Attachment #173458 for bug #211256

View | Details | Raw Unified | Return to bug 211256
Collapse All | Expand All

Lines 1583-1589 show_static_rule(struct cmdline_opts *co, struct f Link Here

(-)sbin/ipfw/ipfw2.c (-2 / +2 lines)
1583	break;	1583	break;
1584		1584
1585	case O_NAT:	1585	case O_NAT:
1586	if (cmd->arg1 != 0)	1586	if (cmd->arg1 != IP_FW_NAT44_GLOBAL)
1587	bprint_uint_arg(bp, "nat ", cmd->arg1);	1587	bprint_uint_arg(bp, "nat ", cmd->arg1);
1588	else	1588	else
1589	bprintf(bp, "nat global");	1589	bprintf(bp, "nat global");
Lines 3776-3782 compile_rule(char av[], uint32_t rbuf, int *rbuf Link Here
3776	action->len = F_INSN_SIZE(ipfw_insn_nat);	3776	action->len = F_INSN_SIZE(ipfw_insn_nat);
3777	CHECK_ACTLEN;	3777	CHECK_ACTLEN;
3778	if (av != NULL && _substrcmp(av, "global") == 0) {	3778	if (av != NULL && _substrcmp(av, "global") == 0) {
3779	action->arg1 = 0;	3779	action->arg1 = IP_FW_NAT44_GLOBAL;
3780	av++;	3780	av++;
3781	break;	3781	break;
3782	} else	3782	} else

Lines 2508-2514 do { \ Link Here

(-)sys/netpfil/ipfw/ip_fw2.c (-1 / +1 lines)
2508		2508
2509	set_match(args, f_pos, chain);	2509	set_match(args, f_pos, chain);
2510	/* Check if this is 'global' nat rule */	2510	/* Check if this is 'global' nat rule */
2511	if (cmd->arg1 == 0) {	2511	if (cmd->arg1 == IP_FW_NAT44_GLOBAL) {
2512	retval = ipfw_nat_ptr(args, NULL, m);	2512	retval = ipfw_nat_ptr(args, NULL, m);
2513	break;	2513	break;
2514	}	2514	}





	/*
	 * Alter opcodes:
	 * 1) convert tablearg value from 65535 to 0
	 * 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room
	 *    for targ).
	 * 3) convert table number in iface opcodes to u16
	 * 4) convert old `nat global` into new 65535
	 */
	l = krule->cmd_len;
	cmd = krule->cmd;

		case O_NETGRAPH:
		case O_NGTEE:
		case O_NAT:
			if (cmd->arg1 == IP_FW_TABLEARG)
				cmd->arg1 = IP_FW_TARG;
			else if (cmd->arg1 == 0)
				cmd->arg1 = IP_FW_NAT44_GLOBAL;
			break;
		case O_SETFIB:
		case O_SETDSCP:
			if (cmd->arg1 == IP_FW_TABLEARG)
				cmd->arg1 = IP_FW_TARG;
			else
				cmd->arg1 |= 0x8000;

			break;
		case O_LIMIT:
			lcmd = (ipfw_insn_limit *)cmd;
			if (lcmd->conn_limit == IP_FW_TABLEARG)
				lcmd->conn_limit = IP_FW_TARG;
			break;
		/* Interface tables */


	/*
	 * Alter opcodes:
	 * 1) convert tablearg value from 0 to 65535
	 * 2) Remove highest bit from O_SETFIB/O_SETDSCP values.
	 * 3) convert table number in iface opcodes to int
	 */

		case O_NGTEE:
		case O_NAT:
			if (cmd->arg1 == IP_FW_TARG)
				cmd->arg1 = IP_FW_TABLEARG;
			else if (cmd->arg1 == IP_FW_NAT44_GLOBAL)
				cmd->arg1 = 0;
			break;
		case O_SETFIB:
		case O_SETDSCP:
			if (cmd->arg1 == IP_FW_TARG)
				cmd->arg1 = IP_FW_TABLEARG;
			else
				cmd->arg1 &= ~0x8000;
			break;

		case O_LIMIT:
			lcmd = (ipfw_insn_limit *)cmd;
			if (lcmd->conn_limit == IP_FW_TARG)
				lcmd->conn_limit = IP_FW_TABLEARG;
			break;
		/* Interface tables */
		case O_XMIT:

Lines 60-65 Link Here

(-)sys/netinet/ip_fw.h (+1 lines)
60	#define IPFW_ARG_MAX 65534	60	#define IPFW_ARG_MAX 65534
61	#define IP_FW_TABLEARG 65535 /* Compat value for old clients */	61	#define IP_FW_TABLEARG 65535 /* Compat value for old clients */
62	#define IP_FW_TARG 0 /* Current tablearg value */	62	#define IP_FW_TARG 0 /* Current tablearg value */
		63	#define IP_FW_NAT44_GLOBAL 65535 /* arg1 value for "nat global" */
63		64
64	/*	65	/*
65	* Number of entries in the call stack of the call/return commands.	66	* Number of entries in the call stack of the call/return commands.

