mirror of https://github.com/F-Stack/f-stack.git
IPFW: supported IPv6.
This commit is contained in:
parent
2747a35d56
commit
4af0f1ccbb
|
@ -18,6 +18,10 @@ SRCS+= altq.c
|
||||||
CFLAGS+=-DPF
|
CFLAGS+=-DPF
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifneq (${MK_INET6_SUPPORT},"no")
|
||||||
|
CFLAGS+= -DINET6
|
||||||
|
endif
|
||||||
|
|
||||||
LIBADD= util
|
LIBADD= util
|
||||||
MAN= ipfw.8
|
MAN= ipfw.8
|
||||||
|
|
||||||
|
|
|
@ -404,9 +404,9 @@ print_mask(struct ipfw_flow_id *id)
|
||||||
printf("\n mask: %sproto: 0x%02x, flow_id: 0x%08x, ",
|
printf("\n mask: %sproto: 0x%02x, flow_id: 0x%08x, ",
|
||||||
id->extra ? "queue," : "",
|
id->extra ? "queue," : "",
|
||||||
id->proto, id->flow_id6);
|
id->proto, id->flow_id6);
|
||||||
inet_ntop(AF_INET6, &(id->src_ip6), buf, sizeof(buf));
|
inet_ntop(AF_INET6_LINUX, &(id->src_ip6), buf, sizeof(buf));
|
||||||
printf("%s/0x%04x -> ", buf, id->src_port);
|
printf("%s/0x%04x -> ", buf, id->src_port);
|
||||||
inet_ntop(AF_INET6, &(id->dst_ip6), buf, sizeof(buf));
|
inet_ntop(AF_INET6_LINUX, &(id->dst_ip6), buf, sizeof(buf));
|
||||||
printf("%s/0x%04x\n", buf, id->dst_port);
|
printf("%s/0x%04x\n", buf, id->dst_port);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -455,10 +455,10 @@ list_flow(struct buf_pr *bp, struct dn_flow *ni)
|
||||||
else
|
else
|
||||||
bprintf(bp, "%9u ", id->proto);
|
bprintf(bp, "%9u ", id->proto);
|
||||||
bprintf(bp, "%7d %39s/%-5d ", id->flow_id6,
|
bprintf(bp, "%7d %39s/%-5d ", id->flow_id6,
|
||||||
inet_ntop(AF_INET6, &(id->src_ip6), buff, sizeof(buff)),
|
inet_ntop(AF_INET6_LINUX, &(id->src_ip6), buff, sizeof(buff)),
|
||||||
id->src_port);
|
id->src_port);
|
||||||
bprintf(bp, " %39s/%-5d ",
|
bprintf(bp, " %39s/%-5d ",
|
||||||
inet_ntop(AF_INET6, &(id->dst_ip6), buff, sizeof(buff)),
|
inet_ntop(AF_INET6_LINUX, &(id->dst_ip6), buff, sizeof(buff)),
|
||||||
id->dst_port);
|
id->dst_port);
|
||||||
}
|
}
|
||||||
pr_u64(bp, &ni->tot_pkts, 4);
|
pr_u64(bp, &ni->tot_pkts, 4);
|
||||||
|
|
|
@ -2181,9 +2181,9 @@ show_dyn_state(struct cmdline_opts *co, struct format_opts *fo,
|
||||||
a.s_addr = htonl(d->id.dst_ip);
|
a.s_addr = htonl(d->id.dst_ip);
|
||||||
bprintf(bp, " <-> %s %d", inet_ntoa(a), d->id.dst_port);
|
bprintf(bp, " <-> %s %d", inet_ntoa(a), d->id.dst_port);
|
||||||
} else if (d->id.addr_type == 6) {
|
} else if (d->id.addr_type == 6) {
|
||||||
bprintf(bp, " %s %d", inet_ntop(AF_INET6, &d->id.src_ip6, buf,
|
bprintf(bp, " %s %d", inet_ntop(AF_INET6_LINUX, &d->id.src_ip6, buf,
|
||||||
sizeof(buf)), d->id.src_port);
|
sizeof(buf)), d->id.src_port);
|
||||||
bprintf(bp, " <-> %s %d", inet_ntop(AF_INET6, &d->id.dst_ip6,
|
bprintf(bp, " <-> %s %d", inet_ntop(AF_INET6_LINUX, &d->id.dst_ip6,
|
||||||
buf, sizeof(buf)), d->id.dst_port);
|
buf, sizeof(buf)), d->id.dst_port);
|
||||||
} else
|
} else
|
||||||
bprintf(bp, " UNKNOWN <-> UNKNOWN\n");
|
bprintf(bp, " UNKNOWN <-> UNKNOWN\n");
|
||||||
|
@ -3559,11 +3559,11 @@ add_src(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
|
||||||
host = av;
|
host = av;
|
||||||
|
|
||||||
if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 ||
|
if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 ||
|
||||||
inet_pton(AF_INET6, host, &a) == 1)
