|
|
e87dd3 |
From 396750cef533cf72c7e6a72e47a9c93e2e431cb7 Mon Sep 17 00:00:00 2001
|
|
|
e87dd3 |
From: Simon Kelley <simon@thekelleys.org.uk>
|
|
|
e87dd3 |
Date: Sat, 13 Aug 2016 22:34:11 +0100
|
|
|
e87dd3 |
Subject: [PATCH] Refactor openBSD pftables code to remove blatant copyright
|
|
|
e87dd3 |
violation.
|
|
|
e87dd3 |
|
|
|
e87dd3 |
---
|
|
|
e87dd3 |
src/tables.c | 90 +++++++++++++++++++++---------------------------------------
|
|
|
e87dd3 |
1 file changed, 32 insertions(+), 58 deletions(-)
|
|
|
e87dd3 |
|
|
|
e87dd3 |
diff --git a/src/tables.c b/src/tables.c
|
|
|
e87dd3 |
index aae1252..4fa3487 100644
|
|
|
e87dd3 |
--- a/src/tables.c
|
|
|
e87dd3 |
+++ b/src/tables.c
|
|
|
e87dd3 |
@@ -53,52 +53,6 @@ static char *pfr_strerror(int errnum)
|
|
|
e87dd3 |
}
|
|
|
e87dd3 |
}
|
|
|
e87dd3 |
|
|
|
e87dd3 |
-static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
|
|
|
e87dd3 |
-{
|
|
|
e87dd3 |
- struct pfioc_table io;
|
|
|
e87dd3 |
-
|
|
|
e87dd3 |
- if (size < 0 || (size && tbl == NULL))
|
|
|
e87dd3 |
- {
|
|
|
e87dd3 |
- errno = EINVAL;
|
|
|
e87dd3 |
- return (-1);
|
|
|
e87dd3 |
- }
|
|
|
e87dd3 |
- bzero(&io, sizeof io);
|
|
|
e87dd3 |
- io.pfrio_flags = flags;
|
|
|
e87dd3 |
- io.pfrio_buffer = tbl;
|
|
|
e87dd3 |
- io.pfrio_esize = sizeof(*tbl);
|
|
|
e87dd3 |
- io.pfrio_size = size;
|
|
|
e87dd3 |
- if (ioctl(dev, DIOCRADDTABLES, &io))
|
|
|
e87dd3 |
- return (-1);
|
|
|
e87dd3 |
- if (nadd != NULL)
|
|
|
e87dd3 |
- *nadd = io.pfrio_nadd;
|
|
|
e87dd3 |
- return (0);
|
|
|
e87dd3 |
-}
|
|
|
e87dd3 |
-
|
|
|
e87dd3 |
-static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_addr* addr) {
|
|
|
e87dd3 |
- if ( !addr || !ipaddr)
|
|
|
e87dd3 |
- {
|
|
|
e87dd3 |
- my_syslog(LOG_ERR, _("error: fill_addr missused"));
|
|
|
e87dd3 |
- return -1;
|
|
|
e87dd3 |
- }
|
|
|
e87dd3 |
- bzero(addr, sizeof(*addr));
|
|
|
e87dd3 |
-#ifdef HAVE_IPV6
|
|
|
e87dd3 |
- if (flags & F_IPV6)
|
|
|
e87dd3 |
- {
|
|
|
e87dd3 |
- addr->pfra_af = AF_INET6;
|
|
|
e87dd3 |
- addr->pfra_net = 0x80;
|
|
|
e87dd3 |
- memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr));
|
|
|
e87dd3 |
- }
|
|
|
e87dd3 |
- else
|
|
|
e87dd3 |
-#endif
|
|
|
e87dd3 |
- {
|
|
|
e87dd3 |
- addr->pfra_af = AF_INET;
|
|
|
e87dd3 |
- addr->pfra_net = 0x20;
|
|
|
e87dd3 |
- addr->pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr;
|
|
|
e87dd3 |
- }
|
|
|
e87dd3 |
- return 1;
|
|
|
e87dd3 |
-}
|
|
|
e87dd3 |
-
|
|
|
e87dd3 |
-/*****************************************************************************/
|
|
|
e87dd3 |
|
|
|
e87dd3 |
void ipset_init(void)
|
|
|
e87dd3 |
{
|
|
|
e87dd3 |
@@ -111,14 +65,13 @@ void ipset_init(void)
|
|
|
e87dd3 |
}
|
|
|
e87dd3 |
|
|
|
e87dd3 |
int add_to_ipset(const char *setname, const struct all_addr *ipaddr,
|
|
|
e87dd3 |
- int flags, int remove)
|
|
|
e87dd3 |
+ int flags, int remove)
|
|
|
e87dd3 |
{
|
|
|
e87dd3 |
