filter.c (40561) | filter.c (43313) |
---|---|
1/* 2 * PPP Filter command Interface 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * | 1/* 2 * PPP Filter command Interface 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * |
20 * $Id: filter.c,v 1.25 1998/06/27 12:03:48 brian Exp $ | 20 * $Id: filter.c,v 1.26 1998/10/22 02:32:48 brian Exp $ |
21 * 22 * TODO: Shoud send ICMP error message when we discard packets. 23 */ 24 | 21 * 22 * TODO: Shoud send ICMP error message when we discard packets. 23 */ 24 |
25#include <sys/types.h> | 25#include <sys/param.h> |
26#include <netinet/in.h> 27#include <arpa/inet.h> 28#include <netdb.h> 29#include <netinet/in_systm.h> 30#include <netinet/ip.h> 31#include <sys/un.h> 32 33#include <stdio.h> --- 15 unchanged lines hidden (view full) --- 49#include "ccp.h" 50#include "link.h" 51#include "slcompress.h" 52#include "ipcp.h" 53#include "filter.h" 54#include "descriptor.h" 55#include "prompt.h" 56#include "mp.h" | 26#include <netinet/in.h> 27#include <arpa/inet.h> 28#include <netdb.h> 29#include <netinet/in_systm.h> 30#include <netinet/ip.h> 31#include <sys/un.h> 32 33#include <stdio.h> --- 15 unchanged lines hidden (view full) --- 49#include "ccp.h" 50#include "link.h" 51#include "slcompress.h" 52#include "ipcp.h" 53#include "filter.h" 54#include "descriptor.h" 55#include "prompt.h" 56#include "mp.h" |
57#ifndef NORADIUS 58#include "radius.h" 59#endif |
|
57#include "bundle.h" 58 59static int filter_Nam2Proto(int, char const *const *); 60static int filter_Nam2Op(const char *); 61 62static const u_int32_t netmasks[33] = { 63 0x00000000, 64 0x80000000, 0xC0000000, 0xE0000000, 0xF0000000, 65 0xF8000000, 0xFC000000, 0xFE000000, 0xFF000000, 66 0xFF800000, 0xFFC00000, 0xFFE00000, 0xFFF00000, 67 0xFFF80000, 0xFFFC0000, 0xFFFE0000, 0xFFFF0000, 68 0xFFFF8000, 0xFFFFC000, 0xFFFFE000, 0xFFFFF000, 69 0xFFFFF800, 0xFFFFFC00, 0xFFFFFE00, 0xFFFFFF00, 70 0xFFFFFF80, 0xFFFFFFC0, 0xFFFFFFE0, 0xFFFFFFF0, 71 0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF, 72}; 73 | 60#include "bundle.h" 61 62static int filter_Nam2Proto(int, char const *const *); 63static int filter_Nam2Op(const char *); 64 65static const u_int32_t netmasks[33] = { 66 0x00000000, 67 0x80000000, 0xC0000000, 0xE0000000, 0xF0000000, 68 0xF8000000, 0xFC000000, 0xFE000000, 0xFF000000, 69 0xFF800000, 0xFFC00000, 0xFFE00000, 0xFFF00000, 70 0xFFF80000, 0xFFFC0000, 0xFFFE0000, 0xFFFF0000, 71 0xFFFF8000, 0xFFFFC000, 0xFFFFE000, 0xFFFFF000, 72 0xFFFFF800, 0xFFFFFC00, 0xFFFFFE00, 0xFFFFFF00, 73 0xFFFFFF80, 0xFFFFFFC0, 0xFFFFFFE0, 0xFFFFFFF0, 74 0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF, 75}; 76 |
77struct in_addr 78bits2mask(int bits) 79{ 80 struct in_addr result; 81 82 result.s_addr = htonl(netmasks[bits]); 83 return result; 84} 85 |
|
74int | 86int |
75ParseAddr(struct ipcp *ipcp, int argc, char const *const *argv, | 87ParseAddr(struct ipcp *ipcp, const char *data, |
76 struct in_addr *paddr, struct in_addr *pmask, int *pwidth) 77{ 78 int bits, len; 79 char *wp; 80 const char *cp; 81 | 88 struct in_addr *paddr, struct in_addr *pmask, int *pwidth) 89{ 90 int bits, len; 91 char *wp; 92 const char *cp; 93 |
82 if (argc < 1) { 83 log_Printf(LogWARN, "ParseAddr: address/mask is expected.\n"); 84 return (0); 85 } 86 | |
87 if (pmask) 88 pmask->s_addr = INADDR_BROADCAST; /* Assume 255.255.255.255 as default */ 89 | 94 if (pmask) 95 pmask->s_addr = INADDR_BROADCAST; /* Assume 255.255.255.255 as default */ 96 |
90 cp = pmask || pwidth ? strchr(*argv, '/') : NULL; 91 len = cp ? cp - *argv : strlen(*argv); | 97 cp = pmask || pwidth ? strchr(data, '/') : NULL; 98 len = cp ? cp - data : strlen(data); |
92 | 99 |
93 if (ipcp && strncasecmp(*argv, "HISADDR", len) == 0) | 100 if (ipcp && strncasecmp(data, "HISADDR", len) == 0) |