|
inet_pton(AF_INET6_LINUX, host, &a) == 1)
|
||||||
ret = add_srcip6(cmd, av, cblen);
|
ret = add_srcip6(cmd, av, cblen);
|
||||||
/* XXX: should check for IPv4, not !IPv6 */
|
/* XXX: should check for IPv4, not !IPv6 */
|
||||||
if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
|
if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
|
||||||
inet_pton(AF_INET6, host, &a) != 1))
|
inet_pton(AF_INET6_LINUX, host, &a) != 1))
|
||||||
ret = add_srcip(cmd, av, cblen, tstate);
|
ret = add_srcip(cmd, av, cblen, tstate);
|
||||||
if (ret == NULL && strcmp(av, "any") != 0)
|
if (ret == NULL && strcmp(av, "any") != 0)
|
||||||
ret = cmd;
|
ret = cmd;
|
||||||
|
@ -3590,11 +3590,11 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
|
||||||
host = av;
|
host = av;
|
||||||
|
|
||||||
if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 ||
|
if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 ||
|
||||||
inet_pton(AF_INET6, host, &a) == 1)
|
inet_pton(AF_INET6_LINUX, host, &a) == 1)
|
||||||
ret = add_dstip6(cmd, av, cblen);
|
ret = add_dstip6(cmd, av, cblen);
|
||||||
/* XXX: should check for IPv4, not !IPv6 */
|
/* XXX: should check for IPv4, not !IPv6 */
|
||||||
if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
|
if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
|
||||||
inet_pton(AF_INET6, host, &a) != 1))
|
inet_pton(AF_INET6_LINUX, host, &a) != 1))
|
||||||
ret = add_dstip(cmd, av, cblen, tstate);
|
ret = add_dstip(cmd, av, cblen, tstate);
|
||||||
if (ret == NULL && strcmp(av, "any") != 0)
|
if (ret == NULL && strcmp(av, "any") != 0)
|
||||||
ret = cmd;
|
ret = cmd;
|
||||||
|
@ -3884,7 +3884,7 @@ chkarg:
|
||||||
CHECK_ACTLEN;
|
CHECK_ACTLEN;
|
||||||
|
|
||||||
p->sa.sin6_len = sizeof(struct sockaddr_in6);
|
p->sa.sin6_len = sizeof(struct sockaddr_in6);
|
||||||
p->sa.sin6_family = AF_INET6;
|
p->sa.sin6_family = AF_INET6_LINUX;
|
||||||
p->sa.sin6_port = port_number;
|
p->sa.sin6_port = port_number;
|
||||||
p->sa.sin6_flowinfo = 0;
|
p->sa.sin6_flowinfo = 0;
|
||||||
p->sa.sin6_scope_id =
|
p->sa.sin6_scope_id =
|
||||||
|
|
|
@ -42,6 +42,8 @@
|
||||||
#include <netinet/ip_fw.h>
|
#include <netinet/ip_fw.h>
|
||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
|
|
||||||
|
#include "compat.h"
|
||||||
|
|
||||||
#define CHECK_LENGTH(v, len) do { \
|
#define CHECK_LENGTH(v, len) do { \
|
||||||
if ((v) < (len)) \
|
if ((v) < (len)) \
|
||||||
errx(EX_DATAERR, "Rule too long"); \
|
errx(EX_DATAERR, "Rule too long"); \
|
||||||
|
@ -115,18 +117,18 @@ print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd, char const *s)
|
||||||
128 : contigmask((uint8_t *)&(a[1]), 128);
|
128 : contigmask((uint8_t *)&(a[1]), 128);
|
||||||
|
|
||||||
if (mb == 128 && co.do_resolv)
|
if (mb == 128 && co.do_resolv)
|
||||||
he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6);
|
he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6_LINUX);
|
||||||
if (he != NULL) /* resolved to name */
|
if (he != NULL) /* resolved to name */
|
||||||
bprintf(bp, "%s", he->h_name);
|
bprintf(bp, "%s", he->h_name);
|
||||||
else if (mb == 0) /* any */
|
else if (mb == 0) /* any */
|
||||||
bprintf(bp, "any");
|
bprintf(bp, "any");
|
||||||
else { /* numeric IP followed by some kind of mask */
