The following reply was made to PR kern/156410; it has been noted by GNATS.
From: dfil...@freebsd.org (dfilter service)
To: bug-follo...@freebsd.org
Cc:
Subject: Re: kern/156410: commit references a PR
Date: Mon, 30 May 2011 05:37:40 + (UTC)
Author: ae
Date: Mon May 30 05:37:26 2011
New Revision: 222473
URL: http://svn.freebsd.org/changeset/base/222473
Log:
Add tablearg support for ipfw setfib.
PR: kern/156410
MFC after: 2 weeks
Modified:
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.c
head/sys/netinet/ipfw/ip_fw2.c
head/sys/netinet/ipfw/ip_fw_sockopt.c
Modified: head/sbin/ipfw/ipfw.8
==
--- head/sbin/ipfw/ipfw.8 Mon May 30 04:23:33 2011(r222472)
+++ head/sbin/ipfw/ipfw.8 Mon May 30 05:37:26 2011(r222473)
@@ -1,7 +1,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 27, 2010
+.Dd May 30, 2011
.Dt IPFW 8
.Os
.Sh NAME
@@ -871,13 +871,16 @@ for more information on
and
.Cm ngtee
actions.
-.It Cm setfib Ar fibnum
+.It Cm setfib Ar fibnum | tablearg
The packet is tagged so as to use the FIB (routing table)
.Ar fibnum
in any subsequent forwarding decisions.
Initially this is limited to the values 0 through 15, see
.Xr setfib 1 .
Processing continues at the next rule.
+It is possible to use the
+.Cm tablearg
+keyword with a setfib. If tablearg value is not within compiled FIB range
packet fib is set to 0.
.It Cm reass
Queue and reassemble ip fragments.
If the packet is not fragmented, counters are updated and processing
continues with the next rule.
@@ -1711,7 +1714,7 @@ is used.
The
.Cm tablearg
argument can be used with the following actions:
-.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto
+.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto, setfib,
action parameters:
.Cm tag, untag,
rule options:
Modified: head/sbin/ipfw/ipfw2.c
==
--- head/sbin/ipfw/ipfw2.c Mon May 30 04:23:33 2011(r222472)
+++ head/sbin/ipfw/ipfw2.c Mon May 30 05:37:26 2011(r222473)
@@ -2835,14 +2835,19 @@ chkarg:
size_t intsize = sizeof(int);
action->opcode = O_SETFIB;
- NEED1("missing fib number");
- action->arg1 = strtoul(*av, NULL, 10);
- if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1)
- errx(EX_DATAERR, "fibs not suported.\n");
- if (action->arg1 >= numfibs) /* Temporary */
- errx(EX_DATAERR, "fib too large.\n");
- av++;
- break;
+ NEED1("missing fib number");
+ if (_substrcmp(*av, "tablearg") == 0) {
+ action->arg1 = IP_FW_TABLEARG;
+ } else {
+ action->arg1 = strtoul(*av, NULL, 10);
+ if (sysctlbyname("net.fibs", &numfibs, &intsize,
+ NULL, 0) == -1)
+ errx(EX_DATAERR, "fibs not suported.\n");
+ if (action->arg1 >= numfibs) /* Temporary */
+ errx(EX_DATAERR, "fib too large.\n");
+ }
+ av++;
+ break;
}
case TOK_REASS:
Modified: head/sys/netinet/ipfw/ip_fw2.c
==
--- head/sys/netinet/ipfw/ip_fw2.c Mon May 30 04:23:33 2011
(r222472)
+++ head/sys/netinet/ipfw/ip_fw2.c Mon May 30 05:37:26 2011
(r222473)
@@ -2137,14 +2137,21 @@ do {
\
done = 1; /* exit outer loop */
break;
- case O_SETFIB:
+ case O_SETFIB: {
+ uint32_t fib;
+
f->pcnt++; /* update stats */
f->bcnt += pktlen;
f->timestamp = time_uptime;
- M_SETFIB(m, cmd->arg1);
- args->f_id.fib = cmd->arg1;
+ fib = (cmd->arg1 == IP_FW_TABLEARG) ? tablearg:
+ cmd->arg1;
+ if (fib >= rt_numfibs)
+ fib = 0;
+ M_SETFIB(m, fib);
+ args->f_id.fib = fib;
l = 0; /* exit inner loop */
break;
+ }
case O_NAT:
if (!IPFW_NAT_LOADED) {
Modified: head/sys/netinet/ipfw/ip_fw_sockopt.c
=