diff options
author | brian <brian@FreeBSD.org> | 2001-04-24 02:13:34 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 2001-04-24 02:13:34 +0000 |
commit | d487445d059fdf0ea10570641cfa7d3fa4430e70 (patch) | |
tree | a7caabe22126e4d14d20ad1127f2ee3afc407973 /usr.sbin/ppp/ip.c | |
parent | 9c03a8ae91e06e47f0c59996ef0e2300e231e101 (diff) | |
download | FreeBSD-src-d487445d059fdf0ea10570641cfa7d3fa4430e70.zip FreeBSD-src-d487445d059fdf0ea10570641cfa7d3fa4430e70.tar.gz |
Handle IP over IP (IPPROTO_IPV4) properly.
We now unwrap IP/IP and apply filter rules to both the outer
layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
the payload (reinterpreted by the filter rules).
``set log tcp/ip'' will now show both the outer wrapper and
the (reinterpreted) payload contents.
Diffstat (limited to 'usr.sbin/ppp/ip.c')
-rw-r--r-- | usr.sbin/ppp/ip.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c index 34aa1c2..6857c13 100644 --- a/usr.sbin/ppp/ip.c +++ b/usr.sbin/ppp/ip.c @@ -279,11 +279,16 @@ FilterCheck(const struct ip *pip, const struct filter *filter, unsigned *psecs) estab = syn = finrst = -1; sport = ntohs(0); break; - case IPPROTO_UDP: case IPPROTO_IPIP: + cproto = P_IPIP; + sport = dport = 0; + estab = syn = finrst = -1; + break; + case IPPROTO_UDP: cproto = P_UDP; if (datalen < 8) { /* UDP header is 8 octets */ - log_Printf(LogFILTER, " error: UDP must be at least 8 octets\n"); + log_Printf(LogFILTER, " error: UDP/IPIP" + " must be at least 8 octets\n"); return 1; } @@ -635,14 +640,20 @@ PacketCheck(struct bundle *bundle, unsigned char *cp, int nb, case IPPROTO_IPIP: if (logit && loglen < sizeof logbuf) { - uh = (struct udphdr *) ptop; snprintf(logbuf + loglen, sizeof logbuf - loglen, - "IPIP: %s:%d ---> ", inet_ntoa(pip->ip_src), - ntohs(uh->uh_sport)); + "IPIP: %s ---> ", inet_ntoa(pip->ip_src)); loglen += strlen(logbuf + loglen); snprintf(logbuf + loglen, sizeof logbuf - loglen, - "%s:%d", inet_ntoa(pip->ip_dst), ntohs(uh->uh_dport)); + "%s", inet_ntoa(pip->ip_dst)); loglen += strlen(logbuf + loglen); + + if (((struct ip *)ptop)->ip_v == 4) { + snprintf(logbuf + loglen, sizeof logbuf - loglen, " contains "); + result = PacketCheck(bundle, ptop, nb - (ptop - cp), filter, + logbuf, psecs); + if (result != -2) + return result; + } } break; |