[Midnightbsd-cvs] src [11872] trunk/contrib/ipfilter/lib: remove old files
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Jul 15 14:19:14 EDT 2018
Revision: 11872
http://svnweb.midnightbsd.org/src/?rev=11872
Author: laffer1
Date: 2018-07-15 14:19:14 -0400 (Sun, 15 Jul 2018)
Log Message:
-----------
remove old files
Removed Paths:
-------------
trunk/contrib/ipfilter/lib/ipft_td.c
trunk/contrib/ipfilter/lib/loglevel.c
trunk/contrib/ipfilter/lib/make_range.c
trunk/contrib/ipfilter/lib/natparse.c
trunk/contrib/ipfilter/lib/parse.c
trunk/contrib/ipfilter/lib/portnum.c
trunk/contrib/ipfilter/lib/ports.c
trunk/contrib/ipfilter/lib/ratoi.c
trunk/contrib/ipfilter/lib/ratoui.c
trunk/contrib/ipfilter/lib/to_interface.c
Deleted: trunk/contrib/ipfilter/lib/ipft_td.c
===================================================================
--- trunk/contrib/ipfilter/lib/ipft_td.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/ipft_td.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,178 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2000-2006 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * $Id: ipft_td.c,v 1.1.1.3 2012-07-21 15:01:08 laffer1 Exp $
- */
-
-/*
-tcpdump -n
-
-00:05:47.816843 128.231.76.76.3291 > 224.2.252.231.36573: udp 36 (encap)
-
-tcpdump -nq
-
-00:33:48.410771 192.73.213.11.1463 > 224.2.248.153.59360: udp 31 (encap)
-
-tcpdump -nqt
-
-128.250.133.13.23 > 128.250.20.20.2419: tcp 27
-
-tcpdump -nqtt
-
-123456789.1234567 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
-
-tcpdump -nqte
-
-8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
-
-*/
-
-#include "ipf.h"
-#include "ipt.h"
-
-#ifndef linux
-#include <netinet/ip_var.h>
-#endif
-#include <netinet/tcpip.h>
-
-
-#if !defined(lint)
-static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.1.1.3 2012-07-21 15:01:08 laffer1 Exp $";
-#endif
-
-static int tcpd_open __P((char *));
-static int tcpd_close __P((void));
-static int tcpd_readip __P((char *, int, char **, int *));
-static int count_dots __P((char *));
-
-struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip, 0 };
-
-static FILE *tfp = NULL;
-static int tfd = -1;
-
-
-static int tcpd_open(fname)
-char *fname;
-{
- if (tfd != -1)
- return tfd;
-
- if (!strcmp(fname, "-")) {
- tfd = 0;
- tfp = stdin;
- } else {
- tfd = open(fname, O_RDONLY);
- tfp = fdopen(tfd, "r");
- }
- return tfd;
-}
-
-
-static int tcpd_close()
-{
- (void) fclose(tfp);
- return close(tfd);
-}
-
-
-static int count_dots(str)
-char *str;
-{
- int i = 0;
-
- while (*str)
- if (*str++ == '.')
- i++;
- return i;
-}
-
-
-static int tcpd_readip(buf, cnt, ifn, dir)
-char *buf, **ifn;
-int cnt, *dir;
-{
- struct tcpiphdr pkt;
- ip_t *ip = (ip_t *)&pkt;
- char src[32], dst[32], misc[256], time[32], link1[32], link2[32];
- char lbuf[160], *s;
- int n, slen, extra = 0;
-
- if (!fgets(lbuf, sizeof(lbuf) - 1, tfp))
- return 0;
-
- if ((s = strchr(lbuf, '\n')))
- *s = '\0';
- lbuf[sizeof(lbuf)-1] = '\0';
-
- bzero(&pkt, sizeof(pkt));
-
- if ((n = sscanf(lbuf, "%31s > %31s: %255s", src, dst, misc)) != 3)
- if ((n = sscanf(lbuf, "%31s %31s > %31s: %255s",
- time, src, dst, misc)) != 4)
- if ((n = sscanf(lbuf, "%31s %31s: %31s > %31s: %255s",
- link1, link2, src, dst, misc)) != 5) {
- n = sscanf(lbuf,
- "%31s %31s %31s: %31s > %31s: %255s",
- time, link1, link2, src, dst, misc);
- if (n != 6)
- return -1;
- }
-
- if (count_dots(dst) == 4) {
- s = strrchr(src, '.');
- *s++ = '\0';
- (void) inet_aton(src, &ip->ip_src);
- pkt.ti_sport = htons(atoi(s));
- *--s = '.';
- s = strrchr(dst, '.');
-
- *s++ = '\0';
- (void) inet_aton(src, &ip->ip_dst);
- pkt.ti_dport = htons(atoi(s));
- *--s = '.';
-
- } else {
- (void) inet_aton(src, &ip->ip_src);
- (void) inet_aton(src, &ip->ip_dst);
- }
- ip->ip_len = sizeof(ip_t);
- IP_HL_A(ip, sizeof(ip_t));
-
- s = strtok(misc, " :");
- if (s == NULL)
- return 0;
- ip->ip_p = getproto(s);
-
- switch (ip->ip_p)
- {
- case IPPROTO_TCP :
- case IPPROTO_UDP :
- s = strtok(NULL, " :");
- if (s == NULL)
- return 0;
- ip->ip_len += atoi(s);
- if (ip->ip_p == IPPROTO_TCP)
- extra = sizeof(struct tcphdr);
- else if (ip->ip_p == IPPROTO_UDP)
- extra = sizeof(struct udphdr);
- break;
-#ifdef IGMP
- case IPPROTO_IGMP :
- extra = sizeof(struct igmp);
- break;
-#endif
- case IPPROTO_ICMP :
- extra = sizeof(struct icmp);
- break;
- default :
- break;
- }
-
- slen = IP_HL(ip) + extra + ip->ip_len;
- return slen;
-}
Deleted: trunk/contrib/ipfilter/lib/loglevel.c
===================================================================
--- trunk/contrib/ipfilter/lib/loglevel.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/loglevel.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,55 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/loglevel.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp
- */
-
-#include "ipf.h"
-
-
-int loglevel(cpp, facpri, linenum)
-char **cpp;
-u_int *facpri;
-int linenum;
-{
- int fac, pri;
- char *s;
-
- fac = 0;
- pri = 0;
- if (!*++cpp) {
- fprintf(stderr, "%d: %s\n", linenum,
- "missing identifier after level");
- return -1;
- }
-
- s = strchr(*cpp, '.');
- if (s) {
- *s++ = '\0';
- fac = fac_findname(*cpp);
- if (fac == -1) {
- fprintf(stderr, "%d: %s %s\n", linenum,
- "Unknown facility", *cpp);
- return -1;
- }
- pri = pri_findname(s);
- if (pri == -1) {
- fprintf(stderr, "%d: %s %s\n", linenum,
- "Unknown priority", s);
- return -1;
- }
- } else {
- pri = pri_findname(*cpp);
- if (pri == -1) {
- fprintf(stderr, "%d: %s %s\n", linenum,
- "Unknown priority", *cpp);
- return -1;
- }
- }
- *facpri = fac|pri;
- return 0;
-}
Deleted: trunk/contrib/ipfilter/lib/make_range.c
===================================================================
