Author: piso
Date: Wed Apr 1 20:23:47 2009
New Revision: 190633
URL: http://svn.freebsd.org/changeset/base/190633
Log:
Implement an ipfw action to reassemble ip packets: reass.
Modified:
head/sbin/ipfw/ (props changed)
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.c
head/sbin/ipfw/ipfw2.h
head/sbin/ipfw/main.c
head/sys/ (props changed)
head/sys/amd64/include/xen/ (props changed)
head/sys/arm/arm/cpufunc_asm_sheeva.S (props changed)
head/sys/contrib/pf/ (props changed)
head/sys/dev/ata/ata-usb.c (props changed)
head/sys/dev/cxgb/ (props changed)
head/sys/dev/sound/usb/uaudio.c (props changed)
head/sys/dev/sound/usb/uaudio.h (props changed)
head/sys/dev/sound/usb/uaudio_pcm.c (props changed)
head/sys/dev/sound/usb/uaudioreg.h (props changed)
head/sys/dev/usb/README.TXT (props changed)
head/sys/dev/usb/bluetooth/TODO.TXT (props changed)
head/sys/dev/usb/bluetooth/ng_ubt.c (props changed)
head/sys/dev/usb/bluetooth/ng_ubt_var.h (props changed)
head/sys/dev/usb/bluetooth/ubtbcmfw.c (props changed)
head/sys/dev/usb/controller/at91dci.c (props changed)
head/sys/dev/usb/controller/at91dci.h (props changed)
head/sys/dev/usb/controller/at91dci_atmelarm.c (props changed)
head/sys/dev/usb/controller/atmegadci.c (props changed)
head/sys/dev/usb/controller/atmegadci.h (props changed)
head/sys/dev/usb/controller/atmegadci_atmelarm.c (props changed)
head/sys/dev/usb/controller/ehci.c (props changed)
head/sys/dev/usb/controller/ehci.h (props changed)
head/sys/dev/usb/controller/ehci_ixp4xx.c (props changed)
head/sys/dev/usb/controller/ehci_mbus.c (props changed)
head/sys/dev/usb/controller/ehci_pci.c (props changed)
head/sys/dev/usb/controller/musb_otg.c (props changed)
head/sys/dev/usb/controller/musb_otg.h (props changed)
head/sys/dev/usb/controller/musb_otg_atmelarm.c (props changed)
head/sys/dev/usb/controller/ohci.c (props changed)
head/sys/dev/usb/controller/ohci.h (props changed)
head/sys/dev/usb/controller/ohci_atmelarm.c (props changed)
head/sys/dev/usb/controller/ohci_pci.c (props changed)
head/sys/dev/usb/controller/uhci.c (props changed)
head/sys/dev/usb/controller/uhci.h (props changed)
head/sys/dev/usb/controller/uhci_pci.c (props changed)
head/sys/dev/usb/controller/usb_controller.c (props changed)
head/sys/dev/usb/controller/uss820dci.c (props changed)
head/sys/dev/usb/controller/uss820dci.h (props changed)
head/sys/dev/usb/controller/uss820dci_atmelarm.c (props changed)
head/sys/dev/usb/input/uhid.c (props changed)
head/sys/dev/usb/input/ukbd.c (props changed)
head/sys/dev/usb/input/ums.c (props changed)
head/sys/dev/usb/input/usb_rdesc.h (props changed)
head/sys/dev/usb/misc/udbp.c (props changed)
head/sys/dev/usb/misc/udbp.h (props changed)
head/sys/dev/usb/misc/ufm.c (props changed)
head/sys/dev/usb/net/if_aue.c (props changed)
head/sys/dev/usb/net/if_auereg.h (props changed)
head/sys/dev/usb/net/if_axe.c (props changed)
head/sys/dev/usb/net/if_axereg.h (props changed)
head/sys/dev/usb/net/if_cdce.c (props changed)
head/sys/dev/usb/net/if_cdcereg.h (props changed)
head/sys/dev/usb/net/if_cue.c (props changed)
