| filter.c (49112) | filter.c (49140) |
|---|---|
| 1/* 2 * PPP Filter command Interface 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * | 1/* 2 * PPP Filter command Interface 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * |
| 20 * $Id: filter.c,v 1.30 1999/06/23 16:48:21 brian Exp $ | 20 * $Id: filter.c,v 1.31 1999/07/26 11:15:10 brian Exp $ |
| 21 * 22 * TODO: Shoud send ICMP error message when we discard packets. 23 */ 24 25#include <sys/param.h> 26#include <netinet/in.h> 27#include <arpa/inet.h> 28#include <netdb.h> --- 76 unchanged lines hidden (view full) --- 105 else if (len > 15) 106 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", data); 107 else { 108 char s[16]; 109 strncpy(s, data, len); 110 s[len] = '\0'; 111 if (inet_aton(s, paddr) == 0) { 112 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s); | 21 * 22 * TODO: Shoud send ICMP error message when we discard packets. 23 */ 24 25#include <sys/param.h> 26#include <netinet/in.h> 27#include <arpa/inet.h> 28#include <netdb.h> --- 76 unchanged lines hidden (view full) --- 105 else if (len > 15) 106 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", data); 107 else { 108 char s[16]; 109 strncpy(s, data, len); 110 s[len] = '\0'; 111 if (inet_aton(s, paddr) == 0) { 112 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s); |
| 113 return (0); | 113 return 0; |
| 114 } 115 } 116 if (cp && *++cp) { 117 bits = strtol(cp, &wp, 0); 118 if (cp == wp || bits < 0 || bits > 32) { 119 log_Printf(LogWARN, "ParseAddr: bad mask width.\n"); | 114 } 115 } 116 if (cp && *++cp) { 117 bits = strtol(cp, &wp, 0); 118 if (cp == wp || bits < 0 || bits > 32) { 119 log_Printf(LogWARN, "ParseAddr: bad mask width.\n"); |
| 120 return (0); | 120 return 0; |
| 121 } 122 } else if (paddr->s_addr == INADDR_ANY) 123 /* An IP of 0.0.0.0 without a width is anything */ 124 bits = 0; 125 else 126 /* If a valid IP is given without a width, assume 32 bits */ 127 bits = 32; 128 129 if (pwidth) 130 *pwidth = bits; 131 132 if (pmask) { 133 if (paddr->s_addr == INADDR_ANY) 134 pmask->s_addr = INADDR_ANY; 135 else 136 *pmask = bits2mask(bits); 137 } 138 | 121 } 122 } else if (paddr->s_addr == INADDR_ANY) 123 /* An IP of 0.0.0.0 without a width is anything */ 124 bits = 0; 125 else 126 /* If a valid IP is given without a width, assume 32 bits */ 127 bits = 32; 128 129 if (pwidth) 130 *pwidth = bits; 131 132 if (pmask) { 133 if (paddr->s_addr == INADDR_ANY) 134 pmask->s_addr = INADDR_ANY; 135 else 136 *pmask = bits2mask(bits); 137 } 138 |
| 139 return (1); | 139 return 1; |
| 140} 141 142static int 143ParsePort(const char *service, int proto) 144{ 145 const char *protocol_name; 146 char *cp; 147 struct servent *servent; --- 7 unchanged lines hidden (view full) --- 155 protocol_name = "tcp"; 156 break; 157 default: 158 protocol_name = 0; 159 } 160 161 servent = getservbyname(service, protocol_name); 162 if (servent != 0) | 140} 141 142static int 143ParsePort(const char *service, int proto) 144{ 145 const char *protocol_name; 146 char *cp; 147 struct servent *servent; --- 7 unchanged lines hidden (view full) --- 155 protocol_name = "tcp"; 156 break; 157 default: 158 protocol_name = 0; 159 } 160 161 servent = getservbyname(service, protocol_name); 162 if (servent != 0) |