--- trunk/contrib/ipfilter/lib/make_range.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/make_range.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,26 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/make_range.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 2002 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp
- */
-#include "ipf.h"
-
-
-alist_t *make_range(not, a1, a2)
-int not;
-struct in_addr a1, a2;
-{
- alist_t *a;
-
- a = (alist_t *)calloc(1, sizeof(*a));
- if (a != NULL) {
- a->al_1 = a1.s_addr;
- a->al_2 = a2.s_addr;
- a->al_not = not;
- }
- return a;
-}
Deleted: trunk/contrib/ipfilter/lib/natparse.c
===================================================================
--- trunk/contrib/ipfilter/lib/natparse.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/natparse.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,730 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/natparse.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-#if !defined(lint)
-static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp";
-#endif
-
-#include <sys/ioctl.h>
-#include <errno.h>
-#include <ctype.h>
-
-#include "ipf.h"
-#include "opts.h"
-
-
-void nat_setgroupmap(n)
-ipnat_t *n;
-{
- if (n->in_outmsk == n->in_inmsk)
- n->in_ippip = 1;
- else if (n->in_flags & IPN_AUTOPORTMAP) {
- n->in_ippip = ~ntohl(n->in_inmsk);
- if (n->in_outmsk != 0xffffffff)
- n->in_ippip /= (~ntohl(n->in_outmsk) + 1);
- n->in_ippip++;
- if (n->in_ippip == 0)
- n->in_ippip = 1;
- n->in_ppip = USABLE_PORTS / n->in_ippip;
- } else {
- n->in_space = USABLE_PORTS * ~ntohl(n->in_outmsk);
- n->in_nip = 0;
- if (!(n->in_ppip = n->in_pmin))
- n->in_ppip = 1;
- n->in_ippip = USABLE_PORTS / n->in_ppip;
- }
-}
-
-
-
-ipnat_t *natparse(line, linenum)
-char *line;
-int linenum;
-{
- static ipnat_t ipn;
- struct protoent *pr;
- char *dnetm = NULL, *dport = NULL, *proto = NULL;
- char *s, *t, *cps[31], **cpp;
- int i, cnt;
-
-
- if ((s = strchr(line, '\n')))
- *s = '\0';
- if ((s = strchr(line, '#')))
- *s = '\0';
- while (*line && ISSPACE(*line))
- line++;
- if (!*line)
- return NULL;
-
- bzero((char *)&ipn, sizeof(ipn));
- cnt = 0;
-
- for (i = 0, *cps = strtok(line, " \b\t\r\n"); cps[i] && i < 30; cnt++)
- cps[++i] = strtok(NULL, " \b\t\r\n");
-
- cps[i] = NULL;
-
- if (cnt < 3) {
- fprintf(stderr, "%d: not enough segments in line\n", linenum);
- return NULL;
- }
-
- cpp = cps;
-
- if (!strcasecmp(*cpp, "map"))
- ipn.in_redir = NAT_MAP;
- else if (!strcasecmp(*cpp, "map-block"))
- ipn.in_redir = NAT_MAPBLK;
- else if (!strcasecmp(*cpp, "rdr"))
- ipn.in_redir = NAT_REDIRECT;
- else if (!strcasecmp(*cpp, "bimap"))
- ipn.in_redir = NAT_BIMAP;
- else {
- fprintf(stderr, "%d: unknown mapping: \"%s\"\n",
- linenum, *cpp);
- return NULL;
- }
-
- cpp++;
-
- strncpy(ipn.in_ifnames[0], *cpp, sizeof(ipn.in_ifnames[0]) - 1);
- ipn.in_ifnames[0][sizeof(ipn.in_ifnames[0]) - 1] = '\0';
- cpp++;
-
- if (!strcasecmp(*cpp, "from") || (**cpp == '!')) {
- if (!strcmp(*cpp, "!")) {
- cpp++;
- if (strcasecmp(*cpp, "from")) {
- fprintf(stderr, "Missing from after !\n");
- return NULL;
- }
- ipn.in_flags |= IPN_NOTSRC;
- } else if (**cpp == '!') {
- if (strcasecmp(*cpp + 1, "from")) {
- fprintf(stderr, "Missing from after !\n");
- return NULL;
- }
- ipn.in_flags |= IPN_NOTSRC;
- }
- if ((ipn.in_flags & IPN_NOTSRC) &&
- (ipn.in_redir & (NAT_MAP|NAT_MAPBLK))) {
- fprintf(stderr, "Cannot use '! from' with map\n");
- return NULL;
- }
-
- ipn.in_flags |= IPN_FILTER;
- cpp++;
- if (ipn.in_redir == NAT_REDIRECT) {
- if (hostmask(&cpp, proto, NULL,
- (u_32_t *)&ipn.in_srcip,
- (u_32_t *)&ipn.in_srcmsk, linenum) == -1)
- return NULL;
-
- if (ports(&cpp, proto, &ipn.in_sport,
- &ipn.in_scmp, &ipn.in_stop, linenum))
- return NULL;
- } else {
- if (hostmask(&cpp, proto, NULL,
- (u_32_t *)&ipn.in_inip,
- (u_32_t *)&ipn.in_inmsk, linenum) == -1)
- return NULL;
-
- if (ports(&cpp, proto, &ipn.in_dport,
- &ipn.in_dcmp, &ipn.in_dtop, linenum))
- return NULL;
- }
-
- if (!strcmp(*cpp, "!")) {
- cpp++;
- ipn.in_flags |= IPN_NOTDST;
- } else if (**cpp == '!') {
- (*cpp)++;
- ipn.in_flags |= IPN_NOTDST;
- }
-
- if (strcasecmp(*cpp, "to")) {
- fprintf(stderr, "%d: unexpected keyword (%s) - to\n",
- linenum, *cpp);
- return NULL;
- }
- if ((ipn.in_flags & IPN_NOTDST) &&
- (ipn.in_redir & (NAT_REDIRECT))) {
- fprintf(stderr, "Cannot use '! to' with rdr\n");
- return NULL;
- }
-
- if (!*++cpp) {
- fprintf(stderr, "%d: missing host after to\n", linenum);
- return NULL;
- }
- if (ipn.in_redir == NAT_REDIRECT) {
- if (hostmask(&cpp, proto, NULL,
- (u_32_t *)&ipn.in_outip,
- (u_32_t *)&ipn.in_outmsk, linenum))
- return NULL;
-
- if (ports(&cpp, proto, &ipn.in_dport,
- &ipn.in_dcmp, &ipn.in_dtop, linenum))
- return NULL;
- ipn.in_pmin = htons(ipn.in_dport);
- } else {
- if (hostmask(&cpp, proto, NULL,
- (u_32_t *)&ipn.in_srcip,
- (u_32_t *)&ipn.in_srcmsk, linenum))
- return NULL;
-
- if (ports(&cpp, proto, &ipn.in_sport,
- &ipn.in_scmp, &ipn.in_stop, linenum))
- return NULL;
- }
- } else {
- s = *cpp;
- if (!s)
- return NULL;
- t = strchr(s, '/');
- if (!t)
- return NULL;
- *t++ = '\0';
- if (ipn.in_redir == NAT_REDIRECT) {
- if (hostnum((u_32_t *)&ipn.in_outip, s, linenum, NULL))
- return NULL;
- if (genmask(t, (u_32_t *)&ipn.in_outmsk) == -1) {
- return NULL;
- }
- } else {
- if (hostnum((u_32_t *)&ipn.in_inip, s, linenum, NULL))
- return NULL;
- if (genmask(t, (u_32_t *)&ipn.in_inmsk) == -1) {
- return NULL;
- }
- }
- cpp++;
- if (!*cpp)
- return NULL;
- }
-
- if ((ipn.in_redir == NAT_REDIRECT) && !(ipn.in_flags & IPN_FILTER)) {
- if (strcasecmp(*cpp, "port")) {
- fprintf(stderr, "%d: missing fields - 1st port\n",
- linenum);
- return NULL;
- }
-
- cpp++;
-
- if (!*cpp) {
- fprintf(stderr,
- "%d: missing fields (destination port)\n",
- linenum);
- return NULL;
- }
-
- if (ISDIGIT(**cpp) && (s = strchr(*cpp, '-')))
- *s++ = '\0';
- else
- s = NULL;
-
- if (!portnum(*cpp, proto, &ipn.in_pmin, linenum))
- return NULL;
