diff options
author | Alexander V. Chernikov <melifaro@FreeBSD.org> | 2014-08-12 15:51:48 +0000 |
---|---|---|
committer | Alexander V. Chernikov <melifaro@FreeBSD.org> | 2014-08-12 15:51:48 +0000 |
commit | 1940fa77278f0ec2ff1d3a8a174dbf5785d8e70e (patch) | |
tree | a8fa20927c28cd192b16b34d205f195ff47c0df4 /sbin/ipfw/ipfw2.h | |
parent | 56f43a5e98695a187837094740286c60fdcc0de0 (diff) | |
download | src-1940fa77278f0ec2ff1d3a8a174dbf5785d8e70e.tar.gz src-1940fa77278f0ec2ff1d3a8a174dbf5785d8e70e.zip |
Change tablearg value to be 0 (try #2).
Most of the tablearg-supported opcodes does not accept 0 as valid value:
O_TAG, O_TAGGED, O_PIPE, O_QUEUE, O_DIVERT, O_TEE, O_SKIPTO, O_CALLRET,
O_NETGRAPH, O_NGTEE, O_NAT treats 0 as invalid input.
The rest are O_SETDSCP and O_SETFIB.
'Fix' them by adding high-order bit (0x8000) set for non-tablearg values.
Do translation in kernel for old clients (import_rule0 / export_rule0),
teach current ipfw(8) binary to add/remove given bit.
This change does not affect handling SETDSCP values, but limit
O_SETFIB values to 32767 instead of 65k. Since currently we have either
old (16) or new (2^32) max fibs, this should not be a big deal:
we're definitely OK for former and have to add another opcode to deal
with latter, regardless of tablearg value.
Notes
Notes:
svn path=/projects/ipfw/; revision=269880
Diffstat (limited to 'sbin/ipfw/ipfw2.h')
-rw-r--r-- | sbin/ipfw/ipfw2.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw2.h b/sbin/ipfw/ipfw2.h index d15df7e8f0fe..05e234dbdf11 100644 --- a/sbin/ipfw/ipfw2.h +++ b/sbin/ipfw/ipfw2.h @@ -228,6 +228,7 @@ enum tokens { TOK_LOCK, TOK_UNLOCK, }; + /* * the following macro returns an error message if we run out of * arguments. |