From owner-p4-projects@FreeBSD.ORG Sat Jun 28 20:52:05 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 125731065682; Sat, 28 Jun 2008 20:52:05 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8274106567E for ; Sat, 28 Jun 2008 20:52:04 +0000 (UTC) (envelope-from gk@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id B46668FC16 for ; Sat, 28 Jun 2008 20:52:04 +0000 (UTC) (envelope-from gk@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m5SKq4q2011611 for ; Sat, 28 Jun 2008 20:52:04 GMT (envelope-from gk@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m5SKq484011609 for perforce@freebsd.org; Sat, 28 Jun 2008 20:52:04 GMT (envelope-from gk@FreeBSD.org) Date: Sat, 28 Jun 2008 20:52:04 GMT Message-Id: <200806282052.m5SKq484011609@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gk@FreeBSD.org using -f From: Gleb Kurtsou To: Perforce Change Reviews Cc: Subject: PERFORCE change 144241 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jun 2008 20:52:05 -0000 http://perforce.freebsd.org/chv.cgi?CH=144241 Change 144241 by gk@gk_h1 on 2008/06/28 20:51:50 s/IP_FW_EA_*/IPFW_EA_*/ (appropriate struct has been renamed for a while already) Rename IPFW_EA_INIT into much more meaningful IPFW_EA_FLOW Fix dynamic rule creation. Right after creation of dynamic rule install_state calls lookup_dyn_rule_locked but ether_addr_allow_dyn expects ifpw_flow_id to contain real ethernet addresses but not the addresses created by the rule. Note. ifpw_flow_id is used to store src-ether and dst-ether to create appropriate dynamic rule. Additional fields are not added not to enlarge the struct by another 16 bytes which are going to be used just in a few code paths. Affected files ... .. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#7 edit .. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#9 edit .. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#11 edit Differences ... ==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#7 (text+ko) ==== @@ -1141,9 +1141,9 @@ static void print_ether(ipfw_ether_addr *addr) { - if ((addr->flags & IP_FW_EA_CHECK) == 0) { + if ((addr->flags & IPFW_EA_CHECK) == 0) { printf(" any"); - } else if (addr->flags & IP_FW_EA_MULTICAST) { + } else if (addr->flags & IPFW_EA_MULTICAST) { printf(" multicast"); } else { u_char *ea = addr->octet; @@ -4467,7 +4467,7 @@ return; } if (strcmp(p, "multicast") == 0) { - addr->flags = IP_FW_EA_CHECK | IP_FW_EA_MULTICAST; + addr->flags = IPFW_EA_CHECK | IPFW_EA_MULTICAST; return; } @@ -4476,7 +4476,7 @@ errx(EX_DATAERR, "Incorrect ethernet (MAC) address"); memcpy(addr->octet, ether, ETHER_ADDR_LEN); - addr->flags = IP_FW_EA_CHECK; + addr->flags = IPFW_EA_CHECK; } /* @@ -5976,7 +5976,7 @@ } else { snprintf(tval_buf, sizeof(tval_buf), "%u", tval); } - if (tbl->ent[a].ether_addr.flags & IP_FW_EA_CHECK) { + if (tbl->ent[a].ether_addr.flags & IPFW_EA_CHECK) { uint8_t *x = (uint8_t *)&tbl->ent[a].ether_addr; snprintf(tether_buf, sizeof(tether_buf), "ether %02x:%02x:%02x:%02x:%02x:%02x ", x[0], x[1], x[2], x[3], x[4], x[5]); ==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#9 (text+ko) ==== @@ -264,9 +264,9 @@ * This is used for ethernet (MAC) addr-mask pairs. */ -#define IP_FW_EA_INIT 0x01 -#define IP_FW_EA_CHECK 0x02 -#define IP_FW_EA_MULTICAST 0x04 +#define IPFW_EA_CHECK 0x01 +#define IPFW_EA_MULTICAST 0x02 +#define IPFW_EA_FLOW 0x04 typedef struct _ipfw_ether_addr { u_char octet[6]; ==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#11 (text+ko) ==== @@ -157,9 +157,9 @@ .octet = { 0xff, 0xff, 0xff, 0xff, 0xff,0xff }, .flags = 0 }; - if ((want->flags & IP_FW_EA_CHECK) == 0) + if ((want->flags & IPFW_EA_CHECK) == 0) return (1); - if (want->flags & IP_FW_EA_MULTICAST) { + if (want->flags & IPFW_EA_MULTICAST) { return (ETHER_IS_MULTICAST(ea->octet)); } @@ -170,8 +170,15 @@ static __inline int ether_addr_allow_dyn(ipfw_ether_addr *want, ipfw_ether_addr *a) { - if ((a->flags & IP_FW_EA_INIT) == 0) + if (a->flags & IPFW_EA_CHECK) { + /* dynamic rule is being added. check is performed already */ + return (1); + } + if ((a->flags & IPFW_EA_FLOW) == 0) { + if (want->flags & IPFW_EA_CHECK) + printf("ipfw: no tag: %6D (want %6D)\n", a->octet, ":", want->octet, ":"); return (1); + } return (ether_addr_allow(want, (struct ether_addr *)a->octet)); } @@ -2275,10 +2282,10 @@ etype = ntohs(args->eh->ether_type); memcpy(args->f_id.src_ether.octet, args->eh->ether_shost, ETHER_ADDR_LEN); - args->f_id.src_ether.flags = IP_FW_EA_INIT; + args->f_id.src_ether.flags = IPFW_EA_FLOW; memcpy(args->f_id.dst_ether.octet, args->eh->ether_dhost, ETHER_ADDR_LEN); - args->f_id.dst_ether.flags = IP_FW_EA_INIT; + args->f_id.dst_ether.flags = IPFW_EA_FLOW; } else { args->f_id.src_ether.flags = 0; args->f_id.dst_ether.flags = 0;