| 163 return (ntohs(servent->s_port)); | 163 return ntohs(servent->s_port); |
| 164 165 port = strtol(service, &cp, 0); 166 if (cp == service) { 167 log_Printf(LogWARN, "ParsePort: %s is not a port name or number.\n", 168 service); | 164 165 port = strtol(service, &cp, 0); 166 if (cp == service) { 167 log_Printf(LogWARN, "ParsePort: %s is not a port name or number.\n", 168 service); |
| 169 return (0); | 169 return 0; |
| 170 } | 170 } |
| 171 return (port); | 171 return port; |
| 172} 173 174/* 175 * ICMP Syntax: src eq icmp_message_type 176 */ 177static int 178ParseIcmp(int argc, char const *const *argv, struct filterent *tgt) 179{ 180 int type; 181 char *cp; 182 183 switch (argc) { 184 case 0: 185 /* permit/deny all ICMP types */ | 172} 173 174/* 175 * ICMP Syntax: src eq icmp_message_type 176 */ 177static int 178ParseIcmp(int argc, char const *const *argv, struct filterent *tgt) 179{ 180 int type; 181 char *cp; 182 183 switch (argc) { 184 case 0: 185 /* permit/deny all ICMP types */ |
| 186 tgt->opt.srcop = OP_NONE; | 186 tgt->f_srcop = OP_NONE; |
| 187 break; 188 189 case 3: 190 if (!strcmp(*argv, "src") && !strcmp(argv[1], "eq")) { 191 type = strtol(argv[2], &cp, 0); 192 if (cp == argv[2]) { 193 log_Printf(LogWARN, "ParseIcmp: type is expected.\n"); | 187 break; 188 189 case 3: 190 if (!strcmp(*argv, "src") && !strcmp(argv[1], "eq")) { 191 type = strtol(argv[2], &cp, 0); 192 if (cp == argv[2]) { 193 log_Printf(LogWARN, "ParseIcmp: type is expected.\n"); |
| 194 return (0); | 194 return 0; |
| 195 } | 195 } |
| 196 tgt->opt.srcop = OP_EQ; 197 tgt->opt.srcport = type; | 196 tgt->f_srcop = OP_EQ; 197 tgt->f_srcport = type; |
| 198 } 199 break; 200 201 default: 202 log_Printf(LogWARN, "ParseIcmp: bad icmp syntax.\n"); | 198 } 199 break; 200 201 default: 202 log_Printf(LogWARN, "ParseIcmp: bad icmp syntax.\n"); |
| 203 return (0); | 203 return 0; |
| 204 } | 204 } |
| 205 return (1); | 205 return 1; |
| 206} 207 208/* 209 * UDP Syntax: [src op port] [dst op port] 210 */ 211static int 212ParseUdpOrTcp(int argc, char const *const *argv, int proto, 213 struct filterent *tgt) 214{ | 206} 207 208/* 209 * UDP Syntax: [src op port] [dst op port] 210 */ 211static int 212ParseUdpOrTcp(int argc, char const *const *argv, int proto, 213 struct filterent *tgt) 214{ |
| 215 tgt->opt.srcop = tgt->opt.dstop = OP_NONE; 216 tgt->opt.estab = tgt->opt.syn = tgt->opt.finrst = 0; | 215 tgt->f_srcop = tgt->f_dstop = OP_NONE; 216 tgt->f_estab = tgt->f_syn = tgt->f_finrst = 0; |
| 217 218 if (argc >= 3 && !strcmp(*argv, "src")) { | 217 218 if (argc >= 3 && !strcmp(*argv, "src")) { |
| 219 tgt->opt.srcop = filter_Nam2Op(argv[1]); 220 if (tgt->opt.srcop == OP_NONE) { | 219 tgt->f_srcop = filter_Nam2Op(argv[1]); 220 if (tgt->f_srcop == OP_NONE) { |
| 221 log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n"); | 221 log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n"); |
| 222 return (0); | 222 return 0; |
| 223 } | 223 } |
