[ipfilter-cvs] ipfilter/tools ipnat.c,
Brought to you by:
darren_r
Menu
▾
▴
[ipfilter-cvs] ipfilter/tools ipnat.c,
|
From: Darren <dar...@us...> - 2012-07-20 08:29:37
|
Update of /cvsroot/ipfilter/ipfilter/tools
In directory vz-cvs-4.sog:/tmp/cvs-serv30501/tools
Modified Files:
ipnat.c
Log Message:
3544317 ipnat/ipfstat are not using ipfexp_t
Index: ipnat.c
===================================================================
RCS file: /cvsroot/ipfilter/ipfilter/tools/ipnat.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -C2 -d -r1.22 -r1.23
*** ipnat.c 13 Jul 2012 11:56:51 -0000 1.22
--- ipnat.c 20 Jul 2012 08:29:35 -0000 1.23
***************
*** 683,739 ****
int *array;
{
! int i, n, *x, e, p;
! e = 0;
n = array[0];
x = array + 1;
! for (; n > 0; x += 3 + x[3]) {
! if (x[0] == IPF_EXP_END)
break;
! e = 0;
!
! n -= x[3] + 3;
! p = x[0] >> 16;
! if (p != 0 && p != nat->nat_pr[1])
break;
! switch (x[0])
{
case IPF_EXP_IP_PR :
! for (i = 0; !e && i < x[3]; i++) {
! e |= (nat->nat_pr[1] == x[i + 3]);
}
break;
case IPF_EXP_IP_SRCADDR :
! for (i = 0; !e && i < x[3]; i++) {
! e |= ((nat->nat_nsrcaddr & x[i + 4]) ==
! x[i + 3]);
}
break;
case IPF_EXP_IP_DSTADDR :
! for (i = 0; !e && i < x[3]; i++) {
! e |= ((nat->nat_ndstaddr & x[i + 4]) ==
! x[i + 3]);
}
break;
case IPF_EXP_IP_ADDR :
! for (i = 0; !e && i < x[3]; i++) {
! e |= ((nat->nat_nsrcaddr & x[i + 4]) ==
! x[i + 3]) ||
! ((nat->nat_ndstaddr & x[i + 4]) ==
! x[i + 3]);
}
break;
case IPF_EXP_UDP_PORT :
case IPF_EXP_TCP_PORT :
! for (i = 0; !e && i < x[3]; i++) {
! e |= (nat->nat_nsport == x[i + 3]) ||
! (nat->nat_ndport == x[i + 3]);
}
break;
--- 683,810 ----
int *array;
{
! int i, n, *x, rv, p;
! ipfexp_t *e;
! rv = 0;
n = array[0];
x = array + 1;
! for (; n > 0; x += 3 + x[3], rv = 0) {
! e = (ipfexp_t *)x;
! if (e->ipfe_cmd == IPF_EXP_END)
break;
! n -= e->ipfe_size;
! p = e->ipfe_cmd >> 16;
! if ((p != 0) && (p != nat->nat_pr[1]))
break;
! switch (e->ipfe_cmd)
{
case IPF_EXP_IP_PR :
! for (i = 0; !rv && i < e->ipfe_narg; i++) {
! rv |= (nat->nat_pr[1] == e->ipfe_arg0[i]);
}
break;
case IPF_EXP_IP_SRCADDR :
! if (nat->nat_v[0] != 4)
! break;
! for (i = 0; !rv && i < e->ipfe_narg; i++) {
! rv |= ((nat->nat_osrcaddr &
! e->ipfe_arg0[i * 2 + 1]) ==
! e->ipfe_arg0[i * 2]) ||
! ((nat->nat_nsrcaddr &
! e->ipfe_arg0[i * 2 + 1]) ==
! e->ipfe_arg0[i * 2]);
}
break;
case IPF_EXP_IP_DSTADDR :
! if (nat->nat_v[0] != 4)
! break;
! for (i = 0; !rv && i < e->ipfe_narg; i++) {
! rv |= ((nat->nat_odstaddr &
! e->ipfe_arg0[i * 2 + 1]) ==
! e->ipfe_arg0[i * 2]) ||
! ((nat->nat_ndstaddr &
! e->ipfe_arg0[i * 2 + 1]) ==
! e->ipfe_arg0[i * 2]);
}
break;
case IPF_EXP_IP_ADDR :
