Projet

Général

Profil

« Précédent | Suivant » 

Révision b26051b1

Ajouté par Ermal il y a presque 10 ans

Make properly work ipfw command on tables. Also import bin/189471 to print properly ipv4 from tables

Voir les différences:

patches/stable/10/CP_speedup.diff
1 1 
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
2 
index 577d644..6a1d396 100644
2 
index 577d644..48dbc2a 100644
3 3 
--- a/sbin/ipfw/ipfw2.c
4 4 
+++ b/sbin/ipfw/ipfw2.c
5 5 
@@ -4115,8 +4115,9 @@ ipfw_flush(int force)
......
89 89 
 	mask = 0;
90 90 
 	type = 0;
91 91 
 	addrlen = 0;
92 
@@ -4245,7 +4248,23 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
92 
@@ -4245,7 +4248,20 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
93 93 
 	 * 4) port, uid/gid or other u32 key (base 10 format)
94 94 
 	 * 5) hostname
95 95 
 	 */
96 96 
-	paddr = &xent->k.addr6;
97 
+	if (ac > 1 && av) {
98 
+		if (_substrcmp(*av, "mac") == 0)  {
99 
+			uint8_t _mask[8];
97 
+	if (ac > 1 && av && _substrcmp(*av, "mac") == 0) {
98 
+		uint8_t _mask[8];
100 99 
+
101 
+			type = IPFW_TABLE_MIX;
102 
+			get_mac_addr_mask(av[1], (uint8_t *)xent->k.mix.mac, _mask);
103 
+			ac-=2; av+=2;
104 
+			if (ac <= 0)
105 
+				errx(EX_DATAERR, "wrong argument passed.");
106 
+
107 
+			paddr = (struct in6_addr *)&xent->k.mix.addr;
108 
+		} else
100 
+		type = IPFW_TABLE_MIX;
101 
+		get_mac_addr_mask(av[1], (uint8_t *)xent->k.mix.mac, _mask);
102 
+		ac-=2; av+=2;
103 
+		if (ac <= 0)
109 104 
+			errx(EX_DATAERR, "wrong argument passed.");
105 
+
106 
+		paddr = (struct in6_addr *)&xent->k.mix.addr;
110 107 
+	} else
111 108 
+		paddr = &xent->k.addr6;
112 109 
+
......
114 111 
 	if (ishexnumber(*arg) != 0 || *arg == ':') {
115 112 
 		/* Remove / if exists */
116 113 
 		if ((p = strchr(arg, '/')) != NULL) {
117 
@@ -4258,7 +4277,8 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
114 
@@ -4258,7 +4274,8 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
118 115 
 				errx(EX_DATAERR, "bad IPv4 mask width: %s",
119 116 
 				    p + 1);
120 117
......
124 121 
 			masklen = p ? mask : 32;
125 122 
 			addrlen = sizeof(struct in_addr);
126 123 
 		} else if (inet_pton(AF_INET6, arg, paddr) == 1) {
127 
@@ -4269,10 +4289,14 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
124 
@@ -4269,10 +4286,14 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
128 125 
 				errx(EX_DATAERR, "bad IPv6 mask width: %s",
129 126 
 				    p + 1);
130 127
......
140 137 
 			/* Port or any other key */
141 138 
 			key = strtol(arg, &p, 10);
142 139 
 			/* Skip non-base 10 entries like 'fa1' */
143 
@@ -4304,9 +4328,103 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
140 
@@ -4304,9 +4325,102 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
144 141 
 		addrlen = sizeof(struct in_addr);
145 142 
 	}
146 143
......
195 192 
+		tval = xent->value;
196 193 
+		addr6 = &xent->k.addr6;
197 194 
+
198 
+
199 
+		if (IN6_IS_ADDR_V4COMPAT(addr6)) {
195 
+		if ((xent->flags & IPFW_TCF_INET) != 0) {
200 196 
+			/* IPv4 address */
201 197 
+			inet_ntop(AF_INET, &addr6->s6_addr32[3], tbuf, sizeof(tbuf));
202 198 
+		} else {
......
245 241 
 }
246 242
247 243 
 static void
248 
