PERFORCE change 143458 for review
Gleb Kurtsou
gk at FreeBSD.org
Sat Jun 14 18:32:22 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=143458
Change 143458 by gk at gk_h1 on 2008/06/14 18:31:45
in ipfw: s/mac/ether/ (to be consistent with the rest of the world and
futere layer2 filtering in pf).
retain mac and mac-type options for backward compatibility
Affected files ...
.. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#4 edit
.. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#5 edit
.. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#6 edit
Differences ...
==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#4 (text+ko) ====
@@ -294,10 +294,10 @@
TOK_TCPACK,
TOK_TCPWIN,
TOK_ICMPTYPES,
- TOK_MAC,
- TOK_MAC_SRC,
- TOK_MAC_DST,
- TOK_MACTYPE,
+ TOK_ETHER,
+ TOK_ETHER_SRC,
+ TOK_ETHER_DST,
+ TOK_ETHER_TYPE,
TOK_VERREVPATH,
TOK_VERSRCREACH,
TOK_ANTISPOOF,
@@ -477,11 +477,13 @@
{ "dst-port", TOK_DSTPORT },
{ "src-port", TOK_SRCPORT },
{ "proto", TOK_PROTO },
- { "MAC", TOK_MAC },
- { "mac", TOK_MAC },
- { "src-mac", TOK_MAC_SRC },
- { "dst-mac", TOK_MAC_DST },
- { "mac-type", TOK_MACTYPE },
+ { "MAC", TOK_ETHER },
+ { "mac", TOK_ETHER },
+ { "ether", TOK_ETHER },
+ { "src-ether", TOK_ETHER_SRC },
+ { "dst-ether", TOK_ETHER_DST },
+ { "mac-type", TOK_ETHER_TYPE },
+ { "ether-type", TOK_ETHER_TYPE },
{ "verrevpath", TOK_VERREVPATH },
{ "versrcreach", TOK_VERSRCREACH },
{ "antispoof", TOK_ANTISPOOF },
@@ -663,7 +665,7 @@
{"ipid", O_IPID},
{"iplen", O_IPLEN},
{"ipttl", O_IPTTL},
- {"mac-type", O_MAC_TYPE},
+ {"ether-type", O_ETHER_TYPE},
{"tcpdatalen", O_TCPDATALEN},
{"tagged", O_TAGGED},
{NULL, 0}
@@ -1134,10 +1136,10 @@
}
/*
- * prints a MAC address/mask pair
+ * prints a ethernet (MAC) address/mask pair
*/
static void
-print_mac(uint8_t *addr, uint8_t *mask)
+print_ether(uint8_t *addr, uint8_t *mask)
{
int l = contigmask(mask, 48);
@@ -1421,7 +1423,7 @@
* The first argument is the list of fields we have, the second is
* the list of fields we want to be printed.
*
- * Special cases if we have provided a MAC header:
+ * Special cases if we have provided a ethernet header:
* + if the rule does not contain IP addresses/ports, do not print them;
* + if the rule does not contain an IP proto, print "all" instead of "ip";
*
@@ -1811,32 +1813,32 @@
if (cmd->len & F_NOT && cmd->opcode != O_IN)
printf(" not");
switch(cmd->opcode) {
- case O_MACADDR2: {
- ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
+ case O_ETHERADDR2: {
+ ipfw_insn_ether *m = (ipfw_insn_ether *)cmd;
- printf(" mac");
- print_mac(m->addr, m->mask);
- print_mac(m->addr + 6, m->mask + 6);
+ printf(" ether");
+ print_ether(m->addr, m->mask);
+ print_ether(m->addr + 6, m->mask + 6);
}
break;
- case O_MAC_SRC: {
- ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
+ case O_ETHER_SRC: {
+ ipfw_insn_ether *m = (ipfw_insn_ether *)cmd;
- printf(" src-mac");
- print_mac(m->addr + 6, m->mask + 6);
+ printf(" src-ether");
+ print_ether(m->addr + 6, m->mask + 6);
}
break;
- case O_MAC_DST: {