|
else { /* numeric IP followed by some kind of mask */
|
||||||
if (inet_ntop(AF_INET6, a, trad, sizeof( trad ) ) == NULL)
|
if (inet_ntop(AF_INET6_LINUX, a, trad, sizeof( trad ) ) == NULL)
|
||||||
bprintf(bp, "Error ntop in print_ip6\n");
|
bprintf(bp, "Error ntop in print_ip6\n");
|
||||||
bprintf(bp, "%s", trad );
|
bprintf(bp, "%s", trad );
|
||||||
if (mb < 0) /* XXX not really legal... */
|
if (mb < 0) /* XXX not really legal... */
|
||||||
bprintf(bp, ":%s",
|
bprintf(bp, ":%s",
|
||||||
inet_ntop(AF_INET6, &a[1], trad, sizeof(trad)));
|
inet_ntop(AF_INET6_LINUX, &a[1], trad, sizeof(trad)));
|
||||||
else if (mb < 128)
|
else if (mb < 128)
|
||||||
bprintf(bp, "/%d", mb);
|
bprintf(bp, "/%d", mb);
|
||||||
}
|
}
|
||||||
|
@ -309,8 +311,8 @@ lookup_host6 (char *host, struct in6_addr *ip6addr)
|
||||||
{
|
{
|
||||||
struct hostent *he;
|
struct hostent *he;
|
||||||
|
|
||||||
if (!inet_pton(AF_INET6, host, ip6addr)) {
|
if (!inet_pton(AF_INET6_LINUX, host, ip6addr)) {
|
||||||
if ((he = gethostbyname2(host, AF_INET6)) == NULL)
|
if ((he = gethostbyname2(host, AF_INET6_LINUX)) == NULL)
|
||||||
return(-1);
|
return(-1);
|
||||||
memcpy(ip6addr, he->h_addr_list[0], sizeof( struct in6_addr));
|
memcpy(ip6addr, he->h_addr_list[0], sizeof( struct in6_addr));
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,6 +33,8 @@
|
||||||
|
|
||||||
#ifdef FSTACK
|
#ifdef FSTACK
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
#include "compat.h"
|
||||||
|
|
||||||
#include "ff_ipc.h"
|
#include "ff_ipc.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -84,6 +86,9 @@ help(void)
|
||||||
" setup | {tcpack|tcpseq|tcpwin} NN | tcpflags SPEC | tcpoptions SPEC |\n"
|
" setup | {tcpack|tcpseq|tcpwin} NN | tcpflags SPEC | tcpoptions SPEC |\n"
|
||||||
" tcpdatalen LIST | verrevpath | versrcreach | antispoof\n"
|
" tcpdatalen LIST | verrevpath | versrcreach | antispoof\n"
|
||||||
);
|
);
|
||||||
|
#ifdef FSTACK
|
||||||
|
ff_ipc_exit();
|
||||||
|
#endif
|
||||||
|
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
@ -661,5 +666,8 @@ main(int ac, char *av[])
|
||||||
"do \"ipfw -h\" or \"man ipfw\" for details");
|
"do \"ipfw -h\" or \"man ipfw\" for details");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#ifdef FSTACK
|
||||||
|
ff_ipc_exit();
|
||||||
|
#endif
|
||||||
return EX_OK;
|
return EX_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1145,7 +1145,7 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
|
||||||
|
|
||||||
masklen = p ? mask : 32;
|
masklen = p ? mask : 32;
|
||||||
af = AF_INET;
|
af = AF_INET;
|
||||||
} else if (inet_pton(AF_INET6, arg, paddr) == 1) {
|
} else if (inet_pton(AF_INET6_LINUX, arg, paddr) == 1) {
|
||||||
if (IN6_IS_ADDR_V4COMPAT(paddr))
|
if (IN6_IS_ADDR_V4COMPAT(paddr))
|
||||||
errx(EX_DATAERR,
|
errx(EX_DATAERR,
|
||||||
"Use IPv4 instead of v4-compatible");
|
"Use IPv4 instead of v4-compatible");
|
||||||
|
@ -1154,7 +1154,7 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
|
||||||
p + 1);
|
p + 1);
|
||||||
|
|
||||||
masklen = p ? mask : 128;
|
masklen = p ? mask : 128;
|
||||||
af = AF_INET6;
|
af = AF_INET6_LINUX;
|
||||||
} else {
|
} else {
|
||||||
/* Assume FQDN */
|
/* Assume FQDN */
|
||||||
