Changeset View
Changeset View
Standalone View
Standalone View
sbin/ipfw/ipfw2.c
Show First 20 Lines • Show All 3,708 Lines • ▼ Show 20 Lines | if ((ch = strpbrk(av, "/,")) != NULL) { | ||||
len = ch - av; | len = ch - av; | ||||
strlcpy(buf, av, sizeof(buf)); | strlcpy(buf, av, sizeof(buf)); | ||||
if (len < sizeof(buf)) | if (len < sizeof(buf)) | ||||
buf[len] = '\0'; | buf[len] = '\0'; | ||||
host = buf; | host = buf; | ||||
} else | } else | ||||
host = av; | host = av; | ||||
if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || | if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || | ||||
inet_pton(AF_INET6, host, &a) == 1) | inet_pton(AF_INET6, host, &a) == 1) | ||||
donner: Where does this match to "me"? | |||||
Done Inline ActionsThis happens in the next "if" statement, but also in fill_ip6() in ipv6.c. nc: This happens in the next "if" statement, but also in fill_ip6() in ipv6.c. | |||||
Not Done Inline ActionsSo "me" does not match in IPv6 statements? ipfw allow ip6 from any to me We have to use "me6"? ipfw allow ip6 from any to me6 This contradicts the description in the man page.. donner: So "me" does not match in IPv6 statements?
ipfw allow ip6 from any to me
We have to use… | |||||
ret = add_srcip6(cmd, av, cblen, tstate); | ret = add_srcip6(cmd, av, cblen, tstate); | ||||
/* XXX: should check for IPv4, not !IPv6 */ | else if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || | ||||
if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || | strcmp(av, "me4") == 0 || inet_pton(AF_INET, host, &a))) | ||||
inet_pton(AF_INET6, host, &a) != 1)) | |||||
ret = add_srcip(cmd, av, cblen, tstate); | ret = add_srcip(cmd, av, cblen, tstate); | ||||
if (ret == NULL && strcmp(av, "any") != 0) | else if (ret == NULL && strcmp(av, "any") != 0) | ||||
ret = cmd; | ret = cmd; | ||||
return ret; | return ret; | ||||
Done Inline ActionsSimplify the code to immediate return. if (proto == IPPROTO_IPV6 || ...) return add_srcip6(...); if (proto == IPPROTO_IP || ...) return add_srcip(...); ... donner: Simplify the code to immediate return.
if (proto == IPPROTO_IPV6 || ...)
return add_srcip6(. | |||||
} | } | ||||
static ipfw_insn * | static ipfw_insn * | ||||
add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate) | add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate) | ||||
{ | { | ||||
struct in6_addr a; | struct in6_addr a; | ||||
char *host, *ch, buf[INET6_ADDRSTRLEN]; | char *host, *ch, buf[INET6_ADDRSTRLEN]; | ||||
ipfw_insn *ret = NULL; | ipfw_insn *ret = NULL; | ||||
int len; | int len; | ||||
/* Copy first address in set if needed */ | /* Copy first address in set if needed */ | ||||
if ((ch = strpbrk(av, "/,")) != NULL) { | if ((ch = strpbrk(av, "/,")) != NULL) { | ||||
len = ch - av; | len = ch - av; | ||||
strlcpy(buf, av, sizeof(buf)); | strlcpy(buf, av, sizeof(buf)); | ||||
if (len < sizeof(buf)) | if (len < sizeof(buf)) | ||||
buf[len] = '\0'; | buf[len] = '\0'; | ||||
host = buf; | host = buf; | ||||
} else | } else | ||||
host = av; | host = av; | ||||
if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || | if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || | ||||
inet_pton(AF_INET6, host, &a) == 1) | inet_pton(AF_INET6, host, &a) == 1) | ||||
Done Inline ActionsDito donner: Dito | |||||
ret = add_dstip6(cmd, av, cblen, tstate); | ret = add_dstip6(cmd, av, cblen, tstate); | ||||
/* XXX: should check for IPv4, not !IPv6 */ | else if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || | ||||
if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || | strcmp(av, "me4") == 0 || inet_pton(AF_INET, host, &a))) | ||||
inet_pton(AF_INET6, host, &a) != 1)) | |||||
ret = add_dstip(cmd, av, cblen, tstate); | ret = add_dstip(cmd, av, cblen, tstate); | ||||
if (ret == NULL && strcmp(av, "any") != 0) | else if (ret == NULL && strcmp(av, "any") != 0) | ||||
ret = cmd; | ret = cmd; | ||||
return ret; | return ret; | ||||
Done Inline ActionsDito donner: Dito | |||||
} | } | ||||
/* | /* | ||||
* Parse arguments and assemble the microinstructions which make up a rule. | * Parse arguments and assemble the microinstructions which make up a rule. | ||||
* Rules are added into the 'rulebuf' and then copied in the correct order | * Rules are added into the 'rulebuf' and then copied in the correct order | ||||
* into the actual rule. | * into the actual rule. | ||||
* | * | ||||
* The syntax for a rule starts with the action, followed by | * The syntax for a rule starts with the action, followed by | ||||
▲ Show 20 Lines • Show All 1,852 Lines • Show Last 20 Lines |
Where does this match to "me"?