Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Attempt to fix PR/25992 [protocol parsing] by bringing these files in from

Browse Source 
4.1.2
This commit is contained in:
christos 2004-07-08 02:51:24 +00:00
parent bbbaf17cc4
commit b074ee3b58
6 changed files with 291 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dist/ipf/ipf.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipf.h,v 1.5 2004/03/28 09:00:53 martti Exp $ */
/* $NetBSD: ipf.h,v 1.6 2004/07/08 02:51:24 christos Exp $ */
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.
@ -195,7 +195,7 @@ extern char *fac_toname __P((int));
extern int fac_findname __P((char *));
extern void fill6bits __P((int, u_int *));
extern int gethost __P((char *, u_32_t *));
extern int getport __P((char *));
extern int getport __P((struct frentry *, char *));
extern int getportproto __P((char *, int));
extern int getproto __P((char *));
extern char *getline __P((char *, size_t, FILE *, int *));

33
dist/ipf/lib/getport.c vendored
View File

@ -1,14 +1,39 @@
/* $NetBSD: getport.c,v 1.1.1.1 2004/03/28 08:56:18 martti Exp $ */
#include "ipf.h"
int getport(name)
int getport(fr, name)
frentry_t *fr;
char *name;
{
struct protoent *p;
struct servent *s;
u_short p1;
s = getservbyname(name, NULL);
if (fr == NULL || fr->fr_type != FR_T_IPF) {
s = getservbyname(name, NULL);
if (s != NULL)
return s->s_port;
return 0;
}
if ((fr->fr_flx & FI_TCPUDP) != 0) {
/*
* If a rule is "tcp/udp" then check that both TCP and UDP
* mappings for this protocol name match ports.
*/
s = getservbyname(name, "tcp");
if (s == NULL)
return 0;
p1 = s->s_port;
s = getservbyname(name, "udp");
if (s == NULL || s->s_port != p1)
return 0;
return p1;
}
p = getprotobynumber(fr->fr_proto);
s = getservbyname(name, p ? p->p_name : NULL);
if (s != NULL)
return s->s_port;
return 0;
}

313
dist/ipf/tools/ipf_y.y vendored
View File

@ -1,5 +1,3 @@
/* $NetBSD: ipf_y.y,v 1.8 2004/06/29 22:33:25 christos Exp $ */
%{
#include "ipf.h"
#include <sys/ioctl.h>
@ -48,9 +46,9 @@ static int nrules = 0;
static int newlist = 0;
static int added = 0;
static int ipffd = -1;
static int *yycont = 0;
static ioctlfunc_t ipfioctl[IPL_LOGSIZE];
static addfunc_t ipfaddfunc = NULL;
static wordtab_t *savewords;
%}
%union {
@ -74,7 +72,7 @@ static wordtab_t *savewords;
%type <num> portnum facility priority icmpcode seclevel secname icmptype
%type <num> opt compare range opttype flagset optlist ipv6hdrlist ipv6hdr
%type <ipa> hostname ipv4 ipv4mask
%type <ipa> hostname ipv4 ipv4mask ipv4_16 ipv4_24
%type <ip6> ipv6mask
%type <ipp> addr
%type <str> servicename name interfacename
@ -177,8 +175,11 @@ assigning:
'=' { yyvarnext = 1; }
;
rule: inrule
| outrule
rule: inrule eol
| outrule eol
;
eol: | ';'
;
inrule:
@ -261,7 +262,7 @@ blockreturn:
