D50597.id160665.diff
View Options

	diff --git a/sbin/ipfw/nptv6.c b/sbin/ipfw/nptv6.c
	--- a/sbin/ipfw/nptv6.c
	+++ b/sbin/ipfw/nptv6.c
	@@ -168,12 +168,27 @@
	errx(EX_USAGE, "Bad prefix: %s", p);
	if (l != NULL) {
	*len = (int)strtol(l, &l, 10);
	- if (l != '\0' \|\| len <= 0 \|\| *len > 64)
	+ if (l != '\0' \|\| len < 8 \|\| *len > 64)
	errx(EX_USAGE, "Bad prefix length: %s", arg);
	} else
	*len = 0;
	free(p);
	}
	+
	+/* RFC 6296 Sec. 3.1 */
	+static void
	+nptv6_prefixlen_check(int len, int *plen)
	+{
	+ if (len == 0)
	+ return;
	+
	+ if (*plen == 0)
	+ *plen = len;
	+ else if (len != *plen)
	+ errx(EX_USAGE, "Prefix length mismatch (%d vs %d).",
	+ len, *plen);
	+}
	+
	/*
	* Creates new nptv6 instance
	* ipfw nptv6 <NAME> create int_prefix <prefix> ext_prefix <prefix>
	@@ -189,10 +204,13 @@
	struct in6_addr mask;
	ipfw_nptv6_cfg *cfg;
	ipfw_obj_lheader *olh;
	- int tcmd, flags, plen;
	+ int tcmd, flags, plen, iplen, eplen, pplen;
	char *p;

	plen = 0;
	+ iplen = 0;
	+ eplen = 0;
	+ pplen = 0;
	memset(buf, 0, sizeof(buf));
	olh = (ipfw_obj_lheader *)buf;
	cfg = (ipfw_nptv6_cfg *)(olh + 1);
	@@ -205,10 +223,9 @@
	switch (tcmd) {
	case TOK_INTPREFIX:
	NEED1("IPv6 prefix required");
	- nptv6_parse_prefix(*av, &cfg->internal, &plen);
	+ nptv6_parse_prefix(*av, &cfg->internal, &iplen);
	+ nptv6_prefixlen_check(iplen, &pplen);
	flags \|= NPTV6_HAS_INTPREFIX;
	- if (plen > 0)
	- goto check_prefix;
	ac--; av++;
	break;
	case TOK_EXTPREFIX:
	@@ -216,10 +233,9 @@
	errx(EX_USAGE,
	"Only one ext_prefix or ext_if allowed");
	NEED1("IPv6 prefix required");
	- nptv6_parse_prefix(*av, &cfg->external, &plen);
	+ nptv6_parse_prefix(*av, &cfg->external, &eplen);
	+ nptv6_prefixlen_check(eplen, &pplen);
	flags \|= NPTV6_HAS_EXTPREFIX;
	- if (plen > 0)
	- goto check_prefix;
	ac--; av++;
	break;
	case TOK_EXTIF:
	@@ -237,23 +253,20 @@
	case TOK_PREFIXLEN:
	NEED1("IPv6 prefix length required");
	plen = strtol(*av, &p, 10);
	-check_prefix:
	if (*p != '\0' \|\| plen < 8 \|\| plen > 64)
	errx(EX_USAGE, "wrong prefix length: %s", *av);
	- /* RFC 6296 Sec. 3.1 */
	- if (cfg->plen > 0 && cfg->plen != plen) {
	- warnx("Prefix length mismatch (%d vs %d). "
	- "It was extended up to %d",
	- cfg->plen, plen, MAX(plen, cfg->plen));
	- plen = MAX(plen, cfg->plen);
	- }
	- cfg->plen = plen;
	+ nptv6_prefixlen_check(plen, &pplen);
	flags \|= NPTV6_HAS_PREFIXLEN;
	ac--; av++;
	break;
	}
	}

	+ if ((flags & NPTV6_HAS_PREFIXLEN) != NPTV6_HAS_PREFIXLEN && pplen != 0) {
	+ warnx("Use prefixlen instead");
	+ flags \|= NPTV6_HAS_PREFIXLEN;
	+ }
	+
	/* Check validness */
	if ((flags & NPTV6_HAS_INTPREFIX) != NPTV6_HAS_INTPREFIX)
	errx(EX_USAGE, "int_prefix required");
	@@ -262,6 +275,8 @@
	if ((flags & NPTV6_HAS_PREFIXLEN) != NPTV6_HAS_PREFIXLEN)
	errx(EX_USAGE, "prefixlen required");

	+ cfg->plen = pplen;
	+
	n2mask(&mask, cfg->plen);
	APPLY_MASK(&cfg->internal, &mask);
	if ((cfg->flags & NPTV6_DYNAMIC_PREFIX) == 0)

File Metadata

Mime Type: text/plain
Expires: Mon, Feb 23, 6:44 PM (11 h, 15 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28961963
Default Alt Text: D50597.id160665.diff (2 KB)

D50597.id160665.diff
No OneTemporary
Actions

D50597.id160665.diff
View Options

File Metadata

Event Timeline

D50597.id160665.diffNo OneTemporaryActions

D50597.id160665.diffView Options

File Metadata

Event Timeline

D50597.id160665.diff
No OneTemporary
Actions

D50597.id160665.diff
View Options