| 224 tgt->opt.srcport = ParsePort(argv[2], proto); 225 if (tgt->opt.srcport == 0) 226 return (0); | 224 tgt->f_srcport = ParsePort(argv[2], proto); 225 if (tgt->f_srcport == 0) 226 return 0; |
| 227 argc -= 3; 228 argv += 3; 229 } 230 231 if (argc >= 3 && !strcmp(argv[0], "dst")) { | 227 argc -= 3; 228 argv += 3; 229 } 230 231 if (argc >= 3 && !strcmp(argv[0], "dst")) { |
| 232 tgt->opt.dstop = filter_Nam2Op(argv[1]); 233 if (tgt->opt.dstop == OP_NONE) { | 232 tgt->f_dstop = filter_Nam2Op(argv[1]); 233 if (tgt->f_dstop == OP_NONE) { |
| 234 log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n"); | 234 log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n"); |
| 235 return (0); | 235 return 0; |
| 236 } | 236 } |
| 237 tgt->opt.dstport = ParsePort(argv[2], proto); 238 if (tgt->opt.dstport == 0) 239 return (0); | 237 tgt->f_dstport = ParsePort(argv[2], proto); 238 if (tgt->f_dstport == 0) 239 return 0; |
| 240 argc -= 3; 241 argv += 3; 242 } 243 244 if (proto == P_TCP) { 245 for (; argc > 0; argc--, argv++) 246 if (!strcmp(*argv, "estab")) | 240 argc -= 3; 241 argv += 3; 242 } 243 244 if (proto == P_TCP) { 245 for (; argc > 0; argc--, argv++) 246 if (!strcmp(*argv, "estab")) |
| 247 tgt->opt.estab = 1; | 247 tgt->f_estab = 1; |
| 248 else if (!strcmp(*argv, "syn")) | 248 else if (!strcmp(*argv, "syn")) |
| 249 tgt->opt.syn = 1; | 249 tgt->f_syn = 1; |
| 250 else if (!strcmp(*argv, "finrst")) | 250 else if (!strcmp(*argv, "finrst")) |
| 251 tgt->opt.finrst = 1; | 251 tgt->f_finrst = 1; |
| 252 else 253 break; 254 } 255 256 if (argc > 0) { 257 log_Printf(LogWARN, "ParseUdpOrTcp: bad src/dst port syntax: %s\n", *argv); 258 return 0; 259 } 260 261 return 1; 262} 263 | 252 else 253 break; 254 } 255 256 if (argc > 0) { 257 log_Printf(LogWARN, "ParseUdpOrTcp: bad src/dst port syntax: %s\n", *argv); 258 return 0; 259 } 260 261 return 1; 262} 263 |
| 264static int ParseIgmp(int argc, char const * const *argv, struct filterent *tgt) { | 264static int ParseIgmp(int argc, char const * const *argv, struct filterent *tgt) 265{ |
| 265 /* Filter currently is a catch-all. Requests are either permitted or 266 dropped. */ 267 if (argc != 0) { 268 log_Printf(LogWARN, "ParseIgmp: Too many parameters\n"); 269 return 0; 270 } else | 266 /* Filter currently is a catch-all. Requests are either permitted or 267 dropped. */ 268 if (argc != 0) { 269 log_Printf(LogWARN, "ParseIgmp: Too many parameters\n"); 270 return 0; 271 } else |
| 271 tgt->opt.srcop = OP_NONE; | 272 tgt->f_srcop = OP_NONE; |
| 272 273 return 1; 274} 275 276static unsigned 277addrtype(const char *addr) 278{ 279 if (!strncasecmp(addr, "MYADDR", 6) && (addr[6] == '\0' || addr[6] == '/')) --- 11 unchanged lines hidden (view full) --- 291 case T_MYADDR: 292 return "MYADDR"; 293 case T_HISADDR: 294 return "HISADDR"; 295 } 296 return inet_ntoa(addr); 297} 298 | 273 274 return 1; 275} 276 277static unsigned 278addrtype(const char *addr) 279{ 280 if (!strncasecmp(addr, "MYADDR", 6) && (addr[6] == '\0' || addr[6] == '/')) --- 11 unchanged lines hidden (view full) --- 292 case T_MYADDR: 293 return "MYADDR"; 294 case T_HISADDR: 295 return "HISADDR"; 296 } 297 return inet_ntoa(addr); 298} 299 |
