diff options
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/altq.c | 18 | ||||
-rw-r--r-- | sbin/ipfw/dummynet.c | 60 | ||||
-rw-r--r-- | sbin/ipfw/ipfw2.c | 35 | ||||
-rw-r--r-- | sbin/ipfw/ipv6.c | 218 | ||||
-rw-r--r-- | sbin/ipfw/main.c | 6 | ||||
-rw-r--r-- | sbin/ipfw/nat.c | 197 |
6 files changed, 266 insertions, 268 deletions
diff --git a/sbin/ipfw/altq.c b/sbin/ipfw/altq.c index 8cf19e5..8dced11 100644 --- a/sbin/ipfw/altq.c +++ b/sbin/ipfw/altq.c @@ -45,7 +45,7 @@ /* * Map between current altq queue id numbers and names. */ -static TAILQ_HEAD(, pf_altq) altq_entries = +static TAILQ_HEAD(, pf_altq) altq_entries = TAILQ_HEAD_INITIALIZER(altq_entries); void @@ -139,13 +139,13 @@ altq_qid_to_name(u_int32_t qid) void print_altq_cmd(ipfw_insn_altq *altqptr) { - if (altqptr) { - const char *qname; + if (altqptr) { + const char *qname; - qname = altq_qid_to_name(altqptr->qid); - if (qname == NULL) - printf(" altq ?<%u>", altqptr->qid); - else - printf(" altq %s", qname); - } + qname = altq_qid_to_name(altqptr->qid); + if (qname == NULL) + printf(" altq ?<%u>", altqptr->qid); + else + printf(" altq %s", qname); + } } diff --git a/sbin/ipfw/dummynet.c b/sbin/ipfw/dummynet.c index f934197..f263d22 100644 --- a/sbin/ipfw/dummynet.c +++ b/sbin/ipfw/dummynet.c @@ -418,25 +418,25 @@ ipfw_delete_pipe(int do_pipe, int i) * We can model the additional delay with an empirical curve * that represents its distribution. * - * cumulative probability - * 1.0 ^ - * | - * L +-- loss-level x - * | ****** - * | * - * | ***** - * | * - * | ** - * | * - * +-------*-------------------> - * delay + * cumulative probability + * 1.0 ^ + * | + * L +-- loss-level x + * | ****** + * | * + * | ***** + * | * + * | ** + * | * + * +-------*-------------------> + * delay * * The empirical curve may have both vertical and horizontal lines. * Vertical lines represent constant delay for a range of * probabilities; horizontal lines correspond to a discontinuty * in the delay distribution: the link will use the largest delay * for a given probability. - * + * * To pass the curve to dummynet, we must store the parameters * in a file as described below, and issue the command * @@ -449,9 +449,9 @@ ipfw_delete_pipe(int do_pipe, int i) * the number of samples used in the internal * representation (2..1024; default 100); * - * loss-level L + * loss-level L * The probability above which packets are lost. - * (0.0 <= L <= 1.0, default 1.0 i.e. no loss); + * (0.0 <= L <= 1.0, default 1.0 i.e. no loss); * * name identifier * Optional a name (listed by "ipfw pipe show") @@ -472,18 +472,18 @@ ipfw_delete_pipe(int do_pipe, int i) * the curve as needed. * * Example of a profile file: - - name bla_bla_bla - samples 100 - loss-level 0.86 - prob delay - 0 200 # minimum overhead is 200ms - 0.5 200 - 0.5 300 - 0.8 1000 - 0.9 1300 - 1 1300 - + + name bla_bla_bla + samples 100 + loss-level 0.86 + prob delay + 0 200 # minimum overhead is 200ms + 0.5 200 + 0.5 300 + 0.8 1000 + 0.9 1300 + 1 1300 + * Internally, we will convert the curve to a fixed number of * samples, and when it is time to transmit a packet we will * model the extra delay as extra bits in the packet. @@ -613,7 +613,7 @@ load_extra_delays(const char *filename, struct dn_profile *p, if (f == NULL) err(EX_UNAVAILABLE, "fopen: %s", filename); - while (fgets(line, ED_MAX_LINE_LEN, f)) { /* read commands */ + while (fgets(line, ED_MAX_LINE_LEN, f)) { /* read commands */ char *s, *cur = line, *name = NULL, *arg = NULL; ++lineno; @@ -740,7 +740,7 @@ load_extra_delays(const char *filename, struct dn_profile *p, /* * configuration of pipes, schedulers, flowsets. * When we configure a new scheduler, an empty pipe is created, so: - * + * * do_pipe = 1 -> "pipe N config ..." only for backward compatibility * sched N+Delta type fifo sched_mask ... * pipe N+Delta <parameters> @@ -955,7 +955,7 @@ ipfw_config_pipe(int ac, char **av) mask->addr_type = 6; pa6 = &mask->dst_ip6; break; - + case TOK_SRCIP6: mask->addr_type = 6; pa6 = &mask->src_ip6; diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 9f2fe69..4402f44 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -210,7 +210,7 @@ static struct _s_x rule_actions[] = { { "unreach", TOK_UNREACH }, { "check-state", TOK_CHECKSTATE }, { "//", TOK_COMMENT }, - { "nat", TOK_NAT }, + { "nat", TOK_NAT }, { "reass", TOK_REASS }, { "setfib", TOK_SETFIB }, { NULL, 0 } /* terminator */ @@ -380,8 +380,8 @@ do_cmd(int optname, void *optval, uintptr_t optlen) if (optname == IP_FW_GET || optname == IP_DUMMYNET_GET || optname == IP_FW_ADD || optname == IP_FW_TABLE_LIST || - optname == IP_FW_TABLE_GETSIZE || - optname == IP_FW_NAT_GET_CONFIG || + optname == IP_FW_TABLE_GETSIZE || + optname == IP_FW_NAT_GET_CONFIG || optname < 0 || optname == IP_FW_NAT_GET_LOG) { if (optname < 0) @@ -1028,7 +1028,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) /* * first print actions */ - for (l = rule->cmd_len - rule->act_ofs, cmd = ACTION_PTR(rule); + for (l = rule->cmd_len - rule->act_ofs, cmd = ACTION_PTR(rule); l > 0 ; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { switch(cmd->opcode) { case O_CHECK_STATE: @@ -1158,7 +1158,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) /* * then print the body. */ - for (l = rule->act_ofs, cmd = rule->cmd ; + for (l = rule->act_ofs, cmd = rule->cmd ; l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) { if ((cmd->len & F_OR) || (cmd->len & F_NOT)) continue; @@ -1182,7 +1182,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) if (co.comment_only) comment = "..."; - for (l = rule->act_ofs, cmd = rule->cmd ; + for (l = rule->act_ofs, cmd = rule->cmd ; l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) { /* useful alias */ ipfw_insn_u32 *cmd32 = (ipfw_insn_u32 *)cmd; @@ -1569,7 +1569,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) } } show_prerequisites(&flags, HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP - | HAVE_IP, 0); + | HAVE_IP, 0); if (comment) printf(" // %s", comment); printf("\n"); @@ -2198,7 +2198,6 @@ n2mask(struct in6_addr *mask, int n) } return; } - /* * helper function to process a set of flags and set bits in the @@ -2229,9 +2228,9 @@ fill_flags(ipfw_insn *cmd, enum ipfw_opcodes opcode, *which |= (uint8_t)val; p = q; } - cmd->opcode = opcode; - cmd->len = (cmd->len & (F_NOT | F_OR)) | 1; - cmd->arg1 = (set & 0xff) | ( (clear & 0xff) << 8); + cmd->opcode = opcode; + cmd->len = (cmd->len & (F_NOT | F_OR)) | 1; + cmd->arg1 = (set & 0xff) | ( (clear & 0xff) << 8); } @@ -2289,7 +2288,7 @@ ipfw_delete(char *av[]) * fill the interface structure. We do not check the name as we can * create interfaces dynamically, so checking them at insert time * makes relatively little sense. - * Interface names containing '*', '?', or '[' are assumed to be shell + * Interface names containing '*', '?', or '[' are assumed to be shell * patterns which match interfaces. */ static void @@ -2817,7 +2816,7 @@ chkarg: "illegal forwarding port ``%s''", s); p->sa.sin_port = (u_short)i; } - if (_substrcmp(*av, "tablearg") == 0) + if (_substrcmp(*av, "tablearg") == 0) p->sa.sin_addr.s_addr = INADDR_ANY; else lookup_host(*av, &(p->sa.sin_addr)); @@ -2837,7 +2836,7 @@ chkarg: action->opcode = O_SETFIB; NEED1("missing fib number"); - action->arg1 = strtoul(*av, NULL, 10); + action->arg1 = strtoul(*av, NULL, 10); if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1) errx(EX_DATAERR, "fibs not suported.