diff options
author | brian <brian@FreeBSD.org> | 1999-08-02 11:53:16 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 1999-08-02 11:53:16 +0000 |
commit | 5b5828498ce7d177092ce4cab703281dbce9c563 (patch) | |
tree | 286e715bb495cf12ce3d6a2f222e318b996048fa | |
parent | ede804a7142c392ebacfd6ddedb78a29727a8ca8 (diff) | |
download | FreeBSD-src-5b5828498ce7d177092ce4cab703281dbce9c563.zip FreeBSD-src-5b5828498ce7d177092ce4cab703281dbce9c563.tar.gz |
Filter ospf and igmp separately.
Kind-of submitted by: phk
-rw-r--r-- | usr.sbin/ppp/filter.c | 34 | ||||
-rw-r--r-- | usr.sbin/ppp/filter.h | 5 | ||||
-rw-r--r-- | usr.sbin/ppp/ip.c | 19 |
3 files changed, 50 insertions, 8 deletions
diff --git a/usr.sbin/ppp/filter.c b/usr.sbin/ppp/filter.c index b9e129e..3287ca5 100644 --- a/usr.sbin/ppp/filter.c +++ b/usr.sbin/ppp/filter.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: filter.c,v 1.32 1999/07/27 23:43:58 brian Exp $ + * $Id: filter.c,v 1.33 1999/07/28 03:01:51 brian Exp $ * * TODO: Shoud send ICMP error message when we discard packets. */ @@ -261,10 +261,13 @@ ParseUdpOrTcp(int argc, char const *const *argv, int proto, return 1; } -static int ParseIgmp(int argc, char const * const *argv, struct filterent *tgt) +static int +ParseIgmp(int argc, char const * const *argv, struct filterent *tgt) { - /* Filter currently is a catch-all. Requests are either permitted or - dropped. */ + /* + * Filter currently is a catch-all. Requests are either permitted or + * dropped. + */ if (argc != 0) { log_Printf(LogWARN, "ParseIgmp: Too many parameters\n"); return 0; @@ -274,6 +277,22 @@ static int ParseIgmp(int argc, char const * const *argv, struct filterent *tgt) return 1; } +static int +ParseOspf(int argc, char const * const *argv, struct filterent *tgt) +{ + /* + * Filter currently is a catch-all. Requests are either permitted or + * dropped. + */ + if (argc != 0) { + log_Printf(LogWARN, "ParseOspf: Too many parameters\n"); + return 0; + } else + tgt->f_srcop = OP_NONE; + + return 1; +} + static unsigned addrtype(const char *addr) { @@ -432,6 +451,9 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv, case P_IGMP: val = ParseIgmp(argc, argv, &filterdata); break; + case P_OSPF: + val = ParseOspf(argc, argv, &filterdata); + break; } log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.f_src.ipaddr)); @@ -569,7 +591,9 @@ filter_Show(struct cmdargs const *arg) return 0; } -static const char *protoname[] = { "none", "tcp", "udp", "icmp", "igmp" }; +static const char *protoname[] = { + "none", "tcp", "udp", "icmp", "ospf", "igmp" +}; const char * filter_Proto2Nam(int proto) diff --git a/usr.sbin/ppp/filter.h b/usr.sbin/ppp/filter.h index 16c15f7..0f35ae2 100644 --- a/usr.sbin/ppp/filter.h +++ b/usr.sbin/ppp/filter.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: filter.h,v 1.16 1999/06/23 16:48:22 brian Exp $ + * $Id: filter.h,v 1.17 1999/07/27 23:43:59 brian Exp $ * * TODO: */ @@ -25,7 +25,8 @@ #define P_TCP 1 #define P_UDP 2 #define P_ICMP 3 -#define P_IGMP 4 +#define P_OSPF 4 +#define P_IGMP 5 /* Operations - f_srcop, f_dstop */ #define OP_NONE 0 diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c index 8ea2e73..3ad2de6 100644 --- a/usr.sbin/ppp/ip.c +++ b/usr.sbin/ppp/ip.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ip.c,v 1.64 1999/06/23 16:48:23 brian Exp $ + * $Id: ip.c,v 1.65 1999/07/27 23:43:59 brian Exp $ * * TODO: * o Return ICMP message for filterd packet @@ -179,6 +179,13 @@ FilterCheck(const struct ip *pip, const struct filter *filter) estab = syn = finrst = -1; sport = ntohs(0); break; + case IPPROTO_OSPFIGP: + cproto = P_OSPF; + if (datalen < 8) /* IGMP uses 8-octet messages */ + return (1); + estab = syn = finrst = -1; + sport = ntohs(0); + break; case IPPROTO_UDP: case IPPROTO_IPIP: cproto = P_UDP; @@ -350,6 +357,16 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter) loglen += strlen(logbuf + loglen); } break; + case IPPROTO_OSPFIGP: + if (logit && loglen < sizeof logbuf) { + snprintf(logbuf + loglen, sizeof logbuf - loglen, + "OSPF: %s ---> ", inet_ntoa(pip->ip_src)); + loglen += strlen(logbuf + loglen); + snprintf(logbuf + loglen, sizeof logbuf - loglen, + "%s", inet_ntoa(pip->ip_dst)); + loglen += strlen(logbuf + loglen); + } + break; case IPPROTO_IPIP: if (logit && loglen < sizeof logbuf) { uh = (struct udphdr *) ptop; |