- ipfw_insn_mac *m = (ipfw_insn_mac *)cmd;
+ case O_ETHER_DST: {
+ ipfw_insn_ether *m = (ipfw_insn_ether *)cmd;
- printf(" dst-mac");
- print_mac(m->addr, m->mask);
+ printf(" dst-ether");
+ print_ether(m->addr, m->mask);
}
break;
- case O_MAC_TYPE:
+ case O_ETHER_TYPE:
print_newports((ipfw_insn_u16 *)cmd,
IPPROTO_ETHERTYPE, cmd->opcode);
break;
@@ -4466,12 +4468,12 @@
}
static void
-get_mac_addr_mask(const char *p, uint8_t *addr, uint8_t *mask)
+get_ether_addr_mask(const char *p, uint8_t *addr, uint8_t *mask)
{
int i, l;
char *ap, *ptr, *optr;
- struct ether_addr *mac;
- const char *macset = "0123456789abcdefABCDEF:";
+ struct ether_addr *ether;
+ const char *etherset = "0123456789abcdefABCDEF:";
if (strcmp(p, "any") == 0) {
for (i = 0; i < ETHER_ADDR_LEN; i++)
@@ -4482,11 +4484,11 @@
optr = ptr = strdup(p);
if ((ap = strsep(&ptr, "&/")) != NULL && *ap != 0) {
l = strlen(ap);
- if (strspn(ap, macset) != l || (mac = ether_aton(ap)) == NULL)
- errx(EX_DATAERR, "Incorrect MAC address");
- bcopy(mac, addr, ETHER_ADDR_LEN);
+ if (strspn(ap, etherset) != l || (ether = ether_aton(ap)) == NULL)
+ errx(EX_DATAERR, "Incorrect ethernet (MAC) address");
+ bcopy(ether, addr, ETHER_ADDR_LEN);
} else
- errx(EX_DATAERR, "Incorrect MAC address");
+ errx(EX_DATAERR, "Incorrect ethernet (MAC) address");
if (ptr != NULL) { /* we have mask? */
if (p[ptr - optr - 1] == '/') { /* mask len */
@@ -4497,10 +4499,10 @@
mask[i] = (l >= 8) ? 0xff: (~0) << (8 - l);
} else { /* mask */
l = strlen(ptr);
- if (strspn(ptr, macset) != l ||
- (mac = ether_aton(ptr)) == NULL)
+ if (strspn(ptr, etherset) != l ||
+ (ether = ether_aton(ptr)) == NULL)
errx(EX_DATAERR, "Incorrect mask");
- bcopy(mac, mask, ETHER_ADDR_LEN);
+ bcopy(ether, mask, ETHER_ADDR_LEN);
}
} else { /* default mask: ff:ff:ff:ff:ff:ff */
for (i = 0; i < ETHER_ADDR_LEN; i++)
@@ -4572,68 +4574,68 @@
* two microinstructions, and returns the pointer to the last one.
*/
static ipfw_insn *
-add_mac(ipfw_insn *cmd, int ac, char *av[])
+add_ether(ipfw_insn *cmd, int ac, char *av[])
{
- ipfw_insn_mac *mac;
+ ipfw_insn_ether *ether;
if (ac < 2)
- errx(EX_DATAERR, "MAC dst src");
+ errx(EX_DATAERR, "ether dst src");
- cmd->opcode = O_MACADDR2;
- cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac);
+ cmd->opcode = O_ETHERADDR2;
+ cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_ether);
- mac = (ipfw_insn_mac *)cmd;
- get_mac_addr_mask(av[0], mac->addr, mac->mask); /* dst */
- get_mac_addr_mask(av[1], &(mac->addr[ETHER_ADDR_LEN]),
- &(mac->mask[ETHER_ADDR_LEN])); /* src */
+ ether = (ipfw_insn_ether *)cmd;
+ get_ether_addr_mask(av[0], ether->addr, ether->mask); /* dst */
+ get_ether_addr_mask(av[1], &(ether->addr[ETHER_ADDR_LEN]),
+ &(ether->mask[ETHER_ADDR_LEN])); /* src */
return cmd;
}
static ipfw_insn *
-add_mac_src(ipfw_insn *cmd, int ac, char *av[])
+add_ether_src(ipfw_insn *cmd, int ac, char *av[])
{
- ipfw_insn_mac *mac;
+ ipfw_insn_ether *ether;
if (ac < 1)
- errx(EX_DATAERR, "src-mac src");
+ errx(EX_DATAERR, "src-ether src");
