Add the ability to use interface names in place of addresses

in firewall rules. i.e.

block return-rst in quick on fxp0 proto tcp from any to fxp0 port = 9999

This will make things like DHCP much easier to deal with in the future.

8 files changed, 110 insertions, 86 deletions

diff --git a/sbin/ipf/Makefile b/sbin/ipf/Makefile
index 4940b8564ee..b8e2d81438e 100644
--- a/sbin/ipf/Makefile
+++ b/sbin/ipf/Makefile
@@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile,v 1.6 1999/12/15 05:20:23 kjell Exp $
+#	$OpenBSD: Makefile,v 1.7 1999/12/16 07:38:44 kjell Exp $
 
 PROG=	ipf
 MAN=	ipf.8 ipf.4 ipf.5
-SRCS=	ipf.c parse.c opt.c facpri.c
+SRCS=	ipf.c parse.c opt.c facpri.c ifaddr.c
 
 .include <bsd.prog.mk>
diff --git a/sbin/ipf/ifaddr.c b/sbin/ipf/ifaddr.c
new file mode 100644
index 00000000000..300e3e27f3e
--- /dev/null
+++ b/sbin/ipf/ifaddr.c
@@ -0,0 +1,75 @@
+/* $OpenBSD: ifaddr.c,v 1.1 1999/12/16 07:38:45 kjell Exp $ */
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include <err.h>
+#include <stdlib.h>
+#include "ifaddr.h"
+
+
+/*
+ * if_addr():
+ *      given a string containing an interface name (e.g. "ppp0")
+ *      return the IP address it represents
+ *
+ * The OpenBSD community considers this feature to be quite useful and
+ * suggests inclusion into other platforms. The closest alternative is
+ * to define /etc/networks with suitable values.
+ */
+int     if_addr(name, ap)
+char            *name;
+struct in_addr  *ap;
+{
+        struct ifconf ifc;
+        struct ifreq ifreq, *ifr;
+        char *inbuf = NULL;
+        int s, i, len = 8192;
+
+        if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+                warn("socket");
+                return 0;
+        }
+
+        while (1) {
+                ifc.ifc_len = len;
+                ifc.ifc_buf = inbuf = realloc(inbuf, len);
+                if (inbuf == NULL)
+                        err(1, "malloc");
+                if (ioctl(s, SIOCGIFCONF, &ifc) < 0) {
+                        warn("SIOCGIFCONF");
+                        goto if_addr_lose;
+                }
+                if (ifc.ifc_len + sizeof(ifreq) < len)
+                        break;
+                len *= 2;
+        }
+        ifr = ifc.ifc_req;
+        ifreq.ifr_name[0] = '\0';
+        for (i = 0; i < ifc.ifc_len; ) {
+                ifr = (struct ifreq *)((caddr_t)ifc.ifc_req + i);
+                i += sizeof(ifr->ifr_name) +
+                        (ifr->ifr_addr.sa_len > sizeof(struct sockaddr)
+                                ? ifr->ifr_addr.sa_len
+                                : sizeof(struct sockaddr));
+                ifreq = *ifr;
+                if (ioctl(s, SIOCGIFADDR, (caddr_t)ifr) < 0)
+                        continue;
+                if (ifr->ifr_addr.sa_family != AF_INET)
+                        continue;
+                if (!strcmp(name, ifr->ifr_name)) {
+                        struct sockaddr_in *sin;
+                        close(s);
+                        free(inbuf);
+                        sin = (struct sockaddr_in *)&ifr->ifr_addr;
+                        *ap = sin->sin_addr;
+                        return (1);
+                }
+        }
+
+if_addr_lose:
+        close(s);
+        free(inbuf);
+        return 0;
+}
diff --git a/sbin/ipf/ifaddr.h b/sbin/ipf/ifaddr.h
new file mode 100644
index 00000000000..96ef1bac246
--- /dev/null
+++ b/sbin/ipf/ifaddr.h
@@ -0,0 +1,8 @@
+/* $OpenBSD: ifaddr.h,v 1.1 1999/12/16 07:38:45 kjell Exp $ */
+
+#ifndef	__IFADDR_H__
+#define	__IFADDR_H__
+
+int     if_addr __P((char *, struct in_addr *));
+
+#endif
diff --git a/sbin/ipf/parse.c b/sbin/ipf/parse.c
index 93053d32032..6e5d9588087 100644
--- a/sbin/ipf/parse.c
+++ b/sbin/ipf/parse.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.c,v 1.27 1999/12/15 05:20:24 kjell Exp $ */
+/* $OpenBSD: parse.c,v 1.28 1999/12/16 07:38:45 kjell Exp $ */
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
  *
@@ -42,7 +42,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)parse.c	1.44 6/5/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)$Id: parse.c,v 1.27 1999/12/15 05:20:24 kjell Exp $";
+static const char rcsid[] = "@(#)$Id: parse.c,v 1.28 1999/12/16 07:38:45 kjell Exp $";
 #endif
 