- ipn.in_pmin = htons(ipn.in_pmin);
- cpp++;
-
- if (!strcmp(*cpp, "-")) {
- cpp++;
- s = *cpp++;
- }
-
- if (s) {
- if (!portnum(s, proto, &ipn.in_pmax, linenum))
- return NULL;
- ipn.in_pmax = htons(ipn.in_pmax);
- } else
- ipn.in_pmax = ipn.in_pmin;
- }
-
- if (!*cpp) {
- fprintf(stderr, "%d: missing fields (->)\n", linenum);
- return NULL;
- }
- if (strcmp(*cpp, "->")) {
- fprintf(stderr, "%d: missing ->\n", linenum);
- return NULL;
- }
- cpp++;
-
- if (!*cpp) {
- fprintf(stderr, "%d: missing fields (%s)\n",
- linenum, ipn.in_redir ? "destination" : "target");
- return NULL;
- }
-
- if (ipn.in_redir == NAT_MAP) {
- if (!strcasecmp(*cpp, "range")) {
- cpp++;
- ipn.in_flags |= IPN_IPRANGE;
- if (!*cpp) {
- fprintf(stderr, "%d: missing fields (%s)\n",
- linenum,
- ipn.in_redir ? "destination":"target");
- return NULL;
- }
- }
- }
-
- if (ipn.in_flags & IPN_IPRANGE) {
- dnetm = strrchr(*cpp, '-');
- if (dnetm == NULL) {
- cpp++;
- if (*cpp && !strcmp(*cpp, "-") && *(cpp + 1))
- dnetm = *(cpp + 1);
- } else
- *dnetm++ = '\0';
- if (dnetm == NULL || *dnetm == '\0') {
- fprintf(stderr,
- "%d: desination range not specified\n",
- linenum);
- return NULL;
- }
- } else if (ipn.in_redir != NAT_REDIRECT) {
- dnetm = strrchr(*cpp, '/');
- if (dnetm == NULL) {
- cpp++;
- if (*cpp && !strcasecmp(*cpp, "netmask"))
- dnetm = *++cpp;
- }
- if (dnetm == NULL) {
- fprintf(stderr,
- "%d: missing fields (dest netmask)\n",
- linenum);
- return NULL;
- }
- if (*dnetm == '/')
- *dnetm++ = '\0';
- }
-
- if (ipn.in_redir == NAT_REDIRECT) {
- dnetm = strchr(*cpp, ',');
- if (dnetm != NULL) {
- ipn.in_flags |= IPN_SPLIT;
- *dnetm++ = '\0';
- }
- if (hostnum((u_32_t *)&ipn.in_inip, *cpp, linenum, NULL))
- return NULL;
- } else {
- if (hostnum((u_32_t *)&ipn.in_outip, *cpp, linenum, NULL))
- return NULL;
- }
- cpp++;
-
- if (ipn.in_redir & NAT_MAPBLK) {
- if (*cpp && strcasecmp(*cpp, "ports")) {
- fprintf(stderr,
- "%d: expected \"ports\" - got \"%s\"\n",
- linenum, *cpp);
- return NULL;
- }
- cpp++;
- if (*cpp) {
- ipn.in_pmin = atoi(*cpp);
- cpp++;
- } else
- ipn.in_pmin = 0;
- } else if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) {
- if (*cpp && strrchr(*cpp, '/') != NULL) {
- fprintf(stderr, "%d: No netmask supported in %s\n",
- linenum, "destination host for redirect");
- return NULL;
- }
- /* If it's a in_redir, expect target port */
-
- if (!*cpp || strcasecmp(*cpp, "port")) {
- fprintf(stderr, "%d: missing fields - 2nd port (%s)\n",
- linenum, *cpp);
- return NULL;
- }
- cpp++;
- if (!*cpp) {
- fprintf(stderr,
- "%d: missing fields (destination port)\n",
- linenum);
- return NULL;
- }
- if (!portnum(*cpp, proto, &ipn.in_pnext, linenum))
- return NULL;
- ipn.in_pnext = htons(ipn.in_pnext);
- cpp++;
- }
- if (dnetm && *dnetm == '/')
- *dnetm++ = '\0';
-
- if (ipn.in_redir & (NAT_MAP|NAT_MAPBLK)) {
- if (ipn.in_flags & IPN_IPRANGE) {
- if (hostnum((u_32_t *)&ipn.in_outmsk, dnetm,
- linenum, NULL) == -1)
- return NULL;
- } else if (genmask(dnetm, (u_32_t *)&ipn.in_outmsk))
- return NULL;
- } else {
- if (ipn.in_flags & IPN_SPLIT) {
- if (hostnum((u_32_t *)&ipn.in_inmsk, dnetm,
- linenum, NULL) == -1)
- return NULL;
- } else if (genmask("255.255.255.255", (u_32_t *)&ipn.in_inmsk))
- return NULL;
- if (!*cpp) {
- ipn.in_flags |= IPN_TCP; /* XXX- TCP only by default */
- proto = "tcp";
- } else {
- if (!strcasecmp(*cpp, "tcp"))
- ipn.in_flags |= IPN_TCP;
- else if (!strcasecmp(*cpp, "udp"))
- ipn.in_flags |= IPN_UDP;
- else if (!strcasecmp(*cpp, "tcp/udp"))
- ipn.in_flags |= IPN_TCPUDP;
- else if (!strcasecmp(*cpp, "tcpudp"))
- ipn.in_flags |= IPN_TCPUDP;
- else if (!strcasecmp(*cpp, "ip"))
- ipn.in_flags |= IPN_ANY;
- else {
- ipn.in_flags |= IPN_ANY;
- ipn.in_p = getproto(*cpp);
- }
- proto = *cpp;
- cpp++;
-
- if (*cpp && !strcasecmp(*cpp, "round-robin")) {
- cpp++;
- ipn.in_flags |= IPN_ROUNDR;
- }
-
- if (*cpp && !strcasecmp(*cpp, "frag")) {
- cpp++;
- ipn.in_flags |= IPN_FRAG;
- }
-
- if (*cpp && !strcasecmp(*cpp, "age")) {
- cpp++;
- if (!*cpp) {
- fprintf(stderr,
- "%d: age with no parameters\n",
- linenum);
- return NULL;
- }
-
- ipn.in_age[0] = atoi(*cpp);
- s = strchr(*cpp, '/');
- if (s != NULL)
- ipn.in_age[1] = atoi(s + 1);
- else
- ipn.in_age[1] = ipn.in_age[0];
- cpp++;
- }
-
- if (*cpp && !strcasecmp(*cpp, "mssclamp")) {
- cpp++;
- if (*cpp) {
- ipn.in_mssclamp = atoi(*cpp);
- cpp++;
- } else {
- fprintf(stderr,
- "%d: mssclamp with no parameters\n",
- linenum);
- return NULL;
- }
- }
-
- if (*cpp) {
- fprintf(stderr,
- "%d: extra junk at the end of rdr: %s\n",
- linenum, *cpp);
- return NULL;
- }
- }
- }
-
- if (!(ipn.in_flags & IPN_SPLIT))
- ipn.in_inip &= ipn.in_inmsk;
- if ((ipn.in_flags & IPN_IPRANGE) == 0)
- ipn.in_outip &= ipn.in_outmsk;
- ipn.in_srcip &= ipn.in_srcmsk;
-
- if ((ipn.in_redir & NAT_MAPBLK) != 0)
- nat_setgroupmap(&ipn);
-
- if (*cpp && !strcasecmp(*cpp, "frag")) {
- cpp++;
- ipn.in_flags |= IPN_ROUNDR;
- }
-
- if (!*cpp)
- return &ipn;
-
- if (ipn.in_redir != NAT_BIMAP && !strcasecmp(*cpp, "proxy")) {
- if (ipn.in_redir == NAT_BIMAP) {
- fprintf(stderr, "%d: cannot use proxy with bimap\n",
- linenum);
- return NULL;
- }
-
- cpp++;
- if (!*cpp) {
- fprintf(stderr,
- "%d: missing parameter for \"proxy\"\n",
- linenum);
- return NULL;
- }
- dport = NULL;
-
- if (!strcasecmp(*cpp, "port")) {
- cpp++;
- if (!*cpp) {
- fprintf(stderr,
- "%d: missing parameter for \"port\"\n",
- linenum);
- return NULL;
- }
-
- dport = *cpp;
- cpp++;
-
- if (!*cpp) {
- fprintf(stderr,
- "%d: missing parameter for \"proxy\"\n",
- linenum);
- return NULL;
- }
- } else {
- fprintf(stderr,
- "%d: missing keyword \"port\"\n", linenum);
- return NULL;
- }
-
- if ((proto = strchr(*cpp, '/'))) {
- *proto++ = '\0';
- ipn.in_p = getproto(proto);
- } else
- ipn.in_p = 0;
-
- if (dport && !portnum(dport, proto, &ipn.in_dport, linenum))
