Révision 29413796
Ajouté par Ermal il y a presque 10 ans
patches/stable/10/CP_speedup.diff | ||
---|---|---|
1 | 1 |
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c |
2 |
index 577d644..476f5da 100644
|
|
2 |
index 577d644..d76a97e 100644
|
|
3 | 3 |
--- a/sbin/ipfw/ipfw2.c |
4 | 4 |
+++ b/sbin/ipfw/ipfw2.c |
5 | 5 |
@@ -4115,8 +4115,9 @@ ipfw_flush(int force) |
... | ... | |
44 | 44 |
if (do_setcmd3(do_add ? IP_FW_TABLE_XADD : IP_FW_TABLE_XDEL, |
45 | 45 |
&xent, xent.len) < 0) { |
46 | 46 |
/* If running silent, don't bomb out on these errors. */ |
47 |
@@ -4218,23 +4199,47 @@ ipfw_table_handler(int ac, char *av[])
|
|
47 |
@@ -4218,19 +4199,41 @@ ipfw_table_handler(int ac, char *av[])
|
|
48 | 48 |
do { |
49 | 49 |
table_list(xent.tbl, is_all); |
50 | 50 |
} while (++xent.tbl < a); |
... | ... | |
89 | 89 |
mask = 0; |
90 | 90 |
type = 0; |
91 | 91 |
addrlen = 0; |
92 |
masklen = 0; |
|
93 |
+ arg = *av; |
|
94 |
+ ac--; av++; |
|
95 |
|
|
96 |
/* |
|
97 |
* Let's try to guess type by agrument. |
|
98 |
@@ -4245,7 +4250,18 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent) |
|
92 |
@@ -4245,7 +4248,23 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent) |
|
99 | 93 |
* 4) port, uid/gid or other u32 key (base 10 format) |
100 | 94 |
* 5) hostname |
101 | 95 |
*/ |
... | ... | |
107 | 101 |
+ type = IPFW_TABLE_MIX; |
108 | 102 |
+ get_mac_addr_mask(av[1], (uint8_t *)xent->k.mix.mac, _mask); |
109 | 103 |
+ ac-=2; av+=2; |
104 |
+ if (ac <= 0) |
|
105 |
+ errx(EX_DATAERR, "wrong argument passed."); |
|
106 |
+ |
|
110 | 107 |
+ paddr = (struct in6_addr *)&xent->k.mix.addr; |
111 | 108 |
+ } else |
112 | 109 |
+ errx(EX_DATAERR, "wrong argument passed."); |
113 | 110 |
+ } else |
114 | 111 |
+ paddr = &xent->k.addr6; |
112 |
+ |
|
113 |
+ arg = *av; |
|
115 | 114 |
if (ishexnumber(*arg) != 0 || *arg == ':') { |
116 | 115 |
/* Remove / if exists */ |
117 | 116 |
if ((p = strchr(arg, '/')) != NULL) { |
118 |
@@ -4258,8 +4274,11 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
117 |
@@ -4258,7 +4277,8 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
119 | 118 |
errx(EX_DATAERR, "bad IPv4 mask width: %s", |
120 | 119 |
p + 1); |
121 | 120 |
|
122 | 121 |
- type = IPFW_TABLE_CIDR; |
123 |
- masklen = p ? mask : 32; |
|
124 |
+ if (type == 0) { |
|
122 |
+ if (type == 0) |
|
125 | 123 |
+ type = IPFW_TABLE_CIDR; |
126 |
+ masklen = p ? mask : 32; |
|
127 |
+ } else |
|
128 |
+ masklen = 32; |
|
124 |
masklen = p ? mask : 32; |
|
129 | 125 |
addrlen = sizeof(struct in_addr); |
130 | 126 |
} else if (inet_pton(AF_INET6, arg, paddr) == 1) { |
131 |
if (IN6_IS_ADDR_V4COMPAT(paddr)) |
|
132 |
@@ -4269,10 +4288,16 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent) |
|
127 |
