comply with style police
Submitted by: ru MFC after: 1 month
This commit is contained in:
parent
c3dec0b20d
commit
afad78e259
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=161456
@ -689,8 +689,8 @@ Change the next-hop on matching packets to
|
|||||||
.Ar ipaddr ,
|
.Ar ipaddr ,
|
||||||
which can be an IP address or a host name.
|
which can be an IP address or a host name.
|
||||||
The next hop can also be supplied by the last table
|
The next hop can also be supplied by the last table
|
||||||
looked up for the packet by using the
|
looked up for the packet by using the
|
||||||
.Em tablearg
|
.Cm tablearg
|
||||||
keyword instead of an explicit address.
|
keyword instead of an explicit address.
|
||||||
The search terminates if this rule matches.
|
The search terminates if this rule matches.
|
||||||
.Pp
|
.Pp
|
||||||
@ -1594,8 +1594,10 @@ action parameters:
|
|||||||
rule options:
|
rule options:
|
||||||
.Cm limit, tagged.
|
.Cm limit, tagged.
|
||||||
.Pp
|
.Pp
|
||||||
When used with 'fwd' it is possible to supply table entries with values
|
When used with
|
||||||
that are in the form of IP addresses or hostnames.
|
.Cm fwd
|
||||||
|
it is possible to supply table entries with values
|
||||||
|
that are in the form of IP addresses or hostnames.
|
||||||
See the
|
See the
|
||||||
.Sx EXAMPLES
|
.Sx EXAMPLES
|
||||||
Section for example usage of tables and the tablearg keyword.
|
Section for example usage of tables and the tablearg keyword.
|
||||||
@ -2388,7 +2390,9 @@ Then we classify traffic using a single rule:
|
|||||||
.Dl "..."
|
.Dl "..."
|
||||||
.Dl "ipfw pipe tablearg ip from table(1) to any"
|
.Dl "ipfw pipe tablearg ip from table(1) to any"
|
||||||
.Pp
|
.Pp
|
||||||
Using the fwd action, the table entries may include hostnames and IP addresses.
|
Using the
|
||||||
|
.Cn fwd
|
||||||
|
action, the table entries may include hostnames and IP addresses.
|
||||||
.Pp
|
.Pp
|
||||||
.Dl "ipfw table 1 add 192.168.2.0/24 10.23.2.1"
|
.Dl "ipfw table 1 add 192.168.2.0/24 10.23.2.1"
|
||||||
.Dl "ipfw table 1 add 192.168.0.0/27 router1.dmz"
|
.Dl "ipfw table 1 add 192.168.0.0/27 router1.dmz"
|
||||||
|
@ -4034,11 +4034,10 @@ add(int ac, char *av[])
|
|||||||
"illegal forwarding port ``%s''", s);
|
"illegal forwarding port ``%s''", s);
|
||||||
p->sa.sin_port = (u_short)i;
|
p->sa.sin_port = (u_short)i;
|
||||||
}
|
}
|
||||||
if (_substrcmp(*av, "tablearg") == 0) {
|
if (_substrcmp(*av, "tablearg") == 0)
|
||||||
p->sa.sin_addr.s_addr = INADDR_ANY; /* htonl not needed */
|
p->sa.sin_addr.s_addr = INADDR_ANY;
|
||||||
} else {
|
else
|
||||||
lookup_host(*av, &(p->sa.sin_addr));
|
lookup_host(*av, &(p->sa.sin_addr));
|
||||||
}
|
|
||||||
ac--; av++;
|
ac--; av++;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -4998,23 +4997,21 @@ table_handler(int ac, char *av[])
|
|||||||
err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
|
err(EX_OSERR, "getsockopt(IP_FW_TABLE_LIST)");
|
||||||
for (a = 0; a < tbl->cnt; a++) {
|
for (a = 0; a < tbl->cnt; a++) {
|
||||||
/* Heuristic to print it the right way */
|
/* Heuristic to print it the right way */
|
||||||
/* valuse < 64k are printed as numbers */
|
/* values < 64k are printed as numbers */
|
||||||
unsigned int tval;
|
unsigned int tval;
|
||||||
tval = tbl->ent[a].value;
|
tval = tbl->ent[a].value;
|
||||||
if (tval > 0xffff) {
|
if (tval > 0xffff) {
|
||||||
char tbuf[128];
|
char tbuf[128];
|
||||||
strncpy(tbuf,
|
strncpy(tbuf, inet_ntoa(*(struct in_addr *)
|
||||||
inet_ntoa(*(struct in_addr *)
|
&tbl->ent[a].addr), 127);
|
||||||
&tbl->ent[a].addr), 127);
|
|
||||||
/* inet_ntoa expects host order */
|
/* inet_ntoa expects host order */
|
||||||
tval = htonl(tval);
|
tval = htonl(tval);
|
||||||
printf("%s/%u %s\n",
|
printf("%s/%u %s\n", tbuf, tbl->ent[a].masklen,
|
||||||
tbuf, tbl->ent[a].masklen,
|
inet_ntoa(*(struct in_addr *)&tval));
|
||||||
inet_ntoa(*(struct in_addr *)&tval));
|
|
||||||
} else {
|
} else {
|
||||||
printf("%s/%u %u\n",
|
printf("%s/%u %u\n",
|
||||||
inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
|
inet_ntoa(*(struct in_addr *)&tbl->ent[a].addr),
|
||||||
tbl->ent[a].masklen, tbl->ent[a].value);
|
tbl->ent[a].masklen, tbl->ent[a].value);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
|
@ -522,7 +522,6 @@ struct ip_fw_args {
|
|||||||
|
|
||||||
struct _ip6dn_args dummypar; /* dummynet->ip6_output */
|
struct _ip6dn_args dummypar; /* dummynet->ip6_output */
|
||||||
struct sockaddr_in hopstore; /* store here if cannot use a pointer */
|
struct sockaddr_in hopstore; /* store here if cannot use a pointer */
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -2791,7 +2791,8 @@ do { \
|
|||||||
|
|
||||||
case O_LOG:
|
case O_LOG:
|
||||||
if (fw_verbose)
|
if (fw_verbose)
|
||||||
ipfw_log(f, hlen, args, m, oif, offset, tablearg);
|
ipfw_log(f, hlen, args, m,
|
||||||
|
oif, offset, tablearg);
|
||||||
match = 1;
|
match = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -3156,15 +3157,17 @@ do { \
|
|||||||
if (sa->sin_addr.s_addr == INADDR_ANY) {
|
if (sa->sin_addr.s_addr == INADDR_ANY) {
|
||||||
bcopy(sa, &args->hopstore,
|
bcopy(sa, &args->hopstore,
|
||||||
sizeof(*sa));
|
sizeof(*sa));
|
||||||
args->hopstore.sin_addr.s_addr = htonl(tablearg);
|
args->hopstore.sin_addr.s_addr =
|
||||||
args->next_hop = &args->hopstore;
|
htonl(tablearg);
|
||||||
|
args->next_hop =
|
||||||
|
&args->hopstore;
|
||||||
} else {
|
} else {
|
||||||
args->next_hop = sa;
|
args->next_hop = sa;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
retval = IP_FW_PASS;
|
retval = IP_FW_PASS;
|
||||||
}
|
}
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
case O_NETGRAPH:
|
case O_NETGRAPH:
|
||||||
case O_NGTEE:
|
case O_NGTEE:
|
||||||
|
Loading…
Reference in New Issue
Block a user