mirror of
https://git.FreeBSD.org/src.git
synced 2024-10-19 02:29:40 +00:00
Remember if MYADDR or HISADDR is used in a filter add tweak all
filters any time either value changes.
This commit is contained in:
parent
114278b089
commit
1d1fc0171e
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=47648
@ -23,7 +23,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: bundle.c,v 1.53 1999/05/12 09:48:41 brian Exp $
|
||||
* $Id: bundle.c,v 1.54 1999/05/27 08:42:15 brian Exp $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -1710,3 +1710,13 @@ bundle_Exception(struct bundle *bundle, int fd)
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
bundle_AdjustFilters(struct bundle *bundle, struct in_addr *my_ip,
|
||||
struct in_addr *peer_ip)
|
||||
{
|
||||
filter_AdjustAddr(&bundle->filter.in, my_ip, peer_ip);
|
||||
filter_AdjustAddr(&bundle->filter.out, my_ip, peer_ip);
|
||||
filter_AdjustAddr(&bundle->filter.dial, my_ip, peer_ip);
|
||||
filter_AdjustAddr(&bundle->filter.alive, my_ip, peer_ip);
|
||||
}
|
||||
|
@ -23,7 +23,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: bundle.h,v 1.20 1998/12/10 18:36:30 brian Exp $
|
||||
* $Id: bundle.h,v 1.21 1999/01/28 01:56:30 brian Exp $
|
||||
*/
|
||||
|
||||
#define PHASE_DEAD 0 /* Link is dead */
|
||||
@ -189,3 +189,5 @@ extern void bundle_setsid(struct bundle *, int);
|
||||
extern void bundle_LockTun(struct bundle *);
|
||||
extern int bundle_HighestState(struct bundle *);
|
||||
extern int bundle_Exception(struct bundle *, int);
|
||||
extern void bundle_AdjustFilters(struct bundle *, struct in_addr *,
|
||||
struct in_addr *);
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: command.c,v 1.193 1999/05/12 09:48:44 brian Exp $
|
||||
* $Id: command.c,v 1.194 1999/05/15 02:24:16 brian Exp $
|
||||
*
|
||||
*/
|
||||
#include <sys/param.h>
|
||||
@ -143,7 +143,7 @@
|
||||
#define NEG_DNS 52
|
||||
|
||||
const char Version[] = "2.21";
|
||||
const char VersionDate[] = "$Date: 1999/05/12 09:48:44 $";
|
||||
const char VersionDate[] = "$Date: 1999/05/15 02:24:16 $";
|
||||
|
||||
static int ShowCommand(struct cmdargs const *);
|
||||
static int TerminalCommand(struct cmdargs const *);
|
||||
@ -1312,6 +1312,7 @@ SetInterfaceAddr(struct cmdargs const *arg)
|
||||
ipcp->cfg.my_range.width = 0;
|
||||
}
|
||||
ipcp->my_ip.s_addr = ipcp->cfg.my_range.ipaddr.s_addr;
|
||||
bundle_AdjustFilters(arg->bundle, &ipcp->my_ip, NULL);
|
||||
|
||||
if (hisaddr && !ipcp_UseHisaddr(arg->bundle, hisaddr,
|
||||
arg->bundle->phys_type.all & PHYS_AUTO))
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: filter.c,v 1.27 1999/01/28 01:56:31 brian Exp $
|
||||
* $Id: filter.c,v 1.28 1999/05/08 11:06:33 brian Exp $
|
||||
*
|
||||
* TODO: Shoud send ICMP error message when we discard packets.