! if (nat->nat_v[0] != 4)
! break;
! for (i = 0; !rv && i < e->ipfe_narg; i++) {
! rv |= ((nat->nat_osrcaddr &
! e->ipfe_arg0[i * 2 + 1]) ==
! e->ipfe_arg0[i * 2]) ||
! ((nat->nat_nsrcaddr &
! e->ipfe_arg0[i * 2 + 1]) ==
! e->ipfe_arg0[i * 2]) ||
! ((nat->nat_odstaddr &
! e->ipfe_arg0[i * 2 + 1]) ==
! e->ipfe_arg0[i * 2]) ||
! ((nat->nat_ndstaddr &
! e->ipfe_arg0[i * 2 + 1]) ==
! e->ipfe_arg0[i * 2]);
}
break;
+ #ifdef USE_INET6
+ case IPF_EXP_IP6_SRCADDR :
+ if (nat->nat_v[0] != 6)
+ break;
+ for (i = 0; !rv && i < e->ipfe_narg; i++) {
+ rv |= IP6_MASKEQ(&nat->nat_osrc6,
+ &e->ipfe_arg0[i * 8 + 4],
+ &e->ipfe_arg0[i * 8]) ||
+ IP6_MASKEQ(&nat->nat_nsrc6,
+ &e->ipfe_arg0[i * 8 + 4],
+ &e->ipfe_arg0[i * 8]);
+ }
+ break;
+
+ case IPF_EXP_IP6_DSTADDR :
+ if (nat->nat_v[0] != 6)
+ break;
+ for (i = 0; !rv && i < e->ipfe_narg; i++) {
+ rv |= IP6_MASKEQ(&nat->nat_odst6,
+ &e->ipfe_arg0[i * 8 + 4],
+ &e->ipfe_arg0[i * 8]) ||
+ IP6_MASKEQ(&nat->nat_ndst6,
+ &e->ipfe_arg0[i * 8 + 4],
+ &e->ipfe_arg0[i * 8]);
+ }
+ break;
+
+ case IPF_EXP_IP6_ADDR :
+ if (nat->nat_v[0] != 6)
+ break;
+ for (i = 0; !rv && i < e->ipfe_narg; i++) {
+ rv |= IP6_MASKEQ(&nat->nat_osrc6,
+ &e->ipfe_arg0[i * 8 + 4],
+ &e->ipfe_arg0[i * 8]) ||
+ IP6_MASKEQ(&nat->nat_nsrc6,
+ &e->ipfe_arg0[i * 8 + 4],
+ &e->ipfe_arg0[i * 8]) ||
+ IP6_MASKEQ(&nat->nat_odst6,
+ &e->ipfe_arg0[i * 8 + 4],
+ &e->ipfe_arg0[i * 8]) ||
+ IP6_MASKEQ(&nat->nat_ndst6,
+ &e->ipfe_arg0[i * 8 + 4],
+ &e->ipfe_arg0[i * 8]);
+ }
+ break;
+ #endif
+
case IPF_EXP_UDP_PORT :
case IPF_EXP_TCP_PORT :
! for (i = 0; !rv && i < e->ipfe_narg; i++) {
! rv |= (nat->nat_osport == e->ipfe_arg0[i]) ||
! (nat->nat_nsport == e->ipfe_arg0[i]) ||
! (nat->nat_odport == e->ipfe_arg0[i]) ||
! (nat->nat_ndport == e->ipfe_arg0[i]);
}
break;
***************
*** 741,746 ****
case IPF_EXP_UDP_SPORT :
case IPF_EXP_TCP_SPORT :
! for (i = 0; !e && i < x[3]; i++) {
! e |= (nat->nat_nsport == x[i + 3]);
}
break;
--- 812,818 ----
case IPF_EXP_UDP_SPORT :
case IPF_EXP_TCP_SPORT :
! for (i = 0; !rv && i < e->ipfe_narg; i++) {
! rv |= (nat->nat_osport == e->ipfe_arg0[i]) ||
! (nat->nat_nsport == e->ipfe_arg0[i]);
}
break;
***************
*** 748,762 ****
case IPF_EXP_UDP_DPORT :
case IPF_EXP_TCP_DPORT :
! for (i = 0; !e && i < x[3]; i++) {
! e |= (nat->nat_ndport == x[i + 3]);
}
break;
}
! e ^= x[2];
! if (!e)
break;
}
! return e;
}
--- 820,835 ----
case IPF_EXP_UDP_DPORT :
case IPF_EXP_TCP_DPORT :
! for (i = 0; !rv && i < e->ipfe_narg; i++) {
! rv |= (nat->nat_odport == e->ipfe_arg0[i]) ||
! (nat->nat_ndport == e->ipfe_arg0[i]);
}
break;
}
! rv ^= e->ipfe_not;
! if (rv == 0)
break;
}
! return rv;
}
|