diff options
author | brian <brian@cvs.openbsd.org> | 1999-05-31 23:57:38 +0000 |
---|---|---|
committer | brian <brian@cvs.openbsd.org> | 1999-05-31 23:57:38 +0000 |
commit | 1b0f30286518c3144543a60d182344ab3827d36a (patch) | |
tree | 97b5340863c3ac4285535d505c25a2a00d5dd9a0 /usr.sbin | |
parent | f0a9a0b5f0b08003a1a125b4941e67cfcb7efd4b (diff) |
Remember if MYADDR or HISADDR is used in a filter add tweak all
filters any time either value changes.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/ppp/ppp/bundle.c | 12 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/bundle.h | 4 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/command.c | 5 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/filter.c | 76 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/filter.h | 31 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/iface.c | 4 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/ip.c | 12 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/ipcp.c | 9 |
8 files changed, 110 insertions, 43 deletions
diff --git a/usr.sbin/ppp/ppp/bundle.c b/usr.sbin/ppp/ppp/bundle.c index 7286c4eaa0e..4fddb9cbc97 100644 --- a/usr.sbin/ppp/ppp/bundle.c +++ b/usr.sbin/ppp/ppp/bundle.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: bundle.c,v 1.17 1999/05/27 08:44:48 brian Exp $ + * $Id: bundle.c,v 1.18 1999/05/31 23:57:35 brian Exp $ */ #include <sys/param.h> @@ -1710,3 +1710,13 @@ bundle_Exception(struct bundle *bundle, int fd) return 0; } + +void +bundle_AdjustFilters(struct bundle *bundle, struct in_addr *my_ip, + struct in_addr *peer_ip) +{ + filter_AdjustAddr(&bundle->filter.in, my_ip, peer_ip); + filter_AdjustAddr(&bundle->filter.out, my_ip, peer_ip); + filter_AdjustAddr(&bundle->filter.dial, my_ip, peer_ip); + filter_AdjustAddr(&bundle->filter.alive, my_ip, peer_ip); +} diff --git a/usr.sbin/ppp/ppp/bundle.h b/usr.sbin/ppp/ppp/bundle.h index 0590539b139..936dd8c211d 100644 --- a/usr.sbin/ppp/ppp/bundle.h +++ b/usr.sbin/ppp/ppp/bundle.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: bundle.h,v 1.4 1999/02/06 03:22:31 brian Exp $ + * $Id: bundle.h,v 1.5 1999/05/31 23:57:35 brian Exp $ */ #define PHASE_DEAD 0 /* Link is dead */ @@ -189,3 +189,5 @@ extern void bundle_setsid(struct bundle *, int); extern void bundle_LockTun(struct bundle *); extern int bundle_HighestState(struct bundle *); extern int bundle_Exception(struct bundle *, int); +extern void bundle_AdjustFilters(struct bundle *, struct in_addr *, + struct in_addr *); diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c index d00b222d095..0671fccb4a5 100644 --- a/usr.sbin/ppp/ppp/command.c +++ b/usr.sbin/ppp/ppp/command.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.c,v 1.21 1999/05/15 02:25:22 brian Exp $ + * $Id: command.c,v 1.22 1999/05/31 23:57:36 brian Exp $ * */ #include <sys/param.h> @@ -143,7 +143,7 @@ #define NEG_DNS 52 const char Version[] = "2.21"; -const char VersionDate[] = "$Date: 1999/05/15 02:25:22 $"; +const char VersionDate[] = "$Date: 1999/05/31 23:57:36 $"; static int ShowCommand(struct cmdargs const *); static int TerminalCommand(struct cmdargs const *); @@ -1312,6 +1312,7 @@ SetInterfaceAddr(struct cmdargs const *arg) ipcp->cfg.my_range.width = 0; } ipcp->my_ip.s_addr = ipcp->cfg.my_range.ipaddr.s_addr; + bundle_AdjustFilters(arg->bundle, &ipcp->my_ip, NULL); if (hisaddr && !ipcp_UseHisaddr(arg->bundle, hisaddr, arg->bundle->phys_type.all & PHYS_AUTO)) diff --git a/usr.sbin/ppp/ppp/filter.c b/usr.sbin/ppp/ppp/filter.c index c2f09abe947..491e62783cc 100644 --- a/usr.sbin/ppp/ppp/filter.c +++ b/usr.sbin/ppp/ppp/filter.