From owner-freebsd-ipfw@FreeBSD.ORG Mon May 30 05:40:11 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4F281065676 for ; Mon, 30 May 2011 05:40:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8B3C08FC0C for ; Mon, 30 May 2011 05:40:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4U5eBm8019403 for ; Mon, 30 May 2011 05:40:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4U5eB5n019402; Mon, 30 May 2011 05:40:11 GMT (envelope-from gnats) Date: Mon, 30 May 2011 05:40:11 GMT Message-Id: <201105300540.p4U5eB5n019402@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/156410: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 05:40:11 -0000 The following reply was made to PR kern/156410; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/156410: commit references a PR Date: Mon, 30 May 2011 05:37:40 +0000 (UTC) Author: ae Date: Mon May 30 05:37:26 2011 New Revision: 222473 URL: http://svn.freebsd.org/changeset/base/222473 Log: Add tablearg support for ipfw setfib. PR: kern/156410 MFC after: 2 weeks Modified: head/sbin/ipfw/ipfw.8 head/sbin/ipfw/ipfw2.c head/sys/netinet/ipfw/ip_fw2.c head/sys/netinet/ipfw/ip_fw_sockopt.c Modified: head/sbin/ipfw/ipfw.8 ============================================================================== --- head/sbin/ipfw/ipfw.8 Mon May 30 04:23:33 2011 (r222472) +++ head/sbin/ipfw/ipfw.8 Mon May 30 05:37:26 2011 (r222473) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 27, 2010 +.Dd May 30, 2011 .Dt IPFW 8 .Os .Sh NAME @@ -871,13 +871,16 @@ for more information on and .Cm ngtee actions. -.It Cm setfib Ar fibnum +.It Cm setfib Ar fibnum | tablearg The packet is tagged so as to use the FIB (routing table) .Ar fibnum in any subsequent forwarding decisions. Initially this is limited to the values 0 through 15, see .Xr setfib 1 . Processing continues at the next rule. +It is possible to use the +.Cm tablearg +keyword with a setfib. If tablearg value is not within compiled FIB range packet fib is set to 0. .It Cm reass Queue and reassemble ip fragments. If the packet is not fragmented, counters are updated and processing continues with the next rule. @@ -1711,7 +1714,7 @@ is used. The .Cm tablearg argument can be used with the following actions: -.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto +.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto, setfib, action parameters: .Cm tag, untag, rule options: Modified: head/sbin/ipfw/ipfw2.c ============================================================================== --- head/sbin/ipfw/ipfw2.c Mon May 30 04:23:33 2011 (r222472) +++ head/sbin/ipfw/ipfw2.c Mon May 30 05:37:26 2011 (r222473) @@ -2835,14 +2835,19 @@ chkarg: size_t intsize = sizeof(int); action->opcode = O_SETFIB; - NEED1("missing fib number"); - action->arg1 = strtoul(*av, NULL, 10); - if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1) - errx(EX_DATAERR, "fibs not suported.\n"); - if (action->arg1 >= numfibs) /* Temporary */ - errx(EX_DATAERR, "fib too large.\n"); - av++; - break; + NEED1("missing fib number"); + if (_substrcmp(*av, "tablearg") == 0) { + action->arg1 = IP_FW_TABLEARG; + } else { + action->arg1 = strtoul(*av, NULL, 10); + if (sysctlbyname("net.fibs", &numfibs, &intsize, + NULL, 0) == -1) + errx(EX_DATAERR, "fibs not suported.\n"); + if (action->arg1 >= numfibs) /* Temporary */ + errx(EX_DATAERR, "fib too large.\n"); + } + av++; + break; } case TOK_REASS: Modified: head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw2.c Mon May 30 04:23:33 2011 (r222472) +++ head/sys/netinet/ipfw/ip_fw2.c Mon May 30 05:37:26 2011 (r222473) @@ -2137,14 +2137,21 @@ do { \ done = 1; /* exit outer loop */ break; - case O_SETFIB: + case O_SETFIB: { + uint32_t fib; + f->pcnt++; /* update stats */ f->bcnt += pktlen; f->timestamp = time_uptime; - M_SETFIB(m, cmd->arg1); - args->f_id.fib = cmd->arg1; + fib = (cmd->arg1 == IP_FW_TABLEARG) ? tablearg: + cmd->arg1; + if (fib >= rt_numfibs) + fib = 0; + M_SETFIB(m, fib); + args->f_id.fib = fib; l = 0; /* exit inner loop */ break; + } case O_NAT: if (!IPFW_NAT_LOADED) { Modified: head/sys/netinet/ipfw/ip_fw_sockopt.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw_sockopt.c Mon May 30 04:23:33 2011 (r222472) +++ head/sys/netinet/ipfw/ip_fw_sockopt.c Mon May 30 05:37:26 2011 (r222473) @@ -606,7 +606,7 @@ check_ipfw_struct(struct ip_fw *rule, in case O_SETFIB: if (cmdlen != F_INSN_SIZE(ipfw_insn)) goto bad_size; - if (cmd->arg1 >= rt_numfibs) { + if ((cmd->arg1 != IP_FW_TABLEARG) && (cmd->arg1 >= rt_numfibs)) { printf("ipfw: invalid fib number %d\n", cmd->arg1); return EINVAL; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"