Date: Fri, 28 Jul 2006 15:08:19 -0300 From: "Tobias P. Santos" <tobias@netconsultoria.com.br> To: freebsd-ipfw@freebsd.org Subject: ipfw pipe changes from 5.4 to 6.1-RELEASE Message-ID: <44CA5293.6070505@netconsultoria.com.br>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------050108030907000608040909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hello!
I've noticed some changes in ipfw, as follows:
RELEASE-5.4:
# ipfw pipe 1 config bw 64Kbit/s
# ipfw pipe 2 config bw 512Kbit/s
# ipfw pipe 3 config bw 512Kbit/s mask dst-ip 0xfffffffc
# ipfw pipe show
00001: 64.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00002: 512.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00003: 512.000 Kbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0xfffffffc/0x0000
RELEASE-6.1
# ipfw pipe 1 config bw 64Kbit/s
# ipfw pipe 2 config bw 512Kbit/s
# ipfw pipe 3 config bw 512Kbit/s mask dst-ip 0xfffffffc
# ipfw pipe show
00001: 64.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail
00002: 512.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail
00003: 512.000 Kbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail
In RELEASE-6.1, the line containing mask options is not shown.
IMHO, it should be displayed because it's part of pipe attributes.
I went to check the differences in the source code and it seems that
adding IPv6 to ipfw2.c made the 'mask' line appears only when there is a
flow to that pipe.
I made some changes trying to revert to the previous behaviour, but as I
am not keen to this kind of programming, I'd like to someone more
experienced to take a look at it.
It seems to work, but currently I can't check whether IPv6 masks are
shown correctly.
I need the 'old' behaviour because some shell scripts stopped working
when we upgraded our server.
Thank you,
Tobias.
--------------050108030907000608040909
Content-Type: text/plain;
name="ipfw2.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ipfw2.diff"
--- ipfw2.c.orig Fri Jul 28 09:52:04 2006
+++ ipfw2.c Fri Jul 28 12:05:29 2006
@@ -2004,9 +2004,32 @@
{
int l;
int index_printed, indexes = 0;
- char buff[255];
+ int ipv6_masks = 0;
+ char buff[255], buff2[255];
struct protoent *pe;
+ inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
+ buff, sizeof(buff));
+ inet_ntop(AF_INET6, &(fs->flow_mask.dst_ip6),
+ buff2, sizeof(buff2));
+
+ if (fs->flow_mask.flow_id6 != 0 || strlen(buff) > 2 || strlen(buff2) > 2)
+ ipv6_masks = 1;
+
+ if (!ipv6_masks) {
+ printf(" "
+ "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
+ fs->flow_mask.proto,
+ fs->flow_mask.src_ip, fs->flow_mask.src_port,
+ fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
+ } else {
+ printf(" "
+ "mask: proto: 0x%02x, flow_id: 0x%08x, %s/0x%04x -> %s/0x%04x\n",
+ fs->flow_mask.proto, fs->flow_mask.flow_id6,
+ buff, fs->flow_mask.src_port,
+ buff2, fs->flow_mask.dst_port);
+ }
+
if (fs->rq_elements == 0)
return;
@@ -2027,11 +2050,6 @@
if (indexes > 0) /* currently a no-op */
printf("\n");
indexes++;
- printf(" "
- "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
- fs->flow_mask.proto,
- fs->flow_mask.src_ip, fs->flow_mask.src_port,
- fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
printf("BKT Prot ___Source IP/port____ "
"____Dest. IP/port____ "
@@ -2069,14 +2087,6 @@
if (indexes > 0)
printf("\n");
indexes++;
- printf("\n mask: proto: 0x%02x, flow_id: 0x%08x, ",
- fs->flow_mask.proto, fs->flow_mask.flow_id6);
- inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
- buff, sizeof(buff));
- printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port);
- inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6),
- buff, sizeof(buff) );
- printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port);
printf("BKT ___Prot___ _flow-id_ "
"______________Source IPv6/port_______________ "
--------------050108030907000608040909--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44CA5293.6070505>