head/sys/dev/usb/net/if_cuereg.h (props changed)
head/sys/dev/usb/net/if_kue.c (props changed)
head/sys/dev/usb/net/if_kuefw.h (props changed)
head/sys/dev/usb/net/if_kuereg.h (props changed)
head/sys/dev/usb/net/if_rue.c (props changed)
head/sys/dev/usb/net/if_ruereg.h (props changed)
head/sys/dev/usb/net/if_udav.c (props changed)
head/sys/dev/usb/net/if_udavreg.h (props changed)
head/sys/dev/usb/net/usb_ethernet.c (props changed)
head/sys/dev/usb/net/usb_ethernet.h (props changed)
head/sys/dev/usb/quirk/usb_quirk.c (props changed)
head/sys/dev/usb/quirk/usb_quirk.h (props changed)
head/sys/dev/usb/serial/u3g.c (props changed)
head/sys/dev/usb/serial/uark.c (props changed)
head/sys/dev/usb/serial/ubsa.c (props changed)
head/sys/dev/usb/serial/ubser.c (props changed)
head/sys/dev/usb/serial/uchcom.c (props changed)
head/sys/dev/usb/serial/ucycom.c (props changed)
head/sys/dev/usb/serial/ufoma.c (props changed)
head/sys/dev/usb/serial/uftdi.c (props changed)
head/sys/dev/usb/serial/uftdi_reg.h (props changed)
head/sys/dev/usb/serial/ugensa.c (props changed)
head/sys/dev/usb/serial/uipaq.c (props changed)
head/sys/dev/usb/serial/ulpt.c (props changed)
head/sys/dev/usb/serial/umct.c (props changed)
head/sys/dev/usb/serial/umodem.c (props changed)
head/sys/dev/usb/serial/umoscom.c (props changed)
head/sys/dev/usb/serial/uplcom.c (props changed)
head/sys/dev/usb/serial/usb_serial.c (props changed)
head/sys/dev/usb/serial/usb_serial.h (props changed)
head/sys/dev/usb/serial/uslcom.c (props changed)
head/sys/dev/usb/serial/uvisor.c (props changed)
head/sys/dev/usb/serial/uvscom.c (props changed)
head/sys/dev/usb/storage/rio500_usb.h (props changed)
head/sys/dev/usb/storage/umass.c (props changed)
head/sys/dev/usb/storage/urio.c (props changed)
head/sys/dev/usb/storage/ustorage_fs.c (props changed)
head/sys/dev/usb/template/usb_template.c (props changed)
head/sys/dev/usb/template/usb_template.h (props changed)
head/sys/dev/usb/template/usb_template_cdce.c (props changed)
head/sys/dev/usb/template/usb_template_msc.c (props changed)
head/sys/dev/usb/template/usb_template_mtp.c (props changed)
head/sys/dev/usb/ufm_ioctl.h (props changed)
head/sys/dev/usb/usb.h (props changed)
head/sys/dev/usb/usb_bus.h (props changed)
head/sys/dev/usb/usb_busdma.c (props changed)
head/sys/dev/usb/usb_busdma.h (props changed)
head/sys/dev/usb/usb_cdc.h (props changed)
head/sys/dev/usb/usb_compat_linux.c (props changed)
head/sys/dev/usb/usb_compat_linux.h (props changed)
head/sys/dev/usb/usb_controller.h (props changed)
head/sys/dev/usb/usb_core.c (props changed)
head/sys/dev/usb/usb_core.h (props changed)
head/sys/dev/usb/usb_debug.c (props changed)
head/sys/dev/usb/usb_debug.h (props changed)
head/sys/dev/usb/usb_defs.h (props changed)
head/sys/dev/usb/usb_dev.c (props changed)
head/sys/dev/usb/usb_dev.h (props changed)
head/sys/dev/usb/usb_device.c (props changed)
head/sys/dev/usb/usb_device.h (props changed)
head/sys/dev/usb/usb_dynamic.c (props changed)
head/sys/dev/usb/usb_dynamic.h (props changed)
head/sys/dev/usb/usb_endian.h (props changed)
head/sys/dev/usb/usb_error.c (props changed)
