28c28
< * $FreeBSD: head/usr.sbin/ppp/filter.c 78189 2001-06-13 21:52:19Z brian $
---
> * $FreeBSD: head/usr.sbin/ppp/filter.c 81634 2001-08-14 16:05:52Z brian $
36a37
> #include <sys/socket.h>
58a60,61
> #include "ncpaddr.h"
> #include "ip.h"
66a70,71
> #include "ipv6cp.h"
> #include "ncp.h"
69d73
< static int filter_Nam2Proto(int, char const *const *);
72,152d75
< static const u_int32_t netmasks[33] = {
< 0x00000000,
< 0x80000000, 0xC0000000, 0xE0000000, 0xF0000000,
< 0xF8000000, 0xFC000000, 0xFE000000, 0xFF000000,
< 0xFF800000, 0xFFC00000, 0xFFE00000, 0xFFF00000,
< 0xFFF80000, 0xFFFC0000, 0xFFFE0000, 0xFFFF0000,
< 0xFFFF8000, 0xFFFFC000, 0xFFFFE000, 0xFFFFF000,
< 0xFFFFF800, 0xFFFFFC00, 0xFFFFFE00, 0xFFFFFF00,
< 0xFFFFFF80, 0xFFFFFFC0, 0xFFFFFFE0, 0xFFFFFFF0,
< 0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF,
< };
<
< struct in_addr
< bits2mask(int bits)
< {
< struct in_addr result;
<
< result.s_addr = htonl(netmasks[bits]);
< return result;
< }
<
< int
< ParseAddr(struct ipcp *ipcp, const char *data,
< struct in_addr *paddr, struct in_addr *pmask, int *pwidth)
< {
< int bits, len;
< char *wp;
< const char *cp;
<
< if (pmask)
< pmask->s_addr = INADDR_BROADCAST; /* Assume 255.255.255.255 as default */
<
< cp = pmask || pwidth ? strchr(data, '/') : NULL;
< len = cp ? cp - data : strlen(data);
<
< if (ipcp && strncasecmp(data, "HISADDR", len) == 0)
< *paddr = ipcp->peer_ip;
< else if (ipcp && strncasecmp(data, "MYADDR", len) == 0)
< *paddr = ipcp->my_ip;
< else if (ipcp && strncasecmp(data, "DNS0", len) == 0)
< *paddr = ipcp->ns.dns[0];
< else if (ipcp && strncasecmp(data, "DNS1", len) == 0)
< *paddr = ipcp->ns.dns[1];
< else {
< char *s;
<
< s = (char *)alloca(len + 1);
< strncpy(s, data, len);
< s[len] = '\0';
< *paddr = GetIpAddr(s);
< if (paddr->s_addr == INADDR_NONE) {
< log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s);
< return 0;
< }
< }
< if (cp && *++cp) {
< bits = strtol(cp, &wp, 0);
< if (cp == wp || bits < 0 || bits > 32) {
< log_Printf(LogWARN, "ParseAddr: bad mask width.\n");
< return 0;
< }
< } else if (paddr->s_addr == INADDR_ANY)
< /* An IP of 0.0.0.0 without a width is anything */
< bits = 0;
< else
< /* If a valid IP is given without a width, assume 32 bits */
< bits = 32;
<
< if (pwidth)
< *pwidth = bits;
<
< if (pmask) {
< if (paddr->s_addr == INADDR_ANY)
< pmask->s_addr = INADDR_ANY;
< else
< *pmask = bits2mask(bits);
< }
<
< return 1;
< }
<
154c77
< ParsePort(const char *service, int proto)
---
> ParsePort(const char *service, const char *proto)
156,157d78
< const char *protocol_name;
< char *cp;
158a80
> char *cp;
161,175c83
< switch (proto) {
< case P_IPIP:
< protocol_name = "ipip";
< break;
< case P_UDP:
< protocol_name = "udp";
< break;
< case P_TCP:
< protocol_name = "tcp";
< break;
< default:
< protocol_name = 0;
< }
<
< servent = getservbyname(service, protocol_name);
---
> servent = getservbyname(service, proto);
192c100,101
< ParseIcmp(int argc, char const *const *argv, struct filterent *tgt)
---
> ParseIcmp(int argc, char const *const *argv, const struct protoent *pe,
> struct filterent *tgt)
200c109
< tgt->f_srcop = OP_NONE;
---
> tgt->f_srcop = tgt->f_dstop = OP_NONE;
211a121
> tgt->f_dstop = OP_NONE;
226c136
< ParseUdpOrTcp(int argc, char const *const *argv, int proto,
---
> ParseUdpOrTcp(int argc, char const *const *argv, const struct protoent *pe,
235c145
< log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n");
---
> log_Printf(LogWARN, "ParseUdpOrTcp: bad operator\n");
238c148,150
< tgt->f_srcport = ParsePort(argv[2], proto);
---
> if (pe == NULL)
> return 0;
> tgt->f_srcport = ParsePort(argv[2], pe->p_name);
248c160
< log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n");
---
> log_Printf(LogWARN, "ParseUdpOrTcp: bad operator\n");
251c163,165
< tgt->f_dstport = ParsePort(argv[2], proto);
---
> if (pe == NULL)
> return 0;
> tgt->f_dstport = ParsePort(argv[2], pe->p_name);
258c172
< if (proto == P_TCP) {
---
> if (pe && pe->p_proto == IPPROTO_TCP) {
279c193,194
< ParseIgmp(int argc, char const * const *argv, struct filterent *tgt)
---
> ParseGeneric(int argc, char const * const *argv, const struct protoent *pe,
> struct filterent *tgt)
286c201
< log_Printf(LogWARN, "ParseIgmp: Too many parameters\n");
---
> log_Printf(LogWARN, "ParseGeneric: Too many parameters\n");
289c204
< tgt->f_srcop = OP_NONE;
---
> tgt->f_srcop = tgt->f_dstop = OP_NONE;
294,329d208
< #ifdef P_GRE
< static int
< ParseGRE(int argc, char const * const *argv, struct filterent *tgt)
< {
< /*
< * Filter currently is a catch-all. Requests are either permitted or
< * dropped.
