Date: Fri, 2 Feb 2018 07:55:31 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r328772 - stable/11/sys/netpfil/ipfw Message-ID: <201802020755.w127tVdC002577@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Fri Feb 2 07:55:31 2018 New Revision: 328772 URL: https://svnweb.freebsd.org/changeset/base/328772 Log: MFC r328161: Add UDPLite support to ipfw(4). Now it is possible to use UDPLite's port numbers in rules, create dynamic states for UDPLite packets and see "UDPLite" for matched packets in log. Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c stable/11/sys/netpfil/ipfw/ip_fw_log.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw2.c Fri Feb 2 07:48:46 2018 (r328771) +++ stable/11/sys/netpfil/ipfw/ip_fw2.c Fri Feb 2 07:55:31 2018 (r328772) @@ -850,6 +850,9 @@ check_uidgid(ipfw_insn_u32 *insn, struct ip_fw_args *a } else if (id->proto == IPPROTO_UDP) { lookupflags = INPLOOKUP_WILDCARD; pi = &V_udbinfo; + } else if (id->proto == IPPROTO_UDPLITE) { + lookupflags = INPLOOKUP_WILDCARD; + pi = &V_ulitecbinfo; } else return 0; lookupflags |= INPLOOKUP_RLOCKPCB; @@ -1209,6 +1212,7 @@ do { \ break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: PULLUP_TO(hlen, ulp, struct udphdr); dst_port = UDP(ulp)->uh_dport; src_port = UDP(ulp)->uh_sport; @@ -1386,6 +1390,7 @@ do { \ break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: PULLUP_TO(hlen, ulp, struct udphdr); dst_port = UDP(ulp)->uh_dport; src_port = UDP(ulp)->uh_sport; @@ -1517,7 +1522,8 @@ do { \ if (offset != 0) break; if (proto == IPPROTO_TCP || - proto == IPPROTO_UDP) + proto == IPPROTO_UDP || + proto == IPPROTO_UDPLITE) match = check_uidgid( (ipfw_insn_u32 *)cmd, args, &ucred_lookup, @@ -1656,6 +1662,7 @@ do { \ /* Skip proto without ports */ if (proto != IPPROTO_TCP && proto != IPPROTO_UDP && + proto != IPPROTO_UDPLITE && proto != IPPROTO_SCTP) break; if (vidx == 2 /* dst-port */) @@ -1812,8 +1819,9 @@ do { \ * to guarantee that we have a * packet with port info. */ - if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP) - && offset == 0) { + if ((proto == IPPROTO_UDP || + proto == IPPROTO_UDPLITE || + proto == IPPROTO_TCP) && offset == 0) { u_int16_t x = (cmd->opcode == O_IP_SRCPORT) ? src_port : dst_port ; @@ -2200,6 +2208,8 @@ do { \ pi = &V_tcbinfo; else if (proto == IPPROTO_UDP) pi = &V_udbinfo; + else if (proto == IPPROTO_UDPLITE) + pi = &V_ulitecbinfo; else break; Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Feb 2 07:48:46 2018 (r328771) +++ stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Feb 2 07:55:31 2018 (r328772) @@ -582,7 +582,8 @@ dyn_update_proto_state(ipfw_dyn_rule *q, const struct q->expire = time_uptime + V_dyn_rst_lifetime; break; } - } else if (id->proto == IPPROTO_UDP) { + } else if (id->proto == IPPROTO_UDP || + id->proto == IPPROTO_UDPLITE) { q->expire = time_uptime + V_dyn_udp_lifetime; } else { /* other protocols */ Modified: stable/11/sys/netpfil/ipfw/ip_fw_log.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_log.c Fri Feb 2 07:48:46 2018 (r328771) +++ stable/11/sys/netpfil/ipfw/ip_fw_log.c Fri Feb 2 07:55:31 2018 (r328772) @@ -332,7 +332,10 @@ ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u break; case IPPROTO_UDP: - len = snprintf(SNPARGS(proto, 0), "UDP %s", src); + case IPPROTO_UDPLITE: + len = snprintf(SNPARGS(proto, 0), "UDP%s%s", + args->f_id.proto == IPPROTO_UDP ? " ": "Lite ", + src); if (offset == 0) snprintf(SNPARGS(proto, len), ":%d %s:%d", ntohs(udp->uh_sport),
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802020755.w127tVdC002577>