FreeBSD Bugzilla – Attachment 173458 Details for
Bug 211256
ipfw nat tablearg regression in FreeBSD 11
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch
ipfw_nat.diff (text/plain), 4.02 KB, created by
Andrey V. Elsukov
on 2016-08-09 14:43:03 UTC
(
hide
)
Description:
Proposed patch
Filename:
MIME Type:
Creator:
Andrey V. Elsukov
Created:
2016-08-09 14:43:03 UTC
Size:
4.02 KB
patch
obsolete
>Index: sbin/ipfw/ipfw2.c >=================================================================== >--- sbin/ipfw/ipfw2.c (revision 303870) >+++ sbin/ipfw/ipfw2.c (working copy) >@@ -1583,7 +1583,7 @@ show_static_rule(struct cmdline_opts *co, struct f > break; > > case O_NAT: >- if (cmd->arg1 != 0) >+ if (cmd->arg1 != IP_FW_NAT44_GLOBAL) > bprint_uint_arg(bp, "nat ", cmd->arg1); > else > bprintf(bp, "nat global"); >@@ -3776,7 +3776,7 @@ compile_rule(char *av[], uint32_t *rbuf, int *rbuf > action->len = F_INSN_SIZE(ipfw_insn_nat); > CHECK_ACTLEN; > if (*av != NULL && _substrcmp(*av, "global") == 0) { >- action->arg1 = 0; >+ action->arg1 = IP_FW_NAT44_GLOBAL; > av++; > break; > } else >Index: sys/netpfil/ipfw/ip_fw2.c >=================================================================== >--- sys/netpfil/ipfw/ip_fw2.c (revision 303870) >+++ sys/netpfil/ipfw/ip_fw2.c (working copy) >@@ -2508,7 +2508,7 @@ do { \ > > set_match(args, f_pos, chain); > /* Check if this is 'global' nat rule */ >- if (cmd->arg1 == 0) { >+ if (cmd->arg1 == IP_FW_NAT44_GLOBAL) { > retval = ipfw_nat_ptr(args, NULL, m); > break; > } >Index: sys/netpfil/ipfw/ip_fw_sockopt.c >=================================================================== >--- sys/netpfil/ipfw/ip_fw_sockopt.c (revision 303870) >+++ sys/netpfil/ipfw/ip_fw_sockopt.c (working copy) >@@ -530,9 +530,11 @@ import_rule0(struct rule_check_info *ci) > > /* > * Alter opcodes: >- * 1) convert tablearg value from 65335 to 0 >- * 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room for targ). >+ * 1) convert tablearg value from 65535 to 0 >+ * 2) Add high bit to O_SETFIB/O_SETDSCP values (to make room >+ * for targ). > * 3) convert table number in iface opcodes to u16 >+ * 4) convert old `nat global` into new 65535 > */ > l = krule->cmd_len; > cmd = krule->cmd; >@@ -554,12 +556,14 @@ import_rule0(struct rule_check_info *ci) > case O_NETGRAPH: > case O_NGTEE: > case O_NAT: >- if (cmd->arg1 == 65535) >+ if (cmd->arg1 == IP_FW_TABLEARG) > cmd->arg1 = IP_FW_TARG; >+ else if (cmd->arg1 == 0) >+ cmd->arg1 = IP_FW_NAT44_GLOBAL; > break; > case O_SETFIB: > case O_SETDSCP: >- if (cmd->arg1 == 65535) >+ if (cmd->arg1 == IP_FW_TABLEARG) > cmd->arg1 = IP_FW_TARG; > else > cmd->arg1 |= 0x8000; >@@ -566,7 +570,7 @@ import_rule0(struct rule_check_info *ci) > break; > case O_LIMIT: > lcmd = (ipfw_insn_limit *)cmd; >- if (lcmd->conn_limit == 65535) >+ if (lcmd->conn_limit == IP_FW_TABLEARG) > lcmd->conn_limit = IP_FW_TARG; > break; > /* Interface tables */ >@@ -612,7 +616,7 @@ export_rule0(struct ip_fw *krule, struct ip_fw_rul > > /* > * Alter opcodes: >- * 1) convert tablearg value from 0 to 65335 >+ * 1) convert tablearg value from 0 to 65535 > * 2) Remove highest bit from O_SETFIB/O_SETDSCP values. > * 3) convert table number in iface opcodes to int > */ >@@ -637,12 +641,14 @@ export_rule0(struct ip_fw *krule, struct ip_fw_rul > case O_NGTEE: > case O_NAT: > if (cmd->arg1 == IP_FW_TARG) >- cmd->arg1 = 65535; >+ cmd->arg1 = IP_FW_TABLEARG; >+ else if (cmd->arg1 == IP_FW_NAT44_GLOBAL) >+ cmd->arg1 = 0; > break; > case O_SETFIB: > case O_SETDSCP: > if (cmd->arg1 == IP_FW_TARG) >- cmd->arg1 = 65535; >+ cmd->arg1 = IP_FW_TABLEARG; > else > cmd->arg1 &= ~0x8000; > break; >@@ -649,7 +655,7 @@ export_rule0(struct ip_fw *krule, struct ip_fw_rul > case O_LIMIT: > lcmd = (ipfw_insn_limit *)cmd; > if (lcmd->conn_limit == IP_FW_TARG) >- lcmd->conn_limit = 65535; >+ lcmd->conn_limit = IP_FW_TABLEARG; > break; > /* Interface tables */ > case O_XMIT: >Index: sys/netinet/ip_fw.h >=================================================================== >--- sys/netinet/ip_fw.h (revision 303870) >+++ sys/netinet/ip_fw.h (working copy) >@@ -60,6 +60,7 @@ > #define IPFW_ARG_MAX 65534 > #define IP_FW_TABLEARG 65535 /* Compat value for old clients */ > #define IP_FW_TARG 0 /* Current tablearg value */ >+#define IP_FW_NAT44_GLOBAL 65535 /* arg1 value for "nat global" */ > > /* > * Number of entries in the call stack of the call/return commands.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=173458">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 211256
: 173458