head/sys/dev/usb/usb_error.h (props changed)
head/sys/dev/usb/usb_generic.c (props changed)
head/sys/dev/usb/usb_generic.h (props changed)
head/sys/dev/usb/usb_handle_request.c (props changed)
head/sys/dev/usb/usb_handle_request.h (props changed)
head/sys/dev/usb/usb_hid.c (props changed)
head/sys/dev/usb/usb_hid.h (props changed)
head/sys/dev/usb/usb_hub.c (props changed)
head/sys/dev/usb/usb_hub.h (props changed)
head/sys/dev/usb/usb_if.m (props changed)
head/sys/dev/usb/usb_ioctl.h (props changed)
head/sys/dev/usb/usb_lookup.c (props changed)
head/sys/dev/usb/usb_lookup.h (props changed)
head/sys/dev/usb/usb_mbuf.c (props changed)
head/sys/dev/usb/usb_mbuf.h (props changed)
head/sys/dev/usb/usb_mfunc.h (props changed)
head/sys/dev/usb/usb_msctest.c (props changed)
head/sys/dev/usb/usb_msctest.h (props changed)
head/sys/dev/usb/usb_parse.c (props changed)
head/sys/dev/usb/usb_parse.h (props changed)
head/sys/dev/usb/usb_pci.h (props changed)
head/sys/dev/usb/usb_process.c (props changed)
head/sys/dev/usb/usb_process.h (props changed)
head/sys/dev/usb/usb_request.c (props changed)
head/sys/dev/usb/usb_request.h (props changed)
head/sys/dev/usb/usb_revision.h (props changed)
head/sys/dev/usb/usb_sw_transfer.c (props changed)
head/sys/dev/usb/usb_sw_transfer.h (props changed)
head/sys/dev/usb/usb_transfer.c (props changed)
head/sys/dev/usb/usb_transfer.h (props changed)
head/sys/dev/usb/usb_util.c (props changed)
head/sys/dev/usb/usb_util.h (props changed)
head/sys/dev/usb/usbdevs (props changed)
head/sys/dev/usb/usbhid.h (props changed)
head/sys/dev/usb/wlan/if_rum.c (props changed)
head/sys/dev/usb/wlan/if_rumfw.h (props changed)
head/sys/dev/usb/wlan/if_rumreg.h (props changed)
head/sys/dev/usb/wlan/if_rumvar.h (props changed)
head/sys/dev/usb/wlan/if_ural.c (props changed)
head/sys/dev/usb/wlan/if_uralreg.h (props changed)
head/sys/dev/usb/wlan/if_uralvar.h (props changed)
head/sys/dev/usb/wlan/if_zyd.c (props changed)
head/sys/dev/usb/wlan/if_zydfw.h (props changed)
head/sys/dev/usb/wlan/if_zydreg.h (props changed)
head/sys/dev/usb/wlan/usb_wlan.h (props changed)
head/sys/dev/xen/netfront/ (props changed)
head/sys/dev/xen/xenpci/ (props changed)
head/sys/legacy/dev/ata/ata-usb.c (props changed)
head/sys/legacy/dev/sound/usb/uaudio.c (props changed)
head/sys/legacy/dev/sound/usb/uaudio.h (props changed)
head/sys/legacy/dev/sound/usb/uaudio_pcm.c (props changed)
head/sys/legacy/dev/sound/usb/uaudioreg.h (props changed)
head/sys/legacy/dev/usb/ (props changed)
head/sys/legacy/dev/usb/ehci_ixp4xx.c (props changed)
head/sys/mips/mips/elf64_machdep.c (props changed)
head/sys/netinet/ip_fw.h
head/sys/netinet/ip_fw2.c
head/sys/netinet/ip_fw_pfil.c
head/sys/xen/evtchn.h (props changed)
head/sys/xen/hypervisor.h (props changed)
head/sys/xen/xen_intr.h (props changed)
Modified: head/sbin/ipfw/ipfw.8
==============================================================================
--- head/sbin/ipfw/ipfw.8 Wed Apr 1 19:23:46 2009 (r190632)
+++ head/sbin/ipfw/ipfw.8 Wed Apr 1 20:23:47 2009 (r190633)
@@ -866,6 +866,13 @@ in any subsequent forwarding decisions.