- return NULL;
- ipn.in_dport = htons(ipn.in_dport);
-
- (void) strncpy(ipn.in_plabel, *cpp, sizeof(ipn.in_plabel));
- cpp++;
-
- if (*cpp) {
- fprintf(stderr,
- "%d: too many parameters for \"proxy\"\n",
- linenum);
- return NULL;
- }
- return &ipn;
- }
-
-
- if (!strcasecmp(*cpp, "icmpidmap")) {
-
- cpp++;
- if (!*cpp) {
- fprintf(stderr,
- "%d: icmpidmap misses protocol and range\n",
- linenum);
- return NULL;
- };
-
- if (!strcasecmp(*cpp, "icmp"))
- ipn.in_flags = IPN_ICMPQUERY;
- else {
- fprintf(stderr, "%d: icmpidmap only valid for icmp\n",
- linenum);
- return NULL;
- }
- cpp++;
-
- if (!*cpp) {
- fprintf(stderr, "%d: no icmp id argument found\n",
- linenum);
- return NULL;
- }
-
- if (!(t = strchr(*cpp, ':'))) {
- fprintf(stderr,
- "%d: no icmp id range detected in \"%s\"\n",
- linenum, *cpp);
- return NULL;
- }
- *t++ = '\0';
-
- if (!icmpidnum(*cpp, &ipn.in_pmin, linenum) ||
- !icmpidnum(t, &ipn.in_pmax, linenum))
- return NULL;
- } else if (!strcasecmp(*cpp, "portmap")) {
- if (ipn.in_redir == NAT_BIMAP) {
- fprintf(stderr, "%d: cannot use proxy with bimap\n",
- linenum);
- return NULL;
- }
- cpp++;
- if (!*cpp) {
- fprintf(stderr,
- "%d: missing expression following portmap\n",
- linenum);
- return NULL;
- }
-
- if (!strcasecmp(*cpp, "tcp"))
- ipn.in_flags |= IPN_TCP;
- else if (!strcasecmp(*cpp, "udp"))
- ipn.in_flags |= IPN_UDP;
- else if (!strcasecmp(*cpp, "tcpudp"))
- ipn.in_flags |= IPN_TCPUDP;
- else if (!strcasecmp(*cpp, "tcp/udp"))
- ipn.in_flags |= IPN_TCPUDP;
- else {
- fprintf(stderr,
- "%d: expected protocol name - got \"%s\"\n",
- linenum, *cpp);
- return NULL;
- }
- proto = *cpp;
- cpp++;
-
- if (!*cpp) {
- fprintf(stderr, "%d: no port range found\n", linenum);
- return NULL;
- }
-
- if (!strcasecmp(*cpp, "auto")) {
- ipn.in_flags |= IPN_AUTOPORTMAP;
- ipn.in_pmin = htons(1024);
- ipn.in_pmax = htons(65535);
- nat_setgroupmap(&ipn);
- } else {
- if (!(t = strchr(*cpp, ':'))) {
- fprintf(stderr,
- "%d: no port range in \"%s\"\n",
- linenum, *cpp);
- return NULL;
- }
- *t++ = '\0';
- if (!portnum(*cpp, proto, &ipn.in_pmin, linenum) ||
- !portnum(t, proto, &ipn.in_pmax, linenum))
- return NULL;
- }
- cpp++;
- }
-
- if (*cpp && !strcasecmp(*cpp, "round-robin")) {
- cpp++;
- ipn.in_flags |= IPN_ROUNDR;
- }
-
- if (*cpp && !strcasecmp(*cpp, "age")) {
- cpp++;
- if (!*cpp) {
- fprintf(stderr, "%d: age with no parameters\n",
- linenum);
- return NULL;
- }
- s = strchr(*cpp, '/');
- if (s != NULL)
- ipn.in_age[1] = atoi(s + 1);
- else
- ipn.in_age[1] = ipn.in_age[0];
- cpp++;
- }
-
- if (*cpp && !strcasecmp(*cpp, "mssclamp")) {
- cpp++;
- if (*cpp) {
- ipn.in_mssclamp = atoi(*cpp);
- cpp++;
- } else {
- fprintf(stderr, "%d: mssclamp with no parameters\n",
- linenum);
- return NULL;
- }
- }
-
- if (*cpp) {
- fprintf(stderr, "%d: extra junk at the end of the line: %s\n",
- linenum, *cpp);
- return NULL;
- }
-
- ipn.in_pmin = htons(ipn.in_pmin);
- ipn.in_pmax = htons(ipn.in_pmax);
- return &ipn;
-}
-
-
-void natparsefile(fd, file, opts)
-int fd;
-char *file;
-int opts;
-{
- char line[512], *s;
- ipnat_t *np;
- FILE *fp;
- int linenum = 0;
-
- if (strcmp(file, "-")) {
- if (!(fp = fopen(file, "r"))) {
- fprintf(stderr, "%s: open: %s\n", file,
- STRERROR(errno));
- exit(1);
- }
- } else
- fp = stdin;
-
- while (getline(line, sizeof(line) - 1, fp, &linenum)) {
- line[sizeof(line) - 1] = '\0';
- if ((s = strchr(line, '\n')))
- *s = '\0';
-
- if (!(np = natparse(line, linenum))) {
- if (*line)
- fprintf(stderr, "%d: syntax error in \"%s\"\n",
- linenum, line);
- } else {
- if ((opts & OPT_VERBOSE) && np)
- printnat(np, opts);
- if (!(opts & OPT_DONOTHING)) {
- if (!(opts & OPT_REMOVE)) {
- if (ioctl(fd, SIOCADNAT, &np) == -1)
- perror("ioctl(SIOCADNAT)");
- } else if (ioctl(fd, SIOCRMNAT, &np) == -1)
- perror("ioctl(SIOCRMNAT)");
- }
- }
- }
- if (fp != stdin)
- fclose(fp);
-}
-
-
-int icmpidnum(str, id, linenum)
-char *str;
-u_short *id;
-int linenum;
-{
- int i;
-
-
- i = atoi(str);
-
- if ((i<0) || (i>65535)) {
- fprintf(stderr, "%d: invalid icmp id\"%s\".\n", linenum, str);
- return 0;
- }
-
- *id = (u_short)i;
-
- return 1;
-}
Deleted: trunk/contrib/ipfilter/lib/parse.c
===================================================================
--- trunk/contrib/ipfilter/lib/parse.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/parse.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,754 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/parse.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp
- */
-#include <ctype.h>
-#include "ipf.h"
-#include "opts.h"
-
-static frentry_t *fp = NULL;
-
-/* parse()
- *
- * parse a line read from the input filter rule file
- */
-struct frentry *parse(line, linenum)
-char *line;
-int linenum;
-{
- static fripf_t fip;
- char *cps[31], **cpp, *endptr, *proto = NULL, *s;
- struct protoent *p = NULL;
- int i, cnt = 1, j;
- u_int k;
-
- if (fp == NULL) {
- fp = malloc(sizeof(*fp));
- if (fp == NULL)
- return NULL;
- }
-
- while (*line && ISSPACE(*line))
- line++;
- if (!*line)
- return NULL;
-
- bzero((char *)fp, sizeof(*fp));
- bzero((char *)&fip, sizeof(fip));
- fp->fr_v = use_inet6 ? 6 : 4;
- fp->fr_ipf = &fip;
- fp->fr_dsize = sizeof(fip);
- fp->fr_ip.fi_v = fp->fr_v;
- fp->fr_mip.fi_v = 0xf;
- fp->fr_type = FR_T_NONE;
- fp->fr_loglevel = 0xffff;
- fp->fr_isc = (void *)-1;
- fp->fr_tag = FR_NOTAG;
-
- /*
- * break line up into max of 20 segments
- */
- if (opts & OPT_DEBUG)
- fprintf(stderr, "parse [%s]\n", line);
- for (i = 0, *cps = strtok(line, " \b\t\r\n"); cps[i] && i < 30; cnt++)
- cps[++i] = strtok(NULL, " \b\t\r\n");
- cps[i] = NULL;
-
- if (cnt < 3) {
- fprintf(stderr, "%d: not enough segments in line\n", linenum);
- return NULL;
- }
-
- cpp = cps;
- /*
- * The presence of an '@' followed by a number gives the position in
- * the current rule list to insert this one.