- cmd->opcode = O_MAC_SRC;
- cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac);
+ cmd->opcode = O_ETHER_SRC;
+ cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_ether);
- mac = (ipfw_insn_mac *)cmd;
- bzero(mac->addr, ETHER_ADDR_LEN);
- bzero(mac->mask, ETHER_ADDR_LEN);
- get_mac_addr_mask(av[0], &(mac->addr[ETHER_ADDR_LEN]),
- &(mac->mask[ETHER_ADDR_LEN])); /* src */
+ ether = (ipfw_insn_ether *)cmd;
+ bzero(ether->addr, ETHER_ADDR_LEN);
+ bzero(ether->mask, ETHER_ADDR_LEN);
+ get_ether_addr_mask(av[0], &(ether->addr[ETHER_ADDR_LEN]),
+ &(ether->mask[ETHER_ADDR_LEN])); /* src */
return cmd;
}
static ipfw_insn *
-add_mac_dst(ipfw_insn *cmd, int ac, char *av[])
+add_ether_dst(ipfw_insn *cmd, int ac, char *av[])
{
- ipfw_insn_mac *mac;
+ ipfw_insn_ether *ether;
if (ac < 1)
- errx(EX_DATAERR, "dst-mac dst");
+ errx(EX_DATAERR, "dst-ether dst");
- cmd->opcode = O_MAC_DST;
- cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac);
+ cmd->opcode = O_ETHER_DST;
+ cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_ether);
- mac = (ipfw_insn_mac *)cmd;
- bzero(mac->addr + ETHER_ADDR_LEN, ETHER_ADDR_LEN);
- bzero(mac->mask + ETHER_ADDR_LEN, ETHER_ADDR_LEN);
- get_mac_addr_mask(av[0], mac->addr, mac->mask); /* dst */
+ ether = (ipfw_insn_ether *)cmd;
+ bzero(ether->addr + ETHER_ADDR_LEN, ETHER_ADDR_LEN);
+ bzero(ether->mask + ETHER_ADDR_LEN, ETHER_ADDR_LEN);
+ get_ether_addr_mask(av[0], ether->addr, ether->mask); /* dst */
return cmd;
}
static ipfw_insn *
-add_mactype(ipfw_insn *cmd, int ac, char *av)
+add_ethertype(ipfw_insn *cmd, int ac, char *av)
{
if (ac < 1)
- errx(EX_DATAERR, "missing MAC type");
+ errx(EX_DATAERR, "missing ether-type argument");
if (strcmp(av, "any") != 0) { /* we have a non-null type */
fill_newports((ipfw_insn_u16 *)cmd, av, IPPROTO_ETHERTYPE);
- cmd->opcode = O_MAC_TYPE;
+ cmd->opcode = O_ETHER_TYPE;
return cmd;
} else
return NULL;
@@ -5641,28 +5643,28 @@
*av);
break;
- case TOK_MAC:
- if (add_mac(cmd, ac, av)) {
+ case TOK_ETHER:
+ if (add_ether(cmd, ac, av)) {
ac -= 2; av += 2;
}
break;
- case TOK_MAC_SRC:
- if (add_mac_src(cmd, ac, av)) {
+ case TOK_ETHER_SRC:
+ if (add_ether_src(cmd, ac, av)) {
ac--; av++;
}
break;
- case TOK_MAC_DST:
- if (add_mac_dst(cmd, ac, av)) {
+ case TOK_ETHER_DST:
+ if (add_ether_dst(cmd, ac, av)) {
ac--; av++;
}
break;
- case TOK_MACTYPE:
- NEED1("missing mac type");
- if (!add_mactype(cmd, ac, *av))
- errx(EX_DATAERR, "invalid mac type %s", *av);
+ case TOK_ETHER_TYPE:
+ NEED1("missing ether type");
+ if (!add_ethertype(cmd, ac, *av))
+ errx(EX_DATAERR, "invalid ether type %s", *av);
ac--; av++;
break;
@@ -5966,10 +5968,10 @@
if (lookup_host(*av, (struct in_addr *)&ent.addr) != 0)
errx(EX_NOHOST, "hostname ``%s'' unknown", *av);
ac--; av++;
- ent.mac_addr = 0;
- if (do_add && ac >= 2 && strcmp(*av, "mac") == 0) {
+ ent.ether_addr = 0;
+ if (do_add && ac >= 2 && strcmp(*av, "ether") == 0) {
uint8_t mask[8];
- get_mac_addr_mask(av[1], (uint8_t*)&ent.mac_addr, mask);
+ get_ether_addr_mask(av[1], (uint8_t*)&ent.ether_addr, mask);