IPFY_RETICMP { fr->fr_flags |= FR_RETICMP; }
| IPFY_RETICMP returncode { fr->fr_flags |= FR_RETICMP; }
| IPFY_RETICMPASDST { fr->fr_flags |= FR_FAKEICMP; }
| IPFY_RETICMPASDST returncode { fr->fr_flags |= FR_FAKEICMP; }
| IPFY_RETICMPASDST returncode { fr->fr_flags |= FR_FAKEICMP; }
| IPFY_RETRST { fr->fr_flags |= FR_RETRST; }
;
@ -315,9 +316,6 @@ tos: | settos YY_NUMBER { DOALL(fr->fr_tos = $2; fr->fr_mtos = 0xff;) }
settos: IPFY_TOS { setipftype(); }
;
seticmptype: IPFY_ICMPTYPE { setipftype(); }
;
toslist:
YY_NUMBER { DOALL(fr->fr_tos = $1; fr->fr_mtos = 0xff;) }
| YY_HEX { DOREM(fr->fr_tos = $1; fr->fr_mtos = 0xff;) }
@ -342,6 +340,8 @@ lmore: lanother { if (newlist == 1) {
newlist = 0;
}
fr = addrule();
if (yycont != NULL)
*yycont = 1;
}
;
@ -420,6 +420,7 @@ tagoutspec:
matchtagin:
| IPFY_MATCHTAG '(' tagoutlist ')'
;
matchtagout:
| IPFY_MATCHTAG '(' taginlist ')'
@ -549,7 +550,11 @@ logoption:
;
returncode:
'(' icmpcode ')' { fr->fr_icode = $2; }
starticmpcode icmpcode ')' { fr->fr_icode = $2; yyresetdict(); }
;
starticmpcode:
'(' { yysetdict(icmpcodewords); }
;
srcdst: IPFY_ALL
@ -579,21 +584,23 @@ protocol:
}
;
fromto: from srcobject to dstobject { yyexpectaddr = 0; }
| to dstobject { yyexpectaddr = 0; }
| from srcobject { yyexpectaddr = 0; }
fromto: from srcobject to dstobject { yyexpectaddr = 0; yycont = NULL; }
| to dstobject { yyexpectaddr = 0; yycont = NULL; }
| from srcobject { yyexpectaddr = 0; yycont = NULL; }
;
from: IPFY_FROM { setipftype();
if (fr == NULL)
fr = frc;
yyexpectaddr = 1;
yycont = &yyexpectaddr;
resetaddr(); }
;
to: IPFY_TO { if (fr == NULL)
fr = frc;
yyexpectaddr = 1;
yycont = &yyexpectaddr;
resetaddr(); }
;
@ -605,32 +612,24 @@ andwith:
| IPFY_AND { nowith = 0; setipftype(); }
;
flags: | startflags flagset
flags: | IPFY_FLAGS flagset
{ DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = FR_TCPFMAX;) }
| startflags flagset '/' flagset
| IPFY_FLAGS flagset '/' flagset
{ DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
| startflags '/' flagset
| IPFY_FLAGS '/' flagset
{ DOALL(fr->fr_tcpf = 0; fr->fr_tcpfm = $3;) }
| startflags YY_NUMBER
| IPFY_FLAGS YY_NUMBER
{ DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = FR_TCPFMAX;) }
| startflags '/' YY_NUMBER
| IPFY_FLAGS '/' YY_NUMBER
{ DOALL(fr->fr_tcpf = 0; fr->fr_tcpfm = $3;) }
| startflags YY_NUMBER '/' YY_NUMBER
| IPFY_FLAGS YY_NUMBER '/' YY_NUMBER
{ DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
| startflags flagset '/' YY_NUMBER
| IPFY_FLAGS flagset '/' YY_NUMBER
{ DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
| startflags YY_NUMBER '/' flagset
| IPFY_FLAGS YY_NUMBER '/' flagset
{ DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
;
startflags:
IPFY_FLAGS { if (frc->fr_type != FR_T_IPF)