|
||||
*/
|
||||
@ -261,6 +261,29 @@ ParseUdpOrTcp(int argc, char const *const *argv, int proto,
|
||||
return 1;
|
||||
}
|
||||
|
||||
static unsigned
|
||||
addrtype(const char *addr)
|
||||
{
|
||||
if (!strncasecmp(addr, "MYADDR", 6) && (addr[6] == '\0' || addr[6] == '/'))
|
||||
return T_MYADDR;
|
||||
if (!strncasecmp(addr, "HISADDR", 7) && (addr[7] == '\0' || addr[7] == '/'))
|
||||
return T_HISADDR;
|
||||
|
||||
return T_ADDR;
|
||||
}
|
||||
|
||||
static const char *
|
||||
addrstr(struct in_addr addr, unsigned type)
|
||||
{
|
||||
switch (type) {
|
||||
case T_MYADDR:
|
||||
return "MYADDR";
|
||||
case T_HISADDR:
|
||||
return "HISADDR";
|
||||
}
|
||||
return inet_ntoa(addr);
|
||||
}
|
||||
|
||||
static int
|
||||
Parse(struct ipcp *ipcp, int argc, char const *const *argv,
|
||||
struct filterent *ofp)
|
||||
@ -326,19 +349,22 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
|
||||
if (proto == P_NONE) {
|
||||
if (!argc)
|
||||
log_Printf(LogWARN, "Parse: address/mask is expected.\n");
|
||||
else if (ParseAddr(ipcp, *argv, &filterdata.saddr, &filterdata.smask,
|
||||
&filterdata.swidth)) {
|
||||
else if (ParseAddr(ipcp, *argv, &filterdata.src.ipaddr,
|
||||
&filterdata.src.mask, &filterdata.src.width)) {
|
||||
filterdata.srctype = addrtype(*argv);
|
||||
argc--;
|
||||
argv++;
|
||||
proto = filter_Nam2Proto(argc, argv);
|
||||
if (!argc)
|
||||
log_Printf(LogWARN, "Parse: address/mask is expected.\n");
|
||||
else if (proto == P_NONE) {
|
||||
if (ParseAddr(ipcp, *argv, &filterdata.daddr, &filterdata.dmask,
|
||||
&filterdata.dwidth)) {
|
||||
if (ParseAddr(ipcp, *argv, &filterdata.dst.ipaddr, &filterdata.dst.mask,
|
||||
&filterdata.dst.width)) {
|
||||
filterdata.dsttype = addrtype(*argv);
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
} else
|
||||
filterdata.dsttype = T_ADDR;
|
||||
proto = filter_Nam2Proto(argc, argv);
|
||||
if (argc && proto != P_NONE) {
|
||||
argc--;
|
||||
@ -372,10 +398,10 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
|
||||
break;
|
||||
}
|
||||
|
||||
log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.saddr));
|
||||
log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.smask));
|
||||
log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.daddr));
|
||||
log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dmask));
|
||||
log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.src.ipaddr));
|
||||
log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.src.mask));
|
||||
log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.dst.ipaddr));
|
||||
log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dst.mask));
|
||||
log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto);
|
||||
|
||||
log_Printf(LogDEBUG, "Parse: src: %s (%d)\n",
|
||||
@ -439,8 +465,10 @@ doShowFilter(struct filterent *fp, struct prompt *prompt)
|
||||
prompt_Printf(prompt, "port ");
|
||||
else
|
||||
prompt_Printf(prompt, " ");
|
||||
prompt_Printf(prompt, "%s/%d ", inet_ntoa(fp->saddr), fp->swidth);
|
||||
prompt_Printf(prompt, "%s/%d ", inet_ntoa(fp->daddr), fp->dwidth);