< */
< if (argc != 0) {
< log_Printf(LogWARN, "ParseGRE: Too many parameters\n");
< return 0;
< } else
< tgt->f_srcop = OP_NONE;
<
< return 1;
< }
< #endif
<
< #ifdef P_OSPF
< static int
< ParseOspf(int argc, char const * const *argv, struct filterent *tgt)
< {
< /*
< * Filter currently is a catch-all. Requests are either permitted or
< * dropped.
< */
< if (argc != 0) {
< log_Printf(LogWARN, "ParseOspf: Too many parameters\n");
< return 0;
< } else
< tgt->f_srcop = OP_NONE;
<
< return 1;
< }
< #endif
<
334a214,215
> if (!strncasecmp(addr, "MYADDR6", 7) && (addr[7] == '\0' || addr[7] == '/'))
> return T_MYADDR6;
336a218,219
> if (!strncasecmp(addr, "HISADDR6", 8) && (addr[8] == '\0' || addr[8] == '/'))
> return T_HISADDR6;
346c229
< addrstr(struct in_addr addr, unsigned type)
---
> addrstr(struct ncprange *addr, unsigned type)
358c241
< return inet_ntoa(addr);
---
> return ncprange_ntoa(addr);
361,373d243
< static const char *
< maskstr(int bits)
< {
< static char str[4];
<
< if (bits == 32)
< *str = '\0';
< else
< snprintf(str, sizeof str, "/%d", bits);
<
< return str;
< }
<
375,376c245,246
< Parse(struct ipcp *ipcp, int argc, char const *const *argv,
< struct filterent *ofp)
---
> filter_Parse(struct ncp *ncp, int argc, char const *const *argv,
> struct filterent *ofp)
378,379c248,249
< int action, proto;
< int val, ruleno;
---
> struct filterent fe;
> struct protoent *pe;
381c251
< struct filterent filterdata;
---
> int action, family, ruleno, val, width;
404,405c274
< proto = P_NONE;
< memset(&filterdata, '\0', sizeof filterdata);
---
> memset(&fe, '\0', sizeof fe);
423c292
< log_Printf(LogWARN, "Parse: bad action: %s\n", *argv);
---
> log_Printf(LogWARN, "Parse: %s: bad action\n", *argv);
426c295
< filterdata.f_action = action;
---
> fe.f_action = action;
432c301
< filterdata.f_invert = 1;
---
> fe.f_invert = 1;
437,443c306,322
< proto = filter_Nam2Proto(argc, argv);
< if (proto == P_NONE) {
< if (!argc)
< log_Printf(LogWARN, "Parse: address/mask is expected.\n");
< else if (ParseAddr(ipcp, *argv, &filterdata.f_src.ipaddr,
< &filterdata.f_src.mask, &filterdata.f_src.width)) {
< filterdata.f_srctype = addrtype(*argv);
---
> ncprange_init(&fe.f_src);
> ncprange_init(&fe.f_dst);
>
> if (argc == 0)
> pe = NULL;
> else if ((pe = getprotobyname(*argv)) == NULL && strcmp(*argv, "all") != 0) {
> if (argc < 2) {
> log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
> return 0;
> } else if (strcasecmp(*argv, "any") == 0 ||
> ncprange_aton(&fe.f_src, ncp, *argv)) {
> family = ncprange_family(&fe.f_src);
> if (!ncprange_getwidth(&fe.f_src, &width))
> width = 0;
> if (width == 0)
> ncprange_init(&fe.f_src);
> fe.f_srctype = addrtype(*argv);
446,466c325,340
< proto = filter_Nam2Proto(argc, argv);
< if (!argc)
< log_Printf(LogWARN, "Parse: address/mask is expected.\n");
< else if (proto == P_NONE) {
< if (ParseAddr(ipcp, *argv, &filterdata.f_dst.ipaddr,
< &filterdata.f_dst.mask, &filterdata.f_dst.width)) {
< filterdata.f_dsttype = addrtype(*argv);
< argc--;
< argv++;
< } else
< filterdata.f_dsttype = T_ADDR;
< if (argc) {
< proto = filter_Nam2Proto(argc, argv);
< if (proto == P_NONE) {
< log_Printf(LogWARN, "Parse: %s: Invalid protocol\n", *argv);
< return 0;
< } else {
< argc--;
< argv++;
< }
< }
---
>
> if (strcasecmp(*argv, "any") == 0 ||
> ncprange_aton(&fe.f_dst, ncp, *argv)) {
> if (ncprange_family(&fe.f_dst) != AF_UNSPEC &&
> ncprange_family(&fe.f_src) != AF_UNSPEC &&
> family != ncprange_family(&fe.f_dst)) {
> log_Printf(LogWARN, "Parse: src and dst address families differ\n");
> return 0;
> }
> if (!ncprange_getwidth(&fe.f_dst, &width))
> width = 0;
> if (width == 0)
> ncprange_init(&fe.f_dst);