 extern	struct	ipopt_names	ionames[], secclass[];
@@ -67,7 +67,9 @@ void	optprint __P((u_short *, u_long, u_long));
 int	countbits __P((u_32_t));
 char	*portname __P((int, int));
 int	ratoi __P((char *, int *, int, int));
-
+#if defined(__OpenBSD__)
+extern int     if_addr __P((char *, struct in_addr *));
+#endif
 
 char	*proto = NULL;
 char	flagset[] = "FSRPAU";
@@ -723,6 +725,9 @@ int     linenum;
 	struct	hostent	*hp;
 	struct	netent	*np;
 	struct	in_addr	ip;
+#if defined(__OpenBSD__)
+        struct in_addr  addr;
+#endif
 
 	*resolved = 0;
 	if (!strcasecmp("any", host))
@@ -733,6 +738,12 @@ int     linenum;
 	if (!strcasecmp("<thishost>", host))
 		host = thishost;
 
+#if defined(__OpenBSD__)
+        /* attempt a map from interface name to address */
+        if (if_addr(host, &addr))
+                return (u_32_t)addr.s_addr;
+#endif
+
 	if (!(hp = gethostbyname(host))) {
 		if (!(np = getnetbyname(host))) {
 			*resolved = -1;
diff --git a/sbin/ipfstat/Makefile b/sbin/ipfstat/Makefile
index c8373343d9f..ab29321d47e 100644
--- a/sbin/ipfstat/Makefile
+++ b/sbin/ipfstat/Makefile
@@ -1,8 +1,8 @@
-#	$OpenBSD: Makefile,v 1.5 1999/12/15 05:20:25 kjell Exp $
+#	$OpenBSD: Makefile,v 1.6 1999/12/16 07:38:45 kjell Exp $
 
 PROG=	ipfstat
 MAN=	ipfstat.8
-SRCS=	fils.c parse.c opt.c kmem.c facpri.c 
+SRCS=	fils.c parse.c opt.c kmem.c facpri.c ifaddr.c
 .PATH:  ${.CURDIR}/../../sbin/ipf
 CFLAGS+=-I${.CURDIR}/../../sbin/ipf
 
diff --git a/sbin/ipnat/Makefile b/sbin/ipnat/Makefile
index 4a1cd375700..ba7202abffd 100644
--- a/sbin/ipnat/Makefile
+++ b/sbin/ipnat/Makefile
@@ -1,9 +1,9 @@
-#	$OpenBSD: Makefile,v 1.6 1999/12/15 05:20:24 kjell Exp $
+#	$OpenBSD: Makefile,v 1.7 1999/12/16 07:38:45 kjell Exp $
 
 PROG=	ipnat
 MAN=	ipnat.8 ipnat.4 ipnat.5
-SRCS=	ipnat.c kmem.c natparse.c
-.PATH:  ${.CURDIR}/../ipfstat
-CFLAGS+=-I${.CURDIR}/../../sbin/ipfstat
+SRCS=	ipnat.c kmem.c natparse.c ifaddr.c
+.PATH:  ${.CURDIR}/../ipfstat ${.CURDIR}/../ipf
+CFLAGS+=-I${.CURDIR}/../../sbin/ipfstat -I${.CURDIR}/../ipf
 
 .include <bsd.prog.mk>
diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c
index 3ca847b5063..ab3cd70dfdd 100644
--- a/sbin/ipnat/ipnat.c
+++ b/sbin/ipnat/ipnat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipnat.c,v 1.32 1999/12/15 05:20:24 kjell Exp $ */
+/* $OpenBSD: ipnat.c,v 1.33 1999/12/16 07:38:45 kjell Exp $ */
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
  *
@@ -47,9 +47,6 @@
 #include <netinet/ip_proxy.h>
 #include <netinet/ip_nat.h>
 #include "kmem.h"
-#if defined(__OpenBSD__)
-#include <err.h>
-#endif
 
