Révision b26051b1
Ajouté par Ermal il y a presque 10 ans
patches/stable/10/CP_speedup.diff | ||
---|---|---|
1 | 1 |
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c |
2 |
index 577d644..6a1d396 100644
|
|
2 |
index 577d644..48dbc2a 100644
|
|
3 | 3 |
--- a/sbin/ipfw/ipfw2.c |
4 | 4 |
+++ b/sbin/ipfw/ipfw2.c |
5 | 5 |
@@ -4115,8 +4115,9 @@ ipfw_flush(int force) |
... | ... | |
89 | 89 |
mask = 0; |
90 | 90 |
type = 0; |
91 | 91 |
addrlen = 0; |
92 |
@@ -4245,7 +4248,23 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
92 |
@@ -4245,7 +4248,20 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
93 | 93 |
* 4) port, uid/gid or other u32 key (base 10 format) |
94 | 94 |
* 5) hostname |
95 | 95 |
*/ |
96 | 96 |
- paddr = &xent->k.addr6; |
97 |
+ if (ac > 1 && av) { |
|
98 |
+ if (_substrcmp(*av, "mac") == 0) { |
|
99 |
+ uint8_t _mask[8]; |
|
97 |
+ if (ac > 1 && av && _substrcmp(*av, "mac") == 0) { |
|
98 |
+ uint8_t _mask[8]; |
|
100 | 99 |
+ |
101 |
+ type = IPFW_TABLE_MIX; |
|
102 |
+ get_mac_addr_mask(av[1], (uint8_t *)xent->k.mix.mac, _mask); |
|
103 |
+ ac-=2; av+=2; |
|
104 |
+ if (ac <= 0) |
|
105 |
+ errx(EX_DATAERR, "wrong argument passed."); |
|
106 |
+ |
|
107 |
+ paddr = (struct in6_addr *)&xent->k.mix.addr; |
|
108 |
+ } else |
|
100 |
+ type = IPFW_TABLE_MIX; |
|
101 |
+ get_mac_addr_mask(av[1], (uint8_t *)xent->k.mix.mac, _mask); |
|
102 |
+ ac-=2; av+=2; |
|
103 |
+ if (ac <= 0) |
|
109 | 104 |
+ errx(EX_DATAERR, "wrong argument passed."); |
105 |
+ |
|
106 |
+ paddr = (struct in6_addr *)&xent->k.mix.addr; |
|
110 | 107 |
+ } else |
111 | 108 |
+ paddr = &xent->k.addr6; |
112 | 109 |
+ |
... | ... | |
114 | 111 |
if (ishexnumber(*arg) != 0 || *arg == ':') { |
115 | 112 |
/* Remove / if exists */ |
116 | 113 |
if ((p = strchr(arg, '/')) != NULL) { |
117 |
@@ -4258,7 +4277,8 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
114 |
@@ -4258,7 +4274,8 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
118 | 115 |
errx(EX_DATAERR, "bad IPv4 mask width: %s", |
119 | 116 |
p + 1); |
120 | 117 |
|
... | ... | |
124 | 121 |
masklen = p ? mask : 32; |
125 | 122 |
addrlen = sizeof(struct in_addr); |
126 | 123 |
} else if (inet_pton(AF_INET6, arg, paddr) == 1) { |
127 |
@@ -4269,10 +4289,14 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
124 |
@@ -4269,10 +4286,14 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
128 | 125 |
errx(EX_DATAERR, "bad IPv6 mask width: %s", |
129 | 126 |
p + 1); |
130 | 127 |
|
... | ... | |
140 | 137 |
/* Port or any other key */ |
141 | 138 |
key = strtol(arg, &p, 10); |
142 | 139 |
/* Skip non-base 10 entries like 'fa1' */ |
143 |
@@ -4304,9 +4328,103 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
140 |
@@ -4304,9 +4325,102 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xent)
|
|
144 | 141 |
addrlen = sizeof(struct in_addr); |
145 | 142 |
} |
146 | 143 |
|
... | ... | |
195 | 192 |
+ tval = xent->value; |
196 | 193 |
+ addr6 = &xent->k.addr6; |
197 | 194 |
+ |
198 |
+ |
|
199 |
+ if (IN6_IS_ADDR_V4COMPAT(addr6)) { |
|
195 |
+ if ((xent->flags & IPFW_TCF_INET) != 0) { |
|
200 | 196 |
+ /* IPv4 address */ |
201 | 197 |
+ inet_ntop(AF_INET, &addr6->s6_addr32[3], tbuf, sizeof(tbuf)); |
202 | 198 |
+ } else { |
... | ... | |
245 | 241 |
} |
246 | 242 |
|
247 | 243 |
static void |
248 |
@@ -4338,6 +4456,7 @@ table_list(uint16_t num, int need_header)
|
|
244 |
@@ -4338,6 +4452,7 @@ table_list(uint16_t num, int need_header)
|
|
249 | 245 |