> fe.f_dsttype = addrtype(*argv);
> argc--;
> argv++;
468,469c342,343
< argc--;
< argv++;
---
> log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
> return 0;
470a345,354
>
> if (argc) {
> if ((pe = getprotobyname(*argv)) == NULL && strcmp(*argv, "all") != 0) {
> log_Printf(LogWARN, "Parse: %s: Protocol expected\n", *argv);
> return 0;
> } else {
> argc--;
> argv++;
> }
> }
472c356
< log_Printf(LogWARN, "Parse: Address/protocol expected.\n");
---
> log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
480,481c364,365
< if (argc >= 2 && strcmp(argv[argc - 2], "timeout") == 0) {
< filterdata.timeout = strtoul(argv[argc - 1], NULL, 10);
---
> if (argc >= 2 && strcmp(*argv, "timeout") == 0) {
> fe.timeout = strtoul(argv[1], NULL, 10);
482a367
> argv += 2;
486c371
< filterdata.f_proto = proto;
---
> fe.f_proto = (pe == NULL) ? 0 : pe->p_proto;
488,507c373,378
< switch (proto) {
< case P_TCP:
< val = ParseUdpOrTcp(argc, argv, P_TCP, &filterdata);
< break;
< case P_UDP:
< val = ParseUdpOrTcp(argc, argv, P_UDP, &filterdata);
< break;
< case P_IPIP:
< val = ParseUdpOrTcp(argc, argv, P_IPIP, &filterdata);
< break;
< case P_ICMP:
< val = ParseIcmp(argc, argv, &filterdata);
< break;
< case P_IGMP:
< val = ParseIgmp(argc, argv, &filterdata);
< break;
< #ifdef P_OSPF
< case P_OSPF:
< val = ParseOspf(argc, argv, &filterdata);
< break;
---
> switch (fe.f_proto) {
> case IPPROTO_TCP:
> case IPPROTO_UDP:
> case IPPROTO_IPIP:
> #ifndef NOINET6
> case IPPROTO_IPV6:
509,511c380
< #ifdef P_GRE
< case P_GRE:
< val = ParseGRE(argc, argv, &filterdata);
---
> val = ParseUdpOrTcp(argc, argv, pe, &fe);
512a382,384
> case IPPROTO_ICMP:
> #ifndef NOINET6
> case IPPROTO_ICMPV6:
513a386,390
> val = ParseIcmp(argc, argv, pe, &fe);
> break;
> default:
> val = ParseGeneric(argc, argv, pe, &fe);
> break;
516,522c393,395
< log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.f_src.ipaddr));
< log_Printf(LogDEBUG, "Parse: Src mask: %s\n",
< inet_ntoa(filterdata.f_src.mask));
< log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.f_dst.ipaddr));
< log_Printf(LogDEBUG, "Parse: Dst mask: %s\n",
< inet_ntoa(filterdata.f_dst.mask));
< log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto);
---
> log_Printf(LogDEBUG, "Parse: Src: %s\n", ncprange_ntoa(&fe.f_src));
> log_Printf(LogDEBUG, "Parse: Dst: %s\n", ncprange_ntoa(&fe.f_dst));
> log_Printf(LogDEBUG, "Parse: Proto: %d\n", fe.f_proto);
525c398
< filter_Op2Nam(filterdata.f_srcop), filterdata.f_srcport);
---
> filter_Op2Nam(fe.f_srcop), fe.f_srcport);
527,530c400,403
< filter_Op2Nam(filterdata.f_dstop), filterdata.f_dstport);
< log_Printf(LogDEBUG, "Parse: estab: %u\n", filterdata.f_estab);
< log_Printf(LogDEBUG, "Parse: syn: %u\n", filterdata.f_syn);
< log_Printf(LogDEBUG, "Parse: finrst: %u\n", filterdata.f_finrst);
---
> filter_Op2Nam(fe.f_dstop), fe.f_dstport);
> log_Printf(LogDEBUG, "Parse: estab: %u\n", fe.f_estab);
> log_Printf(LogDEBUG, "Parse: syn: %u\n", fe.f_syn);
> log_Printf(LogDEBUG, "Parse: finrst: %u\n", fe.f_finrst);
533c406
< *ofp = filterdata;
---
> *ofp = fe;
560c433
< Parse(&arg->bundle->ncp.ipcp, arg->argc - arg->argn - 1,
---
> filter_Parse(&arg->bundle->ncp, arg->argc - arg->argn - 1,
582a456
> struct protoent *pe;
589,592c463,473
< prompt_Printf(prompt, "%s%s ", addrstr(fp->f_src.ipaddr, fp->f_srctype),
< maskstr(fp->f_src.width));
< prompt_Printf(prompt, "%s%s ", addrstr(fp->f_dst.ipaddr, fp->f_dsttype),
< maskstr(fp->f_dst.width));
---
>
> if (ncprange_isset(&fp->f_src))
> prompt_Printf(prompt, "%s ", addrstr(&fp->f_src, fp->f_srctype));
> else
> prompt_Printf(prompt, "any ");
>
> if (ncprange_isset(&fp->f_dst))
> prompt_Printf(prompt, "%s ", addrstr(&fp->f_dst, fp->f_dsttype));