\n"); if (action->arg1 >= numfibs) /* Temporary */ @@ -3144,7 +3143,7 @@ read_options: errx(EX_USAGE, "+missing \")\"\n"); open_par = 0; prev = NULL; - break; + break; case TOK_IN: fill_cmd(cmd, O_IN, 0, 0); @@ -3829,10 +3828,10 @@ ipfw_table_handler(int ac, char *av[]) if (strchr(*av, (int)'.') == NULL && isdigit(**av)) { ent.value = strtoul(*av, NULL, 0); } else { - if (lookup_host(*av, (struct in_addr *)&tval) == 0) { + if (lookup_host(*av, (struct in_addr *)&tval) == 0) { /* The value must be stored in host order * * so that the values < 65k can be distinguished */ - ent.value = ntohl(tval); + ent.value = ntohl(tval); } else { errx(EX_NOHOST, "hostname ``%s'' unknown", *av); } @@ -3851,7 +3850,7 @@ ipfw_table_handler(int ac, char *av[]) if (do_cmd(IP_FW_TABLE_ADD, &ent, sizeof(ent)) < 0) err(EX_OSERR, - "setsockopt(IP_FW_TABLE_ADD)"); + "setsockopt(IP_FW_TABLE_ADD)"); } } } else if (_substrcmp(*av, "flush") == 0) { diff --git a/sbin/ipfw/ipv6.c b/sbin/ipfw/ipv6.c index 40f078b..ee93d98 100644 --- a/sbin/ipfw/ipv6.c +++ b/sbin/ipfw/ipv6.c @@ -76,7 +76,7 @@ print_unreach6_code(uint16_t code) printf("unreach6 %u", code); } -/* +/* * Print the ip address contained in a command. */ void @@ -90,43 +90,43 @@ print_ip6(ipfw_insn_ip6 *cmd, char const *s) printf("%s%s ", cmd->o.len & F_NOT ? " not": "", s); if (cmd->o.opcode == O_IP6_SRC_ME || cmd->o.opcode == O_IP6_DST_ME) { - printf("me6"); - return; + printf("me6"); + return; } if (cmd->o.opcode == O_IP6) { - printf(" ip6"); - return; + printf(" ip6"); + return; } /* - * len == 4 indicates a single IP, whereas lists of 1 or more - * addr/mask pairs have len = (2n+1). We convert len to n so we - * use that to count the number of entries. - */ + * len == 4 indicates a single IP, whereas lists of 1 or more + * addr/mask pairs have len = (2n+1). We convert len to n so we + * use that to count the number of entries. + */ for (len = len / 4; len > 0; len -= 2, a += 2) { - int mb = /* mask length */ - (cmd->o.opcode == O_IP6_SRC || cmd->o.opcode == O_IP6_DST) ? - 128 : contigmask((uint8_t *)&(a[1]), 128); - - if (mb == 128 && co.do_resolv) - he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6); - if (he != NULL) /* resolved to name */ - printf("%s", he->h_name); - else if (mb == 0) /* any */ - printf("any"); - else { /* numeric IP followed by some kind of mask */ - if (inet_ntop(AF_INET6, a, trad, sizeof( trad ) ) == NULL) - printf("Error ntop in print_ip6\n"); - printf("%s", trad ); - if (mb < 0) /* XXX not really legal... */ - printf(":%s", - inet_ntop(AF_INET6, &a[1], trad, sizeof(trad))); - else if (mb < 128) - printf("/%d", mb); - } - if (len > 2) - printf(","); + int mb = /* mask length */ + (cmd->o.opcode == O_IP6_SRC || cmd->o.opcode == O_IP6_DST) ? + 128 : contigmask((uint8_t *)&(a[1]), 128); + + if (mb == 128 && co.do_resolv) + he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6); + if (he != NULL) /* resolved to name */ + printf("%s", he->h_name); + else if (mb == 0) /* any */ + printf("any"); + else { /* numeric IP followed by some kind of mask */ + if (inet_ntop(AF_INET6, a, trad, sizeof( trad ) ) == NULL) + printf("Error ntop in print_ip6\n"); + printf("%s", trad ); + if (mb < 0) /* XXX not really legal... */ + printf(":%s", + inet_ntop(AF_INET6, &a[1], trad, sizeof(trad))); + else if (mb < 128) + printf("/%d", mb); + } + if (len > 2) + printf(","); } } @@ -137,20 +137,20 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av) bzero(cmd, sizeof(*cmd)); while (*av) { - if (*av == ',') - av++; - type = strtoul(av, &av, 0); - if (*av != ',' && *av != '\0') - errx(EX_DATAERR, "invalid ICMP6 type"); + if (*av == ',') + av++; + type = strtoul(av, &av, 0); + if (*av != ',' && *av != '\0') + errx(EX_DATAERR, "invalid ICMP6 type"); /* * XXX: shouldn't this be 0xFF? I can't see any reason why * we shouldn't be able to filter all possiable values * regardless of the ability of the rest of the kernel to do * anything useful with them. */ - if (type > ICMP6_MAXTYPE) - errx(EX_DATAERR, "ICMP6 type out of range"); - cmd->d[type / 32] |= ( 1 << (type % 32)); + if (type > ICMP6_MAXTYPE) + errx(EX_DATAERR, "ICMP6 type out of range"); + cmd->d[type / 32] |= ( 1 << (type % 32)); } cmd->o.opcode = O_ICMP6TYPE; cmd->o.len |= F_INSN_SIZE(ipfw_insn_icmp6); @@ -165,12 +165,12 @@ print_icmp6types(ipfw_insn_u32 *cmd) printf(" ip6 icmp6types"); for (i = 0; i < 7; i++) - for (j=0; j < 32; ++j) { - if ( (cmd->d[i] & (1 << (j))) == 0) - continue; - printf("%c%d", sep, (i*32 + j)); - sep = ','; - } + for (j=0; j < 32; ++j) { + if ( (cmd->d[i] & (1 << (j))) == 0) + continue; + printf("%c%d", sep, (i*32 + j)); + sep = ','; + } } void @@ -181,9 +181,9 @@ print_flow6id( ipfw_insn_u32 *cmd) printf(" flow-id "); for( i=0; i < limit; ++i) { - if (i == limit - 1) - sep = ' '; - printf("%d%c", cmd->d[i], sep); + if (i == limit - 1) + sep = ' '; + printf("%d%c", cmd->d[i], sep); } } @@ -193,11 +193,11 @@ static struct _s_x ext6hdrcodes[] = { { "hopopt", EXT_HOPOPTS }, { "route", EXT_ROUTING }, { "dstopt", EXT_DSTOPTS }, - { "ah", EXT_AH }, - { "esp", EXT_ESP }, + { "ah", EXT_AH }, + { "esp", EXT_ESP }, { "rthdr0", EXT_RTHDR0 }, { "rthdr2", EXT_RTHDR2 }, - { NULL, 0 } + { NULL, 0 } }; /* fills command for the extension header filtering */ @@ -210,48 +210,48 @@ fill_ext6hdr( ipfw_insn *cmd, char *av) cmd->arg1 = 0; while(s) { - av = strsep( &s, ",") ; - tok = match_token(ext6hdrcodes, av); - switch (tok) { - case EXT_FRAGMENT: - cmd->arg1 |= EXT_FRAGMENT; - break; - - case EXT_HOPOPTS: - cmd->arg1 |= EXT_HOPOPTS; - break; - - case EXT_ROUTING: - cmd->arg1 |= EXT_ROUTING; - break; - - case EXT_DSTOPTS: - cmd->arg1 |= EXT_DSTOPTS; - break; - - case EXT_AH: - cmd->arg1 |= EXT_AH; - break; - - case EXT_ESP: - cmd->arg1 |= EXT_ESP; - break; - - case EXT_RTHDR0: - cmd->arg1 |= EXT_RTHDR0; - break; - - case EXT_RTHDR2: - cmd->arg1 |= EXT_RTHDR2; - break; - - default: - errx( EX_DATAERR, "invalid option for ipv6 exten header" ); - break; - } + av = strsep( &s, ",") ; + tok = match_token(ext6hdrcodes, av); + switch (tok) { + case EXT_FRAGMENT: + cmd->arg1 |= EXT_FRAGMENT; + break; + + case EXT_HOPOPTS: + cmd->arg1 |= EXT_HOPOPTS; + break; + + case EXT_ROUTING: + cmd->arg1 |= EXT_ROUTING; + break; + + case EXT_DSTOPTS: + cmd->arg1 |= EXT_DSTOPTS; + break; + + case EXT_AH: + cmd->arg1 |= EXT_AH; + break; + + case EXT_ESP: + cmd->arg1 |= EXT_ESP; + break; + + case EXT_RTHDR0: + cmd->arg1 |= EXT_RTHDR0; + break; + + case EXT_RTHDR2: + cmd->arg1 |= EXT_RTHDR2; + break; + + default: + errx( EX_DATAERR, "invalid option for ipv6 exten header" ); + break; + } } if (cmd->arg1 == 0 ) - return 0; + return 0; cmd->opcode = O_EXT_HDR; cmd->len |= F_INSN_SIZE( ipfw_insn ); return 1; @@ -264,35 +264,35 @@ print_ext6hdr( ipfw_insn *cmd ) printf(" extension header:"); if (cmd->arg1 & EXT_FRAGMENT ) { - printf("%cfragmentation", sep); - sep = ','; + printf("%cfragmentation", sep); + sep = ','; } if (cmd->arg1 & EXT_HOPOPTS ) { - printf("%chop options", sep); - sep = ','; + printf("%chop options", sep); + sep = ','; } if (cmd->arg1 & EXT_ROUTING ) { - printf("%crouting options", sep); - sep = ','; + printf("%crouting options", sep); + sep = ','; } if (cmd->arg1 & EXT_RTHDR0 ) { - printf("%crthdr0", sep); - sep = ','; + printf("%crthdr0", sep); + sep = ','; } if (cmd->arg1 & EXT_RTHDR2 ) { - printf("%crthdr2", sep); - sep = ','; + printf("%crthdr2", sep); + sep = ','; } if (cmd->arg1 & EXT_DSTOPTS ) { - printf("%cdestination options", sep); - sep = ','; + printf("%cdestination options", sep); + sep = ','; } if (cmd->arg1 & EXT_AH ) { - printf("%cauthentication header", sep); - sep = ','; + printf("%cauthentication header", sep); + sep = ','; } if (cmd->arg1 & EXT_ESP ) { - printf("%cencapsulated security payload", sep); + printf("%cencapsulated security payload", sep); } } @@ -318,9 +318,9 @@ lookup_host6 (char *host, struct in6_addr *ip6addr) * any matches any IP6. Actually returns an empty instruction. * me returns O_IP6_*_ME * - * 03f1::234:123:0342 single IP6 addres - * 03f1::234:123:0342/24 address/mask - * 03f1::234:123:0342/24,03f1::234:123:0343/ List of address + * 03f1::234:123:0342 single IP6 addres + * 03f1::234:123:0342/24 address/mask + * 03f1::234:123:0342/24,03f1::234:123:0343/ List of address * * Set of address (as in ipv6) not supported because ipv6 address * are typically