Date: Sat, 28 Jun 2008 20:52:04 GMT From: Gleb Kurtsou <gk@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 144241 for review Message-ID: <200806282052.m5SKq484011609@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=144241 Change 144241 by gk@gk_h1 on 2008/06/28 20:51:50 s/IP_FW_EA_*/IPFW_EA_*/ (appropriate struct has been renamed for a while already) Rename IPFW_EA_INIT into much more meaningful IPFW_EA_FLOW Fix dynamic rule creation. Right after creation of dynamic rule install_state calls lookup_dyn_rule_locked but ether_addr_allow_dyn expects ifpw_flow_id to contain real ethernet addresses but not the addresses created by the rule. Note. ifpw_flow_id is used to store src-ether and dst-ether to create appropriate dynamic rule. Additional fields are not added not to enlarge the struct by another 16 bytes which are going to be used just in a few code paths. Affected files ... .. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#7 edit .. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#9 edit .. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#11 edit Differences ... ==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#7 (text+ko) ==== @@ -1141,9 +1141,9 @@ static void print_ether(ipfw_ether_addr *addr) { - if ((addr->flags & IP_FW_EA_CHECK) == 0) { + if ((addr->flags & IPFW_EA_CHECK) == 0) { printf(" any"); - } else if (addr->flags & IP_FW_EA_MULTICAST) { + } else if (addr->flags & IPFW_EA_MULTICAST) { printf(" multicast"); } else { u_char *ea = addr->octet; @@ -4467,7 +4467,7 @@ return; } if (strcmp(p, "multicast") == 0) { - addr->flags = IP_FW_EA_CHECK | IP_FW_EA_MULTICAST; + addr->flags = IPFW_EA_CHECK | IPFW_EA_MULTICAST; return; } @@ -4476,7 +4476,7 @@ errx(EX_DATAERR, "Incorrect ethernet (MAC) address"); memcpy(addr->octet, ether, ETHER_ADDR_LEN); - addr->flags = IP_FW_EA_CHECK; + addr->flags = IPFW_EA_CHECK; } /* @@ -5976,7 +5976,7 @@ } else { snprintf(tval_buf, sizeof(tval_buf), "%u", tval); } - if (tbl->ent[a].ether_addr.flags & IP_FW_EA_CHECK) { + if (tbl->ent[a].ether_addr.flags & IPFW_EA_CHECK) { uint8_t *x = (uint8_t *)&tbl->ent[a].ether_addr; snprintf(tether_buf, sizeof(tether_buf), "ether %02x:%02x:%02x:%02x:%02x:%02x ", x[0], x[1], x[2], x[3], x[4], x[5]); ==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#9 (text+ko) ==== @@ -264,9 +264,9 @@ * This is used for ethernet (MAC) addr-mask pairs. */ -#define IP_FW_EA_INIT 0x01 -#define IP_FW_EA_CHECK 0x02 -#define IP_FW_EA_MULTICAST 0x04 +#define IPFW_EA_CHECK 0x01 +#define IPFW_EA_MULTICAST 0x02 +#define IPFW_EA_FLOW 0x04 typedef struct _ipfw_ether_addr { u_char octet[6]; ==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#11 (text+ko) ==== @@ -157,9 +157,9 @@ .octet = { 0xff, 0xff, 0xff, 0xff, 0xff,0xff }, .flags = 0 }; - if ((want->flags & IP_FW_EA_CHECK) == 0) + if ((want->flags & IPFW_EA_CHECK) == 0) return (1); - if (want->flags & IP_FW_EA_MULTICAST) { + if (want->flags & IPFW_EA_MULTICAST) { return (ETHER_IS_MULTICAST(ea->octet)); } @@ -170,8 +170,15 @@ static __inline int ether_addr_allow_dyn(ipfw_ether_addr *want, ipfw_ether_addr *a) { - if ((a->flags & IP_FW_EA_INIT) == 0) + if (a->flags & IPFW_EA_CHECK) { + /* dynamic rule is being added. check is performed already */ + return (1); + } + if ((a->flags & IPFW_EA_FLOW) == 0) { + if (want->flags & IPFW_EA_CHECK) + printf("ipfw: no tag: %6D (want %6D)\n", a->octet, ":", want->octet, ":"); return (1); + } return (ether_addr_allow(want, (struct ether_addr *)a->octet)); } @@ -2275,10 +2282,10 @@ etype = ntohs(args->eh->ether_type); memcpy(args->f_id.src_ether.octet, args->eh->ether_shost, ETHER_ADDR_LEN); - args->f_id.src_ether.flags = IP_FW_EA_INIT; + args->f_id.src_ether.flags = IPFW_EA_FLOW; memcpy(args->f_id.dst_ether.octet, args->eh->ether_dhost, ETHER_ADDR_LEN); - args->f_id.dst_ether.flags = IP_FW_EA_INIT; + args->f_id.dst_ether.flags = IPFW_EA_FLOW; } else { args->f_id.src_ether.flags = 0; args->f_id.dst_ether.flags = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806282052.m5SKq484011609>