| 300static const char * 301maskstr(int bits) 302{ 303 static char str[4]; 304 305 if (bits == 32) 306 *str = '\0'; 307 else 308 snprintf(str, sizeof str, "/%d", bits); 309 310 return str; 311} 312 |
|
| 299static int 300Parse(struct ipcp *ipcp, int argc, char const *const *argv, 301 struct filterent *ofp) 302{ 303 int action, proto; | 313static int 314Parse(struct ipcp *ipcp, int argc, char const *const *argv, 315 struct filterent *ofp) 316{ 317 int action, proto; |
| 304 int val; | 318 int val, ruleno; |
| 305 char *wp; 306 struct filterent filterdata; 307 | 319 char *wp; 320 struct filterent filterdata; 321 |
| 308 val = strtol(*argv, &wp, 0); 309 if (*argv == wp || val >= MAXFILTERS) { | 322 ruleno = strtol(*argv, &wp, 0); 323 if (*argv == wp || ruleno >= MAXFILTERS) { |
| 310 log_Printf(LogWARN, "Parse: invalid filter number.\n"); | 324 log_Printf(LogWARN, "Parse: invalid filter number.\n"); |
| 311 return (0); | 325 return 0; |
| 312 } | 326 } |
| 313 if (val < 0) { 314 for (val = 0; val < MAXFILTERS; val++) { 315 ofp->action = A_NONE; | 327 if (ruleno < 0) { 328 for (ruleno = 0; ruleno < MAXFILTERS; ruleno++) { 329 ofp->f_action = A_NONE; |
| 316 ofp++; 317 } 318 log_Printf(LogWARN, "Parse: filter cleared.\n"); | 330 ofp++; 331 } 332 log_Printf(LogWARN, "Parse: filter cleared.\n"); |
| 319 return (1); | 333 return 1; |
| 320 } | 334 } |
| 321 ofp += val; | 335 ofp += ruleno; |
| 322 323 if (--argc == 0) { 324 log_Printf(LogWARN, "Parse: missing action.\n"); | 336 337 if (--argc == 0) { 338 log_Printf(LogWARN, "Parse: missing action.\n"); |
| 325 return (0); | 339 return 0; |
| 326 } 327 argv++; 328 329 proto = P_NONE; 330 memset(&filterdata, '\0', sizeof filterdata); 331 | 340 } 341 argv++; 342 343 proto = P_NONE; 344 memset(&filterdata, '\0', sizeof filterdata); 345 |
| 332 if (!strcmp(*argv, "permit")) { | 346 val = strtol(*argv, &wp, 0); 347 if (!*wp && val >= 0 && val < MAXFILTERS) { 348 if (val <= ruleno) { 349 log_Printf(LogWARN, "Parse: Can only jump forward from rule %d\n", 350 ruleno); 351 return 0; 352 } 353 action = val; 354 } else if (!strcmp(*argv, "permit")) { |
| 333 action = A_PERMIT; 334 } else if (!strcmp(*argv, "deny")) { 335 action = A_DENY; 336 } else if (!strcmp(*argv, "clear")) { | 355 action = A_PERMIT; 356 } else if (!strcmp(*argv, "deny")) { 357 action = A_DENY; 358 } else if (!strcmp(*argv, "clear")) { |
| 337 ofp->action = A_NONE; 338 return (1); | 359 ofp->f_action = A_NONE; 360 return 1; |
| 339 } else { 340 log_Printf(LogWARN, "Parse: bad action: %s\n", *argv); | 361 } else { 362 log_Printf(LogWARN, "Parse: bad action: %s\n", *argv); |
| 341 return (0); | 363 return 0; |
| 342 } | 364 } |
| 343 filterdata.action = action; | 365 filterdata.f_action = action; |
| 344 345 argc--; 346 argv++; 347 | 366 367 argc--; 368 argv++; 369 |
| 348 if (argc && filterdata.action == A_DENY) { 349 if (!strcmp(*argv, "host")) { 350 filterdata.action |= A_UHOST; 351 argc--; 352 argv++; 353 } else if (!strcmp(*argv, "port")) { 354 filterdata.action |= A_UPORT; 355 argc--; 356 argv++; 357 } | 370 if (argc && argv[0][0] == '!' && !argv[0][1]) { 371 filterdata.f_invert = 1; 372 argc--; 373 argv++; |
