summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>1999-05-31 23:57:38 +0000
committerbrian <brian@cvs.openbsd.org>1999-05-31 23:57:38 +0000
commit1b0f30286518c3144543a60d182344ab3827d36a (patch)
tree97b5340863c3ac4285535d505c25a2a00d5dd9a0 /usr.sbin
parentf0a9a0b5f0b08003a1a125b4941e67cfcb7efd4b (diff)
Remember if MYADDR or HISADDR is used in a filter add tweak all
filters any time either value changes.
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/ppp/ppp/bundle.c12
-rw-r--r--usr.sbin/ppp/ppp/bundle.h4
-rw-r--r--usr.sbin/ppp/ppp/command.c5
-rw-r--r--usr.sbin/ppp/ppp/filter.c76
-rw-r--r--usr.sbin/ppp/ppp/filter.h31
-rw-r--r--usr.sbin/ppp/ppp/iface.c4
-rw-r--r--usr.sbin/ppp/ppp/ip.c12
-rw-r--r--usr.sbin/ppp/ppp/ipcp.c9
8 files changed, 110 insertions, 43 deletions
diff --git a/usr.sbin/ppp/ppp/bundle.c b/usr.sbin/ppp/ppp/bundle.c
index 7286c4eaa0e..4fddb9cbc97 100644
--- a/usr.sbin/ppp/ppp/bundle.c
+++ b/usr.sbin/ppp/ppp/bundle.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: bundle.c,v 1.17 1999/05/27 08:44:48 brian Exp $
+ * $Id: bundle.c,v 1.18 1999/05/31 23:57:35 brian Exp $
*/
#include <sys/param.h>
@@ -1710,3 +1710,13 @@ bundle_Exception(struct bundle *bundle, int fd)
return 0;
}
+
+void
+bundle_AdjustFilters(struct bundle *bundle, struct in_addr *my_ip,
+ struct in_addr *peer_ip)
+{
+ filter_AdjustAddr(&bundle->filter.in, my_ip, peer_ip);
+ filter_AdjustAddr(&bundle->filter.out, my_ip, peer_ip);
+ filter_AdjustAddr(&bundle->filter.dial, my_ip, peer_ip);
+ filter_AdjustAddr(&bundle->filter.alive, my_ip, peer_ip);
+}
diff --git a/usr.sbin/ppp/ppp/bundle.h b/usr.sbin/ppp/ppp/bundle.h
index 0590539b139..936dd8c211d 100644
--- a/usr.sbin/ppp/ppp/bundle.h
+++ b/usr.sbin/ppp/ppp/bundle.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: bundle.h,v 1.4 1999/02/06 03:22:31 brian Exp $
+ * $Id: bundle.h,v 1.5 1999/05/31 23:57:35 brian Exp $
*/
#define PHASE_DEAD 0 /* Link is dead */
@@ -189,3 +189,5 @@ extern void bundle_setsid(struct bundle *, int);
extern void bundle_LockTun(struct bundle *);
extern int bundle_HighestState(struct bundle *);
extern int bundle_Exception(struct bundle *, int);
+extern void bundle_AdjustFilters(struct bundle *, struct in_addr *,
+ struct in_addr *);
diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c
index d00b222d095..0671fccb4a5 100644
--- a/usr.sbin/ppp/ppp/command.c
+++ b/usr.sbin/ppp/ppp/command.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: command.c,v 1.21 1999/05/15 02:25:22 brian Exp $
+ * $Id: command.c,v 1.22 1999/05/31 23:57:36 brian Exp $
*
*/
#include <sys/param.h>
@@ -143,7 +143,7 @@
#define NEG_DNS 52
const char Version[] = "2.21";
-const char VersionDate[] = "$Date: 1999/05/15 02:25:22 $";
+const char VersionDate[] = "$Date: 1999/05/31 23:57:36 $";
static int ShowCommand(struct cmdargs const *);
static int TerminalCommand(struct cmdargs const *);
@@ -1312,6 +1312,7 @@ SetInterfaceAddr(struct cmdargs const *arg)
ipcp->cfg.my_range.width = 0;
}
ipcp->my_ip.s_addr = ipcp->cfg.my_range.ipaddr.s_addr;
+ bundle_AdjustFilters(arg->bundle, &ipcp->my_ip, NULL);
if (hisaddr && !ipcp_UseHisaddr(arg->bundle, hisaddr,
arg->bundle->phys_type.all & PHYS_AUTO))
diff --git a/usr.sbin/ppp/ppp/filter.c b/usr.sbin/ppp/ppp/filter.c
index c2f09abe947..491e62783cc 100644
--- a/usr.sbin/ppp/ppp/filter.c
+++ b/usr.sbin/ppp/ppp/filter.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: filter.c,v 1.4 1999/05/08 11:06:35 brian Exp $
+ * $Id: filter.c,v 1.5 1999/05/31 23:57:36 brian Exp $
*
* TODO: Shoud send ICMP error message when we discard packets.