Return to bug 211256

Lines 530-538 import_rule0(struct rule_check_info *ci) Link Here

(-)sys/netpfil/ipfw/ip_fw_sockopt.c (-9 / +15 lines)
530		530
531	/*	531	/*
532	* Alter opcodes:	532	* Alter opcodes:
533	* 1) convert tablearg value from 65335 to 0	533	* 1) convert tablearg value from 65535 to 0
534	* 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room for targ).	534	* 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room
		535	* for targ).
535	* 3) convert table number in iface opcodes to u16	536	* 3) convert table number in iface opcodes to u16
		537	* 4) convert old `nat global` into new 65535
536	*/	538	*/
537	l = krule->cmd_len;	539	l = krule->cmd_len;
538	cmd = krule->cmd;	540	cmd = krule->cmd;
Lines 554-565 import_rule0(struct rule_check_info *ci) Link Here
554	case O_NETGRAPH:	556	case O_NETGRAPH:
555	case O_NGTEE:	557	case O_NGTEE:
556	case O_NAT:	558	case O_NAT:
557	if (cmd->arg1 == 65535)	559	if (cmd->arg1 == IP_FW_TABLEARG)
558	cmd->arg1 = IP_FW_TARG;	560	cmd->arg1 = IP_FW_TARG;
		561	else if (cmd->arg1 == 0)
		562	cmd->arg1 = IP_FW_NAT44_GLOBAL;
559	break;	563	break;
560	case O_SETFIB:	564	case O_SETFIB:
561	case O_SETDSCP:	565	case O_SETDSCP:
562	if (cmd->arg1 == 65535)	566	if (cmd->arg1 == IP_FW_TABLEARG)
563	cmd->arg1 = IP_FW_TARG;	567	cmd->arg1 = IP_FW_TARG;
564	else	568	else
565	cmd->arg1 \|= 0x8000;	569	cmd->arg1 \|= 0x8000;
Lines 566-572 import_rule0(struct rule_check_info *ci) Link Here
566	break;	570	break;
567	case O_LIMIT:	571	case O_LIMIT:
568	lcmd = (ipfw_insn_limit *)cmd;	572	lcmd = (ipfw_insn_limit *)cmd;
569	if (lcmd->conn_limit == 65535)	573	if (lcmd->conn_limit == IP_FW_TABLEARG)
570	lcmd->conn_limit = IP_FW_TARG;	574	lcmd->conn_limit = IP_FW_TARG;
571	break;	575	break;
572	/* Interface tables */	576	/* Interface tables */
Lines 612-618 export_rule0(struct ip_fw *krule, struct ip_fw_rul Link Here
612		616
613	/*	617	/*
614	* Alter opcodes:	618	* Alter opcodes:
615	* 1) convert tablearg value from 0 to 65335	619	* 1) convert tablearg value from 0 to 65535
616	* 2) Remove highest bit from O_SETFIB/O_SETDSCP values.	620	* 2) Remove highest bit from O_SETFIB/O_SETDSCP values.
617	* 3) convert table number in iface opcodes to int	621	* 3) convert table number in iface opcodes to int
618	*/	622	*/
Lines 637-648 export_rule0(struct ip_fw *krule, struct ip_fw_rul Link Here
637	case O_NGTEE:	641	case O_NGTEE:
638	case O_NAT:	642	case O_NAT:
639	if (cmd->arg1 == IP_FW_TARG)	643	if (cmd->arg1 == IP_FW_TARG)
640	cmd->arg1 = 65535;	644	cmd->arg1 = IP_FW_TABLEARG;
		645	else if (cmd->arg1 == IP_FW_NAT44_GLOBAL)
		646	cmd->arg1 = 0;
641	break;	647	break;
642	case O_SETFIB:	648	case O_SETFIB:
643	case O_SETDSCP:	649	case O_SETDSCP:
644	if (cmd->arg1 == IP_FW_TARG)	650	if (cmd->arg1 == IP_FW_TARG)
645	cmd->arg1 = 65535;	651	cmd->arg1 = IP_FW_TABLEARG;
646	else	652	else
647	cmd->arg1 &= ~0x8000;	653	cmd->arg1 &= ~0x8000;
648	break;	654	break;
Lines 649-655 export_rule0(struct ip_fw *krule, struct ip_fw_rul Link Here
649	case O_LIMIT:	655	case O_LIMIT:
650	lcmd = (ipfw_insn_limit *)cmd;	656	lcmd = (ipfw_insn_limit *)cmd;
651	if (lcmd->conn_limit == IP_FW_TARG)	657	if (lcmd->conn_limit == IP_FW_TARG)
652	lcmd->conn_limit = 65535;	658	lcmd->conn_limit = IP_FW_TABLEARG;
653	break;	659	break;
654	/* Interface tables */	660	/* Interface tables */
655	case O_XMIT:	661	case O_XMIT: