diff options
author | Max Laier <mlaier@FreeBSD.org> | 2005-06-03 01:10:28 +0000 |
---|---|---|
committer | Max Laier <mlaier@FreeBSD.org> | 2005-06-03 01:10:28 +0000 |
commit | 57cd6d263bcdae7ba1f2e0777e1d9cd9c3beeba3 (patch) | |
tree | 82a1c38b6f93efa59971e10db9eb13be00fab807 /sys/netinet/ip_fw2.c | |
parent | d24ff94b24d8486ab73cfcd7eb8facb0c4330271 (diff) | |
download | src-57cd6d263bcdae7ba1f2e0777e1d9cd9c3beeba3.tar.gz src-57cd6d263bcdae7ba1f2e0777e1d9cd9c3beeba3.zip |
Add support for IPv4 only rules to IPFW2 now that it supports IPv6 as well.
This is the last requirement before we can retire ip6fw.
Reviewed by: dwhite, brooks(earlier version)
Submitted by: dwhite (manpage)
Silence from: -ipfw
Notes
Notes:
svn path=/head/; revision=146894
Diffstat (limited to 'sys/netinet/ip_fw2.c')
-rw-r--r-- | sys/netinet/ip_fw2.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 0c1d2a2c7cce..82119770cfbe 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -1961,6 +1961,7 @@ ipfw_chk(struct ip_fw_args *args) int is_ipv6 = 0; u_int16_t ext_hd = 0; /* bits vector for extension header filtering */ /* end of ipv6 variables */ + int is_ipv4 = 0; if (m->m_flags & M_SKIP_FIREWALL) return (IP_FW_PASS); /* accept */ @@ -2076,6 +2077,7 @@ do { \ } else if (pktlen >= sizeof(struct ip) && (args->eh == NULL || ntohs(args->eh->ether_type) == ETHERTYPE_IP) && mtod(m, struct ip *)->ip_v == 4) { + is_ipv4 = 1; ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; args->f_id.addr_type = 4; @@ -2677,6 +2679,10 @@ check_body: break; #endif + case O_IP4: + match = is_ipv4; + break; + /* * The second set of opcodes represents 'actions', * i.e. the terminal part of a rule once the packet @@ -3322,6 +3328,7 @@ check_ipfw_struct(struct ip_fw *rule, int size) case O_IP6_DST_ME: case O_EXT_HDR: case O_IP6: + case O_IP4: if (cmdlen != F_INSN_SIZE(ipfw_insn)) goto bad_size; break; |