diff options
| author | guido <guido@FreeBSD.org> | 2006-08-16 12:23:02 +0000 |
|---|---|---|
| committer | guido <guido@FreeBSD.org> | 2006-08-16 12:23:02 +0000 |
| commit | e49049679f4ee5ce6bb9214122154c529a811b5e (patch) | |
| tree | 435ea094ad0e55736442383de5885c9c40c9d2a2 /contrib/ipfilter/lib | |
| parent | fcfb8e57499dfda26645e92a1b5ad74c6f35ee92 (diff) | |
| download | FreeBSD-src-e49049679f4ee5ce6bb9214122154c529a811b5e.zip FreeBSD-src-e49049679f4ee5ce6bb9214122154c529a811b5e.tar.gz | |
Resolve conflicts
MFC after: 1 weeks
Diffstat (limited to 'contrib/ipfilter/lib')
| -rw-r--r-- | contrib/ipfilter/lib/addicmp.c | 75 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/addkeep.c | 86 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/facpri.c | 32 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/getport.c | 27 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/icmpcode.c | 27 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/ipft_tx.c | 35 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/make_range.c | 26 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/optprint.c | 6 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/printfr.c | 30 | ||||
| -rw-r--r-- | contrib/ipfilter/lib/printlog.c | 11 |
10 files changed, 68 insertions, 287 deletions
diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c index 884da7b..39b6fd4 100644 --- a/contrib/ipfilter/lib/addicmp.c +++ b/contrib/ipfilter/lib/addicmp.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp $ + * $Id: addicmp.c,v 1.10.2.4 2006/02/25 17:41:57 darrenr Exp $ */ #include <ctype.h> @@ -19,76 +19,3 @@ char *icmptypes[MAX_ICMPTYPE + 1] = { "routersol", "timex", "paramprob", "timest", "timestrep", "inforeq", "inforep", "maskreq", "maskrep", "END" }; - -/* - * set the icmp field to the correct type if "icmp" word is found - */ -int addicmp(cp, fp, linenum) -char ***cp; -struct frentry *fp; -int linenum; -{ - char **t; - int i; - - (*cp)++; - if (!**cp) - return -1; - if (!fp->fr_proto) /* to catch lusers */ - fp->fr_proto = IPPROTO_ICMP; - if (ISDIGIT(***cp)) { - if (!ratoi(**cp, &i, 0, 255)) { - fprintf(stderr, - "%d: Invalid icmp-type (%s) specified\n", - linenum, **cp); - return -1; - } - } else { - for (t = icmptypes, i = 0; ; t++, i++) { - if (!*t) - continue; - if (!strcasecmp("END", *t)) { - i = -1; - break; - } - if (!strcasecmp(*t, **cp)) - break; - } - if (i == -1) { - fprintf(stderr, - "%d: Unknown icmp-type (%s) specified\n", - linenum, **cp); - return -1; - } - } - fp->fr_icmp = (u_short)(i << 8); - fp->fr_icmpm = (u_short)0xff00; - (*cp)++; - if (!**cp) - return 0; - - if (**cp && strcasecmp("code", **cp)) - return 0; - (*cp)++; - if (ISDIGIT(***cp)) { - if (!ratoi(**cp, &i, 0, 255)) { - fprintf(stderr, - "%d: Invalid icmp code (%s) specified\n", - linenum, **cp); - return -1; - } - } else { - i = icmpcode(**cp); - if (i == -1) { - fprintf(stderr, - "%d: Unknown icmp code (%s) specified\n", - linenum, **cp); - return -1; - } - } - i &= 0xff; - fp->fr_icmp |= (u_short)i; - fp->fr_icmpm = (u_short)0xffff; - (*cp)++; - return 0; -} diff --git a/contrib/ipfilter/lib/addkeep.c b/contrib/ipfilter/lib/addkeep.c deleted file mode 100644 index 2ec8dde..0000000 --- a/contrib/ipfilter/lib/addkeep.c +++ /dev/null @@ -1,86 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp $ - */ - -#include "ipf.h" - - -/* - * Parses "keep state" and "keep frags" stuff on the end of a line. - */ -int addkeep(cp, fp, linenum) -char ***cp; -struct frentry *fp; -int linenum; -{ - char *s; - - (*cp)++; - if (!**cp) { - fprintf(stderr, "%d: Missing state/frag after keep\n", - linenum); - return -1; - } - - if (!strcasecmp(**cp, "state")) { - fp->fr_flags |= FR_KEEPSTATE; - (*cp)++; - if (**cp && !strcasecmp(**cp, "limit")) { - (*cp)++; - fp->fr_statemax = atoi(**cp); - (*cp)++; - } - if (**cp && !strcasecmp(**cp, "scan")) { - (*cp)++; - if (!strcmp(**cp, "*")) { - fp->fr_isc = NULL; - fp->fr_isctag[0] = '\0'; - } else { - strncpy(fp->fr_isctag, **cp, - sizeof(fp->fr_isctag)); - fp->fr_isctag[sizeof(fp->fr_isctag)-1] = '\0'; - fp->fr_isc = NULL; - } - (*cp)++; - } else - fp->fr_isc = (struct ipscan *)-1; - } else if (!strncasecmp(**cp, "frag", 4)) { - fp->fr_flags |= FR_KEEPFRAG; - (*cp)++; - } else if (!strcasecmp(**cp, "state-age")) { - if (fp->fr_ip.fi_p == IPPROTO_TCP) { - fprintf(stderr, "%d: cannot use state-age with tcp\n", - linenum); - return -1; - } - if ((fp->fr_flags & FR_KEEPSTATE) == 0) { - fprintf(stderr, "%d: state-age with no 'keep state'\n", - linenum); - return -1; - } - (*cp)++; - if (!