> else
> prompt_Printf(prompt, "any ");
>
594c475,478
< prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->f_proto));
---
> if ((pe = getprotobynumber(fp->f_proto)) == NULL)
> prompt_Printf(prompt, "P:%d", fp->f_proto);
> else
> prompt_Printf(prompt, "%s", pe->p_name);
608c492,493
< }
---
> } else
> prompt_Printf(prompt, "all");
655,681d539
< static const char * const protoname[] = {
< "none", "tcp", "udp", "icmp", "ospf", "igmp", "gre", "ipip"
< };
<
< const char *
< filter_Proto2Nam(int proto)
< {
< if (proto >= sizeof protoname / sizeof protoname[0])
< return "unknown";
< return protoname[proto];
< }
<
< static int
< filter_Nam2Proto(int argc, char const *const *argv)
< {
< int proto;
<
< if (argc == 0)
< proto = 0;
< else
< for (proto = sizeof protoname / sizeof protoname[0] - 1; proto; proto--)
< if (!strcasecmp(*argv, protoname[proto]))
< break;
<
< return proto;
< }
<
706,707c564,565
< filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip,
< struct in_addr *peer_ip, struct in_addr dns[2])
---
> filter_AdjustAddr(struct filter *filter, struct ncpaddr *local,
> struct ncpaddr *remote, struct in_addr *dns)
714,718c572,582
< if (my_ip) {
< if (fp->f_srctype == T_MYADDR)
< fp->f_src.ipaddr = *my_ip;
< if (fp->f_dsttype == T_MYADDR)
< fp->f_dst.ipaddr = *my_ip;
---
> if (local) {
> if (fp->f_srctype == T_MYADDR && ncpaddr_family(local) == AF_INET)
> ncprange_sethost(&fp->f_src, local);
> if (fp->f_dsttype == T_MYADDR && ncpaddr_family(local) == AF_INET)
> ncprange_sethost(&fp->f_dst, local);
> #ifndef NOINET6
> if (fp->f_srctype == T_MYADDR6 && ncpaddr_family(local) == AF_INET6)
> ncprange_sethost(&fp->f_src, local);
> if (fp->f_dsttype == T_MYADDR6 && ncpaddr_family(local) == AF_INET6)
> ncprange_sethost(&fp->f_dst, local);
> #endif
720,724c584,594
< if (peer_ip) {
< if (fp->f_srctype == T_HISADDR)
< fp->f_src.ipaddr = *peer_ip;
< if (fp->f_dsttype == T_HISADDR)
< fp->f_dst.ipaddr = *peer_ip;
---
> if (remote) {
> if (fp->f_srctype == T_HISADDR && ncpaddr_family(remote) == AF_INET)
> ncprange_sethost(&fp->f_src, remote);
> if (fp->f_dsttype == T_HISADDR && ncpaddr_family(remote) == AF_INET)
> ncprange_sethost(&fp->f_dst, remote);
> #ifndef NOINET6
> if (fp->f_srctype == T_HISADDR6 && ncpaddr_family(remote) == AF_INET6)
> ncprange_sethost(&fp->f_src, remote);
> if (fp->f_dsttype == T_HISADDR6 && ncpaddr_family(remote) == AF_INET6)
> ncprange_sethost(&fp->f_dst, remote);
> #endif
728c598
< fp->f_src.ipaddr = dns[0];
---
> ncprange_setip4host(&fp->f_src, dns[0]);
730c600
< fp->f_dst.ipaddr = dns[0];
---
> ncprange_setip4host(&fp->f_dst, dns[0]);
732c602
< fp->f_src.ipaddr = dns[1];
---
> ncprange_setip4host(&fp->f_src, dns[1]);
734c604
< fp->f_dst.ipaddr = dns[1];
---
> ncprange_setip4host(&fp->f_dst, dns[1]);
< * $FreeBSD: head/usr.sbin/ppp/filter.c 78189 2001-06-13 21:52:19Z brian $
---
> * $FreeBSD: head/usr.sbin/ppp/filter.c 81634 2001-08-14 16:05:52Z brian $
36a37
> #include <sys/socket.h>
58a60,61
> #include "ncpaddr.h"
> #include "ip.h"
66a70,71
> #include "ipv6cp.h"
> #include "ncp.h"
69d73
< static int filter_Nam2Proto(int, char const *const *);
72,152d75
< static const u_int32_t netmasks[33] = {
< 0x00000000,
< 0x80000000, 0xC0000000, 0xE0000000, 0xF0000000,
< 0xF8000000, 0xFC000000, 0xFE000000, 0xFF000000,
< 0xFF800000, 0xFFC00000, 0xFFE00000, 0xFFF00000,
< 0xFFF80000, 0xFFFC0000, 0xFFFE0000, 0xFFFF0000,
< 0xFFFF8000, 0xFFFFC000, 0xFFFFE000, 0xFFFFF000,
< 0xFFFFF800, 0xFFFFFC00, 0xFFFFFE00, 0xFFFFFF00,
< 0xFFFFFF80, 0xFFFFFFC0, 0xFFFFFFE0, 0xFFFFFFF0,
< 0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF,
< };
<
< struct in_addr
< bits2mask(int bits)
< {
< struct in_addr result;
<
