[ipfilter-cvs] ipfilter fil.c,
Brought to you by:
darren_r
From: Darren <dar...@us...> - 2014-06-20 16:56:07
|
Update of /cvsroot/ipfilter/ipfilter In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv2876 Modified Files: fil.c Log Message: #554 Determining why a ipf rule matches is hard Index: fil.c =================================================================== RCS file: /cvsroot/ipfilter/ipfilter/fil.c,v retrieving revision 1.128 retrieving revision 1.129 diff -C2 -d -r1.128 -r1.129 *** fil.c 15 Jun 2014 12:08:57 -0000 1.128 --- fil.c 20 Jun 2014 16:56:05 -0000 1.129 *************** *** 4429,4432 **** --- 4429,4465 ---- /* ------------------------------------------------------------------------ */ + /* Function: ipf_rule_compare */ + /* Parameters: fr1(I) - first rule structure to compare */ + /* fr2(I) - second rule structure to compare */ + /* Returns: int - 0 == rules are the same, else mismatch */ + /* */ + /* Compare two rules and return 0 if they match or a number indicating */ + /* which of the individual checks failed. */ + /* ------------------------------------------------------------------------ */ + static int + ipf_rule_compare(frentry_t *fr1, frentry_t *fr2) + { + if (fr1->fr_cksum != fr2->fr_cksum) + return 1; + if (fr1->fr_size != fr2->fr_size) + return 2; + if (fr1->fr_dsize != fr2->fr_dsize) + return 3; + if (bcmp((char *)&fr1->fr_func, (char *)&fr2->fr_func, + fr1->fr_size - offsetof(struct frentry, fr_func)) != 0) + return 4; + if (fr1->fr_data && !fr2->fr_data) + return 5; + if (!fr1->fr_data && fr2->fr_data) + return 6; + if (fr1->fr_data) { + if (bcmp(fr1->fr_caddr, fr2->fr_caddr, fr1->fr_dsize)) + return 7; + } + return 0; + } + + + /* ------------------------------------------------------------------------ */ /* Function: frrequest */ /* Returns: int - 0 == success, > 0 == errno value */ *************** *** 4919,4933 **** for (; (f = *ftail) != NULL; ftail = &f->fr_next) { ! DT2(rule_cmp, frentry_t *, fp, frentry_t *, f); ! if ((fp->fr_cksum != f->fr_cksum) || ! (fp->fr_size != f->fr_size) || ! (f->fr_dsize != fp->fr_dsize)) ! continue; ! if (bcmp((char *)&f->fr_func, (char *)&fp->fr_func, ! fp->fr_size - offsetof(struct frentry, fr_func)) != 0) ! continue; ! if ((!ptr && !f->fr_data) || ! (ptr && f->fr_data && ! !bcmp((char *)ptr, (char *)f->fr_data, f->fr_dsize))) break; } --- 4952,4956 ---- for (; (f = *ftail) != NULL; ftail = &f->fr_next) { ! if (ipf_rule_compare(fp, f) == 0) break; } |