- */
- if (**cpp == '@')
- fp->fr_hits = (U_QUAD_T)atoi(*cpp++ + 1) + 1;
-
- /*
- * Check the first keyword in the rule and any options that are
- * expected to follow it.
- */
- if (!strcasecmp("block", *cpp)) {
- fp->fr_flags |= FR_BLOCK;
- if (!strncasecmp(*(cpp+1), "return-icmp-as-dest", 19) &&
- (i = 19))
- fp->fr_flags |= FR_FAKEICMP;
- else if (!strncasecmp(*(cpp+1), "return-icmp", 11) && (i = 11))
- fp->fr_flags |= FR_RETICMP;
- if (fp->fr_flags & FR_RETICMP) {
- cpp++;
- if (strlen(*cpp) == i) {
- if (*(cpp + 1) && **(cpp +1) == '(') {
- cpp++;
- i = 0;
- } else
- i = -1;
- }
-
- /*
- * The ICMP code is not required to follow in ()'s
- */
- if ((i >= 0) && (*(*cpp + i) == '(')) {
- i++;
- j = icmpcode(*cpp + i);
- if (j == -1) {
- fprintf(stderr,
- "%d: unrecognised icmp code %s\n",
- linenum, *cpp + 20);
- return NULL;
- }
- fp->fr_icode = j;
- }
- } else if (!strncasecmp(*(cpp+1), "return-rst", 10)) {
- fp->fr_flags |= FR_RETRST;
- cpp++;
- }
- } else if (!strcasecmp("count", *cpp)) {
- fp->fr_flags |= FR_ACCOUNT;
- } else if (!strcasecmp("pass", *cpp)) {
- fp->fr_flags |= FR_PASS;
- } else if (!strcasecmp("auth", *cpp)) {
- fp->fr_flags |= FR_AUTH;
- } else if (fp->fr_arg != 0) {
- printf("skip %u", fp->fr_arg);
- } else if (!strcasecmp("preauth", *cpp)) {
- fp->fr_flags |= FR_PREAUTH;
- } else if (!strcasecmp("nomatch", *cpp)) {
- fp->fr_flags |= FR_NOMATCH;
- } else if (!strcasecmp("skip", *cpp)) {
- cpp++;
- if (ratoui(*cpp, &k, 0, UINT_MAX))
- fp->fr_arg = k;
- else {
- fprintf(stderr, "%d: integer must follow skip\n",
- linenum);
- return NULL;
- }
- } else if (!strcasecmp("log", *cpp)) {
- fp->fr_flags |= FR_LOG;
- if (!strcasecmp(*(cpp+1), "body")) {
- fp->fr_flags |= FR_LOGBODY;
- cpp++;
- }
- if (!strcasecmp(*(cpp+1), "first")) {
- fp->fr_flags |= FR_LOGFIRST;
- cpp++;
- }
- if (*cpp && !strcasecmp(*(cpp+1), "or-block")) {
- fp->fr_flags |= FR_LOGORBLOCK;
- cpp++;
- }
- if (!strcasecmp(*(cpp+1), "level")) {
- cpp++;
- if (loglevel(cpp, &fp->fr_loglevel, linenum) == -1)
- return NULL;
- cpp++;
- }
- } else {
- /*
- * Doesn't start with one of the action words
- */
- fprintf(stderr, "%d: unknown keyword (%s)\n", linenum, *cpp);
- return NULL;
- }
- if (!*++cpp) {
- fprintf(stderr, "%d: missing 'in'/'out' keyword\n", linenum);
- return NULL;
- }
-
- /*
- * Get the direction for filtering. Impose restrictions on direction
- * if blocking with returning ICMP or an RST has been requested.
- */
- if (!strcasecmp("in", *cpp))
- fp->fr_flags |= FR_INQUE;
- else if (!strcasecmp("out", *cpp)) {
- fp->fr_flags |= FR_OUTQUE;
- if (fp->fr_flags & FR_RETICMP) {
- fprintf(stderr,
- "%d: Can only use return-icmp with 'in'\n",
- linenum);
- return NULL;
- } else if (fp->fr_flags & FR_RETRST) {
- fprintf(stderr,
- "%d: Can only use return-rst with 'in'\n",
- linenum);
- return NULL;
- }
- }
- if (!*++cpp) {
- fprintf(stderr, "%d: missing source specification\n", linenum);
- return NULL;
- }
-
- if (!strcasecmp("log", *cpp)) {
- if (!*++cpp) {
- fprintf(stderr, "%d: missing source specification\n",
- linenum);
- return NULL;
- }
- if (FR_ISPASS(fp->fr_flags))
- fp->fr_flags |= FR_LOGP;
- else if (FR_ISBLOCK(fp->fr_flags))
- fp->fr_flags |= FR_LOGB;
- if (*cpp && !strcasecmp(*cpp, "body")) {
- fp->fr_flags |= FR_LOGBODY;
- cpp++;
- }
- if (*cpp && !strcasecmp(*cpp, "first")) {
- fp->fr_flags |= FR_LOGFIRST;
- cpp++;
- }
- if (*cpp && !strcasecmp(*cpp, "or-block")) {
- if (!FR_ISPASS(fp->fr_flags)) {
- fprintf(stderr,
- "%d: or-block must be used with pass\n",
- linenum);
- return NULL;
- }
- fp->fr_flags |= FR_LOGORBLOCK;
- cpp++;
- }
- if (*cpp && !strcasecmp(*cpp, "level")) {
- if (loglevel(cpp, &fp->fr_loglevel, linenum) == -1)
- return NULL;
- cpp++;
- cpp++;
- }
- }
-
- if (*cpp && !strcasecmp("quick", *cpp)) {
- if (fp->fr_arg != 0) {
- fprintf(stderr, "%d: cannot use skip with quick\n",
- linenum);
- return NULL;
- }
- cpp++;
- fp->fr_flags |= FR_QUICK;
- }
-
- /*
- * Parse rule options that are available if a rule is tied to an
- * interface.