yyerror("flags with non-ipf type rule");
if (frc->fr_proto != IPPROTO_TCP)
yyerror("flags with non-TCP rule");
}
;
flagset:
YY_STR { $$ = tcpflags($1); free($1); }
| YY_HEX { $$ = $1; }
@ -869,10 +868,10 @@ addrlist:
bcopy(&($3.m), &($$->al_i6mask), sizeof($3.m)); }
;
pool: IPFY_POOL { yyexpectaddr = 0; }
pool: IPFY_POOL { yyexpectaddr = 0; yycont = NULL; }
;
hash: IPFY_HASH { yyexpectaddr = 0; }
hash: IPFY_HASH { yyexpectaddr = 0; yycont = NULL; }
;
poollist:
@ -894,28 +893,48 @@ poollist:
bcopy(&($4.m), &($$->al_i6mask), sizeof($4.m)); }
;
port: IPFY_PORT { yyexpectaddr = 0; yyvarnext = 1; }
port: IPFY_PORT { yyexpectaddr = 0;
yycont = NULL;
yysetdict(NULL); }
;
portcomp:
port compare portnum { $$.pc = $2; $$.p1 = $3; }
port compare portnum { $$.pc = $2;
$$.p1 = $3;
yyresetdict(); }
;
portrange:
port portnum range portnum { $$.p1 = $2; $$.pc = $3; $$.p2 = $4; }
port portnum range portnum { $$.p1 = $2;
$$.pc = $3;
$$.p2 = $4;
yyresetdict(); }
;
icmp: | itype icode
;
itype: seticmptype icmptype
{ DOALL(fr->fr_icmp = htons($2 << 8); fr->fr_icmpm = htons(0xff00);) }
| seticmptype lstart typelist lend
{ DOALL(fr->fr_icmp = htons($2 << 8); fr->fr_icmpm = htons(0xff00););
yyresetdict();
}
| seticmptype lstart typelist lend { yyresetdict(); }
;
icode: | IPFY_ICMPCODE icmpcode
{ DOALL(fr->fr_icmp |= htons($2); fr->fr_icmpm |= htons(0xff);) }
| IPFY_ICMPCODE lstart codelist lend
seticmptype:
IPFY_ICMPTYPE { setipftype();
yysetdict(icmptypewords); }
;
icode: | seticmpcode icmpcode
{ DOALL(fr->fr_icmp |= htons($2); fr->fr_icmpm |= htons(0xff););
yyresetdict();
}
| seticmpcode lstart codelist lend { yyresetdict(); }
;
seticmpcode:
IPFY_ICMPCODE { yysetdict(icmpcodewords); }
;
typelist:
@ -950,6 +969,7 @@ keepstate:
keepfrag:
IPFY_FRAGS fragoptlist { DOALL(fr->fr_flags |= FR_KEEPFRAG;) }
| IPFY_FRAG fragoptlist { DOALL(fr->fr_flags |= FR_KEEPFRAG;) }
;
fragoptlist:
@ -990,7 +1010,7 @@ stateopt:
;
portnum:
servicename { $$ = ntohs(getport($1));
servicename { $$ = ntohs(getport(frc, $1));
free($1);
}
| YY_NUMBER { $$ = $1; }
@ -1005,15 +1025,19 @@ withlist:
withopt:
opttype { DOALL(fr->fr_flx |= $1; fr->fr_mflx |= $1;) }
| notwith opttype
{ DOALL(fr->fr_mflx |= $2;) }
| IPFY_OPT ipopts
| notwith IPFY_OPT ipopts
| startv6hdrs ipv6hdrs
{ DOALL(fr->fr_mflx |= $2;) }
| ipopt ipopts { yyresetdict(); }
| notwith ipopt ipopts { yyresetdict(); }
| startv6hdrs ipv6hdrs { yyresetdict(); }
;
ipopt: IPFY_OPT { yysetdict(ipv4optwords); }
;
startv6hdrs:
IPF6_V6HDRS { if (use_inet6 == 0)
yyerror("only available with IPv6");
yysetdict(ipv6optwords);
}
;
@ -1031,6 +1055,7 @@ opttype:
| IPFY_BADSRC { $$ = FI_BADSRC; }
| IPFY_LOWTTL { $$ = FI_LOWTTL; }
| IPFY_FRAG { $$ = FI_FRAG; }
| IPFY_FRAGS { $$ = FI_FRAG; }