if (lookup_host(arg, (struct in_addr *)paddr) != 0)
|
if (lookup_host(arg, (struct in_addr *)paddr) != 0)
|
||||||
|
@ -1198,11 +1198,11 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
|
||||||
"Inconsistent address family\n");
|
"Inconsistent address family\n");
|
||||||
af = AF_INET;
|
af = AF_INET;
|
||||||
memcpy(&tfe->a.a4.sip, &tmp, 4);
|
memcpy(&tfe->a.a4.sip, &tmp, 4);
|
||||||
} else if (inet_pton(AF_INET6, arg, &tmp) == 1) {
|
} else if (inet_pton(AF_INET6_LINUX, arg, &tmp) == 1) {
|
||||||
if (af != 0 && af != AF_INET6)
|
if (af != 0 && af != AF_INET6_LINUX)
|
||||||
errx(EX_DATAERR,
|
errx(EX_DATAERR,
|
||||||
"Inconsistent address family\n");
|
"Inconsistent address family\n");
|
||||||
af = AF_INET6;
|
af = AF_INET6_LINUX;
|
||||||
memcpy(&tfe->a.a6.sip6, &tmp, 16);
|
memcpy(&tfe->a.a6.sip6, &tmp, 16);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1266,11 +1266,11 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
|
||||||
"Inconsistent address family");
|
"Inconsistent address family");
|
||||||
af = AF_INET;
|
af = AF_INET;
|
||||||
memcpy(&tfe->a.a4.dip, &tmp, 4);
|
memcpy(&tfe->a.a4.dip, &tmp, 4);
|
||||||
} else if (inet_pton(AF_INET6, arg, &tmp) == 1) {
|
} else if (inet_pton(AF_INET6_LINUX, arg, &tmp) == 1) {
|
||||||
if (af != 0 && af != AF_INET6)
|
if (af != 0 && af != AF_INET6_LINUX)
|
||||||
errx(EX_DATAERR,
|
errx(EX_DATAERR,
|
||||||
"Inconsistent address family");
|
"Inconsistent address family");
|
||||||
af = AF_INET6;
|
af = AF_INET6_LINUX;
|
||||||
memcpy(&tfe->a.a6.dip6, &tmp, 16);
|
memcpy(&tfe->a.a6.dip6, &tmp, 16);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1329,7 +1329,7 @@ guess_key_type(char *key, uint8_t *ptype)
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if ((inet_pton(AF_INET, key, &addr) == 1) ||
|
if ((inet_pton(AF_INET, key, &addr) == 1) ||
|
||||||
(inet_pton(AF_INET6, key, &addr) == 1)) {
|
(inet_pton(AF_INET6_LINUX, key, &addr) == 1)) {
|
||||||
*ptype = IPFW_TABLE_CIDR;
|
*ptype = IPFW_TABLE_CIDR;
|
||||||
if (p != NULL)
|
if (p != NULL)
|
||||||
*p = '/';
|
*p = '/';
|
||||||
|
@ -1559,7 +1559,7 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
|
||||||
case IPFW_VTYPE_NH6:
|
case IPFW_VTYPE_NH6:
|
||||||
if (strchr(n, ':') != NULL) {
|
if (strchr(n, ':') != NULL) {
|
||||||
memset(&hints, 0, sizeof(hints));
|
memset(&hints, 0, sizeof(hints));
|
||||||
hints.ai_family = AF_INET6;
|
hints.ai_family = AF_INET6_LINUX;
|
||||||
hints.ai_flags = AI_NUMERICHOST;
|
hints.ai_flags = AI_NUMERICHOST;
|
||||||
if (getaddrinfo(n, NULL, &hints, &res) == 0) {
|
if (getaddrinfo(n, NULL, &hints, &res) == 0) {
|
||||||
v->nh6 = ((struct sockaddr_in6 *)
|
v->nh6 = ((struct sockaddr_in6 *)
|
||||||
|
@ -1776,7 +1776,7 @@ table_show_value(char *buf, size_t bufsize, ipfw_table_value *v,
|
||||||
l = snprintf(buf, sz, "%d,", v->dscp);
|
l = snprintf(buf, sz, "%d,", v->dscp);
|
||||||
break;
|
break;
|
||||||
case IPFW_VTYPE_NH6:
|
case IPFW_VTYPE_NH6:
|
||||||
sa6.sin6_family = AF_INET6;
|
sa6.sin6_family = AF_INET6_LINUX;
|
||||||
sa6.sin6_len = sizeof(sa6);
|
sa6.sin6_len = sizeof(sa6);
|
||||||
sa6.sin6_addr = v->nh6;
|
sa6.sin6_addr = v->nh6;
|
||||||
sa6.sin6_port = 0;
|
sa6.sin6_port = 0;
|
||||||
|
|
Loading…
Reference in New Issue