struct pfr_addr addr;
|
|
|
e87dd3 |
struct pfioc_table io;
|
|
|
e87dd3 |
struct pfr_table table;
|
|
|
e87dd3 |
- int n = 0, rc = 0;
|
|
|
e87dd3 |
|
|
|
e87dd3 |
- if ( dev == -1 )
|
|
|
e87dd3 |
+ if (dev == -1)
|
|
|
e87dd3 |
{
|
|
|
e87dd3 |
my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device);
|
|
|
e87dd3 |
return -1;
|
|
|
e87dd3 |
@@ -126,31 +79,52 @@ int add_to_ipset(const char *setname, const struct all_addr *ipaddr,
|
|
|
e87dd3 |
|
|
|
e87dd3 |
bzero(&table, sizeof(struct pfr_table));
|
|
|
e87dd3 |
table.pfrt_flags |= PFR_TFLAG_PERSIST;
|
|
|
e87dd3 |
- if ( strlen(setname) >= PF_TABLE_NAME_SIZE )
|
|
|
e87dd3 |
+ if (strlen(setname) >= PF_TABLE_NAME_SIZE)
|
|
|
e87dd3 |
{
|
|
|
e87dd3 |
my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname);
|
|
|
e87dd3 |
errno = ENAMETOOLONG;
|
|
|
e87dd3 |
return -1;
|
|
|
e87dd3 |
}
|
|
|
e87dd3 |
|
|
|
e87dd3 |
- if ( strlcpy(table.pfrt_name, setname,
|
|
|
e87dd3 |
- sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name))
|
|
|
e87dd3 |
+ if (strlcpy(table.pfrt_name, setname,
|
|
|
e87dd3 |
+ sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name))
|
|
|
e87dd3 |
{
|
|
|
e87dd3 |
my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname);
|
|
|
e87dd3 |
return -1;
|
|
|
e87dd3 |
}
|
|
|
e87dd3 |
|
|
|
e87dd3 |
- if ((rc = pfr_add_tables(&table, 1, &n, 0)))
|
|
|
e87dd3 |
+ bzero(&io, sizeof io);
|
|
|
e87dd3 |
+ io.pfrio_flags = 0;
|
|
|
e87dd3 |
+ io.pfrio_buffer = &table;
|
|
|
e87dd3 |
+ io.pfrio_esize = sizeof(table);
|
|
|
e87dd3 |
+ io.pfrio_size = 1;
|
|
|
e87dd3 |
+ if (ioctl(dev, DIOCRADDTABLES, &io))
|
|
|
e87dd3 |
{
|
|
|
e87dd3 |
- my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"),
|
|
|
e87dd3 |
- pfr_strerror(errno),rc);
|
|
|
e87dd3 |
+ my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno));
|
|
|
e87dd3 |
+
|
|
|
e87dd3 |
return -1;
|
|
|
e87dd3 |
}
|
|
|
e87dd3 |
+
|
|
|
e87dd3 |
table.pfrt_flags &= ~PFR_TFLAG_PERSIST;
|
|
|
e87dd3 |
- if (n)
|
|
|
e87dd3 |
+ if (io.pfrio_nadd)
|
|
|
e87dd3 |
my_syslog(LOG_INFO, _("info: table created"));
|
|
|
e87dd3 |
-
|
|
|
e87dd3 |
- fill_addr(ipaddr,flags,&addr);
|
|
|
e87dd3 |
+
|
|
|
e87dd3 |
+ bzero(&addr, sizeof(addr));
|
|
|
e87dd3 |
+#ifdef HAVE_IPV6
|
|
|
e87dd3 |
+ if (flags & F_IPV6)
|
|
|
e87dd3 |
+ {
|
|
|
e87dd3 |
+ addr.pfra_af = AF_INET6;
|
|
|
e87dd3 |
+ addr.pfra_net = 0x80;
|
|
|
e87dd3 |
+ memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr));
|
|
|
e87dd3 |
+ }
|
|
|
e87dd3 |
+ else
|
|
|
e87dd3 |
+#endif
|
|
|
e87dd3 |
+ {
|
|
|
e87dd3 |
+ addr.pfra_af = AF_INET;
|
|
|
e87dd3 |
+ addr.pfra_net = 0x20;
|
|
|
e87dd3 |
+ addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr;
|
|
|
e87dd3 |
+ }
|
|
|
e87dd3 |
+
|
|
|
e87dd3 |
bzero(&io, sizeof(io));
|
|
|
e87dd3 |
io.pfrio_flags = 0;
|
|
|
e87dd3 |
io.pfrio_table = table;
|
|
|
e87dd3 |
--
|
|
|
e87dd3 |
2.9.3
|
|
|
e87dd3 |
|