diff options
Diffstat (limited to 'usr/src/cmd/ipf/tools/ipfs.c')
| -rw-r--r-- | usr/src/cmd/ipf/tools/ipfs.c | 108 |
1 files changed, 68 insertions, 40 deletions
diff --git a/usr/src/cmd/ipf/tools/ipfs.c b/usr/src/cmd/ipf/tools/ipfs.c index 91ee4498ef..e8a5148143 100644 --- a/usr/src/cmd/ipf/tools/ipfs.c +++ b/usr/src/cmd/ipf/tools/ipfs.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -45,9 +45,10 @@ #include <arpa/nameser.h> #include <resolv.h> #include "ipf.h" +#include "netinet/ipl.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipfs.c,v 1.9 2003/05/17 09:47:35 darrenr Exp $"; +static const char rcsid[] = "@(#)Id: ipfs.c,v 1.12 2003/12/01 01:56:53 darrenr Exp"; #endif #ifndef IPF_SAVEDIR @@ -254,7 +255,7 @@ char *argv[]; set = 1; break; case 'r' : - if ((ns >= 0) || dirname || (rw != -1)) + if (dirname || (rw != -1) || (ns == -1)) usage(); rw = 0; set = 1; @@ -389,6 +390,7 @@ int fd; char *file; { ipstate_save_t ips, *ipsp; + ipfobj_t obj; int wfd = -1; if (!file) @@ -402,12 +404,19 @@ char *file; } ipsp = &ips; + bzero((char *)&obj, sizeof(obj)); bzero((char *)ipsp, sizeof(ips)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(*ipsp); + obj.ipfo_type = IPFOBJ_STATESAVE; + obj.ipfo_ptr = ipsp; + do { + if (opts & OPT_VERBOSE) printf("Getting state from addr %p\n", ips.ips_next); - if (ioctl(fd, SIOCSTGET, &ipsp)) { + if (ioctl(fd, SIOCSTGET, &obj)) { if (errno == ENOENT) break; perror("state:SIOCSTGET"); @@ -434,6 +443,7 @@ char *file; { ipstate_save_t ips, *is, *ipshead = NULL, *is1, *ipstail = NULL; int sfd = -1, i; + ipfobj_t obj; if (!file) file = IPF_STATEFILE; @@ -460,8 +470,8 @@ char *file; if (i == 0) break; if (i != sizeof(ips)) { - fprintf(stderr, "incomplete read: %d != %d\n", i, - (int)sizeof(ips)); + fprintf(stderr, "state:incomplete read: %d != %d\n", + i, (int)sizeof(ips)); close(sfd); return 1; } @@ -502,6 +512,10 @@ char *file; close(sfd); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(*is); + obj.ipfo_type = IPFOBJ_STATESAVE; + for (is = ipshead; is; is = is->ips_next) { if (opts & OPT_VERBOSE) printf("Loading new state table entry\n"); @@ -509,8 +523,10 @@ char *file; if (opts & OPT_VERBOSE) printf("Loading new filter rule\n"); } + + obj.ipfo_ptr = is; if (!(opts & OPT_DONOTHING)) - if (ioctl(fd, SIOCSTPUT, &is)) { + if (ioctl(fd, SIOCSTPUT, &obj)) { perror("SIOCSTPUT"); return 1; } @@ -532,9 +548,12 @@ int readnat(fd, file) int fd; char *file; { - nat_save_t ipn, *in, *ipnhead, *in1, *ipntail, *ipnp; + nat_save_t ipn, *in, *ipnhead = NULL, *in1, *ipntail = NULL; + ipfobj_t obj; int nfd, i; nat_t *nat; + char *s; + int n; nfd = -1; in = NULL; @@ -552,7 +571,6 @@ char *file; } bzero((char *)&ipn, sizeof(ipn)); - ipnp = &ipn; /* * 1. Read all state information in. @@ -567,42 +585,36 @@ char *file; if (i == 0) break; if (i != sizeof(ipn)) { - fprintf(stderr, "incomplete read: %d != %d\n", i, - (int)sizeof(ipn)); + fprintf(stderr, "nat:incomplete