FreeBSD Bugzilla – Attachment 174729 Details for
Bug 212630
ipfw swap does not swap tables between sets
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch
sets.diff (text/plain), 2.10 KB, created by
Andrey V. Elsukov
on 2016-09-13 14:47:07 UTC
(
hide
)
Description:
Proposed patch
Filename:
MIME Type:
Creator:
Andrey V. Elsukov
Created:
2016-09-13 14:47:07 UTC
Size:
2.10 KB
patch
obsolete
>Index: ip_fw_table.c >=================================================================== >--- ip_fw_table.c (revision 305692) >+++ ip_fw_table.c (working copy) >@@ -2876,13 +2876,12 @@ table_manage_sets(struct ip_fw_chain *ch, uint16_t > switch (cmd) { > case SWAP_ALL: > case TEST_ALL: >+ case MOVE_ALL: > /* >- * Return success for TEST_ALL, since nothing prevents >- * move rules from one set to another. All tables are >- * accessible from all sets when per-set tables sysctl >- * is disabled. >+ * Alway return success, the real action and decision >+ * should make table_manage_sets_all(). > */ >- case MOVE_ALL: >+ return (0); > case TEST_ONE: > case MOVE_ONE: > /* >@@ -2907,6 +2906,39 @@ table_manage_sets(struct ip_fw_chain *ch, uint16_t > set, new_set, cmd)); > } > >+/* >+ * We register several opcode rewrites for lookup tables. >+ * All tables opcodes has the same ETLV type, but different subtype. >+ * To avoid invoking sets handler several times for XXX_ALL commands, >+ * we use separate manage_sets handler. O_RECV has the lowest value, >+ * so it should be called first. >+ */ >+static int >+table_manage_sets_all(struct ip_fw_chain *ch, uint16_t set, uint8_t new_set, >+ enum ipfw_sets_cmd cmd) >+{ >+ >+ switch (cmd) { >+ case SWAP_ALL: >+ case TEST_ALL: >+ /* >+ * Return success for TEST_ALL, since nothing prevents >+ * move rules from one set to another. All tables are >+ * accessible from all sets when per-set tables sysctl >+ * is disabled. >+ */ >+ case MOVE_ALL: >+ if (V_fw_tables_sets == 0) >+ return (0); >+ break; >+ default: >+ return (table_manage_sets(ch, set, new_set, cmd)); >+ } >+ /* Use generic sets handler when per-set sysctl is enabled. */ >+ return (ipfw_obj_manage_sets(CHAIN_TO_NI(ch), IPFW_TLV_TBL_NAME, >+ set, new_set, cmd)); >+} >+ > static struct opcode_obj_rewrite opcodes[] = { > { > .opcode = O_IP_SRC_LOOKUP, >@@ -2956,7 +2988,7 @@ static struct opcode_obj_rewrite opcodes[] = { > .find_byname = table_findbyname, > .find_bykidx = table_findbykidx, > .create_object = create_table_compat, >- .manage_sets = table_manage_sets, >+ .manage_sets = table_manage_sets_all, > }, > { > .opcode = O_VIA,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=174729">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 212630
: 174729