Add table/tablearg support to ipfw's nat.
MFC After: 1 week
This commit is contained in:
parent
54462c2410
commit
f94a7fc0b5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=176517
@ -1609,7 +1609,7 @@ This can significantly reduce number of rules in some configurations.
|
||||
The
|
||||
.Cm tablearg
|
||||
argument can be used with the following actions:
|
||||
.Cm pipe , queue, divert, tee, netgraph, ngtee, fwd
|
||||
.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd
|
||||
action parameters:
|
||||
.Cm tag, untag,
|
||||
rule options:
|
||||
|
@ -1612,7 +1612,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
|
||||
break;
|
||||
|
||||
case O_NAT:
|
||||
printf("nat %u", cmd->arg1);
|
||||
PRINT_UINT_ARG("nat ", cmd->arg1);
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -4848,6 +4848,10 @@ add(int ac, char *av[])
|
||||
action->opcode = O_COUNT;
|
||||
break;
|
||||
|
||||
case TOK_NAT:
|
||||
action->opcode = O_NAT;
|
||||
action->len = F_INSN_SIZE(ipfw_insn_nat);
|
||||
goto chkarg;
|
||||
case TOK_QUEUE:
|
||||
action->opcode = O_QUEUE;
|
||||
goto chkarg;
|
||||
@ -4929,14 +4933,6 @@ add(int ac, char *av[])
|
||||
action->opcode = O_COUNT;
|
||||
ac++; av--; /* go back... */
|
||||
break;
|
||||
|
||||
case TOK_NAT:
|
||||
action->opcode = O_NAT;
|
||||
action->len = F_INSN_SIZE(ipfw_insn_nat);
|
||||
NEED1("missing nat number");
|
||||
action->arg1 = strtoul(*av, NULL, 10);
|
||||
ac--; av++;
|
||||
break;
|
||||
|
||||
default:
|
||||
errx(EX_DATAERR, "invalid action %s\n", av[-1]);
|
||||
|
@ -3486,7 +3486,7 @@ do { \
|
||||
struct cfg_nat *t;
|
||||
struct mbuf *mcl;
|
||||
/* XXX - libalias duct tape */
|
||||
int ldt;
|
||||
int ldt, nat_id;
|
||||
char *c;
|
||||
|
||||
ldt = 0;
|
||||
@ -3494,7 +3494,9 @@ do { \
|
||||
retval = 0;
|
||||
t = ((ipfw_insn_nat *)cmd)->nat;
|
||||
if (t == NULL) {
|
||||
t = lookup_nat(cmd->arg1);
|
||||
nat_id = (cmd->arg1 == IP_FW_TABLEARG) ?
|
||||
tablearg : cmd->arg1;
|
||||
t = lookup_nat(nat_id);
|
||||
if (t == NULL) {
|
||||
retval = IP_FW_DENY;
|
||||
goto done;
|
||||
|
Loading…
Reference in New Issue
Block a user