random past the initial prefix. diff --git a/sbin/ipfw/main.c b/sbin/ipfw/main.c index 43693e0..fb3f3fb 100644 --- a/sbin/ipfw/main.c +++ b/sbin/ipfw/main.c @@ -357,7 +357,7 @@ ipfw_main(int oldac, char **oldav) co.do_nat = 0; co.do_pipe = 0; if (!strncmp(*av, "nat", strlen(*av))) - co.do_nat = 1; + co.do_nat = 1; else if (!strncmp(*av, "pipe", strlen(*av))) co.do_pipe = 1; else if (_substrcmp(*av, "queue") == 0) @@ -426,7 +426,7 @@ ipfw_main(int oldac, char **oldav) else if (_substrcmp(*av, "resetlog") == 0) ipfw_zero(ac, av, 1 /* IP_FW_RESETLOG */); else if (_substrcmp(*av, "print") == 0 || - _substrcmp(*av, "list") == 0) + _substrcmp(*av, "list") == 0) ipfw_list(ac, av, do_acct); else if (_substrcmp(*av, "show") == 0) ipfw_list(ac, av, 1 /* show counters */); @@ -591,7 +591,7 @@ main(int ac, char *av[]) ret = WSAStartup(wVersionRequested, &wsaData); if (ret != 0) { /* Tell the user that we could not find a usable */ - /* Winsock DLL. */ + /* Winsock DLL. */ printf("WSAStartup failed with error: %d\n", ret); return 1; } diff --git a/sbin/ipfw/nat.c b/sbin/ipfw/nat.c index 21196bc..bf93549 100644 --- a/sbin/ipfw/nat.c +++ b/sbin/ipfw/nat.c @@ -47,15 +47,15 @@ #include <alias.h> static struct _s_x nat_params[] = { - { "ip", TOK_IP }, - { "if", TOK_IF }, - { "log", TOK_ALOG }, - { "deny_in", TOK_DENY_INC }, - { "same_ports", TOK_SAME_PORTS }, - { "unreg_only", TOK_UNREG_ONLY }, - { "reset", TOK_RESET_ADDR }, - { "reverse", TOK_ALIAS_REV }, - { "proxy_only", TOK_PROXY_ONLY }, + { "ip", TOK_IP }, + { "if", TOK_IF }, + { "log", TOK_ALOG }, + { "deny_in", TOK_DENY_INC }, + { "same_ports", TOK_SAME_PORTS }, + { "unreg_only", TOK_UNREG_ONLY }, + { "reset", TOK_RESET_ADDR }, + { "reverse", TOK_ALIAS_REV }, + { "proxy_only", TOK_PROXY_ONLY }, { "redirect_addr", TOK_REDIR_ADDR }, { "redirect_port", TOK_REDIR_PORT }, { "redirect_proto", TOK_REDIR_PROTO }, @@ -63,10 +63,10 @@ static struct _s_x nat_params[] = { }; -/* +/* * Search for interface with name "ifn", and fill n accordingly: * - * n->ip ip address of interface "ifn" + * n->ip ip address of interface "ifn" * n->if_name copy of interface name "ifn" */ static void @@ -163,25 +163,25 @@ set_addr_dynamic(const char *ifn, struct cfg_nat *n) free(buf); } -/* +/* * XXX - The following functions, macros and definitions come from natd.c: - * it would be better to move them outside natd.c, in a file - * (redirect_support.[ch]?) shared by ipfw and natd, but for now i can live + * it would be better to move them outside natd.c, in a file + * (redirect_support.[ch]?) shared by ipfw and natd, but for now i can live * with it. */ /* * Definition of a port range, and macros to deal with values. * FORMAT: HI 16-bits == first port in range, 0 == all ports. - * LO 16-bits == number of ports in range + * LO 16-bits == number of ports in range * NOTES: - Port values are not stored in network byte order. */ #define port_range u_long -#define GETLOPORT(x) ((x) >> 0x10) -#define GETNUMPORTS(x) ((x) & 0x0000ffff) -#define GETHIPORT(x) (GETLOPORT((x)) + GETNUMPORTS((x))) +#define GETLOPORT(x) ((x) >> 0x10) +#define GETNUMPORTS(x) ((x) & 0x0000ffff) +#define GETHIPORT(x) (GETLOPORT((x)) + GETNUMPORTS((x))) /* Set y to be the low-port value in port_range variable x. */ #define SETLOPORT(x,y) ((x) = ((x) & 0x0000ffff) | ((y) << 0x10)) @@ -189,7 +189,7 @@ set_addr_dynamic(const char *ifn, struct cfg_nat *n) /* Set y to be the number of ports in port_range variable x. */ #define SETNUMPORTS(x,y) ((x) = ((x) & 0xffff0000) | (y)) -static void +static void StrToAddr (const char* str, struct in_addr* addr) { struct hostent* hp; @@ -204,30 +204,30 @@ StrToAddr (const char* str, struct in_addr* addr) memcpy (addr, hp->h_addr, sizeof (struct in_addr)); } -static int +static int StrToPortRange (const char* str, const char* proto, port_range *portRange) { - char* sep; + char* sep; struct servent* sp; char* end; - u_short loPort; - u_short hiPort; + u_short