From owner-svn-src-stable-11@freebsd.org Fri Feb 2 07:55:32 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7858EEC2A6A; Fri, 2 Feb 2018 07:55:32 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2A7697F5A2; Fri, 2 Feb 2018 07:55:32 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 206EC18F94; Fri, 2 Feb 2018 07:55:32 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w127tVYG002580; Fri, 2 Feb 2018 07:55:31 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w127tVdC002577; Fri, 2 Feb 2018 07:55:31 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201802020755.w127tVdC002577@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Fri, 2 Feb 2018 07:55:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r328772 - stable/11/sys/netpfil/ipfw X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: stable/11/sys/netpfil/ipfw X-SVN-Commit-Revision: 328772 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 07:55:32 -0000 Author: ae Date: Fri Feb 2 07:55:31 2018 New Revision: 328772 URL: https://svnweb.freebsd.org/changeset/base/328772 Log: MFC r328161: Add UDPLite support to ipfw(4). Now it is possible to use UDPLite's port numbers in rules, create dynamic states for UDPLite packets and see "UDPLite" for matched packets in log. Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c stable/11/sys/netpfil/ipfw/ip_fw_log.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw2.c Fri Feb 2 07:48:46 2018 (r328771) +++ stable/11/sys/netpfil/ipfw/ip_fw2.c Fri Feb 2 07:55:31 2018 (r328772) @@ -850,6 +850,9 @@ check_uidgid(ipfw_insn_u32 *insn, struct ip_fw_args *a } else if (id->proto == IPPROTO_UDP) { lookupflags = INPLOOKUP_WILDCARD; pi = &V_udbinfo; + } else if (id->proto == IPPROTO_UDPLITE) { + lookupflags = INPLOOKUP_WILDCARD; + pi = &V_ulitecbinfo; } else return 0; lookupflags |= INPLOOKUP_RLOCKPCB; @@ -1209,6 +1212,7 @@ do { \ break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: PULLUP_TO(hlen, ulp, struct udphdr); dst_port = UDP(ulp)->uh_dport; src_port = UDP(ulp)->uh_sport; @@ -1386,6 +1390,7 @@ do { \ break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: PULLUP_TO(hlen, ulp, struct udphdr); dst_port = UDP(ulp)->uh_dport; src_port = UDP(ulp)->uh_sport; @@ -1517,7 +1522,8 @@ do { \ if (offset != 0) break; if (proto == IPPROTO_TCP || - proto == IPPROTO_UDP) + proto == IPPROTO_UDP || + proto == IPPROTO_UDPLITE) match = check_uidgid( (ipfw_insn_u32 *)cmd, args, &ucred_lookup, @@ -1656,6 +1662,7 @@ do { \ /* Skip proto without ports */ if (proto != IPPROTO_TCP && proto != IPPROTO_UDP && + proto != IPPROTO_UDPLITE && proto != IPPROTO_SCTP) break; if (vidx == 2 /* dst-port */) @@ -1812,8 +1819,9 @@ do { \ * to guarantee that we have a * packet with port info. */ - if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP) - && offset == 0) { + if ((proto == IPPROTO_UDP || + proto == IPPROTO_UDPLITE || + proto == IPPROTO_TCP) && offset == 0) { u_int16_t x = (cmd->opcode == O_IP_SRCPORT) ? src_port : dst_port ; @@ -2200,6 +2208,8 @@ do { \ pi = &V_tcbinfo; else if (proto == IPPROTO_UDP) pi = &V_udbinfo; + else if (proto == IPPROTO_UDPLITE) + pi = &V_ulitecbinfo; else break; Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Feb 2 07:48:46 2018 (r328771) +++ stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Feb 2 07:55:31 2018 (r328772) @@ -582,7 +582,8 @@ dyn_update_proto_state(ipfw_dyn_rule *q, const struct q->expire = time_uptime + V_dyn_rst_lifetime; break; } - } else if (id->proto == IPPROTO_UDP) { + } else if (id->proto == IPPROTO_UDP || + id->proto == IPPROTO_UDPLITE) { q->expire = time_uptime + V_dyn_udp_lifetime; } else { /* other protocols */ Modified: stable/11/sys/netpfil/ipfw/ip_fw_log.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_log.c Fri Feb 2 07:48:46 2018 (r328771) +++ stable/11/sys/netpfil/ipfw/ip_fw_log.c Fri Feb 2 07:55:31 2018 (r328772) @@ -332,7 +332,10 @@ ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u break; case IPPROTO_UDP: - len = snprintf(SNPARGS(proto, 0), "UDP %s", src); + case IPPROTO_UDPLITE: + len = snprintf(SNPARGS(proto, 0), "UDP%s%s", + args->f_id.proto == IPPROTO_UDP ? " ": "Lite ", + src); if (offset == 0) snprintf(SNPARGS(proto, len), ":%d %s:%d", ntohs(udp->uh_sport),