diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-11-12 11:20:59 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-11-12 11:20:59 +0000 |
| commit | b2b56606889cd11b155472009a991d458ff119f7 (patch) | |
| tree | a6c23e97c0658d7925e94b2a3db26c48e454b057 /sbin | |
| parent | 0f47072b78fd3454f8041f1fb043444ce2fe1824 (diff) | |
| download | src-b2b56606889cd11b155472009a991d458ff119f7.tar.gz src-b2b56606889cd11b155472009a991d458ff119f7.zip | |
Add ability to use dynamic external prefix in ipfw_nptv6 module.
Now an interface name can be specified for nptv6 instance instead of
ext_prefix. The module will track if_addr_ext events and when suitable
IPv6 address will be added to specified interface, it will be configured
as external prefix. When address disappears instance becomes unusable,
i.e. it doesn't match any packets.
Reviewed by: 0mp (manpages)
Tested by: Dries Michiels <driesm dot michiels gmail com>
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D17765
Notes
Notes:
svn path=/head/; revision=340360
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipfw/ipfw.8 | 11 | ||||
| -rw-r--r-- | sbin/ipfw/ipfw2.h | 1 | ||||
| -rw-r--r-- | sbin/ipfw/nptv6.c | 30 |
3 files changed, 37 insertions, 5 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 17f02c67161e..e19b8a1efec4 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 21, 2018 +.Dd November 12, 2018 .Dt IPFW 8 .Os .Sh NAME @@ -3495,6 +3495,15 @@ NPTv6 module translates source address when it matches this prefix. .It Cm ext_prefix Ar ipv6_prefix IPv6 prefix used in external network. NPTv6 module translates destination address when it matches this prefix. +.It Cm ext_if Ar nic +The NPTv6 module will use first global IPv6 address from interface +.Ar nic +as external prefix. +It can be useful when IPv6 prefix of external network is dynamically obtained. +.Cm ext_prefix +and +.Cm ext_if +options are mutually exclusive. .It Cm prefixlen Ar length The length of specified IPv6 prefixes. It must be in range from 8 to 64. .El diff --git a/sbin/ipfw/ipfw2.h b/sbin/ipfw/ipfw2.h index 6f1481001861..bb0a4cdfdeb3 100644 --- a/sbin/ipfw/ipfw2.h +++ b/sbin/ipfw/ipfw2.h @@ -294,6 +294,7 @@ enum tokens { TOK_INTPREFIX, TOK_EXTPREFIX, TOK_PREFIXLEN, + TOK_EXTIF, TOK_TCPSETMSS, diff --git a/sbin/ipfw/nptv6.c b/sbin/ipfw/nptv6.c index 6164d8b1ef1d..a2f6a97ae2a7 100644 --- a/sbin/ipfw/nptv6.c +++ b/sbin/ipfw/nptv6.c @@ -152,6 +152,7 @@ static struct _s_x nptv6newcmds[] = { { "int_prefix", TOK_INTPREFIX }, { "ext_prefix", TOK_EXTPREFIX }, { "prefixlen", TOK_PREFIXLEN }, + { "ext_if", TOK_EXTIF }, { NULL, 0 } }; @@ -214,6 +215,9 @@ nptv6_create(const char *name, uint8_t set, int ac, char *av[]) ac--; av++; break; case TOK_EXTPREFIX: + if (flags & NPTV6_HAS_EXTPREFIX) + errx(EX_USAGE, + "Only one ext_prefix or ext_if allowed"); NEED1("IPv6 prefix required"); nptv6_parse_prefix(*av, &cfg->external, &plen); flags |= NPTV6_HAS_EXTPREFIX; @@ -221,6 +225,18 @@ nptv6_create(const char *name, uint8_t set, int ac, char *av[]) goto check_prefix; ac--; av++; break; + case TOK_EXTIF: + if (flags & NPTV6_HAS_EXTPREFIX) + errx(EX_USAGE, + "Only one ext_prefix or ext_if allowed"); + NEED1("Interface name required"); + if (strlen(*av) >= sizeof(cfg->if_name)) + errx(EX_USAGE, "Invalid interface name"); + flags |= NPTV6_HAS_EXTPREFIX; + cfg->flags |= NPTV6_DYNAMIC_PREFIX; + strncpy(cfg->if_name, *av, sizeof(cfg->if_name)); + ac--; av++; + break; case TOK_PREFIXLEN: NEED1("IPv6 prefix length required"); plen = strtol(*av, &p, 10); @@ -245,13 +261,14 @@ check_prefix: if ((flags & NPTV6_HAS_INTPREFIX) != NPTV6_HAS_INTPREFIX) errx(EX_USAGE, "int_prefix required"); if ((flags & NPTV6_HAS_EXTPREFIX) != NPTV6_HAS_EXTPREFIX) - errx(EX_USAGE, "ext_prefix required"); + errx(EX_USAGE, "ext_prefix or ext_if required"); if ((flags & NPTV6_HAS_PREFIXLEN) != NPTV6_HAS_PREFIXLEN) errx(EX_USAGE, "prefixlen required"); n2mask(&mask, cfg->plen); APPLY_MASK(&cfg->internal, &mask); - APPLY_MASK(&cfg->external, &mask); + if ((cfg->flags & NPTV6_DYNAMIC_PREFIX) == 0) + APPLY_MASK(&cfg->external, &mask); olh->count = 1; olh->objsize = sizeof(*cfg); @@ -350,8 +367,13 @@ nptv6_show_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set) printf("set %u ", cfg->set); inet_ntop(AF_INET6, &cfg->internal, abuf, sizeof(abuf)); printf("nptv6 %s int_prefix %s ", cfg->name, abuf); - inet_ntop(AF_INET6, &cfg->external, abuf, sizeof(abuf)); - printf("ext_prefix %s prefixlen %u\n", abuf, cfg->plen); + if (cfg->flags & NPTV6_DYNAMIC_PREFIX) + printf("ext_if %s ", cfg->if_name); + else { + inet_ntop(AF_INET6, &cfg->external, abuf, sizeof(abuf)); + printf("ext_prefix %s ", abuf); + } + printf("prefixlen %u\n", cfg->plen); return (0); } |