@@ -4338,6 +4456,7 @@ table_list(uint16_t num, int need_header)
244 
@@ -4338,6 +4452,7 @@ table_list(uint16_t num, int need_header)
249 245 
 	l = *a;
250 246 
 	tbl = safe_calloc(1, l);
251 247 
 	tbl->opheader.opcode = IP_FW_TABLE_XLIST;
......
253 249 
 	tbl->tbl = num;
254 250 
 	if (do_cmd(IP_FW3, tbl, (uintptr_t)&l) < 0)
255 251 
 		err(EX_OSERR, "getsockopt(IP_FW_TABLE_XLIST)");
256 
@@ -4377,6 +4496,23 @@ table_list(uint16_t num, int need_header)
252 
@@ -4352,8 +4467,7 @@ table_list(uint16_t num, int need_header)
253 
 			tval = xent->value;
254 
 			addr6 = &xent->k.addr6;
255
256 
-
257 
-			if (IN6_IS_ADDR_V4COMPAT(addr6)) {
258 
+			if ((xent->flags & IPFW_TCF_INET) != 0) {
259 
 				/* IPv4 address */
260 
 				inet_ntop(AF_INET, &addr6->s6_addr32[3], tbuf, sizeof(tbuf));
261 
 			} else {
262 
@@ -4361,12 +4475,16 @@ table_list(uint16_t num, int need_header)
263 
 				inet_ntop(AF_INET6, addr6, tbuf, sizeof(tbuf));
264 
 			}
265
266 
+			printf("%s/%u", tbuf, xent->masklen);
267 
+			if (xent->mac_addr)
268 
+				printf(" mac %s", ether_ntoa((struct ether_addr *)&xent->mac_addr));
269 
+
270 
 			if (co.do_value_as_ip) {
271 
 				tval = htonl(tval);
272 
-				printf("%s/%u %s\n", tbuf, xent->masklen,
273 
+				printf(" %s\n",
274 
 				    inet_ntoa(*(struct in_addr *)&tval));
275 
 			} else
276 
-				printf("%s/%u %u\n", tbuf, xent->masklen, tval);
277 
+				printf(" %u\n", tval);
278 
 			break;
279 
 		case IPFW_TABLE_INTERFACE:
280 
 			/* Interface names */
281 
@@ -4377,6 +4495,23 @@ table_list(uint16_t num, int need_header)
257 282 
 				    inet_ntoa(*(struct in_addr *)&tval));
258 283 
 			} else
259 284 
 				printf("%s %u\n", xent->k.iface, tval);
......
304 329
305 330 
 	/*
306 331 
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h
307 
index 14b08f5..a327f1c 100644
332 
index 14b08f5..b514ee3 100644
308 333 
--- a/sys/netinet/ip_fw.h
309 334 
+++ b/sys/netinet/ip_fw.h
310 335 
@@ -74,6 +74,8 @@ typedef struct _ip_fw3_opheader {
......
316 341
317 342 
 /*
318 343 
  * The kernel representation of ipfw rules is made of a list of
319 
@@ -600,23 +602,43 @@ struct _ipfw_dyn_rule {
344 
@@ -600,13 +602,16 @@ struct _ipfw_dyn_rule {
320 345
321 346 
 #define	IPFW_TABLE_CIDR		1	/* Table for holding IPv4/IPv6 prefixes */
322 347 
 #define	IPFW_TABLE_INTERFACE	2	/* Table for holding interface names */
......
330 355 
 	u_int32_t	value;		/* value			*/
331 356 
 	u_int16_t	tbl;		/* table number			*/
332 357 
 	u_int8_t	masklen;	/* mask length			*/
333 
+	uint64_t		mac_addr;
358 
+	uint64_t	mac_addr;
334 359 
 } ipfw_table_entry;
335 360
336 361 
 typedef struct	_ipfw_table_xentry {
337 
 	uint16_t	len;		/* Total entry length		*/
362 
@@ -614,13 +619,32 @@ typedef struct	_ipfw_table_xentry {
338 363 
 	uint8_t		type;		/* entry type			*/
339 364 
 	uint8_t		masklen;	/* mask length			*/
340 
-	uint16_t	tbl;		/* table number			*/
365 
 	uint16_t	tbl;		/* table number			*/
366 
+	uint16_t	flags;		/* record flags			*/
341 367 
 	uint32_t	value;		/* value			*/
342 
+	uint32_t               timestamp;
343 
+	uint64_t		mac_addr;
344 
+	uint64_t               bytes;
345 
+	uint64_t               packets;
346 
+	uint16_t	tbl;		/* table number			*/