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: filter.c,v 1.4 1999/05/08 11:06:35 brian Exp $ + * $Id: filter.c,v 1.5 1999/05/31 23:57:36 brian Exp $ * * TODO: Shoud send ICMP error message when we discard packets. */ @@ -261,6 +261,29 @@ ParseUdpOrTcp(int argc, char const *const *argv, int proto, return 1; } +static unsigned +addrtype(const char *addr) +{ + if (!strncasecmp(addr, "MYADDR", 6) && (addr[6] == '\0' || addr[6] == '/')) + return T_MYADDR; + if (!strncasecmp(addr, "HISADDR", 7) && (addr[7] == '\0' || addr[7] == '/')) + return T_HISADDR; + + return T_ADDR; +} + +static const char * +addrstr(struct in_addr addr, unsigned type) +{ + switch (type) { + case T_MYADDR: + return "MYADDR"; + case T_HISADDR: + return "HISADDR"; + } + return inet_ntoa(addr); +} + static int Parse(struct ipcp *ipcp, int argc, char const *const *argv, struct filterent *ofp) @@ -326,19 +349,22 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv, if (proto == P_NONE) { if (!argc) log_Printf(LogWARN, "Parse: address/mask is expected.\n"); - else if (ParseAddr(ipcp, *argv, &filterdata.saddr, &filterdata.smask, - &filterdata.swidth)) { + else if (ParseAddr(ipcp, *argv, &filterdata.src.ipaddr, + &filterdata.src.mask, &filterdata.src.width)) { + filterdata.srctype = addrtype(*argv); argc--; argv++; proto = filter_Nam2Proto(argc, argv); if (!argc) log_Printf(LogWARN, "Parse: address/mask is expected.\n"); else if (proto == P_NONE) { - if (ParseAddr(ipcp, *argv, &filterdata.daddr, &filterdata.dmask, - &filterdata.dwidth)) { + if (ParseAddr(ipcp, *argv, &filterdata.dst.ipaddr, &filterdata.dst.mask, + &filterdata.dst.width)) { + filterdata.dsttype = addrtype(*argv); argc--; argv++; - } + } else + filterdata.dsttype = T_ADDR; proto = filter_Nam2Proto(argc, argv); if (argc && proto != P_NONE) { argc--; @@ -372,10 +398,10 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv, break; } - log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.saddr)); - log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.smask)); - log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.daddr)); - log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dmask)); + log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.src.ipaddr)); + log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.src.mask)); + log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.dst.ipaddr)); + log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dst.mask)); log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto); log_Printf(LogDEBUG, "Parse: src: %s (%d)\n", @@ -439,8 +465,10 @@ doShowFilter(struct filterent *fp, struct prompt *prompt) prompt_Printf(prompt, "port "); else prompt_Printf(prompt, " "); - prompt_Printf(prompt, "%s/%d ", inet_ntoa(fp->saddr), fp->swidth); - prompt_Printf(prompt, "%s/%d ", inet_ntoa(fp->daddr), fp->dwidth); + prompt_Printf(prompt, "%s/%d ", addrstr(fp->src.ipaddr, fp->srctype), + fp->src.width); + prompt_Printf(prompt, "%s/%d ", addrstr(fp->dst.ipaddr, fp->dsttype), + fp->dst.width); if (fp->proto) { prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->proto)); @@ -548,3 +576,27 @@ filter_Nam2Op(const char *cp) return op; } + +void +filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip, + struct in_addr *peer_ip) +{ + struct filterent *fp; + int n; + + for (fp = filter->rule, n = 0; n < MAXFILTERS; fp++, n++) + if (fp->action != A_NONE) { + if (my_ip) { + if (fp->srctype == T_MYADDR) + fp->src.ipaddr = *my_ip; + if (fp->dsttype == T_MYADDR) + fp->dst.ipaddr = *my_ip; + } + if (peer_ip) { + if (fp->srctype == T_HISADDR) + fp->src.ipaddr = *peer_ip; + if (fp->dsttype == T_HISADDR) + fp->dst.ipaddr = *peer_ip; + } + } +} diff --git a/usr.sbin/ppp/ppp/filter.h b/usr.sbin/ppp/ppp/filter.h index 8f1c4b48d34..334170e22c3 100644 --- a/usr.sbin/ppp/ppp/filter.h +++ b/usr.sbin/ppp/ppp/filter.h @@ -15,14 +15,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: filter.h,v 1.3 1999/02/06 03:22:36 brian Exp $ + * $Id: filter.h,v 1.4 1999/05/31 23:57:37 brian Exp $ * * TODO: */ -/* - * Actions - */ +/* Actions */ #define A_NONE 0 #define A_PERMIT 1 #define A_DENY 2 @@ -30,30 +28,29 @@ #define A_UHOST 4 #define A_UPORT 8 -/* - * Known protocols - */ +/* Known protocols */ #define P_NONE 0 #define P_TCP 1 #define P_UDP 2 #define P_ICMP 3 -/* - * Operations - */ +/* Operations */ #define OP_NONE 0 #define OP_EQ 1 #define OP_GT 2 #define OP_LT 4 +/* srctype or dsttype */ +#define T_ADDR 0 +#define T_MYADDR 1 +#define T_HISADDR 2 + struct filterent { int action; /* Filtering action */ - int swidth; /* Effective source address width */ - struct in_addr saddr; /* Source address */ - struct in_addr smask; /* Source address mask */ - int dwidth; /* Effective destination address width */ - struct in_addr daddr; /* Destination address */ - struct in_addr dmask; /* Destination address mask */ + unsigned srctype : 2; /* T_ value of src */ + struct in_range src; /* Source address */ + unsigned dsttype : 2; /* T_ value of dst */ + struct in_range dst; /* Destination address */ int proto; /* Protocol */ struct { short srcop; @@ -91,3 +88,5 @@ extern const char * filter_Action2Nam(int); extern const char *filter_Proto2Nam(int); extern const char *filter_Op2Nam(int); extern struct in_addr bits2mask(int); +extern void filter_AdjustAddr(struct filter *, struct in_addr *, + struct in_addr *); diff --git a/usr.sbin/ppp/ppp/iface.c b/usr.sbin/ppp/ppp/iface.c index 69cba1863dd..6cd4f28cea0 100644 --- a/usr.sbin/ppp/ppp/iface.c +++ b/usr.sbin/ppp/ppp/iface.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: iface.c,v 1.5 1999/05/27 08:44:48 brian Exp $ + * $Id: iface.c,v 1.6 1999/05/31 23:57:37 brian Exp $ */ #include <sys/param.h> @@ -59,9 +59,9 @@ #include "hdlc.h" #include "throughput.h" #include "slcompress.h" -#include "filter.h" #include "descriptor.h" #include "ipcp.h" +#include "filter.h" #include "lcp.h" #include "ccp.h" #include "link.h" diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c index 727782ae847..c75a051f1fe 100644 --- a/usr.sbin/ppp/ppp/ip.c +++ b/usr.sbin/ppp/ppp/ip.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ip.c,v 1.10 1999/05/14 09:35:14 brian Exp $ + * $Id: ip.c,v 1.11 1999/05/31 23:57:37 brian Exp $ * * TODO: * o Return ICMP message for filterd packet @@ -113,7 +113,7 @@ FilterCheck(struct ip *pip, struct filter *filter) cproto = gotinfo = estab = syn = finrst = didname = 0; sport = dport = 0; for (n = 0; n < MAXFILTERS; n++) { - if (fp->action) { + if (fp->action != A_NONE) { /* permit fragments on in and out filter */ if (filter->fragok && (ntohs(pip->ip_off) & IP_OFFMASK) != 0) return (A_PERMIT); @@ -122,10 +122,10 @@ FilterCheck(struct ip *pip, struct filter *filter) log_Printf(LogDEBUG, "%s filter:\n", filter->name); didname = 1; - if ((pip->ip_src.s_addr & fp->smask.s_addr) == - (fp->saddr.s_addr & fp->smask.s_addr) && - (pip->ip_dst.s_addr & fp->dmask.s_addr) == - (fp->daddr.s_addr & fp->dmask.s_addr)) { + if ((pip->ip_src.s_addr & fp->src.mask.s_addr) == + (fp->src.ipaddr.s_addr & fp->src.mask.s_addr) && + (pip->ip_dst.s_addr & fp->dst.mask.s_addr) == + (fp->dst.ipaddr.s_addr & fp->dst.mask.s_addr)) { if (fp->proto) { if (!gotinfo) { ptop = (char *) pip + (pip->ip_hl << 2); diff --git a/usr.sbin/ppp/ppp/ipcp.c b/usr.sbin/ppp/ppp/ipcp.c index 1454d218598..a02b84f0293 100644 --- a/usr.sbin/ppp/ppp/ipcp.c +++ b/usr.sbin/ppp/ppp/ipcp.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ipcp.c,v 1.13 1999/05/09 20:04:00 brian Exp $ + * $Id: ipcp.c,v 1.14 1999/05/31 23:57:37 brian Exp $ * * TODO: * o Support IPADDRS properly @@ -903,6 +903,7 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type, inet_ntoa(ipcp->my_ip)); log_Printf(LogIPCP, "%s --> %s\n", tbuff2, inet_ntoa(ipaddr)); ipcp->my_ip = ipaddr; + bundle_AdjustFilters(fp->bundle, &ipcp->my_ip, NULL); } else { log_Printf(log_IsKept(LogIPCP) ? LogIPCP : LogPHASE, "%s: Unacceptable address!\n", inet_ntoa(ipaddr)); @@ -1186,7 +1187,7 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr) ipcp->peer_ip = ChooseHisAddr(bundle, ipcp->my_ip); if (ipcp->peer_ip.s_addr == INADDR_ANY) { log_Printf(LogWARN, "%s: None available !\n", ipcp->cfg.peer_list.src); - return(0); + return 0; } ipcp->cfg.peer_range.ipaddr.s_addr = ipcp->peer_ip.s_addr; ipcp->cfg.peer_range.mask.s_addr = INADDR_BROADCAST; @@ -1206,7 +1207,9 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr) } else return 0; - return 1; + bundle_AdjustFilters(bundle, NULL, &ipcp->peer_ip); + + return 1; /* Ok */ } struct in_addr |