- */
- *fp->fr_ifname = '\0';
- *fp->fr_oifname = '\0';
- if (*cpp && !strcasecmp(*cpp, "on")) {
- if (!*++cpp) {
- fprintf(stderr, "%d: interface name missing\n",
- linenum);
- return NULL;
- }
- (void)strncpy(fp->fr_ifname, *cpp, IFNAMSIZ-1);
- fp->fr_ifname[IFNAMSIZ-1] = '\0';
- cpp++;
- if (!*cpp) {
- if ((fp->fr_flags & FR_RETMASK) == FR_RETRST) {
- fprintf(stderr,
- "%d: %s can only be used with TCP\n",
- linenum, "return-rst");
- return NULL;
- }
- return fp;
- }
-
- if (!strcasecmp(*cpp, "out-via")) {
- if (fp->fr_flags & FR_OUTQUE) {
- fprintf(stderr,
- "out-via must be used with in\n");
- return NULL;
- }
- cpp++;
- (void)strncpy(fp->fr_oifname, *cpp, IFNAMSIZ-1);
- fp->fr_oifname[IFNAMSIZ-1] = '\0';
- cpp++;
- } else if (!strcasecmp(*cpp, "in-via")) {
- if (fp->fr_flags & FR_INQUE) {
- fprintf(stderr,
- "in-via must be used with out\n");
- return NULL;
- }
- cpp++;
- (void)strncpy(fp->fr_oifname, *cpp, IFNAMSIZ-1);
- fp->fr_oifname[IFNAMSIZ-1] = '\0';
- cpp++;
- }
-
- if (!strcasecmp(*cpp, "dup-to") && *(cpp + 1)) {
- cpp++;
- if (to_interface(&fp->fr_dif, *cpp, linenum))
- return NULL;
- cpp++;
- }
- if (*cpp && !strcasecmp(*cpp, "to") && *(cpp + 1)) {
- cpp++;
- if (to_interface(&fp->fr_tif, *cpp, linenum))
- return NULL;
- cpp++;
- } else if (*cpp && !strcasecmp(*cpp, "fastroute")) {
- if (!(fp->fr_flags & FR_INQUE)) {
- fprintf(stderr,
- "can only use %s with 'in'\n",
- "fastroute");
- return NULL;
- }
- fp->fr_flags |= FR_FASTROUTE;
- cpp++;
- }
-
- /*
- * Set the "other" interface name. Lets you specify both
- * inbound and outbound interfaces for state rules. Do not
- * prevent both interfaces from being the same.
- */
- strcpy(fp->fr_ifnames[3], "*");
- if ((*cpp != NULL) && (*(cpp + 1) != NULL) &&
- ((((fp->fr_flags & FR_INQUE) != 0) &&
- (strcasecmp(*cpp, "out-via") == 0)) ||
- (((fp->fr_flags & FR_OUTQUE) != 0) &&
- (strcasecmp(*cpp, "in-via") == 0)))) {
- cpp++;
-
- s = strchr(*cpp, ',');
- if (s != NULL) {
- *s++ = '\0';
- (void)strncpy(fp->fr_ifnames[3], s,
- IFNAMSIZ - 1);
- fp->fr_ifnames[3][IFNAMSIZ - 1] = '\0';
- }
-
- (void)strncpy(fp->fr_ifnames[2], *cpp, IFNAMSIZ - 1);
- fp->fr_ifnames[2][IFNAMSIZ - 1] = '\0';
- cpp++;
- } else
- strcpy(fp->fr_ifnames[2], "*");
-
- }
-
- if (*cpp && !strcasecmp(*cpp, "tos")) {
- if (!*++cpp) {
- fprintf(stderr, "%d: tos missing value\n", linenum);
- return NULL;
- }
- fp->fr_tos = strtol(*cpp, NULL, 0);
- fp->fr_mip.fi_tos = 0xff;
- cpp++;
- }
-
- if (*cpp && !strcasecmp(*cpp, "ttl")) {
- if (!*++cpp) {
- fprintf(stderr, "%d: ttl missing hopcount value\n",
- linenum);
- return NULL;
- }
- if (ratoi(*cpp, &i, 0, 255))
- fp->fr_ttl = i;
- else {
- fprintf(stderr, "%d: invalid ttl (%s)\n",
- linenum, *cpp);
- return NULL;
- }
- fp->fr_mip.fi_ttl = 0xff;
- cpp++;
- }
-
- /*
- * check for "proto <protoname>" only decode udp/tcp/icmp as protoname
- */
- if (*cpp && !strcasecmp(*cpp, "proto")) {
- if (!*++cpp) {
- fprintf(stderr, "%d: protocol name missing\n", linenum);
- return NULL;
- }
- fp->fr_type = FR_T_IPF;
- proto = *cpp++;
- if (!strcasecmp(proto, "tcp/udp")) {
- fp->fr_flx |= FI_TCPUDP;
- fp->fr_mflx |= FI_TCPUDP;
- } else if (use_inet6 && !strcasecmp(proto, "icmp")) {
- fprintf(stderr,
-"%d: use proto ipv6-icmp with IPv6 (or use proto 1 if you really mean icmp)\n",
- linenum);
- return NULL;
- } else {
- fp->fr_proto = getproto(proto);
- fp->fr_mip.fi_p = 0xff;
- }
- }
- if ((fp->fr_proto != IPPROTO_TCP) &&
- ((fp->fr_flags & FR_RETMASK) == FR_RETRST)) {
- fprintf(stderr, "%d: %s can only be used with TCP\n",
- linenum, "return-rst");
- return NULL;
- }
-
- /*
- * get the from host and bit mask to use against packets
- */
-
- if (!*cpp) {
- fprintf(stderr, "%d: missing source specification\n", linenum);
- return NULL;
- }
- if (!strcasecmp(*cpp, "all")) {
- cpp++;
- if (!*cpp) {
- if (fp->fr_type == FR_T_NONE) {
- fp->fr_dsize = 0;
- fp->fr_data = NULL;
- }
- return fp;
- }
- fp->fr_type = FR_T_IPF;
-#ifdef IPFILTER_BPF
- } else if (!strcmp(*cpp, "{")) {
- struct bpf_program bpf;
- struct pcap *p;
- char **cp;
- u_32_t l;
-
- if (fp->fr_type != FR_T_NONE) {
- fprintf(stderr,
- "%d: cannot mix BPF/ipf matching\n", linenum);
- return NULL;
- }
- fp->fr_type = FR_T_BPFOPC;
- cpp++;
- if (!strncmp(*cpp, "0x", 2)) {
- fp->fr_data = malloc(4);
- for (cp = cpp, i = 0; *cp; cp++, i++) {
- if (!strcmp(*cp, "}"))
- break;
- fp->fr_data = realloc(fp->fr_data,
- (i + 1) * 4);
- l = strtoul(*cp, NULL, 0);
- ((u_32_t *)fp->fr_data)[i] = l;
- }
- if (!*cp) {
- fprintf(stderr, "Missing closing '}'\n");
- return NULL;
- }
- fp->fr_dsize = i * sizeof(l);
- bpf.bf_insns = fp->fr_data;
- bpf.bf_len = fp->fr_dsize / sizeof(struct bpf_insn);
- } else {
- for (cp = cpp; *cp; cp++) {
- if (!strcmp(*cp, "}"))
- break;
- (*cp)[-1] = ' ';
- }
- if (!*cp) {
- fprintf(stderr, "Missing closing '}'\n");
- return NULL;
- }
-
- bzero((char *)&bpf, sizeof(bpf));
- p = pcap_open_dead(DLT_RAW, 1);
- if (!p) {
- fprintf(stderr, "pcap_open_dead failed\n");
- return NULL;
- }
-
- if (pcap_compile(p, &bpf, *cpp, 1, 0xffffffff)) {
- pcap_perror(p, "ipf");
- pcap_close(p);
- fprintf(stderr, "pcap parsing failed\n");
- return NULL;
- }
- pcap_close(p);
- fp->fr_dsize = bpf.bf_len * sizeof(struct bpf_insn);
- fp->fr_data = bpf.bf_insns;
- if (!bpf_validate(fp->fr_data, bpf.bf_len)) {
- fprintf(stderr, "BPF validation failed\n");
- return NULL;
- }