94 *paddr = ipcp->peer_ip; | 101 *paddr = ipcp->peer_ip; |
95 else if (ipcp && strncasecmp(*argv, "MYADDR", len) == 0) | 102 else if (ipcp && strncasecmp(data, "MYADDR", len) == 0) |
96 *paddr = ipcp->my_ip; 97 else if (len > 15) | 103 *paddr = ipcp->my_ip; 104 else if (len > 15) |
98 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", *argv); | 105 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", data); |
99 else { 100 char s[16]; | 106 else { 107 char s[16]; |
101 strncpy(s, *argv, len); | 108 strncpy(s, data, len); |
102 s[len] = '\0'; 103 if (inet_aton(s, paddr) == 0) { 104 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s); 105 return (0); 106 } 107 } 108 if (cp && *++cp) { 109 bits = strtol(cp, &wp, 0); --- 10 unchanged lines hidden (view full) --- 120 121 if (pwidth) 122 *pwidth = bits; 123 124 if (pmask) { 125 if (paddr->s_addr == INADDR_ANY) 126 pmask->s_addr = INADDR_ANY; 127 else | 109 s[len] = '\0'; 110 if (inet_aton(s, paddr) == 0) { 111 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s); 112 return (0); 113 } 114 } 115 if (cp && *++cp) { 116 bits = strtol(cp, &wp, 0); --- 10 unchanged lines hidden (view full) --- 127 128 if (pwidth) 129 *pwidth = bits; 130 131 if (pmask) { 132 if (paddr->s_addr == INADDR_ANY) 133 pmask->s_addr = INADDR_ANY; 134 else |
128 pmask->s_addr = htonl(netmasks[bits]); | 135 *pmask = bits2mask(bits); |
129 } 130 131 return (1); 132} 133 134static int 135ParsePort(const char *service, int proto) 136{ --- 160 unchanged lines hidden (view full) --- 297 log_Printf(LogWARN, "Parse: bad action: %s\n", *argv); 298 return (0); 299 } 300 filterdata.action = action; 301 302 argc--; 303 argv++; 304 | 136 } 137 138 return (1); 139} 140 141static int 142ParsePort(const char *service, int proto) 143{ --- 160 unchanged lines hidden (view full) --- 304 log_Printf(LogWARN, "Parse: bad action: %s\n", *argv); 305 return (0); 306 } 307 filterdata.action = action; 308 309 argc--; 310 argv++; 311 |
305 if (filterdata.action == A_DENY) { | 312 if (argc && filterdata.action == A_DENY) { |
306 if (!strcmp(*argv, "host")) { 307 filterdata.action |= A_UHOST; 308 argc--; 309 argv++; 310 } else if (!strcmp(*argv, "port")) { 311 filterdata.action |= A_UPORT; 312 argc--; 313 argv++; 314 } 315 } | 313 if (!strcmp(*argv, "host")) { 314 filterdata.action |= A_UHOST; 315 argc--; 316 argv++; 317 } else if (!strcmp(*argv, "port")) { 318 filterdata.action |= A_UPORT; 319 argc--; 320 argv++; 321 } 322 } |
323 |
|
316 proto = filter_Nam2Proto(argc, argv); 317 if (proto == P_NONE) { | 324 proto = filter_Nam2Proto(argc, argv); 325 if (proto == P_NONE) { |
318 if (ParseAddr(ipcp, argc, argv, &filterdata.saddr, &filterdata.smask, 319 &filterdata.swidth)) { | 326 if (!argc) 327 log_Printf(LogWARN, "Parse: address/mask is expected.\n"); 328 else if (ParseAddr(ipcp, *argv, &filterdata.saddr, &filterdata.smask, 329 &filterdata.swidth)) { |
320 argc--; 321 argv++; 322 proto = filter_Nam2Proto(argc, argv); | 330 argc--; 331 argv++; 332 proto = filter_Nam2Proto(argc, argv); |
323 if (proto == P_NONE) { 324 if (ParseAddr(ipcp, argc, argv, &filterdata.daddr, &filterdata.dmask, | 333 if (!argc) 334 log_Printf(LogWARN, "Parse: address/mask is expected.\n"); 335 else if (proto == P_NONE) { 336 if (ParseAddr(ipcp, *argv, &filterdata.daddr, &filterdata.dmask, |
325 &filterdata.dwidth)) { 326 argc--; 327 argv++; 328 } 329 proto = filter_Nam2Proto(argc, argv); | 337 &filterdata.dwidth)) { 338 argc--; 339 argv++; 340 } 341 proto = filter_Nam2Proto(argc, argv); |
330 if (proto != P_NONE) { | 342 if (argc && proto != P_NONE) { |
331 argc--; 332 argv++; 333 } 334 } else { 335 argc--; 336 argv++; 337 } 338 } else { --- 199 unchanged lines hidden --- | 343 argc--; 344 argv++; 345 } 346 } else { 347 argc--; 348 argv++; 349 } 350 } else { --- 199 unchanged lines hidden --- |