diff options
author | Brian Feldman <green@FreeBSD.org> | 2004-10-03 00:17:46 +0000 |
---|---|---|
committer | Brian Feldman <green@FreeBSD.org> | 2004-10-03 00:17:46 +0000 |
commit | 974dfe30846e325ae81be8f447d59e5440af6663 (patch) | |
tree | e40a46b2deb9dd73b5b7b3f96b1f19d44079a888 /sys/netinet/ip_fw2.c | |
parent | 8ceb3dcb60316c29b38a453027b23358b140b217 (diff) | |
download | src-974dfe30846e325ae81be8f447d59e5440af6663.tar.gz src-974dfe30846e325ae81be8f447d59e5440af6663.zip |
Add to IPFW the ability to do ALTQ classification/tagging.
Notes
Notes:
svn path=/head/; revision=136071
Diffstat (limited to 'sys/netinet/ip_fw2.c')
-rw-r--r-- | sys/netinet/ip_fw2.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 2d8197f2c7b2..9108d7bd1558 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -77,6 +77,7 @@ #include <netinet/tcpip.h> #include <netinet/udp.h> #include <netinet/udp_var.h> +#include <altq/if_altq.h> #ifdef IPSEC #include <netinet6/ipsec.h> @@ -553,6 +554,13 @@ ipfw_log(struct ip_fw *f, u_int hlen, struct ether_header *eh, if (l->log_left == 0) limit_reached = l->max_log; cmd += F_LEN(cmd); /* point to first action */ + if (cmd->opcode == O_ALTQ) { + ipfw_insn_altq *altq = (ipfw_insn_altq *)cmd; + + snprintf(SNPARGS(action2, 0), "Altq %d", + altq->qid); + cmd += F_LEN(cmd); + } if (cmd->opcode == O_PROB) cmd += F_LEN(cmd); @@ -1324,6 +1332,8 @@ lookup_next_rule(struct ip_fw *me) cmd = ACTION_PTR(me); if (cmd->opcode == O_LOG) cmd += F_LEN(cmd); + if (cmd->opcode == O_ALTQ) + cmd += F_LEN(cmd); if ( cmd->opcode == O_SKIPTO ) for (rule = me->next; rule ; rule = rule->next) if (rule->rulenum >= cmd->arg1) @@ -2212,6 +2222,32 @@ check_body: (TH_RST | TH_ACK | TH_SYN)) != TH_SYN); break; + case O_ALTQ: { + struct altq_tag *at; + ipfw_insn_altq *altq = (ipfw_insn_altq *)cmd; + + match = 1; + mtag = m_tag_get(PACKET_TAG_PF_QID, + sizeof(struct altq_tag), + M_NOWAIT); + if (mtag == NULL) { + /* + * Let the packet fall back to the + * default ALTQ. + */ + break; + } + at = (struct altq_tag *)(mtag+1); + at->qid = altq->qid; + if (hlen != 0) + at->af = AF_INET; + else + at->af = AF_LINK; + at->hdr = ip; + m_tag_prepend(m, mtag); + break; + } + case O_LOG: if (fw_verbose) ipfw_log(f, hlen, args->eh, m, oif); @@ -2275,6 +2311,9 @@ check_body: * or to the SKIPTO target ('goto again' after * having set f, cmd and l), respectively. * + * O_LOG and O_ALTQ action parameters: + * perform some action and set match = 1; + * * O_LIMIT and O_KEEP_STATE: these opcodes are * not real 'actions', and are stored right * before the 'action' part of the rule. @@ -2974,6 +3013,11 @@ check_ipfw_struct(struct ip_fw *rule, int size) goto bad_size; break; + case O_ALTQ: + if (cmdlen != F_INSN_SIZE(ipfw_insn_altq)) + goto bad_size; + break; + case O_PIPE: case O_QUEUE: if (cmdlen != F_INSN_SIZE(ipfw_insn_pipe)) |