Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw2.c
| Show First 20 Lines • Show All 2,058 Lines • ▼ Show 20 Lines | #endif | ||||
| pkey = is_ipv4 ? (void *)&dst_ip: | pkey = is_ipv4 ? (void *)&dst_ip: | ||||
| (void *)&args->f_id.dst_ip6; | (void *)&args->f_id.dst_ip6; | ||||
| else if (vidx == 1 /* src-ip */) | else if (vidx == 1 /* src-ip */) | ||||
| pkey = is_ipv4 ? (void *)&src_ip: | pkey = is_ipv4 ? (void *)&src_ip: | ||||
| (void *)&args->f_id.src_ip6; | (void *)&args->f_id.src_ip6; | ||||
| else if (vidx == 6 /* dscp */) { | else if (vidx == 6 /* dscp */) { | ||||
| if (is_ipv4) | if (is_ipv4) | ||||
| key = ip->ip_tos >> 2; | key = ip->ip_tos >> 2; | ||||
| else { | else | ||||
| key = args->f_id.flow_id6; | key = IPV6_DSCP( | ||||
| key = (key & 0x0f) << 2 | | (struct ip6_hdr *)ip) >> 2; | ||||
| (key & 0xf000) >> 14; | |||||
| } | |||||
| key &= 0x3f; | key &= 0x3f; | ||||
| } else if (vidx == 2 /* dst-port */ || | } else if (vidx == 2 /* dst-port */ || | ||||
| vidx == 3 /* src-port */) { | vidx == 3 /* src-port */) { | ||||
| /* Skip fragments */ | /* Skip fragments */ | ||||
| if (offset != 0) | if (offset != 0) | ||||
| break; | break; | ||||
| /* Skip proto without ports */ | /* Skip proto without ports */ | ||||
| if (proto != IPPROTO_TCP && | if (proto != IPPROTO_TCP && | ||||
| ▲ Show 20 Lines • Show All 243 Lines • ▼ Show 20 Lines | #endif /* INET6 */ | ||||
| uint32_t *p; | uint32_t *p; | ||||
| uint16_t x; | uint16_t x; | ||||
| p = ((ipfw_insn_u32 *)cmd)->d; | p = ((ipfw_insn_u32 *)cmd)->d; | ||||
| if (is_ipv4) | if (is_ipv4) | ||||
| x = ip->ip_tos >> 2; | x = ip->ip_tos >> 2; | ||||
| else if (is_ipv6) { | else if (is_ipv6) { | ||||
| uint8_t *v; | x = IPV6_DSCP( | ||||
| v = &((struct ip6_hdr *)ip)->ip6_vfc; | (struct ip6_hdr *)ip) >> 2; | ||||
| x = (*v & 0x0F) << 2; | x &= 0x3f; | ||||
| v++; | |||||
| x |= *v >> 6; | |||||
| } else | } else | ||||
| break; | break; | ||||
| /* DSCP bitmask is stored as low_u32 high_u32 */ | /* DSCP bitmask is stored as low_u32 high_u32 */ | ||||
| if (x >= 32) | if (x >= 32) | ||||
| match = *(p + 1) & (1 << (x - 32)); | match = *(p + 1) & (1 << (x - 32)); | ||||
| else | else | ||||
| match = *p & (1 << x); | match = *p & (1 << x); | ||||
| ▲ Show 20 Lines • Show All 790 Lines • ▼ Show 20 Lines | #endif | ||||
| uint16_t old; | uint16_t old; | ||||
| old = *(uint16_t *)ip; | old = *(uint16_t *)ip; | ||||
| ip->ip_tos = (code << 2) | | ip->ip_tos = (code << 2) | | ||||
| (ip->ip_tos & 0x03); | (ip->ip_tos & 0x03); | ||||
| ip->ip_sum = cksum_adjust(ip->ip_sum, | ip->ip_sum = cksum_adjust(ip->ip_sum, | ||||
| old, *(uint16_t *)ip); | old, *(uint16_t *)ip); | ||||
| } else if (is_ipv6) { | } else if (is_ipv6) { | ||||
| uint8_t *v; | /* update cached value */ | ||||
| args->f_id.flow_id6 = | |||||
| ntohl(*(uint32_t *)ip) & ~0x0FC00000; | |||||
| args->f_id.flow_id6 |= code << 22; | |||||
| v = &((struct ip6_hdr *)ip)->ip6_vfc; | *((uint32_t *)ip) = | ||||
| *v = (*v & 0xF0) | (code >> 2); | htonl(args->f_id.flow_id6); | ||||
| v++; | |||||
| *v = (*v & 0x3F) | ((code & 0x03) << 6); | |||||
| } else | } else | ||||
| break; | break; | ||||
| IPFW_INC_RULE_COUNTER(f, pktlen); | IPFW_INC_RULE_COUNTER(f, pktlen); | ||||
| break; | break; | ||||
| } | } | ||||
| case O_NAT: | case O_NAT: | ||||
| ▲ Show 20 Lines • Show All 468 Lines • Show Last 20 Lines | |||||