Add support for filtering on Routing Header Type 0 and

Mobile IPv6 Routing Header Type 2 in addition to filter on the non-differentiated presence of any Routing Header. MFC after: 3 weeks
svn path=/head/; revision=169245
2007-05-04 11:15:41 +00:00 · 2007-05-04 11:15:41 +00:00 · 7a92401aea · 2020-12-20 02:59:44 +00:00
commit 7a92401aea
parent 65c7bc2147
4 changed files with 31 additions and 3 deletions
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@ -1,7 +1,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 25, 2006
+.Dd May 4, 2007
 .Dt IPFW 8
 .Os
 .Sh NAME
@ -456,7 +456,7 @@ Time To Live
 .It IP options
 .It IPv6 Extension headers
 Fragmentation, Hop-by-Hop options,
-source routing, IPSec options.
+Routing Headers, Source routing rthdr0, Mobile IPv6 rthdr2, IPSec options.
 .It IPv6 Flow-ID
 .It Misc. TCP header fields
 TCP flags (SYN, FIN, ACK, RST, etc.),
@ -1125,8 +1125,12 @@ Fragment,
 .Pq Cm frag ,
 Hop-to-hop options
 .Pq Cm hopopt ,
-Source routing
+any type of Routing Header
 .Pq Cm route ,
+Source routing Routing Header Type 0
+.Pq Cm rthdr0 ,
+Mobile IPv6 Routing Header Type 2
+.Pq Cm rthdr2 ,
 Destination options
 .Pq Cm dstopt ,
 IPSec authentication headers
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@ -1301,6 +1301,8 @@ static struct _s_x ext6hdrcodes[] = {
       { "dstopt",     EXT_DSTOPTS },
       { "ah",         EXT_AH },
       { "esp",        EXT_ESP },
+       { "rthdr0",     EXT_RTHDR0 },
+       { "rthdr2",     EXT_RTHDR2 },
       { NULL,         0 }
 };

@ -1341,6 +1343,14 @@ fill_ext6hdr( ipfw_insn *cmd, char *av)
               cmd->arg1 |= EXT_ESP;
               break;

+           case EXT_RTHDR0:
+               cmd->arg1 |= EXT_RTHDR0;
+               break;
+
+           case EXT_RTHDR2:
+               cmd->arg1 |= EXT_RTHDR2;
+               break;
+
           default:
               errx( EX_DATAERR, "invalid option for ipv6 exten header" );
               break;
@ -1371,6 +1381,14 @@ print_ext6hdr( ipfw_insn *cmd )
           printf("%crouting options", sep);
           sep = ',';
       }
+       if (cmd->arg1 & EXT_RTHDR0 ) {
+           printf("%crthdr0", sep);
+           sep = ',';
+       }
+       if (cmd->arg1 & EXT_RTHDR2 ) {
+           printf("%crthdr2", sep);
+           sep = ',';
+       }
       if (cmd->arg1 & EXT_DSTOPTS ) {
           printf("%cdestination options", sep);
           sep = ',';
--- a/sys/netinet/ip_fw.h
+++ b/sys/netinet/ip_fw.h
@ -174,6 +174,8 @@ enum ipfw_opcodes {		/* arguments (4 byte each)	*/
 #define EXT_AH		0x8
 #define EXT_ESP		0x10
 #define EXT_DSTOPTS	0x20
+#define EXT_RTHDR0		0x40
+#define EXT_RTHDR2		0x80

 /*
 * Template for instructions.
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -2469,6 +2469,10 @@ do {									\
 				PULLUP_TO(hlen, ulp, struct ip6_rthdr);
 				switch (((struct ip6_rthdr *)ulp)->ip6r_type) {
 				case 0:
+					ext_hd |= EXT_RTHDR0;
+					break;
+				case 2:
+					ext_hd |= EXT_RTHDR2;
 					break;
 				default:
 					printf("IPFW2: IPV6 - Unknown Routing "