< result.s_addr = htonl(netmasks[bits]);
< return result;
< }
<
< int
< ParseAddr(struct ipcp *ipcp, const char *data,
< struct in_addr *paddr, struct in_addr *pmask, int *pwidth)
< {
< int bits, len;
< char *wp;
< const char *cp;
<
< if (pmask)
< pmask->s_addr = INADDR_BROADCAST; /* Assume 255.255.255.255 as default */
<
< cp = pmask || pwidth ? strchr(data, '/') : NULL;
< len = cp ? cp - data : strlen(data);
<
< if (ipcp && strncasecmp(data, "HISADDR", len) == 0)
< *paddr = ipcp->peer_ip;
< else if (ipcp && strncasecmp(data, "MYADDR", len) == 0)
< *paddr = ipcp->my_ip;
< else if (ipcp && strncasecmp(data, "DNS0", len) == 0)
< *paddr = ipcp->ns.dns[0];
< else if (ipcp && strncasecmp(data, "DNS1", len) == 0)
< *paddr = ipcp->ns.dns[1];
< else {
< char *s;
<
< s = (char *)alloca(len + 1);
< strncpy(s, data, len);
< s[len] = '\0';
< *paddr = GetIpAddr(s);
< if (paddr->s_addr == INADDR_NONE) {
< log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s);
< return 0;
< }
< }
< if (cp && *++cp) {
< bits = strtol(cp, &wp, 0);
< if (cp == wp || bits < 0 || bits > 32) {
< log_Printf(LogWARN, "ParseAddr: bad mask width.\n");
< return 0;
< }
< } else if (paddr->s_addr == INADDR_ANY)
< /* An IP of 0.0.0.0 without a width is anything */
< bits = 0;
< else
< /* If a valid IP is given without a width, assume 32 bits */
< bits = 32;
<
< if (pwidth)
< *pwidth = bits;
<
< if (pmask) {
< if (paddr->s_addr == INADDR_ANY)
< pmask->s_addr = INADDR_ANY;
< else
< *pmask = bits2mask(bits);
< }
<
< return 1;
< }
<
154c77
< ParsePort(const char *service, int proto)
---
> ParsePort(const char *service, const char *proto)
156,157d78
< const char *protocol_name;
< char *cp;
158a80
> char *cp;
161,175c83
< switch (proto) {
< case P_IPIP:
< protocol_name = "ipip";
< break;
< case P_UDP:
< protocol_name = "udp";
< break;
< case P_TCP:
< protocol_name = "tcp";
< break;
< default:
< protocol_name = 0;
< }
<
< servent = getservbyname(service, protocol_name);
---
> servent = getservbyname(service, proto);
192c100,101
< ParseIcmp(int argc, char const *const *argv, struct filterent *tgt)
---
> ParseIcmp(int argc, char const *const *argv, const struct protoent *pe,
> struct filterent *tgt)
200c109
< tgt->f_srcop = OP_NONE;
---
> tgt->f_srcop = tgt->f_dstop = OP_NONE;
211a121
> tgt->f_dstop = OP_NONE;
226c136
< ParseUdpOrTcp(int argc, char const *const *argv, int proto,
---
> ParseUdpOrTcp(int argc, char const *const *argv, const struct protoent *pe,
235c145
< log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n");
---
> log_Printf(LogWARN, "ParseUdpOrTcp: bad operator\n");
238c148,150
< tgt->f_srcport = ParsePort(argv[2], proto);
---
> if (pe == NULL)
> return 0;
> tgt->f_srcport = ParsePort(argv[2], pe->p_name);
248c160
< log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n");
---
> log_Printf(LogWARN, "ParseUdpOrTcp: bad operator\n");
251c163,165
< tgt->f_dstport = ParsePort(argv[2], proto);
---
> if (pe == NULL)
> return 0;
> tgt->f_dstport = ParsePort(argv[2], pe->p_name);
258c172
< if (proto == P_TCP) {
---
> if (pe && pe->p_proto == IPPROTO_TCP) {
279c193,194
< ParseIgmp(int argc, char const * const *argv, struct filterent *tgt)
---
> ParseGeneric(int argc, char const * const *argv, const struct protoent *pe,
> struct filterent *tgt)
286c201
< log_Printf(LogWARN, "ParseIgmp: Too many parameters\n");
---
> log_Printf(LogWARN, "ParseGeneric: Too many parameters\n");
289c204
< tgt->f_srcop = OP_NONE;
---
> tgt->f_srcop = tgt->f_dstop = OP_NONE;
294,329d208
< #ifdef P_GRE
< static int
< ParseGRE(int argc, char const * const *argv, struct filterent *tgt)
< {
< /*
< * Filter currently is a catch-all. Requests are either permitted or
< * dropped.
