From owner-svn-src-all@freebsd.org Fri Jan 19 12:50:05 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00C56ED4157; Fri, 19 Jan 2018 12:50:05 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CF12880109; Fri, 19 Jan 2018 12:50:04 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 155FB59AC; Fri, 19 Jan 2018 12:50:04 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w0JCo3VS091084; Fri, 19 Jan 2018 12:50:03 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w0JCo3MR091081; Fri, 19 Jan 2018 12:50:03 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201801191250.w0JCo3MR091081@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Fri, 19 Jan 2018 12:50:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r328161 - head/sys/netpfil/ipfw X-SVN-Group: head X-SVN-Commit-Author: ae X-SVN-Commit-Paths: head/sys/netpfil/ipfw X-SVN-Commit-Revision: 328161 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jan 2018 12:50:05 -0000 Author: ae Date: Fri Jan 19 12:50:03 2018 New Revision: 328161 URL: https://svnweb.freebsd.org/changeset/base/328161 Log: Add UDPLite support to ipfw(4). Now it is possible to use UDPLite's port numbers in rules, create dynamic states for UDPLite packets and see "UDPLite" for matched packets in log. Obtained from: Yandex LLC MFC after: 2 weeks Sponsored by: Yandex LLC Modified: head/sys/netpfil/ipfw/ip_fw2.c head/sys/netpfil/ipfw/ip_fw_dynamic.c head/sys/netpfil/ipfw/ip_fw_log.c Modified: head/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw2.c Fri Jan 19 08:48:14 2018 (r328160) +++ head/sys/netpfil/ipfw/ip_fw2.c Fri Jan 19 12:50:03 2018 (r328161) @@ -1088,6 +1088,9 @@ check_uidgid(ipfw_insn_u32 *insn, struct ip_fw_args *a } else if (id->proto == IPPROTO_UDP) { lookupflags = INPLOOKUP_WILDCARD; pi = &V_udbinfo; + } else if (id->proto == IPPROTO_UDPLITE) { + lookupflags = INPLOOKUP_WILDCARD; + pi = &V_ulitecbinfo; } else return 0; lookupflags |= INPLOOKUP_RLOCKPCB; @@ -1458,6 +1461,7 @@ do { \ break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: PULLUP_TO(hlen, ulp, struct udphdr); dst_port = UDP(ulp)->uh_dport; src_port = UDP(ulp)->uh_sport; @@ -1646,6 +1650,7 @@ do { \ break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: PULLUP_TO(hlen, ulp, struct udphdr); dst_port = UDP(ulp)->uh_dport; src_port = UDP(ulp)->uh_sport; @@ -1777,7 +1782,8 @@ do { \ if (offset != 0) break; if (proto == IPPROTO_TCP || - proto == IPPROTO_UDP) + proto == IPPROTO_UDP || + proto == IPPROTO_UDPLITE) match = check_uidgid( (ipfw_insn_u32 *)cmd, args, &ucred_lookup, @@ -1916,6 +1922,7 @@ do { \ /* Skip proto without ports */ if (proto != IPPROTO_TCP && proto != IPPROTO_UDP && + proto != IPPROTO_UDPLITE && proto != IPPROTO_SCTP) break; if (vidx == 2 /* dst-port */) @@ -2072,8 +2079,10 @@ do { \ * to guarantee that we have a * packet with port info. */ - if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP || - proto==IPPROTO_SCTP) && offset == 0) { + if ((proto == IPPROTO_UDP || + proto == IPPROTO_UDPLITE || + proto == IPPROTO_TCP || + proto == IPPROTO_SCTP) && offset == 0) { u_int16_t x = (cmd->opcode == O_IP_SRCPORT) ? src_port : dst_port ; @@ -2460,6 +2469,8 @@ do { \ pi = &V_tcbinfo; else if (proto == IPPROTO_UDP) pi = &V_udbinfo; + else if (proto == IPPROTO_UDPLITE) + pi = &V_ulitecbinfo; else break; Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Jan 19 08:48:14 2018 (r328160) +++ head/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Jan 19 12:50:03 2018 (r328161) @@ -584,7 +584,8 @@ dyn_update_proto_state(ipfw_dyn_rule *q, const struct q->expire = time_uptime + V_dyn_rst_lifetime; break; } - } else if (id->proto == IPPROTO_UDP) { + } else if (id->proto == IPPROTO_UDP || + id->proto == IPPROTO_UDPLITE) { q->expire = time_uptime + V_dyn_udp_lifetime; } else { /* other protocols */ Modified: head/sys/netpfil/ipfw/ip_fw_log.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_log.c Fri Jan 19 08:48:14 2018 (r328160) +++ head/sys/netpfil/ipfw/ip_fw_log.c Fri Jan 19 12:50:03 2018 (r328161) @@ -338,7 +338,10 @@ ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u break; case IPPROTO_UDP: - len = snprintf(SNPARGS(proto, 0), "UDP %s", src); + case IPPROTO_UDPLITE: + len = snprintf(SNPARGS(proto, 0), "UDP%s%s", + args->f_id.proto == IPPROTO_UDP ? " ": "Lite ", + src); if (offset == 0) snprintf(SNPARGS(proto, len), ":%d %s:%d", ntohs(udp->uh_sport),