 #if	defined(sun) && !SOLARIS2
 # define	STRERROR(x)	sys_errlist[x]
@@ -60,7 +57,7 @@ extern	char	*sys_errlist[];
 
 #if !defined(lint)
 static const char sccsid[] ="@(#)ipnat.c	1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.32 1999/12/15 05:20:24 kjell Exp $";
+static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.33 1999/12/16 07:38:45 kjell Exp $";
 #endif
 
 
@@ -75,7 +72,7 @@ extern	void	natparsefile __P((int, char *, int));
 extern	void	printnat __P((ipnat_t *, int, void *));
 
 #if defined(__OpenBSD__)
-int	if_addr __P((char *, struct in_addr *));
+extern  int	if_addr __P((char *, struct in_addr *));
 #endif
 
 u_32_t	hostnum __P((char *, int *, int));
@@ -405,73 +402,6 @@ char	*msk;
 	return mask;
 }
 
-#if defined(__OpenBSD__)
-/*
- * if_addr():
- *	given a string containing an interface name (e.g. "ppp0")
- *	return the IP address it represents
- *
- * The OpenBSD community considers this feature to be quite useful and
- * suggests inclusion into other platforms. The closest alternative is
- * to define /etc/networks with suitable values.
- */
-int	if_addr(name, ap)
-char		*name;
-struct in_addr	*ap;
-{
-	struct ifconf ifc;
-	struct ifreq ifreq, *ifr;
-	char *inbuf = NULL;
-	int s, i, len = 8192;
-
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
-		warn("socket");
-		return 0;
-	}
-
-	while (1) {
-		ifc.ifc_len = len;
-		ifc.ifc_buf = inbuf = realloc(inbuf, len);
-		if (inbuf == NULL)
-			err(1, "malloc");
-		if (ioctl(s, SIOCGIFCONF, &ifc) < 0) {
-			warn("SIOCGIFCONF");
-			goto if_addr_lose;
-		}
-		if (ifc.ifc_len + sizeof(ifreq) < len)
-			break;
-		len *= 2;
-	}
-	ifr = ifc.ifc_req;
-	ifreq.ifr_name[0] = '\0';
-	for (i = 0; i < ifc.ifc_len; ) {
-		ifr = (struct ifreq *)((caddr_t)ifc.ifc_req + i);
-		i += sizeof(ifr->ifr_name) +
-			(ifr->ifr_addr.sa_len > sizeof(struct sockaddr)
-				? ifr->ifr_addr.sa_len
-				: sizeof(struct sockaddr));
-		ifreq = *ifr;
-		if (ioctl(s, SIOCGIFADDR, (caddr_t)ifr) < 0)
-			continue;
-		if (ifr->ifr_addr.sa_family != AF_INET)
-			continue;
-		if (!strcmp(name, ifr->ifr_name)) {
-			struct sockaddr_in *sin;
-			close(s);
-			free(inbuf);
-			sin = (struct sockaddr_in *)&ifr->ifr_addr;
-			*ap = sin->sin_addr;
-			return (1);
-		}
-	}
-
-if_addr_lose:
-	close(s);
-	free(inbuf);
-	return 0;
-}
-#endif
-
 /*
  * returns an ip address as a long var as a result of either a DNS lookup or
  * straight inet_addr() call
diff --git a/usr.sbin/ipftest/Makefile b/usr.sbin/ipftest/Makefile
index c70bce0dd64..786be621aca 100644
--- a/usr.sbin/ipftest/Makefile
+++ b/usr.sbin/ipftest/Makefile
@@ -1,10 +1,10 @@
-#	$OpenBSD: Makefile,v 1.7 1999/12/15 05:20:26 kjell Exp $
+#	$OpenBSD: Makefile,v 1.8 1999/12/16 07:38:45 kjell Exp $
 
 PROG=	ipftest 
 MAN=	ipftest.1	
 SRCS=	ipt.c fil.c ipft_hx.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c \
 	ipft_tx.c misc.c parse.c opt.c ip_frag.c ip_nat.c ip_state.c \
-	ip_auth.c ip_fil.c ip_proxy.c facpri.c natparse.c
+	ip_auth.c ip_fil.c ip_proxy.c facpri.c natparse.c ifaddr.c
 
 .PATH: 	${.CURDIR}/../../sbin/ipf ${.CURDIR}/../../sbin/ipfstat \
 	${.CURDIR}/../../sys/netinet ${.CURDIR}/../../sbin/ipnat