@@ -4269,10 +4289,14 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent) |
|
133 | 128 |
errx(EX_DATAERR, "bad IPv6 mask width: %s", |
134 | 129 |
p + 1); |
135 | 130 |
|
136 | 131 |
- type = IPFW_TABLE_CIDR; |
137 |
- masklen = p ? mask : 128; |
|
138 |
+ if (type == 0) { |
|
132 |
+ if (type == 0) |
|
139 | 133 |
+ type = IPFW_TABLE_CIDR; |
140 |
+ masklen = p ? mask : 128; |
|
141 |
+ } else |
|
142 |
+ masklen = 128; |
|
134 |
masklen = p ? mask : 128; |
|
143 | 135 |
addrlen = sizeof(struct in6_addr); |
144 | 136 |
} else { |
145 |
+ if (type != 0) |
|
137 |
+ if (type != 0 && type != IPFW_TABLE_MIX)
|
|
146 | 138 |
+ errx(EX_DATAERR, "Wrong value passed as address"); |
147 | 139 |
+ |
148 | 140 |
/* Port or any other key */ |
149 | 141 |
key = strtol(arg, &p, 10); |
150 | 142 |
/* Skip non-base 10 entries like 'fa1' */ |
151 |
@@ -4304,9 +4329,91 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
143 |
@@ -4304,9 +4328,92 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
152 | 144 |
addrlen = sizeof(struct in_addr); |
153 | 145 |
} |
154 | 146 |
|
155 |
+ if (do_add && ac) { |
|
147 |
+ ac--; av++; |
|
148 |
+ if (do_add && ac > 0) { |
|
156 | 149 |
+ unsigned int tval; |
157 | 150 |
+ /* isdigit is a bit of a hack here.. */ |
158 | 151 |
+ if (strchr(*av, (int)'.') == NULL && isdigit(**av)) { |
... | ... | |
172 | 165 |
xent->type = type; |
173 | 166 |
xent->masklen = masklen; |
174 | 167 |
- xent->len = offsetof(ipfw_table_xentry, k) + addrlen; |
175 |
+ if (IPFW_TABLE_MIX) |
|
168 |
+ if (type == IPFW_TABLE_MIX)
|
|
176 | 169 |
+ xent->len = offsetof(ipfw_table_xentry, k) + addrlen + ETHER_ADDR_LEN; |
177 | 170 |
+ else |
178 | 171 |
+ xent->len = offsetof(ipfw_table_xentry, k) + addrlen; |
... | ... | |
324 | 317 |
|
325 | 318 |
typedef struct _ipfw_table { |
326 | 319 |
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c |
327 |
index cd466bd..aa5a94d 100644
|
|
320 |
index cd466bd..f16c356 100644
|
|
328 | 321 |
--- a/sys/netpfil/ipfw/ip_fw2.c |
329 | 322 |
+++ b/sys/netpfil/ipfw/ip_fw2.c |
330 | 323 |
@@ -358,8 +358,8 @@ iface_match(struct ifnet *ifp, ipfw_insn_if *cmd, struct ip_fw_chain *chain, uin |
... | ... | |
516 | 509 |
retval = IP_FW_DENY; |
517 | 510 |
printf("ipfw: ouch!, skip past end of rules, denying packet\n"); |
518 | 511 |
diff --git a/sys/netpfil/ipfw/ip_fw_pfil.c b/sys/netpfil/ipfw/ip_fw_pfil.c |
519 |
index d1202ff..6526991 100644
|
|
512 |
index d1202ff..bf225b8 100644
|
|
520 | 513 |
--- a/sys/netpfil/ipfw/ip_fw_pfil.c |
521 | 514 |
+++ b/sys/netpfil/ipfw/ip_fw_pfil.c |
522 | 515 |
@@ -143,8 +143,9 @@ again: |
Formats disponibles : Unified diff
Make CP work for now by fixing ipfw userland tools. Though due to changes in IPFW handling only ip+mac will really work, so allowed hosts is broken for now. Will fix it soon.