PERFORCE change 144241 for review
Gleb Kurtsou
gk at FreeBSD.org
Sat Jun 28 20:52:05 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=144241
Change 144241 by gk at gk_h1 on 2008/06/28 20:51:50
s/IP_FW_EA_*/IPFW_EA_*/ (appropriate struct has been renamed for a
while already)
Rename IPFW_EA_INIT into much more meaningful IPFW_EA_FLOW
Fix dynamic rule creation. Right after creation of dynamic rule install_state
calls lookup_dyn_rule_locked but ether_addr_allow_dyn expects ifpw_flow_id to
contain real ethernet addresses but not the addresses created by the rule.
Note. ifpw_flow_id is used to store src-ether and dst-ether to create
appropriate dynamic rule. Additional fields are not added not to enlarge the
struct by another 16 bytes which are going to be used just in a few code paths.
Affected files ...
.. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#7 edit
.. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#9 edit
.. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#11 edit
Differences ...
==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw2.c#7 (text+ko) ====
@@ -1141,9 +1141,9 @@
static void
print_ether(ipfw_ether_addr *addr)
{
- if ((addr->flags & IP_FW_EA_CHECK) == 0) {
+ if ((addr->flags & IPFW_EA_CHECK) == 0) {
printf(" any");
- } else if (addr->flags & IP_FW_EA_MULTICAST) {
+ } else if (addr->flags & IPFW_EA_MULTICAST) {
printf(" multicast");
} else {
u_char *ea = addr->octet;
@@ -4467,7 +4467,7 @@
return;
}
if (strcmp(p, "multicast") == 0) {
- addr->flags = IP_FW_EA_CHECK | IP_FW_EA_MULTICAST;
+ addr->flags = IPFW_EA_CHECK | IPFW_EA_MULTICAST;
return;
}
@@ -4476,7 +4476,7 @@
errx(EX_DATAERR, "Incorrect ethernet (MAC) address");
memcpy(addr->octet, ether, ETHER_ADDR_LEN);
- addr->flags = IP_FW_EA_CHECK;
+ addr->flags = IPFW_EA_CHECK;
}
/*
@@ -5976,7 +5976,7 @@
} else {
snprintf(tval_buf, sizeof(tval_buf), "%u", tval);
}
- if (tbl->ent[a].ether_addr.flags & IP_FW_EA_CHECK) {
+ if (tbl->ent[a].ether_addr.flags & IPFW_EA_CHECK) {
uint8_t *x = (uint8_t *)&tbl->ent[a].ether_addr;
snprintf(tether_buf, sizeof(tether_buf), "ether %02x:%02x:%02x:%02x:%02x:%02x ",
x[0], x[1], x[2], x[3], x[4], x[5]);
==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw.h#9 (text+ko) ====
@@ -264,9 +264,9 @@
* This is used for ethernet (MAC) addr-mask pairs.
*/
-#define IP_FW_EA_INIT 0x01
-#define IP_FW_EA_CHECK 0x02
-#define IP_FW_EA_MULTICAST 0x04
+#define IPFW_EA_CHECK 0x01
+#define IPFW_EA_MULTICAST 0x02
+#define IPFW_EA_FLOW 0x04
typedef struct _ipfw_ether_addr {
u_char octet[6];
==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw2.c#11 (text+ko) ====
@@ -157,9 +157,9 @@
.octet = { 0xff, 0xff, 0xff, 0xff, 0xff,0xff },
.flags = 0
};
- if ((want->flags & IP_FW_EA_CHECK) == 0)
+ if ((want->flags & IPFW_EA_CHECK) == 0)
return (1);
- if (want->flags & IP_FW_EA_MULTICAST) {
+ if (want->flags & IPFW_EA_MULTICAST) {
return (ETHER_IS_MULTICAST(ea->octet));
}
@@ -170,8 +170,15 @@
static __inline int ether_addr_allow_dyn(ipfw_ether_addr *want, ipfw_ether_addr *a)
{
- if ((a->flags & IP_FW_EA_INIT) == 0)
+ if (a->flags & IPFW_EA_CHECK) {
+ /* dynamic rule is being added. check is performed already */
+ return (1);
+ }
+ if ((a->flags & IPFW_EA_FLOW) == 0) {
+ if (want->flags & IPFW_EA_CHECK)
+ printf("ipfw: no tag: %6D (want %6D)\n", a->octet, ":", want->octet, ":");
return (1);
+ }
return (ether_addr_allow(want, (struct ether_addr *)a->octet));
}
@@ -2275,10 +2282,10 @@
etype = ntohs(args->eh->ether_type);
memcpy(args->f_id.src_ether.octet, args->eh->ether_shost,
ETHER_ADDR_LEN);
- args->f_id.src_ether.flags = IP_FW_EA_INIT;
+ args->f_id.src_ether.flags = IPFW_EA_FLOW;
memcpy(args->f_id.dst_ether.octet, args->eh->ether_dhost,
ETHER_ADDR_LEN);
- args->f_id.dst_ether.flags = IP_FW_EA_INIT;
+ args->f_id.dst_ether.flags = IPFW_EA_FLOW;
} else {
args->f_id.src_ether.flags = 0;
args->f_id.dst_ether.flags = 0;
More information about the p4-projects
mailing list