| IPFY_MBCAST { $$ = FI_MBCAST; }
| IPFY_MULTICAST { $$ = FI_MULTICAST; }
| IPFY_BROADCAST { $$ = FI_BROADCAST; }
@ -1141,14 +1166,19 @@ opt:
| IPFY_IPOPT_NSAPA { $$ = getoptbyvalue(IPOPT_NSAPA); }
| IPFY_IPOPT_RTRALRT { $$ = getoptbyvalue(IPOPT_RTRALRT); }
| IPFY_IPOPT_UMP { $$ = getoptbyvalue(IPOPT_UMP); }
| IPFY_SECCLASS secname
| setsecclass secname
{ DOALL(fr->fr_mip.fi_secmsk |= $2;
if (!nowith)
fr->fr_ip.fi_secmsk |= $2;)
$$ = 0;
yyresetdict();
}
;
setsecclass:
IPFY_SECCLASS { yysetdict(ipv4secwords); }
;
ipv6hdr:
IPFY_AH { $$ = getv6optbyvalue(IPPROTO_AH); }
| IPFY_IPV6OPT_DSTOPTS { $$ = getv6optbyvalue(IPPROTO_DSTOPTS); }
@ -1236,20 +1266,42 @@ interfacename: YY_STR { $$ = $1; }
name: YY_STR { $$ = $1; }
;
ipv4: YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER
{ if ($1 > 255 || $3 > 255 || $5 > 255 || $7 > 255) {
ipv4_16:
YY_NUMBER '.' YY_NUMBER
{ if ($1 > 255 || $3 > 255) {
yyerror("Invalid octet string for IP address");
return 0;
}
$$.s_addr = ($1 << 24) | ($3 << 16) | ($5 << 8) | $7;
$$.s_addr = ($1 << 24) | ($3 << 16);
$$.s_addr = htonl($$.s_addr);
}
;
ipv4_24:
ipv4_16 '.' YY_NUMBER
{ if ($3 > 255) {
yyerror("Invalid octet string for IP address");
return 0;
}
$$.s_addr |= htonl($3 << 8);
}
;
ipv4: ipv4_24 '.' YY_NUMBER
{ if ($3 > 255) {
yyerror("Invalid octet string for IP address");
return 0;
}
$$.s_addr |= htonl($3);
}
| ipv4_24
| ipv4_16
;
%%
static struct wordtab ipfwords[] = {
{ "addext", IPFY_IPOPT_ADDEXT },
{ "age", IPFY_AGE },
{ "ah", IPFY_AH },
{ "all", IPFY_ALL },
@ -1268,26 +1320,15 @@ static struct wordtab ipfwords[] = {
#endif
{ "broadcast", IPFY_BROADCAST },
{ "call", IPFY_CALL },
{ "cipso", IPFY_IPOPT_CIPSO },
{ "code", IPFY_ICMPCODE },
{ "confid", IPFY_SEC_CONF },
{ "count", IPFY_COUNT },
{ "cutoff-preced", IPFY_ICMPC_CUTPRE },
{ "divert", IPFY_DIVERT },
{ "dps", IPFY_IPOPT_DPS },
{ "dstopts", IPFY_IPV6OPT_DSTOPTS },
{ "dup-to", IPFY_DUPTO },
{ "e-sec", IPFY_IPOPT_ESEC },
{ "echo", IPFY_ICMPT_ECHO },
{ "echorep", IPFY_ICMPT_ECHOR },
{ "eip", IPFY_IPOPT_EIP },
{ "encode", IPFY_IPOPT_ENCODE },
{ "eq", YY_CMP_EQ },
{ "esp", IPFY_ESP },
{ "fastroute", IPFY_FROUTE },
{ "filter-prohib", IPFY_ICMPC_FLTPRO },
{ "first", IPFY_FIRST },
{ "finn", IPFY_IPOPT_FINN },
{ "frag", IPFY_FRAG },
{ "flags", IPFY_FLAGS },
{ "frags", IPFY_FRAGS },
@ -1297,124 +1338,155 @@ static struct wordtab ipfwords[] = {
{ "gt", YY_CMP_GT },
{ "hash", IPFY_HASH },
{ "head", IPFY_HEAD },
{ "hopopts", IPFY_IPV6OPT_HOPOPTS },
{ "host-preced", IPFY_ICMPC_HSTPRE },
{ "host-prohib", IPFY_ICMPC_HSTPRO },
{ "host-tos", IPFY_ICMPC_HSTTOS },
{ "host-unk", IPFY_ICMPC_HSTUNK },
{ "host-unr", IPFY_ICMPC_HSTUNR },
{ "icmp", IPFY_ICMP },
{ "icmp-type", IPFY_ICMPTYPE },
{ "imitd", IPFY_IPOPT_IMITD },
{ "in", IPFY_IN },
{ "in-via", IPFY_INVIA },
