diff options
Diffstat (limited to 'contrib/ipfilter/lib')
-rw-r--r-- | contrib/ipfilter/lib/Makefile | 4 | ||||
-rw-r--r-- | contrib/ipfilter/lib/addicmp.c | 75 | ||||
-rw-r--r-- | contrib/ipfilter/lib/facpri.c | 32 | ||||
-rw-r--r-- | contrib/ipfilter/lib/getport.c | 27 | ||||
-rw-r--r-- | contrib/ipfilter/lib/icmpcode.c | 27 | ||||
-rw-r--r-- | contrib/ipfilter/lib/ipft_tx.c | 35 | ||||
-rw-r--r-- | contrib/ipfilter/lib/optprint.c | 6 | ||||
-rw-r--r-- | contrib/ipfilter/lib/printfr.c | 30 | ||||
-rw-r--r-- | contrib/ipfilter/lib/printlog.c | 11 |
9 files changed, 68 insertions, 179 deletions
diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile index a6e9cc4..3dcf3a1 100644 --- a/contrib/ipfilter/lib/Makefile +++ b/contrib/ipfilter/lib/Makefile @@ -2,7 +2,6 @@ INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/addipopt.o \ - $(DEST)/addkeep.o \ $(DEST)/bcopywrap.o \ $(DEST)/binprint.o \ $(DEST)/buildopts.o \ @@ -47,7 +46,6 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/load_pool.o \ $(DEST)/load_poolnode.o \ $(DEST)/loglevel.o \ - $(DEST)/make_range.o \ $(DEST)/mutex_emul.o \ $(DEST)/nametokva.o \ $(DEST)/nat_setgroupmap.o \ @@ -108,8 +106,6 @@ $(DEST)/addicmp.o: $(LIBSRC)/addicmp.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/addicmp.c -o $@ $(DEST)/addipopt.o: $(LIBSRC)/addipopt.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/addipopt.c -o $@ -$(DEST)/addkeep.o: $(LIBSRC)/addkeep.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/addkeep.c -o $@ $(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@ $(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP) diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c index e18a787..c83ecfe 100644 --- a/contrib/ipfilter/lib/addicmp.c +++ b/contrib/ipfilter/lib/addicmp.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp $ + * $Id: addicmp.c,v 1.10.2.4 2006/02/25 17:41:57 darrenr Exp $ */ #include <ctype.h> @@ -17,76 +17,3 @@ char *icmptypes[MAX_ICMPTYPE + 1] = { "routersol", "timex", "paramprob", "timest", "timestrep", "inforeq", "inforep", "maskreq", "maskrep", "END" }; - -/* - * set the icmp field to the correct type if "icmp" word is found - */ -int addicmp(cp, fp, linenum) -char ***cp; -struct frentry *fp; -int linenum; -{ - char **t; - int i; - - (*cp)++; - if (!**cp) - return -1; - if (!fp->fr_proto) /* to catch lusers */ - fp->fr_proto = IPPROTO_ICMP; - if (ISDIGIT(***cp)) { - if (!ratoi(**cp, &i, 0, 255)) { - fprintf(stderr, - "%d: Invalid icmp-type (%s) specified\n", - linenum, **cp); - return -1; - } - } else { - for (t = icmptypes, i = 0; ; t++, i++) { - if (!*t) - continue; - if (!strcasecmp("END", *t)) { - i = -1; - break; - } - if (!strcasecmp(*t, **cp)) - break; - } - if (i == -1) { - fprintf(stderr, - "%d: Unknown icmp-type (%s) specified\n", - linenum, **cp); - return -1; - } - } - fp->fr_icmp = (u_short)(i << 8); - fp->fr_icmpm = (u_short)0xff00; - (*cp)++; - if (!**cp) - return 0; - - if (**cp && strcasecmp("code", **cp)) - return 0; - (*cp)++; - if (ISDIGIT(***cp)) { - if (!ratoi(**cp, &i, 0, 255)) { - fprintf(stderr, - "%d: Invalid icmp code (%s) specified\n", - linenum, **cp); - return -1; - } - } else { - i = icmpcode(**cp); - if (i == -1) { - fprintf(stderr, - "%d: Unknown icmp code (%s) specified\n", - linenum, **cp); - return -1; - } - } - i &= 0xff; - fp->fr_icmp |= (u_short)i; - fp->fr_icmpm = (u_short)0xffff; - (*cp)++; - return 0; -} diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c index 2fc0a78..c438a1c 100644 --- a/contrib/ipfilter/lib/facpri.c +++ b/contrib/ipfilter/lib/facpri.