ac-=2; av+=2;
}
if (do_add && ac) {
@@ -6021,7 +6023,7 @@
for (a = 0; a < tbl->cnt; a++) {
unsigned int tval;
char tval_buf[128];
- char tmac_buf[128];
+ char tether_buf[128];
tval = tbl->ent[a].value;
if (do_value_as_ip) {
/* inet_ntoa expects network order */
@@ -6031,17 +6033,17 @@
} else {
snprintf(tval_buf, sizeof(tval_buf), "%u", tval);
}
- if (tbl->ent[a].mac_addr) {
- uint8_t *x = (uint8_t *)&tbl->ent[a].mac_addr;
- snprintf(tmac_buf, sizeof(tmac_buf), "mac %02x:%02x:%02x:%02x:%02x:%02x ",
+ if (tbl->ent[a].ether_addr) {
+ uint8_t *x = (uint8_t *)&tbl->ent[a].ether_addr;
+ snprintf(tether_buf, sizeof(tether_buf), "ether %02x:%02x:%02x:%02x:%02x:%02x ",
x[0], x[1], x[2], x[3], x[4], x[5]);
} else {
- tmac_buf[0] = 0;
+ tether_buf[0] = 0;
}
printf("%s/%u %s%s\n",
inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
- tbl->ent[a].masklen, tmac_buf, tval_buf);
+ tbl->ent[a].masklen, tether_buf, tval_buf);
}
} else
errx(EX_USAGE, "invalid table command %s", *av);
==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#5 (text+ko) ====
@@ -67,10 +67,10 @@
O_IP_DSTPORT, /* (n)port list:mask 4 byte ea */
O_PROTO, /* arg1=protocol */
- O_MACADDR2, /* 2 mac addr:mask */
- O_MAC_SRC, /* 2 mac addr:mask */
- O_MAC_DST, /* 2 mac addr:mask */
- O_MAC_TYPE, /* same as srcport */
+ O_ETHERADDR2, /* 2 ethernet (mac) addr:mask */
+ O_ETHER_SRC, /* 2 ethernet (mac) addr:mask */
+ O_ETHER_DST, /* 2 ethernet (mac) addr:mask */
+ O_ETHER_TYPE, /* same as srcport */
O_LAYER2, /* none */
O_IN, /* none */
@@ -263,13 +263,13 @@
} ipfw_insn_sa;
/*
- * This is used for MAC addr-mask pairs.
+ * This is used for ethernet (MAC) addr-mask pairs.
*/
-typedef struct _ipfw_insn_mac {
+typedef struct _ipfw_insn_ether {
ipfw_insn o;
u_char addr[12]; /* dst[6] + src[6] */
u_char mask[12]; /* dst[6] + src[6] */
-} ipfw_insn_mac;
+} ipfw_insn_ether;
/*
* This is used for interface match rules (recv xx, xmit xx).
@@ -533,7 +533,7 @@
*/
typedef struct _ipfw_table_entry {
in_addr_t addr; /* network address */
- u_int64_t mac_addr; /* mac address */
+ u_int64_t ether_addr; /* ethernet address */
u_int32_t value; /* value */
u_int16_t tbl; /* table number */
u_int8_t masklen; /* mask length */
==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#6 (text+ko) ====
@@ -153,7 +153,7 @@
struct table_entry {
struct radix_node rn[2];
struct sockaddr_in addr, mask;
- u_int64_t mac_addr;
+ u_int64_t ether_addr;
u_int32_t value;
};
@@ -880,7 +880,7 @@
}
if (hlen == 0) { /* non-ip */
- snprintf(SNPARGS(proto, 0), "MAC");
+ snprintf(SNPARGS(proto, 0), "ether");
} else {
int len;
@@ -1753,7 +1753,7 @@
static int
add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
- uint8_t mlen, u_int64_t mac_addr, uint32_t value)
+ uint8_t mlen, u_int64_t ether_addr, uint32_t value)
{
struct radix_node_head *rnh;
struct table_entry *ent;
@@ -1768,7 +1768,7 @@
ent->addr.sin_len = ent->mask.sin_len = 8;
ent->mask.sin_addr.s_addr = htonl(mlen ? ~((1 << (32 - mlen)) - 1) : 0);
