d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for filtering on Routing Header Type 0 and

Browse Source 
Mobile IPv6 Routing Header Type 2 in addition to filter
on the non-differentiated presence of any Routing Header.

MFC after:	3 weeks
This commit is contained in:
Bjoern A. Zeeb 2007-05-04 11:15:41 +00:00
parent 65c7bc2147
commit 7a92401aea
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=169245
4 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sbin/ipfw/ipfw.8
View File

@ -1,7 +1,7 @@
.\" .\"
.\" $FreeBSD$ .\" $FreeBSD$
.\" .\"
.Dd July 25, 2006 .Dd May 4, 2007
.Dt IPFW 8 .Dt IPFW 8
.Os .Os
.Sh NAME .Sh NAME
@ -456,7 +456,7 @@ Time To Live
.It IP options .It IP options
.It IPv6 Extension headers .It IPv6 Extension headers
Fragmentation, Hop-by-Hop options, Fragmentation, Hop-by-Hop options,
source routing, IPSec options. Routing Headers, Source routing rthdr0, Mobile IPv6 rthdr2, IPSec options.
.It IPv6 Flow-ID .It IPv6 Flow-ID
.It Misc. TCP header fields .It Misc. TCP header fields
TCP flags (SYN, FIN, ACK, RST, etc.), TCP flags (SYN, FIN, ACK, RST, etc.),
@ -1125,8 +1125,12 @@ Fragment,
.Pq Cm frag , .Pq Cm frag ,
Hop-to-hop options Hop-to-hop options
.Pq Cm hopopt , .Pq Cm hopopt ,
Source routing any type of Routing Header
.Pq Cm route , .Pq Cm route ,
Source routing Routing Header Type 0
.Pq Cm rthdr0 ,
Mobile IPv6 Routing Header Type 2
.Pq Cm rthdr2 ,
Destination options Destination options
.Pq Cm dstopt , .Pq Cm dstopt ,
IPSec authentication headers IPSec authentication headers

18
sbin/ipfw/ipfw2.c
View File

@ -1301,6 +1301,8 @@ static struct _s_x ext6hdrcodes[] = {
{ "dstopt", EXT_DSTOPTS }, { "dstopt", EXT_DSTOPTS },
{ "ah", EXT_AH }, { "ah", EXT_AH },
{ "esp", EXT_ESP }, { "esp", EXT_ESP },
{ "rthdr0", EXT_RTHDR0 },
{ "rthdr2", EXT_RTHDR2 },
{ NULL, 0 } { NULL, 0 }
}; };
@ -1341,6 +1343,14 @@ fill_ext6hdr( ipfw_insn *cmd, char *av)
cmd->arg1 |= EXT_ESP; cmd->arg1 |= EXT_ESP;
break; break;
case EXT_RTHDR0:
cmd->arg1 |= EXT_RTHDR0;
break;
case EXT_RTHDR2:
cmd->arg1 |= EXT_RTHDR2;
break;
default: default:
errx( EX_DATAERR, "invalid option for ipv6 exten header" ); errx( EX_DATAERR, "invalid option for ipv6 exten header" );
break; break;
@ -1371,6 +1381,14 @@ print_ext6hdr( ipfw_insn *cmd )
printf("%crouting options", sep); printf("%crouting options", sep);
sep = ','; sep = ',';
} }
if (cmd->arg1 & EXT_RTHDR0 ) {
printf("%crthdr0", sep);
sep = ',';
}
if (cmd->arg1 & EXT_RTHDR2 ) {
printf("%crthdr2", sep);
sep = ',';
}
if (cmd->arg1 & EXT_DSTOPTS ) { if (cmd->arg1 & EXT_DSTOPTS ) {
printf("%cdestination options", sep); printf("%cdestination options", sep);
sep = ','; sep = ',';

2
sys/netinet/ip_fw.h
View File

@ -174,6 +174,8 @@ enum ipfw_opcodes { /* arguments (4 byte each) */
#define EXT_AH 0x8 #define EXT_AH 0x8
#define EXT_ESP 0x10 #define EXT_ESP 0x10
#define EXT_DSTOPTS 0x20 #define EXT_DSTOPTS 0x20
#define EXT_RTHDR0 0x40
#define EXT_RTHDR2 0x80
/* /*
* Template for instructions. * Template for instructions.

4
sys/netinet/ip_fw2.c
View File

@ -2469,6 +2469,10 @@ do { \
PULLUP_TO(hlen, ulp, struct ip6_rthdr); PULLUP_TO(hlen, ulp, struct ip6_rthdr);
switch (((struct ip6_rthdr *)ulp)->ip6r_type) { switch (((struct ip6_rthdr *)ulp)->ip6r_type) {
case 0: case 0:
ext_hd |= EXT_RTHDR0;
break;
case 2:
ext_hd |= EXT_RTHDR2;
break; break;
default: default:
printf("IPFW2: IPV6 - Unknown Routing " printf("IPFW2: IPV6 - Unknown Routing "