From owner-freebsd-bugs@freebsd.org Mon May 15 21:18:05 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15A65D6C2E7 for ; Mon, 15 May 2017 21:18:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F07E31047 for ; Mon, 15 May 2017 21:18:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4FLI4r6081167 for ; Mon, 15 May 2017 21:18:04 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 219316] Wildcard matching of ipfw flow tables Date: Mon, 15 May 2017 21:18:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: lutz@donnerhacke.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 May 2017 21:18:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219316 --- Comment #1 from lutz@donnerhacke.de --- First of all, the ipfw command needs to be extended. Index: sbin/ipfw/ipfw.8 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sbin/ipfw/ipfw.8 (revision 314807) +++ sbin/ipfw/ipfw.8 (working copy) @@ -66,6 +66,8 @@ .Nm .Oo Cm set Ar N Oc Cm table Ar name Cm lookup Ar addr .Nm +.Oo Cm set Ar N Oc Cm table Ar name Cm setmask Ar addr +.Nm .Oo Cm set Ar N Oc Cm table Ar name Cm lock .Nm .Oo Cm set Ar N Oc Cm table Ar name Cm unlock Index: sbin/ipfw/ipfw2.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sbin/ipfw/ipfw2.h (revision 314807) +++ sbin/ipfw/ipfw2.h (working copy) @@ -231,6 +231,7 @@ TOK_FIB, TOK_SETFIB, TOK_LOOKUP, + TOK_SETMASK, TOK_SOCKARG, TOK_SETDSCP, TOK_FLOW, Index: sbin/ipfw/tables.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sbin/ipfw/tables.c (revision 314807) +++ sbin/ipfw/tables.c (working copy) @@ -49,6 +49,7 @@ static void table_create(ipfw_obj_header *oh, int ac, char *av[]); static void table_modify(ipfw_obj_header *oh, int ac, char *av[]); static void table_lookup(ipfw_obj_header *oh, int ac, char *av[]); +static void table_setmask(ipfw_obj_header *oh, int ac, char *av[]); static void table_lock(ipfw_obj_header *oh, int lock); static int table_swap(ipfw_obj_header *oh, char *second); static int table_get_info(ipfw_obj_header *oh, ipfw_xtable_info *i); @@ -114,6 +115,7 @@ { "atomic", TOK_ATOMIC }, { "lock", TOK_LOCK }, { "unlock", TOK_UNLOCK }, + { "setmask", TOK_SETMASK }, { NULL, 0 } }; @@ -142,6 +144,7 @@ * ipfw table NAME add [addr[/masklen] value] [addr[/masklen] value] .. * ipfw table NAME delete addr[/masklen] [addr[/masklen]] .. * ipfw table NAME lookup addr + * ipfw table NAME setmask addr * ipfw table {NAME | all} flush * ipfw table {NAME | all} list * ipfw table {NAME | all} info @@ -289,6 +292,10 @@ ac--; av++; table_lookup(&oh, ac, av); break; + case TOK_SETMASK: + ac--; av++; + table_setmask(&oh, ac, av); + break; } } @@ -1043,8 +1050,8 @@ } static int -table_do_lookup(ipfw_obj_header *oh, char *key, ipfw_xtable_info *xi, - ipfw_obj_tentry *xtent) +table_do_lookup_or_setmask(ipfw_obj_header *oh, char *key, ipfw_xtable_info *xi, + ipfw_obj_tentry *xtent, int opcode) { char xbuf[sizeof(ipfw_obj_header) + sizeof(ipfw_obj_tentry)]; ipfw_obj_tentry *tent; @@ -1064,7 +1071,7 @@ oh->ntlv.type =3D type; sz =3D sizeof(xbuf); - if (do_get3(IP_FW_TABLE_XFIND, &oh->opheader, &sz) !=3D 0) + if (do_get3(opcode, &oh->opheader, &sz) !=3D 0) return (errno); if (sz < sizeof(xbuf)) @@ -1089,7 +1096,7 @@ strlcpy(key, *av, sizeof(key)); memset(&xi, 0, sizeof(xi)); - error =3D table_do_lookup(oh, key, &xi, &xtent); + error =3D table_do_lookup_or_setmask(oh, key, &xi, &xtent, IP_FW_TABLE_XFIND); switch (error) { case 0: @@ -1109,6 +1116,32 @@ } static void +table_setmask(ipfw_obj_header *oh, int ac, char *av[]) +{ + ipfw_obj_tentry xtent; + ipfw_xtable_info xi; + char key[64]; + int error; + + if (ac =3D=3D 0) + errx(EX_USAGE, "mask required"); + + strlcpy(key, *av, sizeof(key)); + + memset(&xi, 0, sizeof(xi)); + error =3D table_do_lookup_or_setmask(oh, key, &xi, &xtent, IP_FW_TABLE_XSETMASK); + + switch (error) { + case 0: + break; + case ESRCH: + errx(EX_UNAVAILABLE, "Table %s not found", oh->ntlv.name); + default: + err(EX_OSERR, "getsockopt(IP_FW_TABLE_XSETMASK)"); + } +} + +static void tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type, uint8_t tflags) { --=20 You are receiving this mail because: You are the assignee for the bug.=