- if (opts & OPT_DEBUG)
- bpf_dump(&bpf, 0);
- }
- cpp = cp;
- (*cpp)++;
-#endif
- } else {
- fp->fr_type = FR_T_IPF;
-
- if (strcasecmp(*cpp, "from")) {
- fprintf(stderr, "%d: unexpected keyword (%s) - from\n",
- linenum, *cpp);
- return NULL;
- }
- if (!*++cpp) {
- fprintf(stderr, "%d: missing host after from\n",
- linenum);
- return NULL;
- }
- if (**cpp == '!') {
- fp->fr_flags |= FR_NOTSRCIP;
- (*cpp)++;
- } else if (!strcmp(*cpp, "!")) {
- fp->fr_flags |= FR_NOTSRCIP;
- cpp++;
- }
-
- s = *cpp;
- i = hostmask(&cpp, proto, fp->fr_ifname, (u_32_t *)&fp->fr_src,
- (u_32_t *)&fp->fr_smsk, linenum);
- if (i == -1)
- return NULL;
- if (*fp->fr_ifname && !strcasecmp(s, fp->fr_ifname))
- fp->fr_satype = FRI_DYNAMIC;
- if (i == 1) {
- if (fp->fr_v == 6) {
- fprintf(stderr,
- "can only use pools with ipv4\n");
- return NULL;
- }
- fp->fr_satype = FRI_LOOKUP;
- }
-
- if (ports(&cpp, proto, &fp->fr_sport, &fp->fr_scmp,
- &fp->fr_stop, linenum))
- return NULL;
-
- if (!*cpp) {
- fprintf(stderr, "%d: missing to fields\n", linenum);
- return NULL;
- }
-
- /*
- * do the same for the to field (destination host)
- */
- if (strcasecmp(*cpp, "to")) {
- fprintf(stderr, "%d: unexpected keyword (%s) - to\n",
- linenum, *cpp);
- return NULL;
- }
- if (!*++cpp) {
- fprintf(stderr, "%d: missing host after to\n", linenum);
- return NULL;
- }
-
- if (**cpp == '!') {
- fp->fr_flags |= FR_NOTDSTIP;
- (*cpp)++;
- } else if (!strcmp(*cpp, "!")) {
- fp->fr_flags |= FR_NOTDSTIP;
- cpp++;
- }
-
- s = *cpp;
- i = hostmask(&cpp, proto, fp->fr_ifname, (u_32_t *)&fp->fr_dst,
- (u_32_t *)&fp->fr_dmsk, linenum);
- if (i == -1)
- return NULL;
- if (*fp->fr_ifname && !strcasecmp(s, fp->fr_ifname))
- fp->fr_datype = FRI_DYNAMIC;
- if (i == 1) {
- if (fp->fr_v == 6) {
- fprintf(stderr,
- "can only use pools with ipv4\n");
- return NULL;
- }
- fp->fr_datype = FRI_LOOKUP;
- }
-
- if (ports(&cpp, proto, &fp->fr_dport, &fp->fr_dcmp,
- &fp->fr_dtop, linenum))
- return NULL;
- }
-
- if (fp->fr_type == FR_T_IPF) {
- /*
- * check some sanity, make sure we don't have icmp checks
- * with tcp or udp or visa versa.
- */
- if (fp->fr_proto && (fp->fr_dcmp || fp->fr_scmp) &&
- fp->fr_proto != IPPROTO_TCP &&
- fp->fr_proto != IPPROTO_UDP) {
- fprintf(stderr,
- "%d: port operation on non tcp/udp\n",linenum);
- return NULL;
- }
- if (fp->fr_icmp && fp->fr_proto != IPPROTO_ICMP) {
- fprintf(stderr,
- "%d: icmp comparisons on wrong protocol\n",
- linenum);
- return NULL;
- }
-
- if (!*cpp)
- return fp;
-
- if (*cpp && (fp->fr_type == FR_T_IPF) &&
- !strcasecmp(*cpp, "flags")) {
- if (!*++cpp) {
- fprintf(stderr, "%d: no flags present\n",
- linenum);
- return NULL;
- }
- fp->fr_tcpf = tcp_flags(*cpp, &fp->fr_tcpfm, linenum);
- cpp++;
- }
-
- /*
- * extras...
- */
- if ((fp->fr_v == 4) && *cpp && (!strcasecmp(*cpp, "with") ||
- !strcasecmp(*cpp, "and")))
- if (extras(&cpp, fp, linenum))
- return NULL;
-
- /*
- * icmp types for use with the icmp protocol
- */
- if (*cpp && !strcasecmp(*cpp, "icmp-type")) {
- if (fp->fr_proto != IPPROTO_ICMP &&
- fp->fr_proto != IPPROTO_ICMPV6) {
- fprintf(stderr,
- "%d: icmp with wrong protocol (%d)\n",
- linenum, fp->fr_proto);
- return NULL;
- }
- if (addicmp(&cpp, fp, linenum))
- return NULL;
- fp->fr_icmp = htons(fp->fr_icmp);
- fp->fr_icmpm = htons(fp->fr_icmpm);
- }
- }
-
- /*
- * Keep something...
- */
- while (*cpp && !strcasecmp(*cpp, "keep"))
- if (addkeep(&cpp, fp, linenum))
- return NULL;
-
- /*
- * This is here to enforce the old interface binding behaviour.
- * That is, "on X" is equivalent to "<dir> on X <!dir>-via -,X"
- */
- if (fp->fr_flags & FR_KEEPSTATE) {
- if (*fp->fr_ifnames[0] && !*fp->fr_ifnames[3]) {
- bcopy(fp->fr_ifnames[0], fp->fr_ifnames[3],
- sizeof(fp->fr_ifnames[3]));
- strncpy(fp->fr_ifnames[2], "*",
- sizeof(fp->fr_ifnames[3]));
- }
- }
-
- /*
- * head of a new group ?
- */
- if (*cpp && !strcasecmp(*cpp, "head")) {
- if (fp->fr_arg != 0) {
- fprintf(stderr, "%d: cannot use skip with head\n",
- linenum);
- return NULL;
- }
- if (!*++cpp) {
- fprintf(stderr, "%d: head without group #\n", linenum);
- return NULL;
- }
- if (strlen(*cpp) > FR_GROUPLEN) {
- fprintf(stderr, "%d: head name too long #\n", linenum);
- return NULL;
- }
- strncpy(fp->fr_grhead, *cpp, FR_GROUPLEN);
- cpp++;
- }
-
- /*
- * reference to an already existing group ?
- */
- if (*cpp && !strcasecmp(*cpp, "group")) {
- if (!*++cpp) {
- fprintf(stderr, "%d: group without group #\n",
- linenum);
- return NULL;
- }
- if (strlen(*cpp) > FR_GROUPLEN) {
- fprintf(stderr, "%d: group name too long #\n", linenum);
- return NULL;
- }
- strncpy(fp->fr_group, *cpp, FR_GROUPLEN);
- cpp++;
- }
-
- if (*cpp && !strcasecmp(*cpp, "tag")) {
- if (!*++cpp) {
- fprintf(stderr, "%d: tag id missing value\n", linenum);
- return NULL;
- }
- fp->fr_tag = strtol(*cpp, NULL, 0);
- cpp++;
- }
-
- /*
- * pps counter
- */
- if (*cpp && !strcasecmp(*cpp, "pps")) {
- if (!*++cpp) {
- fprintf(stderr, "%d: pps without rate\n", linenum);
- return NULL;
- }
- if (ratoui(*cpp, &k, 0, INT_MAX))
- fp->fr_pps = k;
- else {
- fprintf(stderr, "%d: invalid pps rate (%s)\n",
- linenum, *cpp);
- return NULL;
- }
- cpp++;
- }
-
- /*
- * leftovers...yuck
- */
- if (*cpp && **cpp) {
- fprintf(stderr, "%d: unknown words at end: [", linenum);
- for (; *cpp; cpp++)
- fprintf(stderr, "%s ", *cpp);
- fprintf(stderr, "]\n");
- return NULL;
- }
-
- /*
- * lazy users...