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $ + * $Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $ */ #include <stdio.h> @@ -20,7 +20,7 @@ #include "facpri.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $"; #endif @@ -79,13 +79,13 @@ fac_toname(facpri) fac = facpri & LOG_FACMASK; j = fac >> 3; - if (j < 24) { + if (j < (sizeof(facs)/sizeof(facs[0]))) { if (facs[j].value == fac) return facs[j].name; - for (i = 0; facs[i].name; i++) - if (fac == facs[i].value) - return facs[i].name; } + for (i = 0; facs[i].name; i++) + if (fac == facs[i].value) + return facs[i].name; return NULL; } @@ -94,11 +94,11 @@ fac_toname(facpri) /* * map a facility name to its number */ -int +int fac_findname(name) char *name; { - int i; + int i; for (i = 0; facs[i].name; i++) if (!strcmp(facs[i].name, name)) @@ -117,22 +117,6 @@ table_t pris[] = { /* - * map a priority name to its number - */ -int -pri_findname(name) - char *name; -{ - int i; - - for (i = 0; pris[i].name; i++) - if (!strcmp(pris[i].name, name)) - return pris[i].value; - return -1; -} - - -/* * map a priority number to its name */ char * diff --git a/contrib/ipfilter/lib/getport.c b/contrib/ipfilter/lib/getport.c index 03fcd17..bb14fb3 100644 --- a/contrib/ipfilter/lib/getport.c +++ b/contrib/ipfilter/lib/getport.c @@ -18,6 +18,33 @@ u_short *port; return -1; } + /* + * Some people will use port names in rules without specifying + * either TCP or UDP because it is implied by the group head. + * If we don't know the protocol, then the best we can do here is + * to take either only the TCP or UDP mapping (if one or the other + * is missing) or make sure both of them agree. + */ + if (fr->fr_proto == 0) { + s = getservbyname(name, "tcp"); + if (s != NULL) + p1 = s->s_port; + else + p1 = 0; + s = getservbyname(name, "udp"); + if (s != NULL) { + if (p1 != s->s_port) + return -1; + } + if ((p1 == 0) && (s == NULL)) + return -1; + if (p1) + *port = p1; + else + *port = s->s_port; + return 0; + } + if ((fr->fr_flx & FI_TCPUDP) != 0) { /* * If a rule is "tcp/udp" then check that both TCP and UDP diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c index fd1e647..b60d247 100644 --- a/contrib/ipfilter/lib/icmpcode.c +++ b/contrib/ipfilter/lib/icmpcode.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp $ + * $Id: icmpcode.c,v 1.7.2.4 2006/02/25 17:40:22 darrenr Exp $ */ #include <ctype.h> @@ -20,28 +20,3 @@ char *icmpcodes[MAX_ICMPCODE + 1] = { "net-unk", "host-unk", "isolate", "net-prohib", "host-prohib", "net-tos", "host-tos", "filter-prohib", "host-preced", "preced-cutoff", NULL }; - -/* - * Return the number for the associated ICMP unreachable code. - */ -int icmpcode(str) -char *str; -{ - char *s; - int i, len; - - if ((s = strrchr(str, ')'))) - *s = '\0'; - if (ISDIGIT(*str)) { - if (!ratoi(str, &i, 0, 255)) - return -1; - else - return i; - } - len = strlen(str); - for (i = 0; icmpcodes[i]; i++) - if (!strncasecmp(str, icmpcodes[i], MIN(len, - strlen(icmpcodes[i])) )) - return i; - return -1; -} diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index 0432c08..04c2dab 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -3,11 +3,11 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $ + * $Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $"; #endif #include <ctype.h> @@ -73,36 +73,15 @@ int *resolved; static u_short tx_portnum(name) char *name; { - struct servent *sp, *sp2; - u_short p1 = 0; + struct servent *sp; if (ISDIGIT(*name)) return (u_short)atoi(name); - if (!tx_proto) - tx_proto = "tcp/udp"; - if (strcasecmp(tx_proto, "tcp/udp")) { - sp = getservbyname(name, tx_proto); - if (sp) - return ntohs(sp->s_port); - (void) fprintf(stderr, "unknown service \"%s\".