diff --git a/sbin/ipfw/nptv6.c b/sbin/ipfw/nptv6.c --- a/sbin/ipfw/nptv6.c +++ b/sbin/ipfw/nptv6.c @@ -175,20 +175,6 @@ free(p); } -/* RFC 6296 Sec. 3.1 */ -static void -nptv6_prefixlen_check(int len, int *plen) -{ - if (len == 0) - return; - - if (*plen == 0) - *plen = len; - else if (len != *plen) - errx(EX_USAGE, "Prefix length mismatch (%d vs %d).", - len, *plen); -} - /* * Creates new nptv6 instance * ipfw nptv6 create int_prefix ext_prefix @@ -204,10 +190,9 @@ struct in6_addr mask; ipfw_nptv6_cfg *cfg; ipfw_obj_lheader *olh; - int tcmd, flags, plen, iplen, eplen, pplen; + int tcmd, flags, iplen, eplen, pplen; char *p; - plen = 0; iplen = 0; eplen = 0; pplen = 0; @@ -224,7 +209,6 @@ case TOK_INTPREFIX: NEED1("IPv6 prefix required"); nptv6_parse_prefix(*av, &cfg->internal, &iplen); - nptv6_prefixlen_check(iplen, &pplen); flags |= NPTV6_HAS_INTPREFIX; ac--; av++; break; @@ -234,7 +218,6 @@ "Only one ext_prefix or ext_if allowed"); NEED1("IPv6 prefix required"); nptv6_parse_prefix(*av, &cfg->external, &eplen); - nptv6_prefixlen_check(eplen, &pplen); flags |= NPTV6_HAS_EXTPREFIX; ac--; av++; break; @@ -252,18 +235,25 @@ break; case TOK_PREFIXLEN: NEED1("IPv6 prefix length required"); - plen = strtol(*av, &p, 10); - if (*p != '\0' || plen < 8 || plen > 64) + pplen = strtol(*av, &p, 10); + if (*p != '\0' || pplen < 8 || pplen > 64) errx(EX_USAGE, "wrong prefix length: %s", *av); - nptv6_prefixlen_check(plen, &pplen); flags |= NPTV6_HAS_PREFIXLEN; ac--; av++; break; } } - if ((flags & NPTV6_HAS_PREFIXLEN) != NPTV6_HAS_PREFIXLEN && pplen != 0) { - warnx("Use prefixlen instead"); + /* RFC 6296 Sec. 3.1 */ + if (pplen != 0) { + if ((eplen != 0 && eplen != pplen) || (iplen != 0 && iplen != pplen)) + errx(EX_USAGE, "prefix length mismatch"); + cfg->plen = pplen; + } else if (eplen != 0 || iplen != 0) { + if (eplen != 0 && iplen != 0 && eplen != iplen) + errx(EX_USAGE, "prefix length mismatch"); + warnx("use prefixlen instead"); + cfg->plen = eplen ? eplen : iplen; flags |= NPTV6_HAS_PREFIXLEN; } @@ -275,8 +265,6 @@ if ((flags & NPTV6_HAS_PREFIXLEN) != NPTV6_HAS_PREFIXLEN) errx(EX_USAGE, "prefixlen required"); - cfg->plen = pplen; - n2mask(&mask, cfg->plen); APPLY_MASK(&cfg->internal, &mask); if ((cfg->flags & NPTV6_DYNAMIC_PREFIX) == 0)