Initially this is limited to the values 0 through 15, see
.Xr setfib 8 .
Processing continues at the next rule.
+.It Cm reass
+Queue and reassemble ip fragments.
+If the packet is not fragmented, counters are updated and processing continues
with the next rule.
+If the packet is the last logical fragment, the packet is reassembled and, if
+.Va net.inet.ip.fw.one_pass
+is set to 0, processing continues with the next rule, else packet is allowed
to pass and search terminates.
+If the packet is a fragment in the middle, it is consumed and processing stops
immediately.
.El
.Ss RULE BODY
The body of a rule contains zero or more patterns (such as
Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c Wed Apr 1 19:23:46 2009 (r190632)
+++ head/sbin/ipfw/ipfw2.c Wed Apr 1 20:23:47 2009 (r190633)
@@ -211,6 +211,7 @@ static struct _s_x rule_actions[] = {
{ "check-state", TOK_CHECKSTATE },
{ "//", TOK_COMMENT },
{ "nat", TOK_NAT },
+ { "reass", TOK_REASS },
{ "setfib", TOK_SETFIB },
{ NULL, 0 } /* terminator */
};
@@ -1089,6 +1090,10 @@ show_ipfw(struct ip_fw *rule, int pcwidt
case O_SETFIB:
PRINT_UINT_ARG("setfib ", cmd->arg1);
break;
+
+ case O_REASS:
+ printf("reass");
+ break;
default:
printf("** unrecognized action %d len %d ",
@@ -2781,6 +2786,10 @@ chkarg:
ac--; av++;
break;
}
+
+ case TOK_REASS:
+ action->opcode = O_REASS;
+ break;
default:
errx(EX_DATAERR, "invalid action %s\n", av[-1]);
Modified: head/sbin/ipfw/ipfw2.h
==============================================================================
--- head/sbin/ipfw/ipfw2.h Wed Apr 1 19:23:46 2009 (r190632)
+++ head/sbin/ipfw/ipfw2.h Wed Apr 1 20:23:47 2009 (r190633)
@@ -95,6 +95,7 @@ enum tokens {
TOK_UNREACH,
TOK_CHECKSTATE,
TOK_NAT,
+ TOK_REASS,
TOK_ALTQ,
TOK_LOG,
Modified: head/sbin/ipfw/main.c
==============================================================================
--- head/sbin/ipfw/main.c Wed Apr 1 19:23:46 2009 (r190632)
+++ head/sbin/ipfw/main.c Wed Apr 1 20:23:47 2009 (r190633)
@@ -54,7 +54,7 @@ help(void)
"RULE-BODY: check-state [PARAMS] | ACTION [PARAMS] ADDR [OPTION_LIST]\n"
"ACTION: check-state | allow | count | deny | unreach{,6} CODE |\n"
" skipto N | {divert|tee} PORT | forward ADDR |\n"
-" pipe N | queue N | nat N | setfib FIB\n"
+" pipe N | queue N | nat N | setfib FIB | reass\n"
"PARAMS: [log [logamount LOGLIMIT]] [altq QUEUE_NAME]\n"
"ADDR: [ MAC dst src ether_type ] \n"
" [ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"
Modified: head/sys/netinet/ip_fw.h
==============================================================================
--- head/sys/netinet/ip_fw.h Wed Apr 1 19:23:46 2009 (r190632)
+++ head/sys/netinet/ip_fw.h Wed Apr 1 20:23:47 2009 (r190633)
@@ -139,7 +139,8 @@ enum ipfw_opcodes { /* arguments (4 byt
O_FORWARD_IP, /* fwd sockaddr */
O_FORWARD_MAC, /* fwd mac */
O_NAT, /* nope */
-
+ O_REASS, /* none */
+
/*
* More opcodes.