*/
@@ -261,6 +261,29 @@ ParseUdpOrTcp(int argc, char const *const *argv, int proto,
return 1;
}
+static unsigned
+addrtype(const char *addr)
+{
+ if (!strncasecmp(addr, "MYADDR", 6) && (addr[6] == '\0' || addr[6] == '/'))
+ return T_MYADDR;
+ if (!strncasecmp(addr, "HISADDR", 7) && (addr[7] == '\0' || addr[7] == '/'))
+ return T_HISADDR;
+
+ return T_ADDR;
+}
+
+static const char *
+addrstr(struct in_addr addr, unsigned type)
+{
+ switch (type) {
+ case T_MYADDR:
+ return "MYADDR";
+ case T_HISADDR:
+ return "HISADDR";
+ }
+ return inet_ntoa(addr);
+}
+
static int
Parse(struct ipcp *ipcp, int argc, char const *const *argv,
struct filterent *ofp)
@@ -326,19 +349,22 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
if (proto == P_NONE) {
if (!argc)
log_Printf(LogWARN, "Parse: address/mask is expected.\n");
- else if (ParseAddr(ipcp, *argv, &filterdata.saddr, &filterdata.smask,
- &filterdata.swidth)) {
+ else if (ParseAddr(ipcp, *argv, &filterdata.src.ipaddr,
+ &filterdata.src.mask, &filterdata.src.width)) {
+ filterdata.srctype = addrtype(*argv);
argc--;
argv++;
proto = filter_Nam2Proto(argc, argv);
if (!argc)
log_Printf(LogWARN, "Parse: address/mask is expected.\n");
else if (proto == P_NONE) {
- if (ParseAddr(ipcp, *argv, &filterdata.daddr, &filterdata.dmask,
- &filterdata.dwidth)) {
+ if (ParseAddr(ipcp, *argv, &filterdata.dst.ipaddr, &filterdata.dst.mask,
+ &filterdata.dst.width)) {
+ filterdata.dsttype = addrtype(*argv);
argc--;
argv++;
- }
+ } else
+ filterdata.dsttype = T_ADDR;
proto = filter_Nam2Proto(argc, argv);
if (argc && proto != P_NONE) {
argc--;
@@ -372,10 +398,10 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
break;
}
- log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.saddr));
- log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.smask));
- log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.daddr));
- log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dmask));
+ log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.src.ipaddr));
+ log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.src.mask));
+ log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.dst.ipaddr));
+ log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dst.mask));
log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto);
log_Printf(LogDEBUG, "Parse: src: %s (%d)\n",
@@ -439,8 +465,10 @@ doShowFilter(struct filterent *fp, struct prompt *prompt)
prompt_Printf(prompt, "port ");
else
prompt_Printf(prompt, " ");
- prompt_Printf(prompt, "%s/%d ", inet_ntoa(fp->saddr), fp->swidth);
- prompt_Printf(prompt, "%s/%d ", inet_ntoa(fp->daddr), fp->dwidth);
+ prompt_Printf(prompt, "%s/%d ", addrstr(fp->src.ipaddr, fp->srctype),
+ fp->src.width);
+ prompt_Printf(prompt, "%s/%d ", addrstr(fp->dst.ipaddr, fp->dsttype),
