Author: ae
Date: Thu Aug 11 10:10:10 2016
New Revision: 303955
URL: https://svnweb.freebsd.org/changeset/base/303955
Log:
Restore "nat global" support.
Now zero value of arg1 used to specify "tablearg", use the old "tablearg"
value for "nat global". Introduce new macro IP_FW_NAT44_GLOBAL to replace
hardcoded magic number to specify "nat global". Also replace 65535 magic
number with corresponding macro. Fix typo in comments.
PR: 211256
Tested by: Victor Chernov
MFC after: 3 days
Modified:
head/sbin/ipfw/ipfw2.c
head/sys/netinet/ip_fw.h
head/sys/netpfil/ipfw/ip_fw2.c
head/sys/netpfil/ipfw/ip_fw_sockopt.c
Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c Thu Aug 11 09:30:25 2016 (r303954)
+++ head/sbin/ipfw/ipfw2.c Thu Aug 11 10:10:10 2016 (r303955)
@@ -1583,7 +1583,7 @@ show_static_rule(struct cmdline_opts *co
break;
case O_NAT:
- if (cmd->arg1 != 0)
+ if (cmd->arg1 != IP_FW_NAT44_GLOBAL)
bprint_uint_arg(bp, "nat ", cmd->arg1);
else
bprintf(bp, "nat global");
@@ -3776,7 +3776,7 @@ compile_rule(char *av[], uint32_t *rbuf,
action->len = F_INSN_SIZE(ipfw_insn_nat);
CHECK_ACTLEN;
if (*av != NULL && _substrcmp(*av, "global") == 0) {
- action->arg1 = 0;
+ action->arg1 = IP_FW_NAT44_GLOBAL;
av++;
break;
} else
Modified: head/sys/netinet/ip_fw.h
==============================================================================
--- head/sys/netinet/ip_fw.h Thu Aug 11 09:30:25 2016 (r303954)
+++ head/sys/netinet/ip_fw.h Thu Aug 11 10:10:10 2016 (r303955)
@@ -60,6 +60,7 @@
#define IPFW_ARG_MAX 65534
#define IP_FW_TABLEARG 65535 /* Compat value for old clients */
#define IP_FW_TARG 0 /* Current tablearg value */
+#define IP_FW_NAT44_GLOBAL 65535 /* arg1 value for "nat global"
*/
/*
* Number of entries in the call stack of the call/return commands.
Modified: head/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw2.c Thu Aug 11 09:30:25 2016
(r303954)
+++ head/sys/netpfil/ipfw/ip_fw2.c Thu Aug 11 10:10:10 2016
(r303955)
@@ -2508,7 +2508,7 @@ do {
\
set_match(args, f_pos, chain);
/* Check if this is 'global' nat rule */
- if (cmd->arg1 == 0) {
+ if (cmd->arg1 == IP_FW_NAT44_GLOBAL) {
retval = ipfw_nat_ptr(args, NULL, m);
break;
}
Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_sockopt.c Thu Aug 11 09:30:25 2016
(r303954)
+++ head/sys/netpfil/ipfw/ip_fw_sockopt.c Thu Aug 11 10:10:10 2016
(r303955)
@@ -530,9 +530,11 @@ import_rule0(struct rule_check_info *ci)
/*
* Alter opcodes:
- * 1) convert tablearg value from 65335 to 0
- * 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room for targ).
+ * 1) convert tablearg value from 65535 to 0
+ * 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room
+ * for targ).
* 3) convert table number in iface opcodes to u16
+ * 4) convert old `nat global` into new 65535
*/
l = krule->cmd_len;
cmd = krule->cmd;
@@ -554,19 +556,21 @@ import_rule0(struct rule_check_info *ci)
case O_NETGRAPH:
case O_NGTEE:
case O_NAT:
- if (cmd->arg1 == 65535)
+ if (cmd->arg1 == IP_FW_TABLEARG)
cmd->arg1 = IP_FW_TARG;
+ else if (cmd->arg1 == 0)
+ cmd->arg1 = IP_FW_NAT44_GLOBAL;
break;
case O_SETFIB:
case O_SETDSCP:
- if (cmd->arg1 == 65535)
+ if (cmd->arg1 == IP_FW_TABLEARG)
cmd->arg1 = IP_FW_TARG;
else
cmd->arg1 |= 0x8000;
break;
case O_LIMIT:
lcmd = (ipfw_insn_limit *)cmd;
- if (lcmd->conn_limit == 65535)
+ if (lcmd->conn_limit == IP_FW_TABLEARG)
lcmd->conn_limit = IP_FW_TARG;
break;
/* Interface tables */
@@ -612,7 +616,7 @@ export_rule0(struct ip_fw *krule, struct
/*
* Alter opcodes:
- * 1) convert tablearg value from 0 to 65335
+ * 1) convert tablearg value from 0 to 65535
* 2) Remove highest bit from O_SETFIB/O_SETDSCP values.
* 3) convert table number in iface opcodes to int
*/
@@ -637,19 +641,21 @@ export_rule0(struct ip_fw *krule, struct
case O_NGTEE:
case O_NAT:
if (cmd->arg1 == IP_FW_TARG)
- cmd->arg1 = 65535;
+ cmd->arg1 = IP_FW_TABLEARG;
+ else if (cmd->arg1 == IP_FW_NAT44_GLOBAL)
+ cmd->arg1 = 0;
break;
case O_SETFIB:
case O_SETDSCP:
if (cmd->arg1 == IP_FW_TARG)
- cmd->arg1 = 65535;
+ cmd->arg1 = IP_FW_TABLEARG;
else
cmd->arg1 &= ~0x8000;
break;
case O_LIMIT:
lcmd = (ipfw_insn_limit *)cmd;
if (lcmd->conn_limit == IP_FW_TARG)
- lcmd->conn_limit = 65535;
+ lcmd->conn_limit = IP_FW_TABLEARG;
break;
/* Interface tables */
case O_XMIT:
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