| 358 } 359 360 proto = filter_Nam2Proto(argc, argv); 361 if (proto == P_NONE) { 362 if (!argc) 363 log_Printf(LogWARN, "Parse: address/mask is expected.\n"); | 374 } 375 376 proto = filter_Nam2Proto(argc, argv); 377 if (proto == P_NONE) { 378 if (!argc) 379 log_Printf(LogWARN, "Parse: address/mask is expected.\n"); |
| 364 else if (ParseAddr(ipcp, *argv, &filterdata.src.ipaddr, 365 &filterdata.src.mask, &filterdata.src.width)) { 366 filterdata.srctype = addrtype(*argv); | 380 else if (ParseAddr(ipcp, *argv, &filterdata.f_src.ipaddr, 381 &filterdata.f_src.mask, &filterdata.f_src.width)) { 382 filterdata.f_srctype = addrtype(*argv); |
| 367 argc--; 368 argv++; 369 proto = filter_Nam2Proto(argc, argv); 370 if (!argc) 371 log_Printf(LogWARN, "Parse: address/mask is expected.\n"); 372 else if (proto == P_NONE) { | 383 argc--; 384 argv++; 385 proto = filter_Nam2Proto(argc, argv); 386 if (!argc) 387 log_Printf(LogWARN, "Parse: address/mask is expected.\n"); 388 else if (proto == P_NONE) { |
| 373 if (ParseAddr(ipcp, *argv, &filterdata.dst.ipaddr, &filterdata.dst.mask, 374 &filterdata.dst.width)) { 375 filterdata.dsttype = addrtype(*argv); | 389 if (ParseAddr(ipcp, *argv, &filterdata.f_dst.ipaddr, 390 &filterdata.f_dst.mask, &filterdata.f_dst.width)) { 391 filterdata.f_dsttype = addrtype(*argv); |
| 376 argc--; 377 argv++; 378 } else | 392 argc--; 393 argv++; 394 } else |
| 379 filterdata.dsttype = T_ADDR; 380 proto = filter_Nam2Proto(argc, argv); 381 if (argc && proto != P_NONE) { 382 argc--; 383 argv++; | 395 filterdata.f_dsttype = T_ADDR; 396 if (argc) { 397 proto = filter_Nam2Proto(argc, argv); 398 if (proto == P_NONE) { 399 log_Printf(LogWARN, "Parse: %s: Invalid protocol\n", *argv); 400 return 0; 401 } else { 402 argc--; 403 argv++; 404 } |
| 384 } 385 } else { 386 argc--; 387 argv++; 388 } 389 } else { 390 log_Printf(LogWARN, "Parse: Address/protocol expected.\n"); | 405 } 406 } else { 407 argc--; 408 argv++; 409 } 410 } else { 411 log_Printf(LogWARN, "Parse: Address/protocol expected.\n"); |
| 391 return (0); | 412 return 0; |
| 392 } 393 } else { 394 argc--; 395 argv++; 396 } 397 398 val = 1; | 413 } 414 } else { 415 argc--; 416 argv++; 417 } 418 419 val = 1; |
| 399 filterdata.proto = proto; | 420 filterdata.f_proto = proto; |
| 400 401 switch (proto) { 402 case P_TCP: 403 val = ParseUdpOrTcp(argc, argv, P_TCP, &filterdata); 404 break; 405 case P_UDP: 406 val = ParseUdpOrTcp(argc, argv, P_UDP, &filterdata); 407 break; 408 case P_ICMP: 409 val = ParseIcmp(argc, argv, &filterdata); 410 break; 411 case P_IGMP: 412 val = ParseIgmp(argc, argv, &filterdata); 413 break; 414 } 415 | 421 422 switch (proto) { 423 case P_TCP: 424 val = ParseUdpOrTcp(argc, argv, P_TCP, &filterdata); 425 break; 426 case P_UDP: 427 val = ParseUdpOrTcp(argc, argv, P_UDP, &filterdata); 428 break; 429 case P_ICMP: 430 val = ParseIcmp(argc, argv, &filterdata); 431 break; 432 case P_IGMP: 433 val = ParseIgmp(argc, argv, &filterdata); 434 break; 435 } 436 |