|
||||
prompt_Printf(prompt, "%s/%d ", addrstr(fp->src.ipaddr, fp->srctype),
|
||||
fp->src.width);
|
||||
prompt_Printf(prompt, "%s/%d ", addrstr(fp->dst.ipaddr, fp->dsttype),
|
||||
fp->dst.width);
|
||||
if (fp->proto) {
|
||||
prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->proto));
|
||||
|
||||
@ -548,3 +576,27 @@ filter_Nam2Op(const char *cp)
|
||||
|
||||
return op;
|
||||
}
|
||||
|
||||
void
|
||||
filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip,
|
||||
struct in_addr *peer_ip)
|
||||
{
|
||||
struct filterent *fp;
|
||||
int n;
|
||||
|
||||
for (fp = filter->rule, n = 0; n < MAXFILTERS; fp++, n++)
|
||||
if (fp->action != A_NONE) {
|
||||
if (my_ip) {
|
||||
if (fp->srctype == T_MYADDR)
|
||||
fp->src.ipaddr = *my_ip;
|
||||
if (fp->dsttype == T_MYADDR)
|
||||
fp->dst.ipaddr = *my_ip;
|
||||
}
|
||||
if (peer_ip) {
|
||||
if (fp->srctype == T_HISADDR)
|
||||
fp->src.ipaddr = *peer_ip;
|
||||
if (fp->dsttype == T_HISADDR)
|
||||
fp->dst.ipaddr = *peer_ip;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -15,14 +15,12 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: filter.h,v 1.13 1999/01/19 22:16:01 brian Exp $
|
||||
* $Id: filter.h,v 1.14 1999/01/28 01:56:31 brian Exp $
|
||||
*
|
||||
* TODO:
|
||||
*/
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
/* Actions */
|
||||
#define A_NONE 0
|
||||
#define A_PERMIT 1
|
||||
#define A_DENY 2
|
||||
@ -30,30 +28,29 @@
|
||||
#define A_UHOST 4
|
||||
#define A_UPORT 8
|
||||
|
||||
/*
|
||||
* Known protocols
|
||||
*/
|
||||
/* Known protocols */
|
||||
#define P_NONE 0
|
||||
#define P_TCP 1
|
||||
#define P_UDP 2
|
||||
#define P_ICMP 3
|
||||
|
||||
/*
|
||||
* Operations
|
||||
*/
|
||||
/* Operations */
|
||||
#define OP_NONE 0
|
||||
#define OP_EQ 1
|
||||
#define OP_GT 2
|
||||
#define OP_LT 4
|
||||
|
||||
/* srctype or dsttype */
|
||||
#define T_ADDR 0
|
||||
#define T_MYADDR 1
|
||||
#define T_HISADDR 2
|
||||
|
||||
struct filterent {
|
||||
int action; /* Filtering action */
|
||||
int swidth; /* Effective source address width */
|
||||
struct in_addr saddr; /* Source address */
|
||||
struct in_addr smask; /* Source address mask */
|
||||
int dwidth; /* Effective destination address width */
|
||||
struct in_addr daddr; /* Destination address */
|
||||
struct in_addr dmask; /* Destination address mask */
|
||||
unsigned srctype : 2; /* T_ value of src */
|
||||
struct in_range src; /* Source address */
|
||||
unsigned dsttype : 2; /* T_ value of dst */
|
||||
struct in_range dst; /* Destination address */
|
||||
int proto; /* Protocol */
|
||||
struct {
|
||||
short srcop;
|
||||
@ -91,3 +88,5 @@ extern const char * filter_Action2Nam(int);
|
||||
extern const char *filter_Proto2Nam(int);
|
||||
extern const char *filter_Op2Nam(int);
|
||||
extern struct in_addr bits2mask(int);
|
||||
extern void filter_AdjustAddr(struct filter *, struct in_addr *,
|
||||
struct in_addr *);
|
||||
|
@ -23,7 +23,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: iface.c,v 1.5 1999/05/08 11:06:40 brian Exp $
|
||||