< */
< if (argc != 0) {
< log_Printf(LogWARN, "ParseGRE: Too many parameters\n");
< return 0;
< } else
< tgt->f_srcop = OP_NONE;
<
< return 1;
< }
< #endif
<
< #ifdef P_OSPF
< static int
< ParseOspf(int argc, char const * const *argv, struct filterent *tgt)
< {
< /*
< * Filter currently is a catch-all. Requests are either permitted or
< * dropped.
< */
< if (argc != 0) {
< log_Printf(LogWARN, "ParseOspf: Too many parameters\n");
< return 0;
< } else
< tgt->f_srcop = OP_NONE;
<
< return 1;
< }
< #endif
<
334a214,215
> if (!strncasecmp(addr, "MYADDR6", 7) && (addr[7] == '\0' || addr[7] == '/'))
> return T_MYADDR6;
336a218,219
> if (!strncasecmp(addr, "HISADDR6", 8) && (addr[8] == '\0' || addr[8] == '/'))
> return T_HISADDR6;
346c229
< addrstr(struct in_addr addr, unsigned type)
---
> addrstr(struct ncprange *addr, unsigned type)
358c241
< return inet_ntoa(addr);
---
> return ncprange_ntoa(addr);
361,373d243
< static const char *
< maskstr(int bits)
< {
< static char str[4];
<
< if (bits == 32)
< *str = '\0';
< else
< snprintf(str, sizeof str, "/%d", bits);
<
< return str;
< }
<
375,376c245,246
< Parse(struct ipcp *ipcp, int argc, char const *const *argv,
< struct filterent *ofp)
---
> filter_Parse(struct ncp *ncp, int argc, char const *const *argv,
> struct filterent *ofp)
378,379c248,249
< int action, proto;
< int val, ruleno;
---
> struct filterent fe;
> struct protoent *pe;
381c251
< struct filterent filterdata;
---
> int action, family, ruleno, val, width;
404,405c274
< proto = P_NONE;
< memset(&filterdata, '\0', sizeof filterdata);
---
> memset(&fe, '\0', sizeof fe);
423c292
< log_Printf(LogWARN, "Parse: bad action: %s\n", *argv);
---
> log_Printf(LogWARN, "Parse: %s: bad action\n", *argv);
426c295
< filterdata.f_action = action;
---
> fe.f_action = action;
432c301
< filterdata.f_invert = 1;
---
> fe.f_invert = 1;
437,443c306,322
< proto = filter_Nam2Proto(argc, argv);
< if (proto == P_NONE) {
< if (!argc)
< log_Printf(LogWARN, "Parse: address/mask is expected.\n");
< else if (ParseAddr(ipcp, *argv, &filterdata.f_src.ipaddr,
< &filterdata.f_src.mask, &filterdata.f_src.width)) {
< filterdata.f_srctype = addrtype(*argv);
---
> ncprange_init(&fe.f_src);
> ncprange_init(&fe.f_dst);
>
> if (argc == 0)
> pe = NULL;
> else if ((pe = getprotobyname(*argv)) == NULL && strcmp(*argv, "all") != 0) {
> if (argc < 2) {
> log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
> return 0;
> } else if (strcasecmp(*argv, "any") == 0 ||
> ncprange_aton(&fe.f_src, ncp, *argv)) {
> family = ncprange_family(&fe.f_src);
> if (!ncprange_getwidth(&fe.f_src, &width))
> width = 0;
> if (width == 0)
> ncprange_init(&fe.f_src);
> fe.f_srctype = addrtype(*argv);
446,466c325,340
< proto = filter_Nam2Proto(argc, argv);
< if (!argc)
< log_Printf(LogWARN, "Parse: address/mask is expected.\n");
< else if (proto == P_NONE) {
< if (ParseAddr(ipcp, *argv, &filterdata.f_dst.ipaddr,
< &filterdata.f_dst.mask, &filterdata.f_dst.width)) {
< filterdata.f_dsttype = addrtype(*argv);
< argc--;
< argv++;
< } else
< filterdata.f_dsttype = T_ADDR;
< if (argc) {
< proto = filter_Nam2Proto(argc, argv);
< if (proto == P_NONE) {
< log_Printf(LogWARN, "Parse: %s: Invalid protocol\n", *argv);
< return 0;
< } else {
< argc--;
< argv++;
< }
< }
---
>
> if (strcasecmp(*argv, "any") == 0 ||
> ncprange_aton(&fe.f_dst, ncp, *argv)) {
> if (ncprange_family(&fe.f_dst) != AF_UNSPEC &&
