diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,5 +1,5 @@ .\" -.Dd April 18, 2025 +.Dd May 29, 2025 .Dt IPFW 8 .Os .Sh NAME @@ -3834,11 +3834,11 @@ .Pp The following parameters can be configured: .Bl -tag -width indent -.It Cm int_prefix Ar ipv6_prefix -IPv6 prefix used in internal network. +.It Cm int_prefix Ar ipv6_netaddr +IPv6 network address of prefix used in internal network. NPTv6 module translates source address when it matches this prefix. -.It Cm ext_prefix Ar ipv6_prefix -IPv6 prefix used in external network. +.It Cm ext_prefix Ar ipv6_netaddr +IPv6 network address of prefix used in external network. NPTv6 module translates destination address when it matches this prefix. .It Cm ext_if Ar nic The NPTv6 module will use first global IPv6 address from interface diff --git a/sbin/ipfw/nptv6.c b/sbin/ipfw/nptv6.c --- a/sbin/ipfw/nptv6.c +++ b/sbin/ipfw/nptv6.c @@ -155,28 +155,22 @@ static void -nptv6_parse_prefix(const char *arg, struct in6_addr *prefix, int *len) +nptv6_parse_prefix(const char *arg, struct in6_addr *prefix) { - char *p, *l; + char *p; p = strdup(arg); if (p == NULL) err(EX_OSERR, NULL); - if ((l = strchr(p, '/')) != NULL) - *l++ = '\0'; + if (strchr(p, '/') != NULL) + errx(EX_USAGE, + "Bad IPv6 network address: %s\nUse prefixlen option instead", arg); if (inet_pton(AF_INET6, p, prefix) != 1) errx(EX_USAGE, "Bad prefix: %s", p); - if (l != NULL) { - *len = (int)strtol(l, &l, 10); - if (*l != '\0' || *len <= 0 || *len > 64) - errx(EX_USAGE, "Bad prefix length: %s", arg); - } else - *len = 0; free(p); } /* * Creates new nptv6 instance - * ipfw nptv6 create int_prefix ext_prefix * Request: [ ipfw_obj_lheader ipfw_nptv6_cfg ] */ #define NPTV6_HAS_INTPREFIX 0x01 @@ -204,22 +198,18 @@ switch (tcmd) { case TOK_INTPREFIX: - NEED1("IPv6 prefix required"); - nptv6_parse_prefix(*av, &cfg->internal, &plen); + NEED1("IPv6 network address required"); + nptv6_parse_prefix(*av, &cfg->internal); flags |= NPTV6_HAS_INTPREFIX; - if (plen > 0) - goto check_prefix; ac--; av++; break; case TOK_EXTPREFIX: if (flags & NPTV6_HAS_EXTPREFIX) errx(EX_USAGE, "Only one ext_prefix or ext_if allowed"); - NEED1("IPv6 prefix required"); - nptv6_parse_prefix(*av, &cfg->external, &plen); + NEED1("IPv6 network address required"); + nptv6_parse_prefix(*av, &cfg->external); flags |= NPTV6_HAS_EXTPREFIX; - if (plen > 0) - goto check_prefix; ac--; av++; break; case TOK_EXTIF: @@ -237,16 +227,8 @@ case TOK_PREFIXLEN: NEED1("IPv6 prefix length required"); plen = strtol(*av, &p, 10); -check_prefix: if (*p != '\0' || plen < 8 || plen > 64) errx(EX_USAGE, "wrong prefix length: %s", *av); - /* RFC 6296 Sec. 3.1 */ - if (cfg->plen > 0 && cfg->plen != plen) { - warnx("Prefix length mismatch (%d vs %d). " - "It was extended up to %d", - cfg->plen, plen, MAX(plen, cfg->plen)); - plen = MAX(plen, cfg->plen); - } cfg->plen = plen; flags |= NPTV6_HAS_PREFIXLEN; ac--; av++;