1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp $
*/
#include "ipf.h"
/*
* Parses "keep state" and "keep frags" stuff on the end of a line.
*/
int addkeep(cp, fp, linenum)
char ***cp;
struct frentry *fp;
int linenum;
{
char *s;
(*cp)++;
if (!**cp) {
fprintf(stderr, "%d: Missing state/frag after keep\n",
linenum);
return -1;
}
if (!strcasecmp(**cp, "state")) {
fp->fr_flags |= FR_KEEPSTATE;
(*cp)++;
if (**cp && !strcasecmp(**cp, "limit")) {
(*cp)++;
fp->fr_statemax = atoi(**cp);
(*cp)++;
}
if (**cp && !strcasecmp(**cp, "scan")) {
(*cp)++;
if (!strcmp(**cp, "*")) {
fp->fr_isc = NULL;
fp->fr_isctag[0] = '\0';
} else {
strncpy(fp->fr_isctag, **cp,
sizeof(fp->fr_isctag));
fp->fr_isctag[sizeof(fp->fr_isctag)-1] = '\0';
fp->fr_isc = NULL;
}
(*cp)++;
} else
fp->fr_isc = (struct ipscan *)-1;
} else if (!strncasecmp(**cp, "frag", 4)) {
fp->fr_flags |= FR_KEEPFRAG;
(*cp)++;
} else if (!strcasecmp(**cp, "state-age")) {
if (fp->fr_ip.fi_p == IPPROTO_TCP) {
fprintf(stderr, "%d: cannot use state-age with tcp\n",
linenum);
return -1;
}
if ((fp->fr_flags & FR_KEEPSTATE) == 0) {
fprintf(stderr, "%d: state-age with no 'keep state'\n",
linenum);
return -1;
}
(*cp)++;
if (!**cp) {
fprintf(stderr, "%d: state-age with no arg\n",
linenum);
return -1;
}
fp->fr_age[0] = atoi(**cp);
s = strchr(**cp, '/');
if (s != NULL) {
s++;
fp->fr_age[1] = atoi(s);
} else
fp->fr_age[1] = fp->fr_age[0];
} else {
fprintf(stderr, "%d: Unrecognised state keyword \"%s\"\n",
linenum, **cp);
return -1;
}
return 0;
}
|