**cp) { - fprintf(stderr, "%d: state-age with no arg\n", - linenum); - return -1; - } - fp->fr_age[0] = atoi(**cp); - s = strchr(**cp, '/'); - if (s != NULL) { - s++; - fp->fr_age[1] = atoi(s); - } else - fp->fr_age[1] = fp->fr_age[0]; - } else { - fprintf(stderr, "%d: Unrecognised state keyword \"%s\"\n", - linenum, **cp); - return -1; - } - return 0; -} diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c index a1f9f6b..a9bae6d 100644 --- a/contrib/ipfilter/lib/facpri.c +++ b/contrib/ipfilter/lib/facpri.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $ + * $Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $ */ #include <stdio.h> @@ -22,7 +22,7 @@ #include "facpri.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $"; #endif @@ -81,13 +81,13 @@ fac_toname(facpri) fac = facpri & LOG_FACMASK; j = fac >> 3; - if (j < 24) { + if (j < (sizeof(facs)/sizeof(facs[0]))) { if (facs[j].value == fac) return facs[j].name; - for (i = 0; facs[i].name; i++) - if (fac == facs[i].value) - return facs[i].name; } + for (i = 0; facs[i].name; i++) + if (fac == facs[i].value) + return facs[i].name; return NULL; } @@ -96,11 +96,11 @@ fac_toname(facpri) /* * map a facility name to its number */ -int +int fac_findname(name) char *name; { - int i; + int i; for (i = 0; facs[i].name; i++) if (!strcmp(facs[i].name, name)) @@ -119,22 +119,6 @@ table_t pris[] = { /* - * map a priority name to its number - */ -int -pri_findname(name) - char *name; -{ - int i; - - for (i = 0; pris[i].name; i++) - if (!strcmp(pris[i].name, name)) - return pris[i].value; - return -1; -} - - -/* * map a priority number to its name */ char * diff --git a/contrib/ipfilter/lib/getport.c b/contrib/ipfilter/lib/getport.c index 99e1d4f..51c39b1 100644 --- a/contrib/ipfilter/lib/getport.c +++ b/contrib/ipfilter/lib/getport.c @@ -20,6 +20,33 @@ u_short *port; return -1; } + /* + * Some people will use port names in rules without specifying + * either TCP or UDP because it is implied by the group head. + * If we don't know the protocol, then the best we can do here is + * to take either only the TCP or UDP mapping (if one or the other + * is missing) or make sure both of them agree. + */ + if (fr->fr_proto == 0) { + s = getservbyname(name, "tcp"); + if (s != NULL) + p1 = s->s_port; + else + p1 = 0; + s = getservbyname(name, "udp"); + if (s != NULL) { + if (p1 != s->s_port) + return -1; + } + if ((p1 == 0) && (s == NULL)) + return -1; + if (p1) + *port = p1; + else + *port = s->s_port; + return 0; + } + if ((fr->fr_flx & FI_TCPUDP) != 0) { /* * If a rule is "tcp/udp" then check that both TCP and UDP diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c index ac4501d..864fac1 100644 --- a/contrib/ipfilter/lib/icmpcode.c +++ b/contrib/ipfilter/lib/icmpcode.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp $ + * $Id: icmpcode.c,v 1.7.2.4 2006/02/25 17:40:22 darrenr Exp $ */ #include <ctype.h> @@ -22,28 +22,3 @@ char *icmpcodes[MAX_ICMPCODE + 1] = { "net-unk", "host-unk", "isolate", "net-prohib", "host-prohib", "net-tos", "host-tos", "filter-prohib", "host-preced", "preced-cutoff", NULL }; - -/* - * Return the number for the associated ICMP unreachable code. - */ -int icmpcode(str) -char *str; -{ - char *s; - int i, len; - - if ((s = strrchr(str, ')'))) - *s = '\0'; - if (ISDIGIT(*str)) { - if (!ratoi(str, &i, 0, 255)) - return -1; - else - return i; - } - len = strlen(str); - for (i = 0; icmpcodes[i]; i++) - if (!strncasecmp(str, icmpcodes[i], MIN(len, - strlen(icmpcodes[i])) )) - return i; - return -1; -} diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index 17bc6de..36d89be 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -5,11 +5,11 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $ + * $Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $"; #endif #include <ctype.h> @@ -75,36 +75,15 @@ int *resolved; static u_short tx_portnum(name) char *name; { - struct servent *sp, *sp2; - u_short p1 = 0; + struct servent *sp; if (ISDIGIT(*name)) return (u_short)atoi(name); - if (!tx_proto) - tx_proto = "tcp/udp"; - if (strcasecmp(tx_proto, "tcp/udp")) { - sp = getservbyname(name, tx_proto); - if (sp) - return ntohs(sp->s_port); - (void) fprintf(stderr, "unknown service \"%s\".