read: %d != %d\n", + i, (int)sizeof(ipn)); close(nfd); return 1; } - if (ipn.ipn_dsize > 0) { - char *s = ipnp->ipn_data; - int n = ipnp->ipn_dsize; - - n -= sizeof(ipnp->ipn_data); - in = malloc(sizeof(*in) + n); - if (!in) - break; + in = (nat_save_t *)malloc(ipn.ipn_dsize); + if (!in) + break; - s += sizeof(ipnp->ipn_data); - i = read(nfd, s, n); - if (i == 0) - break; - if (i != n) { - fprintf(stderr, "incomplete read: %d != %d\n", - i, n); - close(nfd); - free(in); - return 1; + if (ipn.ipn_dsize > sizeof(ipn)) { + n = ipn.ipn_dsize - sizeof(ipn); + if (n > 0) { + s = in->ipn_data + sizeof(in->ipn_data); + i = read(nfd, s, n); + if (i == 0) + break; + if (i != n) { + fprintf(stderr, + "nat:incomplete read: %d != %d\n", + i, n); + close(nfd); + return 1; + } } - } else { - ipn.ipn_dsize = 0; - in = (nat_save_t *)malloc(sizeof(*in)); - if (in == NULL) - break; } - bcopy((char *)ipnp, (char *)in, sizeof(ipn)); + bcopy((char *)&ipn, (char *)in, sizeof(ipn)); /* - * Check to see if this is the first state entry that will + * Check to see if this is the first NAT entry that will * reference a particular rule and if so, flag it as such * else just adjust the rule pointer to become a pointer to * the other. We do this so we have a means later for tracking @@ -632,6 +644,10 @@ char *file; } while (1); close(nfd); + nfd = -1; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_NATSAVE; for (in = ipnhead; in; in = in->ipn_next) { if (opts & OPT_VERBOSE) @@ -641,8 +657,12 @@ char *file; if (opts & OPT_VERBOSE) printf("Loading new filter rule\n"); } + + obj.ipfo_ptr = in; + obj.ipfo_size = in->ipn_dsize; if (!(opts & OPT_DONOTHING)) - if (ioctl(fd, SIOCSTPUT, &in)) { + if (ioctl(fd, SIOCSTPUT, &obj)) { + fprintf(stderr, "in=%p:", in); perror("SIOCSTPUT"); return 1; } @@ -665,6 +685,7 @@ int fd; char *file; { nat_save_t *ipnp = NULL, *next = NULL; + ipfobj_t obj; int nfd = -1; natget_t ng; @@ -678,6 +699,8 @@ char *file; return 1; } + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_NATSAVE; do { if (opts & OPT_VERBOSE) @@ -709,8 +732,11 @@ char *file; } bzero((char *)ipnp, ng.ng_sz); + obj.ipfo_size = ng.ng_sz; + obj.ipfo_ptr = ipnp; + ipnp->ipn_dsize = ng.ng_sz; ipnp->ipn_next = next; - if (ioctl(fd, SIOCSTGET, &ipnp)) { + if (ioctl(fd, SIOCSTGET, &obj)) { if (errno == ENOENT) break; perror("nat:SIOCSTGET"); @@ -720,8 +746,9 @@ char *file; } if (opts & OPT_VERBOSE) - printf("Got nat next %p\n", ipnp->ipn_next); - if (write(nfd, ipnp, ng.ng_sz) != ng.ng_sz) { + printf("Got nat next %p ipn_dsize %d ng_sz %d\n", + ipnp->ipn_next, ipnp->ipn_dsize, ng.ng_sz); + if (write(nfd, ipnp, ipnp->ipn_dsize) != ipnp->ipn_dsize) { perror("nat:write"); close(nfd); free(ipnp); @@ -746,6 +773,7 @@ char *dirname; dirname = IPF_SAVEDIR; if (chdir(dirname)) { + fprintf(stderr, "IPF_SAVEDIR=%s: ", dirname); perror("chdir(IPF_SAVEDIR)"); return 1; } |