> ncprange_family(&fe.f_src) != AF_UNSPEC &&
> family != ncprange_family(&fe.f_dst)) {
> log_Printf(LogWARN, "Parse: src and dst address families differ\n");
> return 0;
> }
> if (!ncprange_getwidth(&fe.f_dst, &width))
> width = 0;
> if (width == 0)
> ncprange_init(&fe.f_dst);
> fe.f_dsttype = addrtype(*argv);
> argc--;
> argv++;
468,469c342,343
< argc--;
< argv++;
---
> log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
> return 0;
470a345,354
>
> if (argc) {
> if ((pe = getprotobyname(*argv)) == NULL && strcmp(*argv, "all") != 0) {
> log_Printf(LogWARN, "Parse: %s: Protocol expected\n", *argv);
> return 0;
> } else {
> argc--;
> argv++;
> }
> }
472c356
< log_Printf(LogWARN, "Parse: Address/protocol expected.\n");
---
> log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
480,481c364,365
< if (argc >= 2 && strcmp(argv[argc - 2], "timeout") == 0) {
< filterdata.timeout = strtoul(argv[argc - 1], NULL, 10);
---
> if (argc >= 2 && strcmp(*argv, "timeout") == 0) {
> fe.timeout = strtoul(argv[1], NULL, 10);
482a367
> argv += 2;
486c371
< filterdata.f_proto = proto;
---
> fe.f_proto = (pe == NULL) ? 0 : pe->p_proto;
488,507c373,378
< switch (proto) {
< case P_TCP:
< val = ParseUdpOrTcp(argc, argv, P_TCP, &filterdata);
< break;
< case P_UDP:
< val = ParseUdpOrTcp(argc, argv, P_UDP, &filterdata);
< break;
< case P_IPIP:
< val = ParseUdpOrTcp(argc, argv, P_IPIP, &filterdata);
< break;
< case P_ICMP:
< val = ParseIcmp(argc, argv, &filterdata);
< break;
< case P_IGMP:
< val = ParseIgmp(argc, argv, &filterdata);
< break;
< #ifdef P_OSPF
< case P_OSPF:
< val = ParseOspf(argc, argv, &filterdata);
< break;
---
> switch (fe.f_proto) {
> case IPPROTO_TCP:
> case IPPROTO_UDP:
> case IPPROTO_IPIP:
> #ifndef NOINET6
> case IPPROTO_IPV6:
509,511c380
< #ifdef P_GRE
< case P_GRE:
< val = ParseGRE(argc, argv, &filterdata);
---
> val = ParseUdpOrTcp(argc, argv, pe, &fe);
512a382,384
> case IPPROTO_ICMP:
> #ifndef NOINET6
> case IPPROTO_ICMPV6:
513a386,390
> val = ParseIcmp(argc, argv, pe, &fe);
> break;
> default:
> val = ParseGeneric(argc, argv, pe, &fe);
> break;
516,522c393,395
< log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.f_src.ipaddr));
< log_Printf(LogDEBUG, "Parse: Src mask: %s\n",
< inet_ntoa(filterdata.f_src.mask));
< log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.f_dst.ipaddr));
< log_Printf(LogDEBUG, "Parse: Dst mask: %s\n",
< inet_ntoa(filterdata.f_dst.mask));
< log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto);
---
> log_Printf(LogDEBUG, "Parse: Src: %s\n", ncprange_ntoa(&fe.f_src));
> log_Printf(LogDEBUG, "Parse: Dst: %s\n", ncprange_ntoa(&fe.f_dst));
> log_Printf(LogDEBUG, "Parse: Proto: %d\n", fe.f_proto);
525c398
< filter_Op2Nam(filterdata.f_srcop), filterdata.f_srcport);
---
> filter_Op2Nam(fe.f_srcop), fe.f_srcport);
527,530c400,403
< filter_Op2Nam(filterdata.f_dstop), filterdata.f_dstport);
< log_Printf(LogDEBUG, "Parse: estab: %u\n", filterdata.f_estab);
< log_Printf(LogDEBUG, "Parse: syn: %u\n", filterdata.f_syn);
< log_Printf(LogDEBUG, "Parse: finrst: %u\n", filterdata.f_finrst);
---
> filter_Op2Nam(fe.f_dstop), fe.f_dstport);
> log_Printf(LogDEBUG, "Parse: estab: %u\n", fe.f_estab);
> log_Printf(LogDEBUG, "Parse: syn: %u\n", fe.f_syn);
> log_Printf(LogDEBUG, "Parse: finrst: %u\n", fe.f_finrst);
533c406
< *ofp = filterdata;
---
> *ofp = fe;
560c433