loPort; + u_short hiPort; /* First see if this is a service, return corresponding port if so. */ sp = getservbyname (str,proto); if (sp) { - SETLOPORT(*portRange, ntohs(sp->s_port)); + SETLOPORT(*portRange, ntohs(sp->s_port)); SETNUMPORTS(*portRange, 1); return 0; } - + /* Not a service, see if it's a single port or port range. */ sep = strchr (str, '-'); if (sep == NULL) { - SETLOPORT(*portRange, strtol(str, &end, 10)); + SETLOPORT(*portRange, strtol(str, &end, 10)); if (end != str) { - /* Single port. */ - SETNUMPORTS(*portRange, 1); + /* Single port. */ + SETNUMPORTS(*portRange, 1); return 0; } @@ -240,15 +240,15 @@ StrToPortRange (const char* str, const char* proto, port_range *portRange) SETLOPORT(*portRange, loPort); SETNUMPORTS(*portRange, 0); /* Error by default */ if (loPort <= hiPort) - SETNUMPORTS(*portRange, hiPort - loPort + 1); + SETNUMPORTS(*portRange, hiPort - loPort + 1); if (GETNUMPORTS(*portRange) == 0) - errx (EX_DATAERR, "invalid port range %s", str); + errx (EX_DATAERR, "invalid port range %s", str); return 0; } -static int +static int StrToProto (const char* str) { if (!strcmp (str, "tcp")) @@ -262,9 +262,9 @@ StrToProto (const char* str) errx (EX_DATAERR, "unknown protocol %s. Expected sctp, tcp or udp", str); } -static int -StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto, - port_range *portRange) +static int +StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto, + port_range *portRange) { char* ptr; @@ -281,50 +281,49 @@ StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto, /* End of stuff taken from natd.c. */ -#define INC_ARGCV() do { \ - (*_av)++; \ - (*_ac)--; \ - av = *_av; \ - ac = *_ac; \ +#define INC_ARGCV() do { \ + (*_av)++; \ + (*_ac)--; \ + av = *_av; \ + ac = *_ac; \ } while(0) -/* - * The next 3 functions add support for the addr, port and proto redirect and - * their logic is loosely based on SetupAddressRedirect(), SetupPortRedirect() +/* + * The next 3 functions add support for the addr, port and proto redirect and + * their logic is loosely based on SetupAddressRedirect(), SetupPortRedirect() * and SetupProtoRedirect() from natd.c. * - * Every setup_* function fills at least one redirect entry - * (struct cfg_redir) and zero or more server pool entry (struct cfg_spool) + * Every setup_* function fills at least one redirect entry + * (struct cfg_redir) and zero or more server pool entry (struct cfg_spool) * in buf. - * + * * The format of data in buf is: - * * - * cfg_nat cfg_redir cfg_spool ...... cfg_spool + * cfg_nat cfg_redir cfg_spool ...... cfg_spool * * ------------------------------------- ------------ * | | .....X ... | | | | ..... * ------------------------------------- ...... ------------ - * ^ + * ^ * spool_cnt n=0 ...... n=(X-1) * * len points to the amount of available space in buf * space counts the memory consumed by every function * - * XXX - Every function get all the argv params so it + * XXX - Every function get all the argv params so it * has to check, in optional parameters, that the next - * args is a valid option for the redir entry and not - * another token. Only redir_port and redir_proto are + * args is a valid option for the redir entry and not + * another token. Only redir_port and redir_proto are * affected by this. */ static int setup_redir_addr(char *spool_buf, unsigned int len, - int *_ac, char ***_av) + int *_ac, char ***_av) { char **av, *sep; /* Token separator. */ /* Temporary buffer used to hold server pool ip's. */ - char tmp_spool_buf[NAT_BUF_LEN]; + char tmp_spool_buf[NAT_BUF_LEN]; int ac, space, lsnat; struct cfg_redir *r; struct cfg_spool *tmp; @@ -339,11 +338,11 @@ setup_redir_addr(char *spool_buf, unsigned int len, spool_buf = &spool_buf[SOF_REDIR]; space = SOF_REDIR; len -= SOF_REDIR; - } else - goto nospace; + } else + goto nospace; r->mode = REDIR_ADDR; /* Extract local address. */ - if (ac == 0) + if (ac == 0) errx(EX_DATAERR, "redirect_addr: missing local