| 416 log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.src.ipaddr)); 417 log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.src.mask)); 418 log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.dst.ipaddr)); 419 log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dst.mask)); | 437 log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.f_src.ipaddr)); 438 log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.f_src.mask)); 439 log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.f_dst.ipaddr)); 440 log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.f_dst.mask)); |
| 420 log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto); 421 422 log_Printf(LogDEBUG, "Parse: src: %s (%d)\n", | 441 log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto); 442 443 log_Printf(LogDEBUG, "Parse: src: %s (%d)\n", |
| 423 filter_Op2Nam(filterdata.opt.srcop), filterdata.opt.srcport); | 444 filter_Op2Nam(filterdata.f_srcop), filterdata.f_srcport); |
| 424 log_Printf(LogDEBUG, "Parse: dst: %s (%d)\n", | 445 log_Printf(LogDEBUG, "Parse: dst: %s (%d)\n", |
| 425 filter_Op2Nam(filterdata.opt.dstop), filterdata.opt.dstport); 426 log_Printf(LogDEBUG, "Parse: estab: %u\n", filterdata.opt.estab); 427 log_Printf(LogDEBUG, "Parse: syn: %u\n", filterdata.opt.syn); 428 log_Printf(LogDEBUG, "Parse: finrst: %u\n", filterdata.opt.finrst); | 446 filter_Op2Nam(filterdata.f_dstop), filterdata.f_dstport); 447 log_Printf(LogDEBUG, "Parse: estab: %u\n", filterdata.f_estab); 448 log_Printf(LogDEBUG, "Parse: syn: %u\n", filterdata.f_syn); 449 log_Printf(LogDEBUG, "Parse: finrst: %u\n", filterdata.f_finrst); |
| 429 430 if (val) 431 *ofp = filterdata; | 450 451 if (val) 452 *ofp = filterdata; |
| 432 return (val); | 453 454 return val; |
| 433} 434 435int 436filter_Set(struct cmdargs const *arg) 437{ 438 struct filter *filter; 439 440 if (arg->argc < arg->argn+2) --- 16 unchanged lines hidden (view full) --- 457 Parse(&arg->bundle->ncp.ipcp, arg->argc - arg->argn - 1, 458 arg->argv + arg->argn + 1, filter->rule); 459 return 0; 460} 461 462const char * 463filter_Action2Nam(int act) 464{ | 455} 456 457int 458filter_Set(struct cmdargs const *arg) 459{ 460 struct filter *filter; 461 462 if (arg->argc < arg->argn+2) --- 16 unchanged lines hidden (view full) --- 479 Parse(&arg->bundle->ncp.ipcp, arg->argc - arg->argn - 1, 480 arg->argv + arg->argn + 1, filter->rule); 481 return 0; 482} 483 484const char * 485filter_Action2Nam(int act) 486{ |
| 465 static const char *actname[] = { "none ", "permit ", "deny " }; 466 return actname[act & (A_PERMIT|A_DENY)]; | 487 static const char *actname[] = { " none ", "permit ", " deny " }; 488 static char buf[8]; 489 490 if (act >= 0 && act < MAXFILTERS) { 491 snprintf(buf, 8, "%6d ", act); 492 return buf; 493 } else if (act >= A_NONE && act < A_NONE + sizeof(actname)/sizeof(char *)) 494 return actname[act - A_NONE]; 495 else 496 return "?????? "; |
| 467} 468 469static void 470doShowFilter(struct filterent *fp, struct prompt *prompt) 471{ 472 int n; 473 474 for (n = 0; n < MAXFILTERS; n++, fp++) { | 497} 498 499static void 500doShowFilter(struct filterent *fp, struct prompt *prompt) 501{ 502 int n; 503 504 for (n = 0; n < MAXFILTERS; n++, fp++) { |