ent->addr.sin_addr.s_addr = addr & ent->mask.sin_addr.s_addr;
- ent->mac_addr = mac_addr;
+ ent->ether_addr = ether_addr;
IPFW_WLOCK(&layer3_chain);
if (rnh->rnh_addaddr(&ent->addr, &ent->mask, rnh, (void *)ent) ==
NULL) {
@@ -1876,8 +1876,8 @@
sa.sin_addr.s_addr = addr;
ent = (struct table_entry *)(rnh->rnh_lookup(&sa, NULL, rnh));
if (ent != NULL) {
- if (ea && ent->mac_addr) {
- if (ent->mac_addr != ((*(u_int64_t*)ea)))
+ if (ea && ent->ether_addr) {
+ if (ent->ether_addr != ((*(u_int64_t*)ea)))
return (0);
}
*val = ent->value;
@@ -1924,7 +1924,7 @@
else
ent->masklen = 33 - ffs(ntohl(n->mask.sin_addr.s_addr));
ent->addr = n->addr.sin_addr.s_addr;
- ent->mac_addr = n->mac_addr;
+ ent->ether_addr = n->ether_addr;
ent->value = n->value;
tbl->cnt++;
return (0);
@@ -2054,7 +2054,7 @@
*
* args->m (in/out) The packet; we set to NULL when/if we nuke it.
* Starts with the IP header.
- * args->eh (in) Mac header if present, or NULL for layer3 packet.
+ * args->eh (in) ethernet header if present, or NULL for layer3 packet.
* args->L3offset Number of bytes bypassed if we came from L2.
* e.g. often sizeof(eh) ** NOTYET **
* args->oif Outgoing interface, or NULL if packet is incoming.
@@ -2090,7 +2090,7 @@
* the implementation of the various instructions to make sure
* that they still work.
*
- * args->eh The MAC header. It is non-null for a layer2
+ * args->eh The ethernet header. It is non-null for a layer2
* packet, it is NULL for a layer-3 packet.
* **notyet**
* args->L3offset Offset in the packet to the L3 (IP or equiv.) header.
@@ -2590,14 +2590,14 @@
m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd);
break;
- case O_MACADDR2:
- case O_MAC_SRC:
- case O_MAC_DST:
- if (args->eh != NULL) { /* have MAC header */
+ case O_ETHERADDR2:
+ case O_ETHER_SRC:
+ case O_ETHER_DST:
+ if (args->eh != NULL) { /* have ethernet header */
u_int32_t *want = (u_int32_t *)
- ((ipfw_insn_mac *)cmd)->addr;
+ ((ipfw_insn_ether *)cmd)->addr;
u_int32_t *mask = (u_int32_t *)
- ((ipfw_insn_mac *)cmd)->mask;
+ ((ipfw_insn_ether *)cmd)->mask;
u_int32_t *hdr = (u_int32_t *)args->eh;
match =
@@ -2607,8 +2607,8 @@
}
break;
- case O_MAC_TYPE:
- if (args->eh != NULL) { /* have MAC header */
+ case O_ETHER_TYPE:
+ if (args->eh != NULL) { /* have ethernet header */
u_int16_t *p =
((ipfw_insn_u16 *)cmd)->ports;
int i;
@@ -3895,10 +3895,10 @@
goto bad_size;
break;
- case O_MACADDR2:
- case O_MAC_SRC:
- case O_MAC_DST:
- if (cmdlen != F_INSN_SIZE(ipfw_insn_mac))
+ case O_ETHERADDR2:
+ case O_ETHER_SRC:
+ case O_ETHER_DST:
+ if (cmdlen != F_INSN_SIZE(ipfw_insn_ether))
goto bad_size;
break;
@@ -3912,7 +3912,7 @@
goto bad_size;
break;
- case O_MAC_TYPE:
+ case O_ETHER_TYPE:
case O_IP_SRCPORT:
case O_IP_DSTPORT: /* XXX artificial limit, 30 port pairs */
if (cmdlen < 2 || cmdlen > 31)
@@ -4280,7 +4280,7 @@
if (error)
break;
error = add_table_entry(&layer3_chain, ent.tbl,
- ent.addr, ent.masklen, ent.mac_addr, ent.value);
+ ent.addr, ent.masklen, ent.ether_addr, ent.value);
}
break;
More information about the p4-projects
mailing list