+ fp->dst.width);
if (fp->proto) {
prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->proto));
@@ -548,3 +576,27 @@ filter_Nam2Op(const char *cp)
return op;
}
+
+void
+filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip,
+ struct in_addr *peer_ip)
+{
+ struct filterent *fp;
+ int n;
+
+ for (fp = filter->rule, n = 0; n < MAXFILTERS; fp++, n++)
+ if (fp->action != A_NONE) {
+ if (my_ip) {
+ if (fp->srctype == T_MYADDR)
+ fp->src.ipaddr = *my_ip;
+ if (fp->dsttype == T_MYADDR)
+ fp->dst.ipaddr = *my_ip;
+ }
+ if (peer_ip) {
+ if (fp->srctype == T_HISADDR)
+ fp->src.ipaddr = *peer_ip;
+ if (fp->dsttype == T_HISADDR)
+ fp->dst.ipaddr = *peer_ip;
+ }
+ }
+}
diff --git a/usr.sbin/ppp/ppp/filter.h b/usr.sbin/ppp/ppp/filter.h
index 8f1c4b48d34..334170e22c3 100644
--- a/usr.sbin/ppp/ppp/filter.h
+++ b/usr.sbin/ppp/ppp/filter.h
@@ -15,14 +15,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: filter.h,v 1.3 1999/02/06 03:22:36 brian Exp $
+ * $Id: filter.h,v 1.4 1999/05/31 23:57:37 brian Exp $
*
* TODO:
*/
-/*
- * Actions
- */
+/* Actions */
#define A_NONE 0
#define A_PERMIT 1
#define A_DENY 2
@@ -30,30 +28,29 @@
#define A_UHOST 4
#define A_UPORT 8
-/*
- * Known protocols
- */
+/* Known protocols */
#define P_NONE 0
#define P_TCP 1
#define P_UDP 2
#define P_ICMP 3
-/*
- * Operations
- */
+/* Operations */
#define OP_NONE 0
#define OP_EQ 1
#define OP_GT 2
#define OP_LT 4
+/* srctype or dsttype */
+#define T_ADDR 0
+#define T_MYADDR 1
+#define T_HISADDR 2
+
struct filterent {
int action; /* Filtering action */
- int swidth; /* Effective source address width */
- struct in_addr saddr; /* Source address */
- struct in_addr smask; /* Source address mask */
- int dwidth; /* Effective destination address width */
- struct in_addr daddr; /* Destination address */
- struct in_addr dmask; /* Destination address mask */
+ unsigned srctype : 2; /* T_ value of src */
+ struct in_range src; /* Source address */
+ unsigned dsttype : 2; /* T_ value of dst */
+ struct in_range dst; /* Destination address */
int proto; /* Protocol */
struct {
short srcop;
@@ -91,3 +88,5 @@ extern const char * filter_Action2Nam(int);
extern const char *filter_Proto2Nam(int);
extern const char *filter_Op2Nam(int);
extern struct in_addr bits2mask(int);
+extern void filter_AdjustAddr(struct filter *, struct in_addr *,
+ struct in_addr *);
diff --git a/usr.sbin/ppp/ppp/iface.c b/usr.sbin/ppp/ppp/iface.c
index 69cba1863dd..6cd4f28cea0 100644
--- a/usr.sbin/ppp/ppp/iface.c
+++ b/usr.sbin/ppp/ppp/iface.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: iface.c,v 1.5 1999/05/27 08:44:48 brian Exp $
+ * $Id: iface.c,v 1.6 1999/05/31 23:57:37 brian Exp $
*/
#include <sys/param.h>
@@ -59,9 +59,9 @@
#include "hdlc.h"
