Hi,
The attached patch supports tablearg options to setfib.
With the patch, you can add rules like
ipfw add 100 setfib tablearg ip from 'table(1)' to any
It help in policy based routing as discussed in this thread.
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=124951+0+archive/2009/freebsd-net/20090426.freebsd-net
Let me know your comments..
Thanks,
Joe
Index: src/sbin/ipfw/ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.159
diff -c -u -r1.159 ipfw2.c
--- src/sbin/ipfw/ipfw2.c 19 Apr 2010 16:35:47 -0000 1.159
+++ src/sbin/ipfw/ipfw2.c 30 Sep 2010 18:52:41 -0000
@@ -2833,11 +2833,17 @@
action->opcode = O_SETFIB;
NEED1("missing fib number");
- action->arg1 = strtoul(*av, NULL, 10);
- if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1)
- errx(EX_DATAERR, "fibs not suported.\n");
- if (action->arg1 >= numfibs) /* Temporary */
- errx(EX_DATAERR, "fib too large.\n");
+ if(isdigit(**av)) {
+ action->arg1 = strtoul(*av, NULL, 10);
+ if (sysctlbyname("net.fibs", &numfibs, &intsize,
+ NULL, 0) == -1)
+ errx(EX_DATAERR, "fibs not suported.\n");
+ if (action->arg1 >= numfibs) /* Temporary */
+ errx(EX_DATAERR, "fib too large.\n");
+ } else if (_substrcmp(*av, "tablearg") == 0)
+ action->arg1 = IP_FW_TABLEARG;
+ else
+ errx(EX_DATAERR, "illegal argument for %s", *(av - 1));
av++;
break;
}
Index: src/sys/netinet/ipfw/ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ipfw/ip_fw2.c,v
retrieving revision 1.45
diff -c -u -r1.45 ip_fw2.c
--- src/sys/netinet/ipfw/ip_fw2.c 27 Jul 2010 14:26:34 -0000 1.45
+++ src/sys/netinet/ipfw/ip_fw2.c 30 Sep 2010 18:52:43 -0000
@@ -2092,12 +2092,15 @@
done = 1; /* exit outer loop */
break;
- case O_SETFIB:
+ case O_SETFIB: {
+ uint32_t fibnum;
f->pcnt++; /* update stats */
f->bcnt += pktlen;
f->timestamp = time_uptime;
- M_SETFIB(m, cmd->arg1);
- args->f_id.fib = cmd->arg1;
+ fibnum = (cmd->arg1 == IP_FW_TABLEARG)?
+ tablearg : cmd->arg1;
+ M_SETFIB(m, fibnum);
+ args->f_id.fib = fibnum;
l = 0; /* exit inner loop */
break;
Index: src/sys/netinet/ipfw/ip_fw_sockopt.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ipfw/ip_fw_sockopt.c,v
retrieving revision 1.17
diff -c -u -r1.17 ip_fw_sockopt.c
--- src/sys/netinet/ipfw/ip_fw_sockopt.c 7 Apr 2010 08:23:58 -0000
1.17
+++ src/sys/netinet/ipfw/ip_fw_sockopt.c 30 Sep 2010 18:52:44 -0000
@@ -605,7 +605,8 @@
case O_SETFIB:
if (cmdlen != F_INSN_SIZE(ipfw_insn))
goto bad_size;
- if (cmd->arg1 >= rt_numfibs) {
+ if (cmd->arg1 >= rt_numfibs &&
+ cmd->arg1 != IP_FW_TABLEARG) {
printf("ipfw: invalid fib number %d\n",
cmd->arg1);
return EINVAL;
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