368 
+	uint32_t	timestamp;
369 
+	uint64_t	mac_addr;
370 
+	uint64_t	bytes;
371 
+	uint64_t	packets;
347 372 
 	union {
348 373 
 		/* Longest field needs to be aligned by 4-byte boundary	*/
349 374 
+#ifndef ETHER_ADDR_LEN
......
362 387 
 		struct in6_addr	addr6;	/* IPv6 address 		*/
363 388 
 		char	iface[IF_NAMESIZE];	/* interface name	*/
364 389 
 	} k;
390 
 } ipfw_table_xentry;
391 
+#define	IPFW_TCF_INET	0x01	 /* CIDR flags: IPv4 record	*/
392
393 
 typedef struct	_ipfw_table {
394 
 	u_int32_t	size;		/* size of entries in bytes	*/
365 395 
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
366 396 
index cd466bd..f2f117e 100644
367 397 
--- a/sys/netpfil/ipfw/ip_fw2.c
......
731 761 
 		{
732 762 
 			ipfw_xtable *tbl;
733 763 
diff --git a/sys/netpfil/ipfw/ip_fw_table.c b/sys/netpfil/ipfw/ip_fw_table.c
734 
index 95cff5c..e916749 100644
764 
index 95cff5c..061cb18 100644
735 765 
--- a/sys/netpfil/ipfw/ip_fw_table.c
736 766 
+++ b/sys/netpfil/ipfw/ip_fw_table.c
737 767 
@@ -59,6 +59,7 @@ __FBSDID("$FreeBSD$");
......
962 992 
 	default:
963 993 
 		return (EINVAL);
964 994 
 	}
965 
@@ -552,9 +688,152 @@ ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
995 
@@ -552,9 +688,153 @@ ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
966 996 
 	return (0);
967 997 
 }
968 998
......
1103 1133 
+		arg->packets = xent->packets;
1104 1134 
+		arg->value = xent->value;
1105 1135 
+		arg->timestamp = xent->timestamp;
1136 
+		arg->mac_addr = xent->mac_addr;
1106 1137 
+
1107 1138 
+		return (1);
1108 1139 
+	}
......
1116 1147 
 {
1117 1148 
 	struct radix_node_head *rnh;
1118 1149 
 	struct table_xentry *xent;
1119 
@@ -562,15 +841,21 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
1150 
@@ -562,15 +842,21 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
1120 1151 
 	struct xaddr_iface iface;
1121 1152
1122 1153 
 	if (tbl >= V_fw_tables_max)
......
1140 1171 
 		break;
1141 1172
1142 1173 
 	case IPFW_TABLE_INTERFACE:
1143 
@@ -581,15 +866,37 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
1174 
@@ -581,15 +867,37 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
1144 1175 
 		xent = (struct table_xentry *)(rnh->rnh_lookup(&iface, NULL, rnh));
1145 1176 
 		break;
1146 1177
......
1181 1212 
 }
1182 1213
1183 1214 
 static int
1184 
@@ -698,6 +1005,9 @@ dump_table_xentry_base(struct radix_node *rn, void *arg)
1215 
@@ -697,7 +1005,11 @@ dump_table_xentry_base(struct radix_node *rn, void *arg)
1216 
 		xent->masklen = 33 - ffs(ntohl(n->mask.sin_addr.s_addr));
1185 1217 
 	/* Save IPv4 address as deprecated IPv6 compatible */
1186 1218 
 	xent->k.addr6.s6_addr32[3] = n->addr.sin_addr.s_addr;
1219 
+	xent->flags = IPFW_TCF_INET;
1187 1220 
 	xent->value = n->value;
1188 1221 
+	xent->bytes = n->bytes;
1189 1222 
+	xent->packets = n->packets;
......
1191 1224 
 	tbl->cnt++;
1192 1225 
 	return (0);
1193 1226 
 }
1194 
@@ -735,12 +1045,31 @@ dump_table_xentry_extended(struct radix_node *rn, void *arg)
1227 
@@ -735,12 +1047,31 @@ dump_table_xentry_extended(struct radix_node *rn, void *arg)
1195 1228 
 		memcpy(&xent->k, &n->a.iface.ifname, IF_NAMESIZE);
1196 1229 
 		break;
1197 1230

Formats disponibles : Unified diff