l = *a; |
250 | 246 |
tbl = safe_calloc(1, l); |
251 | 247 |
tbl->opheader.opcode = IP_FW_TABLE_XLIST; |
... | ... | |
253 | 249 |
tbl->tbl = num; |
254 | 250 |
if (do_cmd(IP_FW3, tbl, (uintptr_t)&l) < 0) |
255 | 251 |
err(EX_OSERR, "getsockopt(IP_FW_TABLE_XLIST)"); |
256 |
@@ -4377,6 +4496,23 @@ table_list(uint16_t num, int need_header) |
|
252 |
@@ -4352,8 +4467,7 @@ table_list(uint16_t num, int need_header) |
|
253 |
tval = xent->value; |
|
254 |
addr6 = &xent->k.addr6; |
|
255 |
|
|
256 |
- |
|
257 |
- if (IN6_IS_ADDR_V4COMPAT(addr6)) { |
|
258 |
+ if ((xent->flags & IPFW_TCF_INET) != 0) { |
|
259 |
/* IPv4 address */ |
|
260 |
inet_ntop(AF_INET, &addr6->s6_addr32[3], tbuf, sizeof(tbuf)); |
|
261 |
} else { |
|
262 |
@@ -4361,12 +4475,16 @@ table_list(uint16_t num, int need_header) |
|
263 |
inet_ntop(AF_INET6, addr6, tbuf, sizeof(tbuf)); |
|
264 |
} |
|
265 |
|
|
266 |
+ printf("%s/%u", tbuf, xent->masklen); |
|
267 |
+ if (xent->mac_addr) |
|
268 |
+ printf(" mac %s", ether_ntoa((struct ether_addr *)&xent->mac_addr)); |
|
269 |
+ |
|
270 |
if (co.do_value_as_ip) { |
|
271 |
tval = htonl(tval); |
|
272 |
- printf("%s/%u %s\n", tbuf, xent->masklen, |
|
273 |
+ printf(" %s\n", |
|
274 |
inet_ntoa(*(struct in_addr *)&tval)); |
|
275 |
} else |
|
276 |
- printf("%s/%u %u\n", tbuf, xent->masklen, tval); |
|
277 |
+ printf(" %u\n", tval); |
|
278 |
break; |
|
279 |
case IPFW_TABLE_INTERFACE: |
|
280 |
/* Interface names */ |
|
281 |
@@ -4377,6 +4495,23 @@ table_list(uint16_t num, int need_header) |
|
257 | 282 |
inet_ntoa(*(struct in_addr *)&tval)); |
258 | 283 |
} else |
259 | 284 |
printf("%s %u\n", xent->k.iface, tval); |
... | ... | |
304 | 329 |
|
305 | 330 |
/* |
306 | 331 |
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h |
307 |
index 14b08f5..a327f1c 100644
|
|
332 |
index 14b08f5..b514ee3 100644
|
|
308 | 333 |
--- a/sys/netinet/ip_fw.h |
309 | 334 |
+++ b/sys/netinet/ip_fw.h |
310 | 335 |
@@ -74,6 +74,8 @@ typedef struct _ip_fw3_opheader { |
... | ... | |
316 | 341 |
|
317 | 342 |
/* |
318 | 343 |
* The kernel representation of ipfw rules is made of a list of |
319 |
@@ -600,23 +602,43 @@ struct _ipfw_dyn_rule {
|
|
344 |
@@ -600,13 +602,16 @@ struct _ipfw_dyn_rule {
|
|
320 | 345 |
|
321 | 346 |
#define IPFW_TABLE_CIDR 1 /* Table for holding IPv4/IPv6 prefixes */ |
322 | 347 |
#define IPFW_TABLE_INTERFACE 2 /* Table for holding interface names */ |
... | ... | |
330 | 355 |
u_int32_t value; /* value */ |
331 | 356 |
u_int16_t tbl; /* table number */ |
332 | 357 |
u_int8_t masklen; /* mask length */ |
333 |
+ uint64_t mac_addr;
|
|
358 |
+ uint64_t mac_addr; |
|
334 | 359 |
} ipfw_table_entry; |
335 | 360 |
|
336 | 361 |
typedef struct _ipfw_table_xentry { |
337 |
uint16_t len; /* Total entry length */
|
|
362 |
@@ -614,13 +619,32 @@ typedef struct _ipfw_table_xentry {
|
|
338 | 363 |
uint8_t type; /* entry type */ |
339 | 364 |
uint8_t masklen; /* mask length */ |
340 |
- uint16_t tbl; /* table number */ |
|
365 |
uint16_t tbl; /* table number */ |
|
366 |
+ uint16_t flags; /* record flags */ |
|
341 | 367 |
uint32_t value; /* value */ |
342 |
+ uint32_t timestamp; |
|
343 |
+ uint64_t mac_addr; |
|
344 |
+ uint64_t bytes; |
|
345 |
+ uint64_t packets; |
|
346 |
+ uint16_t tbl; /* table number */ |
|
368 |
+ uint32_t timestamp; |
|
369 |
+ uint64_t mac_addr; |
|
370 |
+ uint64_t bytes; |
|
371 |
+ uint64_t packets; |
|
347 | 372 |
union { |
348 | 373 |
/* Longest field needs to be aligned by 4-byte boundary */ |