\n", name); - return 0; - } - sp = getservbyname(name, "tcp"); + sp = getservbyname(name, tx_proto); if (sp) - p1 = sp->s_port; - sp2 = getservbyname(name, "udp"); - if (!sp || !sp2) { - (void) fprintf(stderr, "unknown tcp/udp service \"%s\".\n", - name); - return 0; - } - if (p1 != sp2->s_port) { - (void) fprintf(stderr, "%s %d/tcp is a different port to ", - name, p1); - (void) fprintf(stderr, "%s %d/udp\n", name, sp->s_port); - return 0; - } - return ntohs(p1); + return ntohs(sp->s_port); + (void) fprintf(stderr, "unknown service \"%s\".\n", name); + return 0; } diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c index 42c1618..ec94bbb 100644 --- a/contrib/ipfilter/lib/optprint.c +++ b/contrib/ipfilter/lib/optprint.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp $ + * $Id: optprint.c,v 1.6.4.1 2005/12/18 14:51:28 darrenr Exp $ */ #include "ipf.h" @@ -23,6 +23,10 @@ u_long optmsk, optbits; if ((io->on_value != IPOPT_SECURITY) || (!secmsk && !secbits)) { printf("%s%s", s, io->on_name); + /* + * Because the ionames table has this entry + * twice. + */ if (io->on_value == IPOPT_SECURITY) io++; s = ","; diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c index f893ebb..6e7a405 100644 --- a/contrib/ipfilter/lib/printfr.c +++ b/contrib/ipfilter/lib/printfr.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printfr.c,v 1.43.2.15 2005/11/14 17:45:06 darrenr Exp $ + * $Id: printfr.c,v 1.43.2.16 2006/03/29 11:19:59 darrenr Exp $ */ #include "ipf.h" @@ -120,20 +120,6 @@ ioctlfunc_t iocfunc; printf("pass"); else if (FR_ISBLOCK(fp->fr_flags)) { printf("block"); - if (fp->fr_flags & FR_RETICMP) { - if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP) - printf(" return-icmp-as-dest"); - else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP) - printf(" return-icmp"); - if (fp->fr_icode) { - if (fp->fr_icode <= MAX_ICMPCODE) - printf("(%s)", - icmpcodes[(int)fp->fr_icode]); - else - printf("(%d)", fp->fr_icode); - } - } else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST) - printf(" return-rst"); } else if ((fp->fr_flags & FR_LOGMASK) == FR_LOG) { printlog(fp); } else if (FR_ISACCOUNT(fp->fr_flags)) @@ -149,6 +135,20 @@ ioctlfunc_t iocfunc; else { printf("%x", fp->fr_flags); } + if (fp->fr_flags & FR_RETICMP) { + if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP) + printf(" return-icmp-as-dest"); + else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP) + printf(" return-icmp"); + if (fp->fr_icode) { + if (fp->fr_icode <= MAX_ICMPCODE) + printf("(%s)", + icmpcodes[(int)fp->fr_icode]); + else + printf("(%d)", fp->fr_icode); + } + } else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST) + printf(" return-rst"); if (fp->fr_flags & FR_OUTQUE) printf(" out "); diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c index 1445971..bf84eee 100644 --- a/contrib/ipfilter/lib/printlog.c +++ b/contrib/ipfilter/lib/printlog.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printlog.c,v 1.6.4.1 2005/11/14 17:45:06 darrenr Exp $ + * $Id: printlog.c,v 1.6.4.2 2005/12/18 14:49:06 darrenr Exp $ */ #include "ipf.h" @@ -26,14 +26,11 @@ frentry_t *fp; if (fp->fr_loglevel != 0xffff) { printf(" level "); s = fac_toname(fp->fr_loglevel); - if (s == NULL) + if (s == NULL || *s == '\0') s = "!!!"; u = pri_toname(fp->fr_loglevel); - if (u == NULL) + if (u == NULL || *u == '\0') u = "!!!"; - if (*s) - printf("%s.%s", s, u); - else - printf("%s", u); + printf("%s.%s", s, u); } } |