\n", name); - return 0; - } - sp = getservbyname(name, "tcp"); + sp = getservbyname(name, tx_proto); if (sp) - p1 = sp->s_port; - sp2 = getservbyname(name, "udp"); - if (!sp || !sp2) { - (void) fprintf(stderr, "unknown tcp/udp service \"%s\".\n", - name); - return 0; - } - if (p1 != sp2->s_port) { - (void) fprintf(stderr, "%s %d/tcp is a different port to ", - name, p1); - (void) fprintf(stderr, "%s %d/udp\n", name, sp->s_port); - return 0; - } - return ntohs(p1); + return ntohs(sp->s_port); + (void) fprintf(stderr, "unknown service \"%s\".\n", name); + return 0; } diff --git a/contrib/ipfilter/lib/make_range.c b/contrib/ipfilter/lib/make_range.c deleted file mode 100644 index 716cc5a..0000000 --- a/contrib/ipfilter/lib/make_range.c +++ /dev/null @@ -1,26 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp $ - */ -#include "ipf.h" - - -alist_t *make_range(not, a1, a2) -int not; -struct in_addr a1, a2; -{ - alist_t *a; - - a = (alist_t *)calloc(1, sizeof(*a)); - if (a != NULL) { - a->al_1 = a1.s_addr; - a->al_2 = a2.s_addr; - a->al_not = not; - } - return a; -} diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c index 7b5c3c6..7f18318 100644 --- a/contrib/ipfilter/lib/optprint.c +++ b/contrib/ipfilter/lib/optprint.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp $ + * $Id: optprint.c,v 1.6.4.1 2005/12/18 14:51:28 darrenr Exp $ */ #include "ipf.h" @@ -25,6 +25,10 @@ u_long optmsk, optbits; if ((io->on_value != IPOPT_SECURITY) || (!secmsk && !secbits)) { printf("%s%s", s, io->on_name); + /* + * Because the ionames table has this entry + * twice. + */ if (io->on_value == IPOPT_SECURITY) io++; s = ","; diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c index fb26795..6ad81e1 100644 --- a/contrib/ipfilter/lib/printfr.c +++ b/contrib/ipfilter/lib/printfr.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printfr.c,v 1.43.2.15 2005/11/14 17:45:06 darrenr Exp $ + * $Id: printfr.c,v 1.43.2.16 2006/03/29 11:19:59 darrenr Exp $ */ #include "ipf.h" @@ -122,20 +122,6 @@ ioctlfunc_t iocfunc; printf("pass"); else if (FR_ISBLOCK(fp->fr_flags)) { printf("block"); - if (fp->fr_flags & FR_RETICMP) { - if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP) - printf(" return-icmp-as-dest"); - else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP) - printf(" return-icmp"); - if (fp->fr_icode) { - if (fp->fr_icode <= MAX_ICMPCODE) - printf("(%s)", - icmpcodes[(int)fp->fr_icode]); - else - printf("(%d)", fp->fr_icode); - } - } else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST) - printf(" return-rst"); } else if ((fp->fr_flags & FR_LOGMASK) == FR_LOG) { printlog(fp); } else if (FR_ISACCOUNT(fp->fr_flags)) @@ -151,6 +137,20 @@ ioctlfunc_t iocfunc; else { printf("%x", fp->fr_flags); } + if (fp->fr_flags & FR_RETICMP) { + if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP) + printf(" return-icmp-as-dest"); + else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP) + printf(" return-icmp"); + if (fp->fr_icode) { + if (fp->fr_icode <= MAX_ICMPCODE) + printf("(%s)", + icmpcodes[(int)fp->fr_icode]); + else + printf("(%d)", fp->fr_icode); + } + } else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST) + printf(" return-rst"); if (fp->fr_flags & FR_OUTQUE) printf(" out "); diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c index 3139920..dd18e98 100644 --- a/contrib/ipfilter/lib/printlog.c +++ b/contrib/ipfilter/lib/printlog.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printlog.c,v 1.6.4.1 2005/11/14 17:45:06 darrenr Exp $ + * $Id: printlog.c,v 1.6.4.2 2005/12/18 14:49:06 darrenr Exp $ */ #include "ipf.h" @@ -28,14 +28,11 @@ frentry_t *fp; if (fp->fr_loglevel != 0xffff) { printf(" level "); s = fac_toname(fp->fr_loglevel); - if (s == NULL) + if (s == NULL || *s == '\0') s = "!!!"; u = pri_toname(fp->fr_loglevel); - if (u == NULL) + if (u == NULL || *u == '\0') u = "!!!"; - if (*s) - printf("%s.%s", s, u); - else - printf("%s", u); + printf("%s.%s", s, u); } } |