* $Id: iface.c,v 1.6 1999/05/27 08:42:17 brian Exp $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -59,9 +59,9 @@
|
||||
#include "hdlc.h"
|
||||
#include "throughput.h"
|
||||
#include "slcompress.h"
|
||||
#include "filter.h"
|
||||
#include "descriptor.h"
|
||||
#include "ipcp.h"
|
||||
#include "filter.h"
|
||||
#include "lcp.h"
|
||||
#include "ccp.h"
|
||||
#include "link.h"
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: ip.c,v 1.60 1999/05/09 20:02:19 brian Exp $
|
||||
* $Id: ip.c,v 1.61 1999/05/14 09:35:51 brian Exp $
|
||||
*
|
||||
* TODO:
|
||||
* o Return ICMP message for filterd packet
|
||||
@ -113,7 +113,7 @@ FilterCheck(struct ip *pip, struct filter *filter)
|
||||
cproto = gotinfo = estab = syn = finrst = didname = 0;
|
||||
sport = dport = 0;
|
||||
for (n = 0; n < MAXFILTERS; n++) {
|
||||
if (fp->action) {
|
||||
if (fp->action != A_NONE) {
|
||||
/* permit fragments on in and out filter */
|
||||
if (filter->fragok && (ntohs(pip->ip_off) & IP_OFFMASK) != 0)
|
||||
return (A_PERMIT);
|
||||
@ -122,10 +122,10 @@ FilterCheck(struct ip *pip, struct filter *filter)
|
||||
log_Printf(LogDEBUG, "%s filter:\n", filter->name);
|
||||
didname = 1;
|
||||
|
||||
if ((pip->ip_src.s_addr & fp->smask.s_addr) ==
|
||||
(fp->saddr.s_addr & fp->smask.s_addr) &&
|
||||
(pip->ip_dst.s_addr & fp->dmask.s_addr) ==
|
||||
(fp->daddr.s_addr & fp->dmask.s_addr)) {
|
||||
if ((pip->ip_src.s_addr & fp->src.mask.s_addr) ==
|
||||
(fp->src.ipaddr.s_addr & fp->src.mask.s_addr) &&
|
||||
(pip->ip_dst.s_addr & fp->dst.mask.s_addr) ==
|
||||
(fp->dst.ipaddr.s_addr & fp->dst.mask.s_addr)) {
|
||||
if (fp->proto) {
|
||||
if (!gotinfo) {
|
||||
ptop = (char *) pip + (pip->ip_hl << 2);
|
||||
|
@ -17,7 +17,7 @@
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: ipcp.c,v 1.76 1999/05/08 11:06:45 brian Exp $
|
||||
* $Id: ipcp.c,v 1.77 1999/05/09 20:02:19 brian Exp $
|
||||
*
|
||||
* TODO:
|
||||
* o Support IPADDRS properly
|
||||
@ -903,6 +903,7 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type,
|
||||
inet_ntoa(ipcp->my_ip));
|
||||
log_Printf(LogIPCP, "%s --> %s\n", tbuff2, inet_ntoa(ipaddr));
|
||||
ipcp->my_ip = ipaddr;
|
||||
bundle_AdjustFilters(fp->bundle, &ipcp->my_ip, NULL);
|
||||
} else {
|
||||
log_Printf(log_IsKept(LogIPCP) ? LogIPCP : LogPHASE,
|
||||
"%s: Unacceptable address!\n", inet_ntoa(ipaddr));
|
||||
@ -1186,7 +1187,7 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
|
||||
ipcp->peer_ip = ChooseHisAddr(bundle, ipcp->my_ip);
|
||||
if (ipcp->peer_ip.s_addr == INADDR_ANY) {
|
||||
log_Printf(LogWARN, "%s: None available !\n", ipcp->cfg.peer_list.src);
|
||||
return(0);
|
||||
return 0;
|
||||
}
|
||||
ipcp->cfg.peer_range.ipaddr.s_addr = ipcp->peer_ip.s_addr;
|
||||
ipcp->cfg.peer_range.mask.s_addr = INADDR_BROADCAST;
|
||||
@ -1206,7 +1207,9 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
|
||||
} else
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
bundle_AdjustFilters(bundle, NULL, &ipcp->peer_ip);
|
||||
|
||||
return 1; /* Ok */
|
||||
}
|
||||
|
||||
struct in_addr
|
||||
|
Loading…
Reference in New Issue
Block a user