*/
@@ -574,6 +575,7 @@ enum {
IP_FW_NETGRAPH,
IP_FW_NGTEE,
IP_FW_NAT,
+ IP_FW_REASS,
};
/* flags for divert mtag */
Modified: head/sys/netinet/ip_fw2.c
==============================================================================
--- head/sys/netinet/ip_fw2.c Wed Apr 1 19:23:46 2009 (r190632)
+++ head/sys/netinet/ip_fw2.c Wed Apr 1 20:23:47 2009 (r190633)
@@ -898,6 +898,9 @@ ipfw_log(struct ip_fw *f, u_int hlen, st
case O_NAT:
action = "Nat";
break;
+ case O_REASS:
+ action = "Reass";
+ break;
default:
action = "UNKNOWN";
break;
@@ -3375,6 +3378,55 @@ check_body:
goto done;
}
+ case O_REASS: {
+ int ip_off;
+
+ f->pcnt++;
+ f->bcnt += pktlen;
+ ip_off = (args->eh != NULL) ? ntohs(ip->ip_off)
: ip->ip_off;
+ if (ip_off & (IP_MF | IP_OFFMASK)) {
+ /*
+ * ip_reass() expects len & off in host
+ * byte order: fix them in case we come
+ * from layer2.
+ */
+ if (args->eh != NULL) {
+ ip->ip_len = ntohs(ip->ip_len);
+ ip->ip_off = ntohs(ip->ip_off);
+ }
+
+ m = ip_reass(m);
+ args->m = m;
+
+ /*
+ * IP header checksum fixup after
+ * reassembly and leave header
+ * in network byte order.
+ */
+ if (m != NULL) {
+ int hlen;
+
+ ip = mtod(m, struct ip *);
+ hlen = ip->ip_hl << 2;
+ /* revert len & off for layer2
pkts */
+ if (args->eh != NULL)
+ ip->ip_len =
htons(ip->ip_len);
+ ip->ip_sum = 0;
+ if (hlen == sizeof(struct ip))
+ ip->ip_sum =
in_cksum_hdr(ip);
+ else
+ ip->ip_sum =
in_cksum(m, hlen);
+ retval = IP_FW_REASS;
+ args->rule = f;
+ goto done;
+ } else {
+ retval = IP_FW_DENY;
+ goto done;
+ }
+ }
+ goto next_rule;
+ }
+
default:
panic("-- unknown opcode %d\n", cmd->opcode);
} /* end of switch() on opcodes */
@@ -4024,6 +4076,7 @@ check_ipfw_struct(struct ip_fw *rule, in
case O_UNREACH6:
#endif
case O_SKIPTO:
+ case O_REASS:
check_size:
if (cmdlen != F_INSN_SIZE(ipfw_insn))
goto bad_size;
Modified: head/sys/netinet/ip_fw_pfil.c
==============================================================================
--- head/sys/netinet/ip_fw_pfil.c Wed Apr 1 19:23:46 2009
(r190632)
+++ head/sys/netinet/ip_fw_pfil.c Wed Apr 1 20:23:47 2009
(r190633)
@@ -200,6 +200,9 @@ again:
case IP_FW_NAT:
goto again; /* continue with packet */
+ case IP_FW_REASS:
+ goto again;
+
default:
KASSERT(0, ("%s: unknown retval", __func__));
}
@@ -329,6 +332,9 @@ again:
case IP_FW_NAT:
goto again; /* continue with packet */
+ case IP_FW_REASS:
+ goto again;
+
default:
KASSERT(0, ("%s: unknown retval", __func__));
}
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