| 475 if (fp->action != A_NONE) { 476 prompt_Printf(prompt, " %2d %s", n, filter_Action2Nam(fp->action)); 477 if (fp->action & A_UHOST) 478 prompt_Printf(prompt, "host "); 479 else if (fp->action & A_UPORT) 480 prompt_Printf(prompt, "port "); 481 else 482 prompt_Printf(prompt, " "); 483 prompt_Printf(prompt, "%s/%d ", addrstr(fp->src.ipaddr, fp->srctype), 484 fp->src.width); 485 prompt_Printf(prompt, "%s/%d ", addrstr(fp->dst.ipaddr, fp->dsttype), 486 fp->dst.width); 487 if (fp->proto) { 488 prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->proto)); | 505 if (fp->f_action != A_NONE) { 506 prompt_Printf(prompt, " %2d %s", n, filter_Action2Nam(fp->f_action)); 507 prompt_Printf(prompt, "%c ", fp->f_invert ? '!' : ' '); 508 prompt_Printf(prompt, "%s%s ", addrstr(fp->f_src.ipaddr, fp->f_srctype), 509 maskstr(fp->f_src.width)); 510 prompt_Printf(prompt, "%s%s ", addrstr(fp->f_dst.ipaddr, fp->f_dsttype), 511 maskstr(fp->f_dst.width)); 512 if (fp->f_proto) { 513 prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->f_proto)); |
| 489 | 514 |
| 490 if (fp->opt.srcop) 491 prompt_Printf(prompt, " src %s %d", filter_Op2Nam(fp->opt.srcop), 492 fp->opt.srcport); 493 if (fp->opt.dstop) 494 prompt_Printf(prompt, " dst %s %d", filter_Op2Nam(fp->opt.dstop), 495 fp->opt.dstport); 496 if (fp->opt.estab) | 515 if (fp->f_srcop) 516 prompt_Printf(prompt, " src %s %d", filter_Op2Nam(fp->f_srcop), 517 fp->f_srcport); 518 if (fp->f_dstop) 519 prompt_Printf(prompt, " dst %s %d", filter_Op2Nam(fp->f_dstop), 520 fp->f_dstport); 521 if (fp->f_estab) |
| 497 prompt_Printf(prompt, " estab"); | 522 prompt_Printf(prompt, " estab"); |
| 498 if (fp->opt.syn) | 523 if (fp->f_syn) |
| 499 prompt_Printf(prompt, " syn"); | 524 prompt_Printf(prompt, " syn"); |
| 500 if (fp->opt.finrst) | 525 if (fp->f_finrst) |
| 501 prompt_Printf(prompt, " finrst"); 502 } 503 prompt_Printf(prompt, "\n"); 504 } 505 } 506} 507 508int --- 86 unchanged lines hidden (view full) --- 595void 596filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip, 597 struct in_addr *peer_ip) 598{ 599 struct filterent *fp; 600 int n; 601 602 for (fp = filter->rule, n = 0; n < MAXFILTERS; fp++, n++) | 526 prompt_Printf(prompt, " finrst"); 527 } 528 prompt_Printf(prompt, "\n"); 529 } 530 } 531} 532 533int --- 86 unchanged lines hidden (view full) --- 620void 621filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip, 622 struct in_addr *peer_ip) 623{ 624 struct filterent *fp; 625 int n; 626 627 for (fp = filter->rule, n = 0; n < MAXFILTERS; fp++, n++) |
| 603 if (fp->action != A_NONE) { | 628 if (fp->f_action != A_NONE) { |
| 604 if (my_ip) { | 629 if (my_ip) { |
| 605 if (fp->srctype == T_MYADDR) 606 fp->src.ipaddr = *my_ip; 607 if (fp->dsttype == T_MYADDR) 608 fp->dst.ipaddr = *my_ip; | 630 if (fp->f_srctype == T_MYADDR) 631 fp->f_src.ipaddr = *my_ip; 632 if (fp->f_dsttype == T_MYADDR) 633 fp->f_dst.ipaddr = *my_ip; |
| 609 } 610 if (peer_ip) { | 634 } 635 if (peer_ip) { |
| 611 if (fp->srctype == T_HISADDR) 612 fp->src.ipaddr = *peer_ip; 613 if (fp->dsttype == T_HISADDR) 614 fp->dst.ipaddr = *peer_ip; | 636 if (fp->f_srctype == T_HISADDR) 637 fp->f_src.ipaddr = *peer_ip; 638 if (fp->f_dsttype == T_HISADDR) 639 fp->f_dst.ipaddr = *peer_ip; |
| 615 } 616 } 617} | 640 } 641 } 642} |