- */
- if (fp->fr_type == FR_T_IPF) {
- if ((fp->fr_tcpf || fp->fr_tcpfm) &&
- (fp->fr_proto != IPPROTO_TCP)) {
- fprintf(stderr,
- "%d: TCP protocol not specified\n", linenum);
- return NULL;
- }
- if (!(fp->fr_flx & FI_TCPUDP) &&
- (fp->fr_proto != IPPROTO_TCP) &&
- (fp->fr_proto != IPPROTO_UDP) &&
- (fp->fr_dcmp || fp->fr_scmp)) {
- if (!fp->fr_proto) {
- fp->fr_flx |= FI_TCPUDP;
- fp->fr_mflx |= FI_TCPUDP;
- } else {
- fprintf(stderr,
- "%d: port check for non-TCP/UDP\n",
- linenum);
- return NULL;
- }
- }
- }
- if (*fp->fr_oifname && strcmp(fp->fr_oifname, "*") &&
- !(fp->fr_flags & FR_KEEPSTATE)) {
- fprintf(stderr, "%d: *-via <if> must be used %s\n",
- linenum, "with keep-state");
- return NULL;
- }
- return fp;
-}
Deleted: trunk/contrib/ipfilter/lib/portnum.c
===================================================================
--- trunk/contrib/ipfilter/lib/portnum.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/portnum.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,64 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/portnum.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- *
- * Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp
- */
-
-#include <ctype.h>
-
-#include "ipf.h"
-
-
-/*
- * find the port number given by the name, either from getservbyname() or
- * straight atoi(). Return 1 on success, 0 on failure
- */
-int portnum(name, proto, port, linenum)
-char *name, *proto;
-u_short *port;
-int linenum;
-{
- struct servent *sp, *sp2;
- u_short p1 = 0;
- int i;
-
- if (ISDIGIT(*name)) {
- if (ratoi(name, &i, 0, USHRT_MAX)) {
- *port = (u_short)i;
- return 1;
- }
- fprintf(stderr, "%d: unknown port \"%s\"\n", linenum, name);
- return 0;
- }
- if (proto != NULL && strcasecmp(proto, "tcp/udp") != 0) {
- sp = getservbyname(name, proto);
- if (sp) {
- *port = ntohs(sp->s_port);
- return 1;
- }
- fprintf(stderr, "%d: unknown service \"%s\".\n", linenum, name);
- return 0;
- }
- sp = getservbyname(name, "tcp");
- if (sp)
- p1 = sp->s_port;
- sp2 = getservbyname(name, "udp");
- if (!sp || !sp2) {
- fprintf(stderr, "%d: unknown tcp/udp service \"%s\".\n",
- linenum, name);
- return 0;
- }
- if (p1 != sp2->s_port) {
- fprintf(stderr, "%d: %s %d/tcp is a different port to ",
- linenum, name, p1);
- fprintf(stderr, "%d: %s %d/udp\n", linenum, name, sp->s_port);
- return 0;
- }
- *port = ntohs(p1);
- return 1;
-}
Deleted: trunk/contrib/ipfilter/lib/ports.c
===================================================================
--- trunk/contrib/ipfilter/lib/ports.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/ports.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,81 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/ports.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp
- */
-
-#include <ctype.h>
-
-#include "ipf.h"
-
-
-/*
- * check for possible presence of the port fields in the line
- */
-int ports(seg, proto, pp, cp, tp, linenum)
-char ***seg;
-char *proto;
-u_short *pp;
-int *cp;
-u_short *tp;
-int linenum;
-{
- int comp = -1;
-
- if (!*seg || !**seg || !***seg)
- return 0;
- if (!strcasecmp(**seg, "port") && *(*seg + 1) && *(*seg + 2)) {
- (*seg)++;
- if (ISALNUM(***seg) && *(*seg + 2)) {
- if (portnum(**seg, proto, pp, linenum) == 0)
- return -1;
- (*seg)++;
- if (!strcmp(**seg, "<>"))
- comp = FR_OUTRANGE;
- else if (!strcmp(**seg, "><"))
- comp = FR_INRANGE;
- else {
- fprintf(stderr,
- "%d: unknown range operator (%s)\n",
- linenum, **seg);
- return -1;
- }
- (*seg)++;
- if (**seg == NULL) {
- fprintf(stderr, "%d: missing 2nd port value\n",
- linenum);
- return -1;
- }
- if (portnum(**seg, proto, tp, linenum) == 0)
- return -1;
- } else if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq"))
- comp = FR_EQUAL;
- else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne"))
- comp = FR_NEQUAL;
- else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt"))
- comp = FR_LESST;
- else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt"))
- comp = FR_GREATERT;
- else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le"))
- comp = FR_LESSTE;
- else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge"))
- comp = FR_GREATERTE;
- else {
- fprintf(stderr, "%d: unknown comparator (%s)\n",
- linenum, **seg);
- return -1;
- }
- if (comp != FR_OUTRANGE && comp != FR_INRANGE) {
- (*seg)++;
- if (portnum(**seg, proto, pp, linenum) == 0)
- return -1;
- }
- *cp = comp;
- (*seg)++;
- }
- return 0;
-}
Deleted: trunk/contrib/ipfilter/lib/ratoi.c
===================================================================
--- trunk/contrib/ipfilter/lib/ratoi.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/ratoi.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,26 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/ratoi.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp
- */
-
-#include "ipf.h"
-
-
-int ratoi(ps, pi, min, max)
-char *ps;
-int *pi, min, max;
-{
- int i;
- char *pe;
-
- i = (int)strtol(ps, &pe, 0);
- if (*pe != '\0' || i < min || i > max)
- return 0;
- *pi = i;
- return 1;
-}
Deleted: trunk/contrib/ipfilter/lib/ratoui.c
===================================================================
--- trunk/contrib/ipfilter/lib/ratoui.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/ratoui.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,26 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/ratoui.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp
- */
-
-#include "ipf.h"
-
-
-int ratoui(ps, pi, min, max)
-char *ps;
-u_int *pi, min, max;
-{
- u_int i;
- char *pe;
-
- i = (u_int)strtol(ps, &pe, 0);
- if (*pe != '\0' || i < min || i > max)
- return 0;
- *pi = i;
- return 1;
-}
Deleted: trunk/contrib/ipfilter/lib/to_interface.c
===================================================================
--- trunk/contrib/ipfilter/lib/to_interface.c 2018-07-15 18:16:10 UTC (rev 11871)
+++ trunk/contrib/ipfilter/lib/to_interface.c 2018-07-15 18:19:14 UTC (rev 11872)
@@ -1,31 +0,0 @@
-/* $FreeBSD: src/contrib/ipfilter/lib/to_interface.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp
- */
-
-#include "ipf.h"
-
-
-int to_interface(fdp, to, linenum)
-frdest_t *fdp;
-char *to;
-int linenum;
-{
- char *s;
-
- s = strchr(to, ':');
- fdp->fd_ifp = NULL;
- if (s) {
- *s++ = '\0';
- if (hostnum((u_32_t *)&fdp->fd_ip, s, linenum, NULL) == -1)
- return -1;
- }
- (void) strncpy(fdp->fd_ifname, to, sizeof(fdp->fd_ifname) - 1);
- fdp->fd_ifname[sizeof(fdp->fd_ifname) - 1] = '\0';
- return 0;
-}
More information about the Midnightbsd-cvs
mailing list