#include "throughput.h"
#include "slcompress.h"
-#include "filter.h"
#include "descriptor.h"
#include "ipcp.h"
+#include "filter.h"
#include "lcp.h"
#include "ccp.h"
#include "link.h"
diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c
index 727782ae847..c75a051f1fe 100644
--- a/usr.sbin/ppp/ppp/ip.c
+++ b/usr.sbin/ppp/ppp/ip.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ip.c,v 1.10 1999/05/14 09:35:14 brian Exp $
+ * $Id: ip.c,v 1.11 1999/05/31 23:57:37 brian Exp $
*
* TODO:
* o Return ICMP message for filterd packet
@@ -113,7 +113,7 @@ FilterCheck(struct ip *pip, struct filter *filter)
cproto = gotinfo = estab = syn = finrst = didname = 0;
sport = dport = 0;
for (n = 0; n < MAXFILTERS; n++) {
- if (fp->action) {
+ if (fp->action != A_NONE) {
/* permit fragments on in and out filter */
if (filter->fragok && (ntohs(pip->ip_off) & IP_OFFMASK) != 0)
return (A_PERMIT);
@@ -122,10 +122,10 @@ FilterCheck(struct ip *pip, struct filter *filter)
log_Printf(LogDEBUG, "%s filter:\n", filter->name);
didname = 1;
- if ((pip->ip_src.s_addr & fp->smask.s_addr) ==
- (fp->saddr.s_addr & fp->smask.s_addr) &&
- (pip->ip_dst.s_addr & fp->dmask.s_addr) ==
- (fp->daddr.s_addr & fp->dmask.s_addr)) {
+ if ((pip->ip_src.s_addr & fp->src.mask.s_addr) ==
+ (fp->src.ipaddr.s_addr & fp->src.mask.s_addr) &&
+ (pip->ip_dst.s_addr & fp->dst.mask.s_addr) ==
+ (fp->dst.ipaddr.s_addr & fp->dst.mask.s_addr)) {
if (fp->proto) {
if (!gotinfo) {
ptop = (char *) pip + (pip->ip_hl << 2);
diff --git a/usr.sbin/ppp/ppp/ipcp.c b/usr.sbin/ppp/ppp/ipcp.c
index 1454d218598..a02b84f0293 100644
--- a/usr.sbin/ppp/ppp/ipcp.c
+++ b/usr.sbin/ppp/ppp/ipcp.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ipcp.c,v 1.13 1999/05/09 20:04:00 brian Exp $
+ * $Id: ipcp.c,v 1.14 1999/05/31 23:57:37 brian Exp $
*
* TODO:
* o Support IPADDRS properly
@@ -903,6 +903,7 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type,
inet_ntoa(ipcp->my_ip));
log_Printf(LogIPCP, "%s --> %s\n", tbuff2, inet_ntoa(ipaddr));
ipcp->my_ip = ipaddr;
+ bundle_AdjustFilters(fp->bundle, &ipcp->my_ip, NULL);
} else {
log_Printf(log_IsKept(LogIPCP) ? LogIPCP : LogPHASE,
"%s: Unacceptable address!\n", inet_ntoa(ipaddr));
@@ -1186,7 +1187,7 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
ipcp->peer_ip = ChooseHisAddr(bundle, ipcp->my_ip);
if (ipcp->peer_ip.s_addr == INADDR_ANY) {
log_Printf(LogWARN, "%s: None available !\n", ipcp->cfg.peer_list.src);
- return(0);
+ return 0;
}
ipcp->cfg.peer_range.ipaddr.s_addr = ipcp->peer_ip.s_addr;
ipcp->cfg.peer_range.mask.s_addr = INADDR_BROADCAST;
@@ -1206,7 +1207,9 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
} else
return 0;
- return 1;
+ bundle_AdjustFilters(bundle, NULL, &ipcp->peer_ip);
+
+ return 1; /* Ok */
}
struct in_addr