diff options
author | mlaier <mlaier@FreeBSD.org> | 2006-05-14 03:53:04 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2006-05-14 03:53:04 +0000 |
commit | efe765e26504465495306de73fb16f6c5c6b4dd2 (patch) | |
tree | c0a3a689b54452f2dd1d4ae92f6f1049cdea4cca /sbin/ipfw | |
parent | 9536369e209c665cfb4199b82d7f633dcbd4a630 (diff) | |
download | FreeBSD-src-efe765e26504465495306de73fb16f6c5c6b4dd2.zip FreeBSD-src-efe765e26504465495306de73fb16f6c5c6b4dd2.tar.gz |
For src/dest parsing take off the netmask before checking for AF with
inet_pton. This fixes cases like "fe02::/16".
PR: bin/91245
Reported by: Fredrik Lindberge
Diffstat (limited to 'sbin/ipfw')
-rw-r--r-- | sbin/ipfw/ipfw2.c | 46 |
1 files changed, 31 insertions, 15 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 6a85b9c..eb5a5ab 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -3695,36 +3695,52 @@ static ipfw_insn * add_src(ipfw_insn *cmd, char *av, u_char proto) { struct in6_addr a; + char *host, *ch; + ipfw_insn *ret = NULL; + + if ((host = strdup(av)) == NULL) + return NULL; + if ((ch = strrchr(host, '/')) != NULL) + *ch = '\0'; if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || - inet_pton(AF_INET6, av, &a)) - return add_srcip6(cmd, av); + inet_pton(AF_INET6, host, &a)) + ret = add_srcip6(cmd, av); /* XXX: should check for IPv4, not !IPv6 */ - if (proto == IPPROTO_IP || strcmp(av, "me") == 0 || - !inet_pton(AF_INET6, av, &a)) - return add_srcip(cmd, av); - if (strcmp(av, "any") != 0) - return cmd; + if ((ret == NULL) && proto == IPPROTO_IP || strcmp(av, "me") == 0 || + !inet_pton(AF_INET6, host, &a)) + ret = add_srcip(cmd, av); + if ((ret == NULL) && strcmp(av, "any") != 0) + ret = cmd; - return NULL; + free(host); + return ret; } static ipfw_insn * add_dst(ipfw_insn *cmd, char *av, u_char proto) { struct in6_addr a; + char *host, *ch; + ipfw_insn *ret = NULL; + + if ((host = strdup(av)) == NULL) + return NULL; + if ((ch = strrchr(host, '/')) != NULL) + *ch = '\0'; if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || - inet_pton(AF_INET6, av, &a)) - return add_dstip6(cmd, av); + inet_pton(AF_INET6, host, &a)) + ret = add_dstip6(cmd, av); /* XXX: should check for IPv4, not !IPv6 */ - if (proto == IPPROTO_IP || strcmp(av, "me") == 0 || + if ((ret == NULL) && proto == IPPROTO_IP || strcmp(av, "me") == 0 || !inet_pton(AF_INET6, av, &a)) - return add_dstip(cmd, av); - if (strcmp(av, "any") != 0) - return cmd; + ret = add_dstip(cmd, av); + if ((ret == NULL) && strcmp(av, "any") != 0) + ret = cmd; - return NULL; + free(host); + return ret; } /* |