< Parse(&arg->bundle->ncp.ipcp, arg->argc - arg->argn - 1,
---
> filter_Parse(&arg->bundle->ncp, arg->argc - arg->argn - 1,
582a456
> struct protoent *pe;
589,592c463,473
< prompt_Printf(prompt, "%s%s ", addrstr(fp->f_src.ipaddr, fp->f_srctype),
< maskstr(fp->f_src.width));
< prompt_Printf(prompt, "%s%s ", addrstr(fp->f_dst.ipaddr, fp->f_dsttype),
< maskstr(fp->f_dst.width));
---
>
> if (ncprange_isset(&fp->f_src))
> prompt_Printf(prompt, "%s ", addrstr(&fp->f_src, fp->f_srctype));
> else
> prompt_Printf(prompt, "any ");
>
> if (ncprange_isset(&fp->f_dst))
> prompt_Printf(prompt, "%s ", addrstr(&fp->f_dst, fp->f_dsttype));
> else
> prompt_Printf(prompt, "any ");
>
594c475,478
< prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->f_proto));
---
> if ((pe = getprotobynumber(fp->f_proto)) == NULL)
> prompt_Printf(prompt, "P:%d", fp->f_proto);
> else
> prompt_Printf(prompt, "%s", pe->p_name);
608c492,493
< }
---
> } else
> prompt_Printf(prompt, "all");
655,681d539
< static const char * const protoname[] = {
< "none", "tcp", "udp", "icmp", "ospf", "igmp", "gre", "ipip"
< };
<
< const char *
< filter_Proto2Nam(int proto)
< {
< if (proto >= sizeof protoname / sizeof protoname[0])
< return "unknown";
< return protoname[proto];
< }
<
< static int
< filter_Nam2Proto(int argc, char const *const *argv)
< {
< int proto;
<
< if (argc == 0)
< proto = 0;
< else
< for (proto = sizeof protoname / sizeof protoname[0] - 1; proto; proto--)
< if (!strcasecmp(*argv, protoname[proto]))
< break;
<
< return proto;
< }
<
706,707c564,565
< filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip,
< struct in_addr *peer_ip, struct in_addr dns[2])
---
> filter_AdjustAddr(struct filter *filter, struct ncpaddr *local,
> struct ncpaddr *remote, struct in_addr *dns)
714,718c572,582
< if (my_ip) {
< if (fp->f_srctype == T_MYADDR)
< fp->f_src.ipaddr = *my_ip;
< if (fp->f_dsttype == T_MYADDR)
< fp->f_dst.ipaddr = *my_ip;
---
> if (local) {
> if (fp->f_srctype == T_MYADDR && ncpaddr_family(local) == AF_INET)
> ncprange_sethost(&fp->f_src, local);
> if (fp->f_dsttype == T_MYADDR && ncpaddr_family(local) == AF_INET)
> ncprange_sethost(&fp->f_dst, local);
> #ifndef NOINET6
> if (fp->f_srctype == T_MYADDR6 && ncpaddr_family(local) == AF_INET6)
> ncprange_sethost(&fp->f_src, local);
> if (fp->f_dsttype == T_MYADDR6 && ncpaddr_family(local) == AF_INET6)
> ncprange_sethost(&fp->f_dst, local);
> #endif
720,724c584,594
< if (peer_ip) {
< if (fp->f_srctype == T_HISADDR)
< fp->f_src.ipaddr = *peer_ip;
< if (fp->f_dsttype == T_HISADDR)
< fp->f_dst.ipaddr = *peer_ip;
---
> if (remote) {
> if (fp->f_srctype == T_HISADDR && ncpaddr_family(remote) == AF_INET)
> ncprange_sethost(&fp->f_src, remote);
> if (fp->f_dsttype == T_HISADDR && ncpaddr_family(remote) == AF_INET)
> ncprange_sethost(&fp->f_dst, remote);
> #ifndef NOINET6
> if (fp->f_srctype == T_HISADDR6 && ncpaddr_family(remote) == AF_INET6)
> ncprange_sethost(&fp->f_src, remote);
> if (fp->f_dsttype == T_HISADDR6 && ncpaddr_family(remote) == AF_INET6)
> ncprange_sethost(&fp->f_dst, remote);
> #endif
728c598
< fp->f_src.ipaddr = dns[0];
---
> ncprange_setip4host(&fp->f_src, dns[0]);
730c600
< fp->f_dst.ipaddr = dns[0];
---
> ncprange_setip4host(&fp->f_dst, dns[0]);
732c602
< fp->f_src.ipaddr = dns[1];
---
> ncprange_setip4host(&fp->f_src, dns[1]);
734c604
< fp->f_dst.ipaddr = dns[1];
---
> ncprange_setip4host(&fp->f_dst, dns[1]);