Date: Sat, 14 Jun 2008 18:32:21 GMT From: Gleb Kurtsou <gk@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 143458 for review Message-ID: <200806141832.m5EIWLHL048449@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=143458 Change 143458 by gk@gk_h1 on 2008/06/14 18:31:45 in ipfw: s/mac/ether/ (to be consistent with the rest of the world and futere layer2 filtering in pf). retain mac and mac-type options for backward compatibility Affected files ... .. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#4 edit .. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#5 edit .. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#6 edit Differences ... ==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#4 (text+ko) ==== @@ -294,10 +294,10 @@ TOK_TCPACK, TOK_TCPWIN, TOK_ICMPTYPES, - TOK_MAC, - TOK_MAC_SRC, - TOK_MAC_DST, - TOK_MACTYPE, + TOK_ETHER, + TOK_ETHER_SRC, + TOK_ETHER_DST, + TOK_ETHER_TYPE, TOK_VERREVPATH, TOK_VERSRCREACH, TOK_ANTISPOOF, @@ -477,11 +477,13 @@ { "dst-port", TOK_DSTPORT }, { "src-port", TOK_SRCPORT }, { "proto", TOK_PROTO }, - { "MAC", TOK_MAC }, - { "mac", TOK_MAC }, - { "src-mac", TOK_MAC_SRC }, - { "dst-mac", TOK_MAC_DST }, - { "mac-type", TOK_MACTYPE }, + { "MAC", TOK_ETHER }, + { "mac", TOK_ETHER }, + { "ether", TOK_ETHER }, + { "src-ether", TOK_ETHER_SRC }, + { "dst-ether", TOK_ETHER_DST }, + { "mac-type", TOK_ETHER_TYPE }, + { "ether-type", TOK_ETHER_TYPE }, { "verrevpath", TOK_VERREVPATH }, { "versrcreach", TOK_VERSRCREACH }, { "antispoof", TOK_ANTISPOOF }, @@ -663,7 +665,7 @@ {"ipid", O_IPID}, {"iplen", O_IPLEN}, {"ipttl", O_IPTTL}, - {"mac-type", O_MAC_TYPE}, + {"ether-type", O_ETHER_TYPE}, {"tcpdatalen", O_TCPDATALEN}, {"tagged", O_TAGGED}, {NULL, 0} @@ -1134,10 +1136,10 @@ } /* - * prints a MAC address/mask pair + * prints a ethernet (MAC) address/mask pair */ static void -print_mac(uint8_t *addr, uint8_t *mask) +print_ether(uint8_t *addr, uint8_t *mask) { int l = contigmask(mask, 48); @@ -1421,7 +1423,7 @@ * The first argument is the list of fields we have, the second is * the list of fields we want to be printed. * - * Special cases if we have provided a MAC header: + * Special cases if we have provided a ethernet header: * + if the rule does not contain IP addresses/ports, do not print them; * + if the rule does not contain an IP proto, print "all" instead of "ip"; * @@ -1811,32 +1813,32 @@ if (cmd->len & F_NOT && cmd->opcode != O_IN) printf(" not"); switch(cmd->opcode) { - case O_MACADDR2: { - ipfw_insn_mac *m = (ipfw_insn_mac *)cmd; + case O_ETHERADDR2: { + ipfw_insn_ether *m = (ipfw_insn_ether *)cmd; - printf(" mac"); - print_mac(m->addr, m->mask); - print_mac(m->addr + 6, m->mask + 6); + printf(" ether"); + print_ether(m->addr, m->mask); + print_ether(m->addr + 6, m->mask + 6); } break; - case O_MAC_SRC: { - ipfw_insn_mac *m = (ipfw_insn_mac *)cmd; + case O_ETHER_SRC: { + ipfw_insn_ether *m = (ipfw_insn_ether *)cmd; - printf(" src-mac"); - print_mac(m->addr + 6, m->mask + 6); + printf(" src-ether"); + print_ether(m->addr + 6, m->mask + 6); } break; - case O_MAC_DST: { - ipfw_insn_mac *m = (ipfw_insn_mac *)cmd; + case O_ETHER_DST: { + ipfw_insn_ether *m = (ipfw_insn_ether *)cmd; - printf(" dst-mac"); - print_mac(m->addr, m->mask); + printf(" dst-ether"); + print_ether(m->addr, m->mask); } break; - case O_MAC_TYPE: + case O_ETHER_TYPE: print_newports((ipfw_insn_u16 *)cmd, IPPROTO_ETHERTYPE, cmd->opcode); break; @@ -4466,12 +4468,12 @@ } static void -get_mac_addr_mask(const char *p, uint8_t *addr, uint8_t *mask) +get_ether_addr_mask(const char *p, uint8_t *addr, uint8_t *mask) { int i, l; char *ap, *ptr, *optr; - struct ether_addr *mac; - const char *macset = "0123456789abcdefABCDEF:"; + struct ether_addr *ether; + const char *etherset = "0123456789abcdefABCDEF:"; if (strcmp(p, "any") == 0) { for (i = 0; i < ETHER_ADDR_LEN; i++) @@ -4482,11 +4484,11 @@ optr = ptr = strdup(p); if ((ap = strsep(&ptr, "&/")) != NULL && *ap != 0) { l = strlen(ap); - if (strspn(ap, macset) != l || (mac = ether_aton(ap)) == NULL) - errx(EX_DATAERR, "Incorrect MAC address"); - bcopy(mac, addr, ETHER_ADDR_LEN); + if (strspn(ap, etherset) != l || (ether = ether_aton(ap)) == NULL) + errx(EX_DATAERR, "Incorrect ethernet (MAC) address"); + bcopy(ether, addr, ETHER_ADDR_LEN); } else - errx(EX_DATAERR, "Incorrect MAC address"); + errx(EX_DATAERR, "Incorrect ethernet (MAC) address"); if (ptr != NULL) { /* we have mask? */ if (p[ptr - optr - 1] == '/') { /* mask len */ @@ -4497,10 +4499,10 @@ mask[i] = (l >= 8) ? 0xff: (~0) << (8 - l); } else { /* mask */ l = strlen(ptr); - if (strspn(ptr, macset) != l || - (mac = ether_aton(ptr)) == NULL) + if (strspn(ptr, etherset) != l || + (ether = ether_aton(ptr)) == NULL) errx(EX_DATAERR, "Incorrect mask"); - bcopy(mac, mask, ETHER_ADDR_LEN); + bcopy(ether, mask, ETHER_ADDR_LEN); } } else { /* default mask: ff:ff:ff:ff:ff:ff */ for (i = 0; i < ETHER_ADDR_LEN; i++) @@ -4572,68 +4574,68 @@ * two microinstructions, and returns the pointer to the last one. */ static ipfw_insn * -add_mac(ipfw_insn *cmd, int ac, char *av[]) +add_ether(ipfw_insn *cmd, int ac, char *av[]) { - ipfw_insn_mac *mac; + ipfw_insn_ether *ether; if (ac < 2) - errx(EX_DATAERR, "MAC dst src"); + errx(EX_DATAERR, "ether dst src"); - cmd->opcode = O_MACADDR2; - cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac); + cmd->opcode = O_ETHERADDR2; + cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_ether); - mac = (ipfw_insn_mac *)cmd; - get_mac_addr_mask(av[0], mac->addr, mac->mask); /* dst */ - get_mac_addr_mask(av[1], &(mac->addr[ETHER_ADDR_LEN]), - &(mac->mask[ETHER_ADDR_LEN])); /* src */ + ether = (ipfw_insn_ether *)cmd; + get_ether_addr_mask(av[0], ether->addr, ether->mask); /* dst */ + get_ether_addr_mask(av[1], &(ether->addr[ETHER_ADDR_LEN]), + &(ether->mask[ETHER_ADDR_LEN])); /* src */ return cmd; } static ipfw_insn * -add_mac_src(ipfw_insn *cmd, int ac, char *av[]) +add_ether_src(ipfw_insn *cmd, int ac, char *av[]) { - ipfw_insn_mac *mac; + ipfw_insn_ether *ether; if (ac < 1) - errx(EX_DATAERR, "src-mac src"); + errx(EX_DATAERR, "src-ether