Index: sbin/ipfw/dummynet.c =================================================================== --- sbin/ipfw/dummynet.c +++ sbin/ipfw/dummynet.c @@ -56,7 +56,11 @@ { "noerror", TOK_NOERROR }, { "buckets", TOK_BUCKETS }, { "dst-ip", TOK_DSTIP }, + { "dst-ip4", TOK_DSTIP4 }, + { "dst-ipv4", TOK_DSTIP4 }, { "src-ip", TOK_SRCIP }, + { "src-ip4", TOK_SRCIP4 }, + { "src-ipv4", TOK_SRCIP4 }, { "dst-port", TOK_DSTPORT }, { "src-port", TOK_SRCPORT }, { "proto", TOK_PROTO }, @@ -1460,8 +1464,10 @@ uint32_t *p20 = NULL; struct in6_addr *pa6 = NULL; uint32_t a; + char *s = NULL; tok = match_token(dummynet_params, *av); + s = strchr(*av, ':'); ac--; av++; switch(tok) { case TOK_ALL: @@ -1486,11 +1492,27 @@ goto end_mask; case TOK_DSTIP: + mask->addr_type = s ? 6 : 4; + if (s) + pa6 = &mask->dst_ip6; + else + p32 = &mask->dst_ip; + break; + + case TOK_SRCIP: + mask->addr_type = s ? 6 : 4; + if (s) + pa6 = &mask->src_ip6; + else + p32 = &mask->src_ip; + break; + + case TOK_DSTIP4: mask->addr_type = 4; p32 = &mask->dst_ip; break; - case TOK_SRCIP: + case TOK_SRCIP4: mask->addr_type = 4; p32 = &mask->src_ip; break; Index: sbin/ipfw/ipfw.8 =================================================================== --- sbin/ipfw/ipfw.8 +++ sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 21, 2019 +.Dd April 10, 2020 .Dt IPFW 8 .Os .Sh NAME @@ -1550,6 +1550,9 @@ Matches only packets going from a divert socket back outward to the IP stack output for delivery. .It Cm dst-ip Ar ip-address +Matches IP (IPv4 or IPv6) packets whose destination IP is one of the +address(es) specified as argument. +.It Bro Cm dst-ip4 | dst-ipv4 Brc Ar ip-address Matches IPv4 packets whose destination IP is one of the address(es) specified as argument. .It Bro Cm dst-ip6 | dst-ipv6 Brc Ar ip6-address @@ -1938,9 +1941,12 @@ .Cm pipe number. .It Cm src-ip Ar ip-address +Matches IP (IPv4 or IPv6) packets whose destination IP is one of the +address(es) specified as argument. +.It Bro Cm src-ip4 | src-ipv4 Brc Ar ip-address Matches IPv4 packets whose source IP is one of the address(es) specified as an argument. -.It Cm src-ip6 Ar ip6-address +.It Bro Cm src-ip6 | src-ipv6 Brc Ar ip-address Matches IPv6 packets whose source IP is one of the address(es) specified as an argument. .It Cm src-port Ar ports Index: sbin/ipfw/ipfw2.h =================================================================== --- sbin/ipfw/ipfw2.h +++ sbin/ipfw/ipfw2.h @@ -239,6 +239,8 @@ TOK_IPV4, TOK_UNREACH6, TOK_RESET6, + TOK_DSTIP4, + TOK_SRCIP4, TOK_FIB, TOK_SETFIB, Index: sbin/ipfw/ipfw2.c =================================================================== --- sbin/ipfw/ipfw2.c +++ sbin/ipfw/ipfw2.c @@ -347,7 +347,11 @@ { "icmptype", TOK_ICMPTYPES }, { "icmptypes", TOK_ICMPTYPES }, { "dst-ip", TOK_DSTIP }, + { "dst-ip4", TOK_DSTIP4 }, + { "dst-ipv4", TOK_DSTIP4 }, { "src-ip", TOK_SRCIP }, + { "src-ip4", TOK_SRCIP4 }, + { "src-ipv4", TOK_SRCIP4 }, { "dst-port", TOK_DSTPORT }, { "src-port", TOK_SRCPORT }, { "proto", TOK_PROTO }, @@ -4835,13 +4839,35 @@ case TOK_SRCIP: NEED1("missing source IP"); - if (add_srcip(cmd, *av, cblen, tstate)) { - av++; + if (strchr(*av, ':')) { + if (add_srcip6(cmd, *av, cblen, tstate)) + av++; + } else { + if (add_srcip(cmd, *av, cblen, tstate)) + av++; } break; case TOK_DSTIP: NEED1("missing destination IP"); + if (strchr(*av, ':')) { + if (add_dstip6(cmd, *av, cblen, tstate)) + av++; + } else { + if (add_dstip(cmd, *av, cblen, tstate)) + av++; + } + break; + + case TOK_SRCIP4: + NEED1("missing source IP4"); + if (add_srcip(cmd, *av, cblen, tstate)) { + av++; + } + break; + + case TOK_DSTIP4: + NEED1("missing destination IP4"); if (add_dstip(cmd, *av, cblen, tstate)) { av++; }