Projet

Général

Profil

« Précédent | Suivant » 

Révision 29413796

Ajouté par Ermal il y a presque 10 ans

Make CP work for now by fixing ipfw userland tools. Though due to changes in IPFW handling only ip+mac will really work, so allowed hosts is broken for now. Will fix it soon.

Voir les différences:

patches/stable/10/CP_speedup.diff
1 1 
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
2 
index 577d644..476f5da 100644
2 
index 577d644..d76a97e 100644
3 3 
--- a/sbin/ipfw/ipfw2.c
4 4 
+++ b/sbin/ipfw/ipfw2.c
5 5 
@@ -4115,8 +4115,9 @@ ipfw_flush(int force)
......
44 44 
 		if (do_setcmd3(do_add ? IP_FW_TABLE_XADD : IP_FW_TABLE_XDEL,
45 45 
 		    &xent, xent.len) < 0) {
46 46 
 			/* If running silent, don't bomb out on these errors. */
47 
@@ -4218,23 +4199,47 @@ ipfw_table_handler(int ac, char *av[])
47 
@@ -4218,19 +4199,41 @@ ipfw_table_handler(int ac, char *av[])
48 48 
 		do {
49 49 
 			table_list(xent.tbl, is_all);
50 50 
 		} while (++xent.tbl < a);
......
89 89 
 	mask = 0;
90 90 
 	type = 0;
91 91 
 	addrlen = 0;
92 
 	masklen = 0;
93 
+	arg = *av;
94 
+	ac--; av++;
95
96 
 	/*
97 
 	 * Let's try to guess type by agrument.
98 
@@ -4245,7 +4250,18 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
92 
@@ -4245,7 +4248,23 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
99 93 
 	 * 4) port, uid/gid or other u32 key (base 10 format)
100 94 
 	 * 5) hostname
101 95 
 	 */
......
107 101 
+			type = IPFW_TABLE_MIX;
108 102 
+			get_mac_addr_mask(av[1], (uint8_t *)xent->k.mix.mac, _mask);
109 103 
+			ac-=2; av+=2;
104 
+			if (ac <= 0)
105 
+				errx(EX_DATAERR, "wrong argument passed.");
106 
+
110 107 
+			paddr = (struct in6_addr *)&xent->k.mix.addr;
111 108 
+		} else
112 109 
+			errx(EX_DATAERR, "wrong argument passed.");
113 110 
+	} else
114 111 
+		paddr = &xent->k.addr6;
112 
+
113 
+	arg = *av;
115 114 
 	if (ishexnumber(*arg) != 0 || *arg == ':') {
116 115 
 		/* Remove / if exists */
117 116 
 		if ((p = strchr(arg, '/')) != NULL) {
118 
@@ -4258,8 +4274,11 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
117 
@@ -4258,7 +4277,8 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
119 118 
 				errx(EX_DATAERR, "bad IPv4 mask width: %s",
120 119 
 				    p + 1);
121 120
122 121 
-			type = IPFW_TABLE_CIDR;
123 
-			masklen = p ? mask : 32;
124 
+			if (type == 0) {
122 
+			if (type == 0)
125 123 
+				type = IPFW_TABLE_CIDR;
126 
+				masklen = p ? mask : 32;
127 
+			} else
128 
+				masklen = 32;
124 
 			masklen = p ? mask : 32;
129 125 
 			addrlen = sizeof(struct in_addr);
130 126 
 		} else if (inet_pton(AF_INET6, arg, paddr) == 1) {
131 
 			if (IN6_IS_ADDR_V4COMPAT(paddr))
132 
@@ -4269,10 +4288,16 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
127 
@@ -4269,10 +4289,14 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
133 128 
 				errx(EX_DATAERR, "bad IPv6 mask width: %s",
134 129 
 				    p + 1);
135 130
136 131 
-			type = IPFW_TABLE_CIDR;
137 
-			masklen = p ? mask : 128;
138 
+			if (type == 0) {
132 
+			if (type == 0)
139 133 
+				type = IPFW_TABLE_CIDR;
140 
+				masklen = p ? mask : 128;
141 
+			} else
142 
+				masklen = 128;
134 
 			masklen = p ? mask : 128;
143 135 
 			addrlen = sizeof(struct in6_addr);
144 136 
 		} else {
145 
+			if (type != 0)
137 
+			if (type != 0 && type != IPFW_TABLE_MIX)
146 138 
+				errx(EX_DATAERR, "Wrong value passed as address");
147 139 
+
148 140 
 			/* Port or any other key */
149 141 
 			key = strtol(arg, &p, 10);
150 142 
 			/* Skip non-base 10 entries like 'fa1' */
151 
@@ -4304,9 +4329,91 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
143 
@@ -4304,9 +4328,92 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
152 144 
 		addrlen = sizeof(struct in_addr);
153 145 
 	}
154 146
155 
+	if (do_add && ac) {
147 
+	ac--; av++;
148 
+	if (do_add && ac > 0) {
156 149 
+		unsigned int tval;
157 150 
+		/* isdigit is a bit of a hack here.. */
158 151 
+		if (strchr(*av, (int)'.') == NULL && isdigit(**av))  {
......
172 165 
 	xent->type = type;
173 166 
 	xent->masklen = masklen;
174 167 
-	xent->len = offsetof(ipfw_table_xentry, k) + addrlen;
175 
+	if (IPFW_TABLE_MIX)
168 
+	if (type == IPFW_TABLE_MIX)
176 169 
+		xent->len = offsetof(ipfw_table_xentry, k) + addrlen + ETHER_ADDR_LEN;
177 170 
+	else
178 171 
+		xent->len = offsetof(ipfw_table_xentry, k) + addrlen;
......
324 317
325 318 
 typedef struct	_ipfw_table {
326 319 
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
327 
index cd466bd..aa5a94d 100644
320 
index cd466bd..f16c356 100644
328 321 
--- a/sys/netpfil/ipfw/ip_fw2.c
329 322 
+++ b/sys/netpfil/ipfw/ip_fw2.c
330 323 
@@ -358,8 +358,8 @@ iface_match(struct ifnet *ifp, ipfw_insn_if *cmd, struct ip_fw_chain *chain, uin
......
516 509 
 		retval = IP_FW_DENY;
517 510 
 		printf("ipfw: ouch!, skip past end of rules, denying packet\n");
518 511 
diff --git a/sys/netpfil/ipfw/ip_fw_pfil.c b/sys/netpfil/ipfw/ip_fw_pfil.c
519 
index d1202ff..6526991 100644
512 
index d1202ff..bf225b8 100644
520 513 
--- a/sys/netpfil/ipfw/ip_fw_pfil.c
521 514 
+++ b/sys/netpfil/ipfw/ip_fw_pfil.c
522 515 
@@ -143,8 +143,9 @@ again:

Formats disponibles : Unified diff