src"); - cmd->opcode = O_MAC_SRC; - cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac); + cmd->opcode = O_ETHER_SRC; + cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_ether); - mac = (ipfw_insn_mac *)cmd; - bzero(mac->addr, ETHER_ADDR_LEN); - bzero(mac->mask, ETHER_ADDR_LEN); - get_mac_addr_mask(av[0], &(mac->addr[ETHER_ADDR_LEN]), - &(mac->mask[ETHER_ADDR_LEN])); /* src */ + ether = (ipfw_insn_ether *)cmd; + bzero(ether->addr, ETHER_ADDR_LEN); + bzero(ether->mask, ETHER_ADDR_LEN); + get_ether_addr_mask(av[0], &(ether->addr[ETHER_ADDR_LEN]), + &(ether->mask[ETHER_ADDR_LEN])); /* src */ return cmd; } static ipfw_insn * -add_mac_dst(ipfw_insn *cmd, int ac, char *av[]) +add_ether_dst(ipfw_insn *cmd, int ac, char *av[]) { - ipfw_insn_mac *mac; + ipfw_insn_ether *ether; if (ac < 1) - errx(EX_DATAERR, "dst-mac dst"); + errx(EX_DATAERR, "dst-ether dst"); - cmd->opcode = O_MAC_DST; - cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac); + cmd->opcode = O_ETHER_DST; + cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_ether); - mac = (ipfw_insn_mac *)cmd; - bzero(mac->addr + ETHER_ADDR_LEN, ETHER_ADDR_LEN); - bzero(mac->mask + ETHER_ADDR_LEN, ETHER_ADDR_LEN); - get_mac_addr_mask(av[0], mac->addr, mac->mask); /* dst */ + ether = (ipfw_insn_ether *)cmd; + bzero(ether->addr + ETHER_ADDR_LEN, ETHER_ADDR_LEN); + bzero(ether->mask + ETHER_ADDR_LEN, ETHER_ADDR_LEN); + get_ether_addr_mask(av[0], ether->addr, ether->mask); /* dst */ return cmd; } static ipfw_insn * -add_mactype(ipfw_insn *cmd, int ac, char *av) +add_ethertype(ipfw_insn *cmd, int ac, char *av) { if (ac < 1) - errx(EX_DATAERR, "missing MAC type"); + errx(EX_DATAERR, "missing ether-type argument"); if (strcmp(av, "any") != 0) { /* we have a non-null type */ fill_newports((ipfw_insn_u16 *)cmd, av, IPPROTO_ETHERTYPE); - cmd->opcode = O_MAC_TYPE; + cmd->opcode = O_ETHER_TYPE; return cmd; } else return NULL; @@ -5641,28 +5643,28 @@ *av); break; - case TOK_MAC: - if (add_mac(cmd, ac, av)) { + case TOK_ETHER: + if (add_ether(cmd, ac, av)) { ac -= 2; av += 2; } break; - case TOK_MAC_SRC: - if (add_mac_src(cmd, ac, av)) { + case TOK_ETHER_SRC: + if (add_ether_src(cmd, ac, av)) { ac--; av++; } break; - case TOK_MAC_DST: - if (add_mac_dst(cmd, ac, av)) { + case TOK_ETHER_DST: + if (add_ether_dst(cmd, ac, av)) { ac--; av++; } break; - case TOK_MACTYPE: - NEED1("missing mac type"); - if (!add_mactype(cmd, ac, *av)) - errx(EX_DATAERR, "invalid mac type %s", *av); + case TOK_ETHER_TYPE: + NEED1("missing ether type"); + if (!add_ethertype(cmd, ac, *av)) + errx(EX_DATAERR, "invalid ether type %s", *av); ac--; av++; break; @@ -5966,10 +5968,10 @@ if (lookup_host(*av, (struct in_addr *)&ent.addr) != 0) errx(EX_NOHOST, "hostname ``%s'' unknown", *av); ac--; av++; - ent.mac_addr = 0; - if (do_add && ac >= 2 && strcmp(*av, "mac") == 0) { + ent.ether_addr = 0; + if (do_add && ac >= 2 && strcmp(*av, "ether") == 0) { uint8_t mask[8]; - get_mac_addr_mask(av[1], (uint8_t*)&ent.mac_addr, mask); + get_ether_addr_mask(av[1], (uint8_t*)&ent.ether_addr, mask); ac-=2; av+=2; } if (do_add && ac) { @@ -6021,7 +6023,7 @@ for (a = 0; a < tbl->cnt; a++) { unsigned int tval; char tval_buf[128]; - char tmac_buf[128]; + char tether_buf[128]; tval = tbl->ent[a].value; if (do_value_as_ip) { /* inet_ntoa expects network order */ @@ -6031,17 +6033,17 @@ } else { snprintf(tval_buf, sizeof(tval_buf), "%u", tval); } - if (tbl->ent[a].mac_addr) { - uint8_t *x = (uint8_t *)&tbl->ent[a].mac_addr; - snprintf(tmac_buf, sizeof(tmac_buf), "mac %02x:%02x:%02x:%02x:%02x:%02x ", + if (tbl->ent[a].ether_addr) { + uint8_t *x = (uint8_t *)&tbl->ent[a].ether_addr; + snprintf(tether_buf, sizeof(tether_buf), "ether %02x:%02x:%02x:%02x:%02x:%02x ", x[0], x[1], x[2], x[3], x[4], x[5]); } else { - tmac_buf[0] = 0; + tether_buf[0] = 0; } printf("%s/%u %s%s\n", inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr), - tbl->ent[a].masklen, tmac_buf, tval_buf); + tbl->ent[a].masklen, tether_buf, tval_buf); } } else errx(EX_USAGE, "invalid table command %s", *av); ==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#5 (text+ko) ==== @@ -67,10 +67,10 @@ O_IP_DSTPORT, /* (n)port list:mask 4 byte ea */ O_PROTO, /* arg1=protocol */ - O_MACADDR2, /* 2 mac addr:mask */ - O_MAC_SRC, /* 2 mac addr:mask */ - O_MAC_DST, /* 2 mac addr:mask */ - O_MAC_TYPE, /* same as srcport */ + O_ETHERADDR2, /* 2 ethernet (mac) addr:mask */ + O_ETHER_SRC, /* 2 ethernet (mac) addr:mask */ + O_ETHER_DST, /* 2 ethernet (mac) addr:mask */ + O_ETHER_TYPE, /* same as srcport */ O_LAYER2, /* none */ O_IN, /* none */ @@ -263,13 +263,13 @@ } ipfw_insn_sa; /* - * This is used for MAC addr-mask pairs. + * This is used for ethernet (MAC) addr-mask pairs. */ -typedef struct _ipfw_insn_mac { +typedef struct _ipfw_insn_ether { ipfw_insn o; u_char addr[12]; /* dst[6] + src[6] */ u_char mask[12]; /* dst[6] + src[6] */ -} ipfw_insn_mac; +} ipfw_insn_ether; /* * This is used for interface match rules (recv xx, xmit xx). @@ -533,7 +533,7 @@ */ typedef struct _ipfw_table_entry { in_addr_t addr; /* network address */ - u_int64_t mac_addr; /* mac address */ + u_int64_t ether_addr; /* ethernet address */ u_int32_t value; /* value */ u_int16_t tbl; /* table number */ u_int8_t masklen; /* mask length */ ==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#6 (text+ko) ==== @@ -153,7 +153,7 @@ struct table_entry { struct radix_node rn[2]; struct sockaddr_in addr, mask; - u_int64_t mac_addr; + u_int64_t ether_addr; u_int32_t value; }; @@ -880,7 +880,7 @@ } if (hlen == 0) { /* non-ip */ - snprintf(SNPARGS(proto, 0), "MAC"); + snprintf(SNPARGS(proto, 0), "ether"); } else { int len; @@ -1753,7 +1753,7 @@ static int add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr, - uint8_t mlen, u_int64_t mac_addr, uint32_t value) + uint8_t mlen, u_int64_t ether_addr, uint32_t value) { struct radix_node_head *rnh; struct table_entry *ent; @@ -1768,7 +1768,7 @@ ent->addr.sin_len = ent->mask.sin_len = 8; ent->mask.sin_addr.s_addr = htonl(mlen ? ~((1 << (32 - mlen)) - 1) : 0); ent->addr.sin_addr.s_addr = addr & ent->mask.sin_addr.s_addr; - ent->mac_addr = mac_addr; + ent->ether_addr = ether_addr; IPFW_WLOCK(&layer3_chain); if (rnh->rnh_addaddr(&ent->addr, &ent->mask, rnh, (void *)ent) == NULL) { @@ -1876,8 +1876,8 @@ sa.sin_addr.s_addr = addr; ent = (struct table_entry *)(rnh->rnh_lookup(&sa, NULL, rnh)); if (ent != NULL) { - if (ea && ent->mac_addr) { - if (ent->mac_addr != ((*(u_int64_t*)ea))) + if (ea && ent->ether_addr) { + if (ent->ether_addr != ((*(u_int64_t*)ea))) return (0); } *val = ent->value; @@ -1924,7 +1924,7 @@ else ent->masklen = 33 - ffs(ntohl(n->mask.sin_addr.s_addr)); ent->addr = n->addr.sin_addr.s_addr; - ent->mac_addr = n->mac_addr; + ent->ether_addr = n->ether_addr; ent->value = n->value; tbl->cnt++; return (0); @@ -2054,7 +2054,7 @@ * * args->m (in/out) The packet; we set to NULL when/if we nuke it. * Starts with the IP header. - * args->eh (in) Mac header if present, or NULL for layer3 packet. + * args->eh (in) ethernet header if present, or NULL for layer3 packet. * args->L3offset Number of bytes bypassed if we came from L2. * e.g. often sizeof(eh) ** NOTYET ** * args->oif Outgoing interface, or NULL if packet is incoming. @@ -2090,7 +2090,7 @@ * the implementation of the various instructions to make sure * that they still work. * - * args->eh The MAC header. It is non-null for a layer2 + * args->eh The ethernet header. It is non-null for a layer2 * packet, it is NULL for a layer-3 packet. * **notyet** * args->L3offset Offset in the packet to the L3 (IP or equiv.) header. @@ -2590,14 +2590,14 @@ m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd); break; - case O_MACADDR2: - case O_MAC_SRC: - case O_MAC_DST: - if (args->eh != NULL) { /* have MAC header */ + case O_ETHERADDR2: + case O_ETHER_SRC: + case O_ETHER_DST: + if (args->eh != NULL) { /* have ethernet header */ u_int32_t *want = (u_int32_t *) - ((ipfw_insn_mac *)cmd)->addr; + ((ipfw_insn_ether *)cmd)->addr; u_int32_t *mask = (u_int32_t *) - ((ipfw_insn_mac *)cmd)->mask; + ((ipfw_insn_ether *)cmd)->mask; u_int32_t *hdr = (u_int32_t *)args->eh; match = @@ -2607,8 +2607,8 @@ } break; - case O_MAC_TYPE: - if (args->eh != NULL) { /* have MAC header */ + case O_ETHER_TYPE: + if (args->eh != NULL) { /* have ethernet header */ u_int16_t *p = ((ipfw_insn_u16 *)cmd)->ports; int i; @@ -3895,10 +3895,10 @@ goto bad_size; break; - case O_MACADDR2: - case O_MAC_SRC: - case O_MAC_DST: - if (cmdlen != F_INSN_SIZE(ipfw_insn_mac)) + case O_ETHERADDR2: + case O_ETHER_SRC: + case O_ETHER_DST: + if (cmdlen != F_INSN_SIZE(ipfw_insn_ether)) goto bad_size; break; @@ -3912,7 +3912,7 @@ goto bad_size; break; - case O_MAC_TYPE: + case O_ETHER_TYPE: case O_IP_SRCPORT: case O_IP_DSTPORT: /* XXX artificial limit, 30 port pairs */ if (cmdlen < 2 || cmdlen > 31) @@ -4280,7 +4280,7 @@ if (error) break; error = add_table_entry(&layer3_chain, ent.tbl, - ent.addr, ent.masklen, ent.mac_addr, ent.value); + ent.addr, ent.masklen, ent.ether_addr, ent.value); } break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806141832.m5EIWLHL048449>