349 | 374 |
+#ifndef ETHER_ADDR_LEN |
... | ... | |
362 | 387 |
struct in6_addr addr6; /* IPv6 address */ |
363 | 388 |
char iface[IF_NAMESIZE]; /* interface name */ |
364 | 389 |
} k; |
390 |
} ipfw_table_xentry; |
|
391 |
+#define IPFW_TCF_INET 0x01 /* CIDR flags: IPv4 record */ |
|
392 |
|
|
393 |
typedef struct _ipfw_table { |
|
394 |
u_int32_t size; /* size of entries in bytes */ |
|
365 | 395 |
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c |
366 | 396 |
index cd466bd..f2f117e 100644 |
367 | 397 |
--- a/sys/netpfil/ipfw/ip_fw2.c |
... | ... | |
731 | 761 |
{ |
732 | 762 |
ipfw_xtable *tbl; |
733 | 763 |
diff --git a/sys/netpfil/ipfw/ip_fw_table.c b/sys/netpfil/ipfw/ip_fw_table.c |
734 |
index 95cff5c..e916749 100644
|
|
764 |
index 95cff5c..061cb18 100644
|
|
735 | 765 |
--- a/sys/netpfil/ipfw/ip_fw_table.c |
736 | 766 |
+++ b/sys/netpfil/ipfw/ip_fw_table.c |
737 | 767 |
@@ -59,6 +59,7 @@ __FBSDID("$FreeBSD$"); |
... | ... | |
962 | 992 |
default: |
963 | 993 |
return (EINVAL); |
964 | 994 |
} |
965 |
@@ -552,9 +688,152 @@ ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
|
|
995 |
@@ -552,9 +688,153 @@ ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
|
|
966 | 996 |
return (0); |
967 | 997 |
} |
968 | 998 |
|
... | ... | |
1103 | 1133 |
+ arg->packets = xent->packets; |
1104 | 1134 |
+ arg->value = xent->value; |
1105 | 1135 |
+ arg->timestamp = xent->timestamp; |
1136 |
+ arg->mac_addr = xent->mac_addr; |
|
1106 | 1137 |
+ |
1107 | 1138 |
+ return (1); |
1108 | 1139 |
+ } |
... | ... | |
1116 | 1147 |
{ |
1117 | 1148 |
struct radix_node_head *rnh; |
1118 | 1149 |
struct table_xentry *xent; |
1119 |
@@ -562,15 +841,21 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
1150 |
@@ -562,15 +842,21 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
1120 | 1151 |
struct xaddr_iface iface; |
1121 | 1152 |
|
1122 | 1153 |
if (tbl >= V_fw_tables_max) |
... | ... | |
1140 | 1171 |
break; |
1141 | 1172 |
|
1142 | 1173 |
case IPFW_TABLE_INTERFACE: |
1143 |
@@ -581,15 +866,37 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
1174 |
@@ -581,15 +867,37 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
1144 | 1175 |
xent = (struct table_xentry *)(rnh->rnh_lookup(&iface, NULL, rnh)); |
1145 | 1176 |
break; |
1146 | 1177 |
|
... | ... | |
1181 | 1212 |
} |
1182 | 1213 |
|
1183 | 1214 |
static int |
1184 |
@@ -698,6 +1005,9 @@ dump_table_xentry_base(struct radix_node *rn, void *arg) |
|
1215 |
@@ -697,7 +1005,11 @@ dump_table_xentry_base(struct radix_node *rn, void *arg) |
|
1216 |
xent->masklen = 33 - ffs(ntohl(n->mask.sin_addr.s_addr)); |
|
1185 | 1217 |
/* Save IPv4 address as deprecated IPv6 compatible */ |
1186 | 1218 |
xent->k.addr6.s6_addr32[3] = n->addr.sin_addr.s_addr; |
1219 |
+ xent->flags = IPFW_TCF_INET; |
|
1187 | 1220 |
xent->value = n->value; |
1188 | 1221 |
+ xent->bytes = n->bytes; |
1189 | 1222 |
+ xent->packets = n->packets; |
... | ... | |
1191 | 1224 |
tbl->cnt++; |
1192 | 1225 |
return (0); |
1193 | 1226 |
} |
1194 |
@@ -735,12 +1045,31 @@ dump_table_xentry_extended(struct radix_node *rn, void *arg)
|
|
1227 |
@@ -735,12 +1047,31 @@ dump_table_xentry_extended(struct radix_node *rn, void *arg)
|
|
1195 | 1228 |
memcpy(&xent->k, &n->a.iface.ifname, IF_NAMESIZE); |
1196 | 1229 |
break; |
1197 | 1230 |
|
Formats disponibles : Unified diff
Make properly work ipfw command on tables. Also import bin/189471 to print properly ipv4 from tables