PERFORCE change 143044 for review
Gleb Kurtsou
gk at FreeBSD.org
Fri Jun 6 18:11:12 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=143044
Change 143044 by gk at gk_h1 on 2008/06/06 18:10:27
add ipfw options: src-mac & dst-mac
Affected files ...
.. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#2 edit
.. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#3 edit
.. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#3 edit
Differences ...
==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#2 (text+ko) ====
@@ -295,6 +295,8 @@
TOK_TCPWIN,
TOK_ICMPTYPES,
TOK_MAC,
+ TOK_MAC_SRC,
+ TOK_MAC_DST,
TOK_MACTYPE,
TOK_VERREVPATH,
TOK_VERSRCREACH,
@@ -477,6 +479,8 @@
{ "proto", TOK_PROTO },
{ "MAC", TOK_MAC },
{ "mac", TOK_MAC },
+ { "src-mac", TOK_MAC_SRC },
+ { "dst-mac", TOK_MAC_DST },
{ "mac-type", TOK_MACTYPE },
{ "verrevpath", TOK_VERREVPATH },
{ "versrcreach", TOK_VERSRCREACH },
@@ -1810,12 +1814,28 @@
case O_MACADDR2: {
ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
- printf(" MAC");
+ printf(" mac");
print_mac(m->addr, m->mask);
print_mac(m->addr + 6, m->mask + 6);
}
break;
+ case O_MAC_SRC: {
+ ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
+
+ printf(" src-mac");
+ print_mac(m->addr + 6, m->mask + 6);
+ }
+ break;
+
+ case O_MAC_DST: {
+ ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
+
+ printf(" dst-mac");
+ print_mac(m->addr, m->mask);
+ }
+ break;
+
case O_MAC_TYPE:
print_newports((ipfw_insn_u16 *)cmd,
IPPROTO_ETHERTYPE, cmd->opcode);
@@ -4570,6 +4590,43 @@
}
static ipfw_insn *
+add_mac_src(ipfw_insn *cmd, int ac, char *av[])
+{
+ ipfw_insn_mac *mac;
+
+ if (ac < 1)
+ errx(EX_DATAERR, "src-mac src");
+
+ cmd->opcode = O_MAC_SRC;
+ cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac);
+
+ mac = (ipfw_insn_mac *)cmd;
+ bzero(mac->addr, ETHER_ADDR_LEN);
+ bzero(mac->mask, ETHER_ADDR_LEN);
+ get_mac_addr_mask(av[0], &(mac->addr[ETHER_ADDR_LEN]),
+ &(mac->mask[ETHER_ADDR_LEN])); /* src */
+ return cmd;
+}
+
+static ipfw_insn *
+add_mac_dst(ipfw_insn *cmd, int ac, char *av[])
+{
+ ipfw_insn_mac *mac;
+
+ if (ac < 1)
+ errx(EX_DATAERR, "dst-mac dst");
+
+ cmd->opcode = O_MAC_DST;
+ cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac);
+
+ mac = (ipfw_insn_mac *)cmd;
+ bzero(mac->addr + ETHER_ADDR_LEN, ETHER_ADDR_LEN);
+ bzero(mac->mask + ETHER_ADDR_LEN, ETHER_ADDR_LEN);
+ get_mac_addr_mask(av[0], mac->addr, mac->mask); /* dst */
+ return cmd;
+}
+
+static ipfw_insn *
add_mactype(ipfw_insn *cmd, int ac, char *av)
{
if (ac < 1)
@@ -5590,6 +5647,18 @@
}
break;
+ case TOK_MAC_SRC:
+ if (add_mac_src(cmd, ac, av)) {
+ ac--; av++;
+ }
+ break;
+
+ case TOK_MAC_DST:
+ if (add_mac_dst(cmd, ac, av)) {
+ ac--; av++;
+ }
+ break;
+
case TOK_MACTYPE:
NEED1("missing mac type");
if (!add_mactype(cmd, ac, *av))
==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#3 (text+ko) ====
@@ -68,6 +68,8 @@
O_PROTO, /* arg1=protocol */
O_MACADDR2, /* 2 mac addr:mask */
+ O_MAC_SRC, /* 2 mac addr:mask */
+ O_MAC_DST, /* 2 mac addr:mask */
O_MAC_TYPE, /* same as srcport */
O_LAYER2, /* none */
==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#3 (text+ko) ====
@@ -2584,6 +2584,8 @@
break;
case O_MACADDR2:
+ case O_MAC_SRC:
+ case O_MAC_DST:
if (args->eh != NULL) { /* have MAC header */
u_int32_t *want = (u_int32_t *)
((ipfw_insn_mac *)cmd)->addr;
@@ -3881,6 +3883,8 @@
break;
case O_MACADDR2:
+ case O_MAC_SRC:
+ case O_MAC_DST:
if (cmdlen != F_INSN_SIZE(ipfw_insn_mac))
goto bad_size;
break;
More information about the p4-projects
mailing list