svn commit: r269926 - in projects/ipfw: sbin/ipfw sys/netpfil/ipfw

Alexander V. Chernikov melifaro at FreeBSD.org
Wed Aug 13 12:04:46 UTC 2014 

Author: melifaro
Date: Wed Aug 13 12:04:45 2014
New Revision: 269926
URL: http://svnweb.freebsd.org/changeset/base/269926

Log:
  * Pass proper table set numbers from userland side.
  * Ignore them, but honor V_fw_tables_sets value on kernel side.

Modified:
  projects/ipfw/sbin/ipfw/ipfw2.c
  projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c

Modified: projects/ipfw/sbin/ipfw/ipfw2.c
==============================================================================
--- projects/ipfw/sbin/ipfw/ipfw2.c	Wed Aug 13 11:11:27 2014	(r269925)
+++ projects/ipfw/sbin/ipfw/ipfw2.c	Wed Aug 13 12:04:45 2014	(r269926)
@@ -2711,10 +2711,11 @@ struct tidx {
 	uint32_t count;
 	uint32_t size;
 	uint16_t counter;
+	uint8_t set;
 };
 
 static uint16_t
-pack_table(struct tidx *tstate, char *name, uint32_t set)
+pack_table(struct tidx *tstate, char *name)
 {
 	int i;
 	ipfw_obj_ntlv *ntlv;
@@ -2725,7 +2726,7 @@ pack_table(struct tidx *tstate, char *na
 	for (i = 0; i < tstate->count; i++) {
 		if (strcmp(tstate->idx[i].name, name) != 0)
 			continue;
-		if (tstate->idx[i].set != set)
+		if (tstate->idx[i].set != tstate->set)
 			continue;
 
 		return (tstate->idx[i].idx);
@@ -2744,7 +2745,7 @@ pack_table(struct tidx *tstate, char *na
 	strlcpy(ntlv->name, name, sizeof(ntlv->name));
 	ntlv->head.type = IPFW_TLV_TBL_NAME;
 	ntlv->head.length = sizeof(ipfw_obj_ntlv);
-	ntlv->set = set;
+	ntlv->set = tstate->set;
 	ntlv->idx = ++tstate->counter;
 	tstate->count++;
 
@@ -2765,7 +2766,7 @@ fill_table(ipfw_insn *cmd, char *av, uin
 	if (p)
 		*p++ = '\0';
 
-	if ((uidx = pack_table(tstate, av + 6, 0)) == 0)
+	if ((uidx = pack_table(tstate, av + 6)) == 0)
 		errx(EX_DATAERR, "Invalid table name: %s", av + 6);
 
 	cmd->opcode = opcode;
@@ -3091,7 +3092,7 @@ fill_iface(ipfw_insn_if *cmd, char *arg,
 		p = strchr(arg + 6, ',');
 		if (p)
 			*p++ = '\0';
-		if ((uidx = pack_table(tstate, arg + 6, 0)) == 0)
+		if ((uidx = pack_table(tstate, arg + 6)) == 0)
 			errx(EX_DATAERR, "Invalid table name: %s", arg + 6);
 
 		cmd->name[0] = '\1'; /* Special value indicating table */
@@ -3494,6 +3495,7 @@ compile_rule(char *av[], uint32_t *rbuf,
 		if (set < 0 || set > RESVD_SET)
 			errx(EX_DATAERR, "illegal set %s", av[1]);
 		rule->set = set;
+		tstate->set = set;
 		av += 2;
 	}
 
@@ -4496,7 +4498,7 @@ read_options:
 			__PAST_END(c->d, 1) = j; // i converted to option
 			av++;
 
-			if ((j = pack_table(tstate, *av, 0)) == 0)
+			if ((j = pack_table(tstate, *av)) == 0)
 				errx(EX_DATAERR, "Invalid table name: %s", *av);
 
 			cmd->arg1 = j;

Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c	Wed Aug 13 11:11:27 2014	(r269925)
+++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c	Wed Aug 13 12:04:45 2014	(r269926)
@@ -2657,7 +2657,13 @@ find_table(struct namedobj_instance *ni,
 		if (ntlv == NULL)
 			return (NULL);
 		name = ntlv->name;
-		set = ntlv->set;
+
+		/*
+		 * Use set provided by @ti instead of @ntlv one.
+		 * This is needed due to different sets behavior
+		 * controlled by V_fw_tables_sets.
+		 */
+		set = ti->set;
 	} else {
 		snprintf(bname, sizeof(bname), "%d", ti->uidx);
 		name = bname;

More information about the svn-src-projects mailing list