _port_name[] = { {"ipttl", O_IPTTL}, {"mac-type", O_MAC_TYPE}, {"tcpdatalen", O_TCPDATALEN}, + {"tcpwin", O_TCPWIN}, {"tagged", O_TAGGED}, {NULL, 0} }; @@ -1480,7 +1481,11 @@ show_ipfw(struct ip_fw *rule, int pcwidt break; case O_TCPWIN: - printf(" tcpwin %d", ntohs(cmd->arg1)); + if (F_LEN(cmd) == 1) + printf(" tcpwin %u", cmd->arg1); + else + print_newports((ipfw_insn_u16 *)cmd, 0, + O_TCPWIN); break; case O_TCPACK: @@ -3447,8 +3452,12 @@ read_options: case TOK_TCPWIN: NEED1("tcpwin requires length"); - fill_cmd(cmd, O_TCPWIN, 0, - htons(strtoul(*av, NULL, 0))); + if (strpbrk(*av, "-,")) { + if (!add_ports(cmd, *av, 0, O_TCPWIN)) + errx(EX_DATAERR, "invalid tcpwin len %s", *av); + } else + fill_cmd(cmd, O_TCPWIN, 0, + strtoul(*av, NULL, 0)); av++; break; Modified: stable/9/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- stable/9/sys/netinet/ipfw/ip_fw2.c Sat Apr 14 10:13:36 2012 (r234277) +++ stable/9/sys/netinet/ipfw/ip_fw2.c Sat Apr 14 10:20:34 2012 (r234278) @@ -1649,8 +1649,22 @@ do { \ break; case O_TCPWIN: - match = (proto == IPPROTO_TCP && offset == 0 && - cmd->arg1 == TCP(ulp)->th_win); + if (proto == IPPROTO_TCP && offset == 0) { + uint16_t x; + uint16_t *p; + int i; + + x = ntohs(TCP(ulp)->th_win); + if (cmdlen == 1) { + match = (cmd->arg1 == x); + break; + } + /* Otherwise we have ranges. */ + p = ((ipfw_insn_u16 *)cmd)->ports; + i = cmdlen - 1; + for (; !match && i > 0; i--, p += 2) + match = (x >= p[0] && x <= p[1]); + } break; case O_ESTAB: Modified: stable/9/sys/netinet/ipfw/ip_fw_sockopt.c ============================================================================== --- stable/9/sys/netinet/ipfw/ip_fw_sockopt.c Sat Apr 14 10:13:36 2012 (r234277) +++ stable/9/sys/netinet/ipfw/ip_fw_sockopt.c Sat Apr 14 10:20:34 2012 (r234278) @@ -569,7 +569,6 @@ check_ipfw_struct(struct ip_fw *rule, in case O_IPPRECEDENCE: case O_IPVER: case O_SOCKARG: - case O_TCPWIN: case O_TCPFLAGS: case O_TCPOPTS: case O_ESTAB: @@ -679,6 +678,7 @@ check_ipfw_struct(struct ip_fw *rule, in case O_IPTTL: case O_IPLEN: case O_TCPDATALEN: + case O_TCPWIN: case O_TAGGED: if (cmdlen < 1 || cmdlen > 31) goto bad_size;