address"); sep = strchr(*av, ','); if (sep) { /* LSNAT redirection syntax. */ @@ -351,12 +350,12 @@ setup_redir_addr(char *spool_buf, unsigned int len, /* Preserve av, copy spool servers to tmp_spool_buf. */ strncpy(tmp_spool_buf, *av, strlen(*av)+1); lsnat = 1; - } else + } else StrToAddr(*av, &r->laddr); INC_ARGCV(); /* Extract public address. */ - if (ac == 0) + if (ac == 0) errx(EX_DATAERR, "redirect_addr: missing public address"); StrToAddr(*av, &r->paddr); INC_ARGCV(); @@ -385,7 +384,7 @@ nospace: static int setup_redir_port(char *spool_buf, unsigned int len, - int *_ac, char ***_av) + int *_ac, char ***_av) { char **av, *sep, *protoName; char tmp_spool_buf[NAT_BUF_LEN]; @@ -407,8 +406,8 @@ setup_redir_port(char *spool_buf, unsigned int len, spool_buf = &spool_buf[SOF_REDIR]; space = SOF_REDIR; len -= SOF_REDIR; - } else - goto nospace; + } else + goto nospace; r->mode = REDIR_PORT; /* * Extract protocol. @@ -436,8 +435,8 @@ setup_redir_port(char *spool_buf, unsigned int len, lsnat = 1; } else { /* - * The sctp nat does not allow the port numbers to be mapped to - * new port numbers. Therefore, no ports are to be specified + * The sctp nat does not allow the port numbers to be mapped to + * new port numbers. Therefore, no ports are to be specified * in the target port field. */ if (r->proto == IPPROTO_SCTP) { @@ -448,7 +447,7 @@ setup_redir_port(char *spool_buf, unsigned int len, else StrToAddr(*av, &r->laddr); } else { - if (StrToAddrAndPortRange (*av, &r->laddr, protoName, + if (StrToAddrAndPortRange (*av, &r->laddr, protoName, &portRange) != 0) errx(EX_DATAERR, "redirect_port:" "invalid local port range"); @@ -467,14 +466,14 @@ setup_redir_port(char *spool_buf, unsigned int len, sep = strchr (*av, ':'); if (sep) { - if (StrToAddrAndPortRange (*av, &r->paddr, protoName, + if (StrToAddrAndPortRange (*av, &r->paddr, protoName, &portRange) != 0) - errx(EX_DATAERR, "redirect_port:" + errx(EX_DATAERR, "redirect_port:" "invalid public port range"); } else { r->paddr.s_addr = INADDR_ANY; if (StrToPortRange (*av, protoName, &portRange) != 0) - errx(EX_DATAERR, "redirect_port:" + errx(EX_DATAERR, "redirect_port:" "invalid public port range"); } @@ -489,19 +488,19 @@ setup_redir_port(char *spool_buf, unsigned int len, /* * Extract remote address and optionally port. */ - /* + /* * NB: isalpha(**av) => we've to check that next parameter is really an * option for this redirect entry, else stop here processing arg[cv]. */ - if (ac != 0 && !isalpha(**av)) { + if (ac != 0 && !isalpha(**av)) { sep = strchr (*av, ':'); if (sep) { - if (StrToAddrAndPortRange (*av, &r->raddr, protoName, + if (StrToAddrAndPortRange (*av, &r->raddr, protoName, &portRange) != 0) errx(EX_DATAERR, "redirect_port:" "invalid remote port range"); } else { - SETLOPORT(portRange, 0); + SETLOPORT(portRange, 0); SETNUMPORTS(portRange, 1); StrToAddr (*av, &r->raddr); } @@ -514,17 +513,17 @@ setup_redir_port(char *spool_buf, unsigned int len, r->rport = GETLOPORT(portRange); r->rport_cnt = GETNUMPORTS(portRange); - /* + /* * Make sure port ranges match up, then add the redirect ports. */ if (numLocalPorts != r->pport_cnt) - errx(EX_DATAERR, "redirect_port:" + errx(EX_DATAERR, "redirect_port:" "port ranges must be equal in size"); /* Remote port range is allowed to be '0' which means all ports. */ - if (r->rport_cnt != numLocalPorts && + if (r->rport_cnt != numLocalPorts && (r->rport_cnt != 1 || r->rport != 0)) - errx(EX_DATAERR, "redirect_port: remote port must" + errx(EX_DATAERR, "redirect_port: remote port must" "be 0 or equal to local port range in size"); /* @@ -553,7 +552,7 @@ setup_redir_port(char *spool_buf, unsigned int len, tmp->port = r->pport; } } else { - if (StrToAddrAndPortRange(sep, &tmp->addr, + if (StrToAddrAndPortRange(sep, &tmp->addr, protoName, &portRange) != 0) errx(EX_DATAERR, "redirect_port:" "invalid local port range"); @@ -576,7 +575,7 @@ nospace: static int setup_redir_proto(char *spool_buf, unsigned int len, - int *_ac, char ***_av) + int *_ac, char ***_av) { char **av; int ac, space; @@ -591,7 +590,7 @@ setup_redir_proto(char *spool_buf, unsigned int len, spool_buf = &spool_buf[SOF_REDIR]; space = SOF_REDIR; len -= SOF_REDIR; - } else + } else goto nospace; r->mode = REDIR_PROTO; /* @@ -700,7 +699,7 @@ print_nat_config(unsigned char *buf) s = (struct cfg_spool *)&buf[off]; if (i) printf(","); - else + else printf(" "); printf("%s", inet_ntoa(s->addr)); off += SOF_SPOOL; @@ -713,21 +712,21 @@ print_nat_config(unsigned char *buf) if (!t->spool_cnt) { printf("%s:%u", inet_ntoa(t->laddr), t->lport); if (t->pport_cnt > 1) - printf("-%u", t->lport + + printf("-%u", t->lport + t->pport_cnt - 1); } else for (i=0; i < t->spool_cnt; i++) { s = (struct cfg_spool *)&buf[off]; if (i) printf(","); - printf("%s:%u", inet_ntoa(s->addr), + printf("%s:%u", inet_ntoa(s->addr), s->port); off += SOF_SPOOL; } printf(" "); if (t->paddr.s_addr) - printf("%s:", inet_ntoa(t->paddr)); + printf("%s:", inet_ntoa(t->paddr)); printf("%u", t->pport); if (!t->spool_cnt && t->pport_cnt > 1) printf("-%u", t->pport + t->pport_cnt - 1); @@ -737,14 +736,14 @@ print_nat_config(unsigned char *buf) if (t->rport) { printf(":%u", t->rport); if (!t->spool_cnt && t->rport_cnt > 1) - printf("-%u", t->rport + + printf("-%u", t->rport + t->rport_cnt - 1); } } break; case REDIR_PROTO: p = getprotobynumber(t->proto); - printf(" redirect_proto %s %s", p->p_name, + printf(" redirect_proto %s %s", p->p_name, inet_ntoa(t->laddr)); if (t->paddr.s_addr != 0) { printf(" %s", inet_ntoa(t->paddr)); @@ -763,7 +762,7 @@ print_nat_config(unsigned char *buf) void ipfw_config_nat(int ac, char **av) { - struct cfg_nat *n; /* Nat instance configuration. */ + struct cfg_nat *n; /* Nat instance configuration. */ int i, len, off, tok; char *id, buf[NAT_BUF_LEN]; /* Buffer for serialized data. */ @@ -777,12 +776,12 @@ ipfw_config_nat(int ac, char **av) /* Nat id. */ if (ac && isdigit(**av)) { id = *av; - i = atoi(*av); + i = atoi(*av); ac--; av++; n->id = i; - } else + } else errx(EX_DATAERR, "missing nat id"); - if (ac == 0) + if (ac == 0) errx(EX_DATAERR, "missing option"); while (ac > 0) { @@ -790,15 +789,15 @@ ipfw_config_nat(int ac, char **av) ac--; av++; switch (tok) { case TOK_IP: - if (ac == 0) + if (ac == 0) errx(EX_DATAERR, "missing option"); if (!inet_aton(av[0], &(n->ip))) - errx(EX_DATAERR, "bad ip address ``%s''", + errx(EX_DATAERR, "bad ip address ``%s''", av[0]); ac--; av++; - break; + break; case TOK_IF: - if (ac == 0) + if (ac == 0) errx(EX_DATAERR, "missing option"); set_addr_dynamic(av[0], n); ac--; av++; @@ -824,9 +823,9 @@ ipfw_config_nat(int ac, char **av) case TOK_PROXY_ONLY: n->mode |= PKT_ALIAS_PROXY_ONLY; break; - /* - * All the setup_redir_* functions work directly in the final - * buffer, see above for details. + /* + * All the setup_redir_* functions work directly in + * the final buffer, see above for details. */ case TOK_REDIR_ADDR: case TOK_REDIR_PORT: @@ -834,10 +833,10 @@ ipfw_config_nat(int ac, char **av) switch (tok) { case TOK_REDIR_ADDR: i = setup_redir_addr(&buf[off], len, &ac, &av); - break; + break; case TOK_REDIR_PORT: i = setup_redir_port(&buf[off], len, &ac, &av); - break; + break; case TOK_REDIR_PROTO: i = setup_redir_proto(&buf[off], len, &ac, &av); break; @@ -888,7 +887,7 @@ ipfw_show_nat(int ac, char **av) /* Parse parameters. */ for (cmd = IP_FW_NAT_GET_LOG, do_cfg = 0; ac != 0; ac--, av++) { if (!strncmp(av[0], "config", strlen(av[0]))) { - cmd = IP_FW_NAT_GET_CONFIG, do_cfg = 1; + cmd = IP_FW_NAT_GET_CONFIG, do_cfg = 1; continue; } /* Convert command line rule #. */ @@ -920,7 +919,7 @@ ipfw_show_nat(int ac, char **av) i += sizeof(struct cfg_nat); for (redir_cnt = 0; redir_cnt < n->redir_cnt; redir_cnt++) { e = (struct cfg_redir *)&data[i]; - i += sizeof(struct cfg_redir) + e->spool_cnt * + i += sizeof(struct cfg_redir) + e->spool_cnt * sizeof(struct cfg_spool); } } |