{ "inforeq", IPFY_ICMPT_INFOREQ },
{ "inforep", IPFY_ICMPT_INFOREP },
{ "ipopt", IPFY_IPOPTS },
{ "ipopts", IPFY_IPOPTS },
{ "ipv6", IPFY_IPV6OPT_IPV6 },
{ "isolate", IPFY_ICMPC_ISOLATE },
{ "keep", IPFY_KEEP },
{ "le", YY_CMP_LE },
{ "level", IPFY_LEVEL },
{ "limit", IPFY_LIMIT },
{ "log", IPFY_LOG },
{ "lowttl", IPFY_LOWTTL },
{ "lsrr", IPFY_IPOPT_LSRR },
{ "lt", YY_CMP_LT },
{ "mask", IPFY_MASK },
{ "maskrep", IPFY_ICMPT_MASKREP },
{ "maskreq", IPFY_ICMPT_MASKREQ },
{ "match-tag", IPFY_MATCHTAG },
{ "mbcast", IPFY_MBCAST },
{ "mtup", IPFY_IPOPT_MTUP },
{ "mtur", IPFY_IPOPT_MTUR },
{ "multicast", IPFY_MULTICAST },
{ "nat", IPFY_NAT },
{ "ne", YY_CMP_NE },
{ "needfrag", IPFY_ICMPC_NEEDF },
{ "net", IPFY_NETWORK },
{ "net-prohib", IPFY_ICMPC_NETPRO },
{ "net-tos", IPFY_ICMPC_NETTOS },
{ "net-unk", IPFY_ICMPC_NETUNK },
{ "net-unr", IPFY_ICMPC_NETUNR },
{ "netmasked", IPFY_NETMASKED },
{ "network", IPFY_NETWORK },
{ "newisn", IPFY_NEWISN },
{ "no", IPFY_NO },
{ "no-icmp-err", IPFY_NOICMPERR },
{ "none", IPFY_IPV6OPT_NONE },
{ "nop", IPFY_IPOPT_NOP },
{ "now", IPFY_NOW },
{ "not", IPFY_NOT },
{ "nsapa", IPFY_IPOPT_NSAPA },
{ "oow", IPFY_OOW },
{ "on", IPFY_ON },
{ "opt", IPFY_OPT },
{ "or-block", IPFY_ORBLOCK },
{ "out", IPFY_OUT },
{ "out-via", IPFY_OUTVIA },
{ "paramprob", IPFY_ICMPT_PARAMP },
{ "pass", IPFY_PASS },
{ "peer", IPFY_PEER },
{ "pool", IPFY_POOL },
{ "port", IPFY_PORT },
{ "port-unr", IPFY_ICMPC_PORUNR },
{ "pps", IPFY_PPS },
{ "preauth", IPFY_PREAUTH },
{ "proto", IPFY_PROTO },
{ "proto-unr", IPFY_ICMPC_PROUNR },
{ "quick", IPFY_QUICK },
{ "redir", IPFY_ICMPT_REDIR },
{ "reply-to", IPFY_REPLY_TO },
{ "reserv-1", IPFY_SEC_RSV1 },
{ "reserv-2", IPFY_SEC_RSV2 },
{ "reserv-3", IPFY_SEC_RSV3 },
{ "reserv-4", IPFY_SEC_RSV4 },
{ "return-icmp", IPFY_RETICMP },
{ "return-icmp-as-dest", IPFY_RETICMPASDST },
{ "return-rst", IPFY_RETRST },
{ "route-to", IPFY_ROUTETO },
{ "sec-class", IPFY_SECCLASS },
{ "set-tag", IPFY_SETTAG },
{ "skip", IPFY_SKIP },
{ "short", IPFY_SHORT },
{ "state", IPFY_STATE },
{ "strict", IPFY_STRICT },
{ "tcp", IPFY_TCP },
{ "tcp-udp", IPFY_TCPUDP },
{ "tos", IPFY_TOS },
{ "to", IPFY_TO },
{ "ttl", IPFY_TTL },
{ "udp", IPFY_UDP },
{ "v6hdrs", IPF6_V6HDRS },
{ "with", IPFY_WITH },
{ NULL, 0 }
};
static struct wordtab icmptypewords[] = {
{ "echo", IPFY_ICMPT_ECHO },
{ "echorep", IPFY_ICMPT_ECHOR },
{ "inforeq", IPFY_ICMPT_INFOREQ },
{ "inforep", IPFY_ICMPT_INFOREP },
{ "maskrep", IPFY_ICMPT_MASKREP },
{ "maskreq", IPFY_ICMPT_MASKREQ },
{ "paramprob", IPFY_ICMPT_PARAMP },
{ "redir", IPFY_ICMPT_REDIR },
{ "unreach", IPFY_ICMPT_UNR },
{ "routerad", IPFY_ICMPT_ROUTERAD },
{ "routersol", IPFY_ICMPT_ROUTERSOL },
{ "routing", IPFY_IPV6OPT_ROUTING },
{ "squench", IPFY_ICMPT_SQUENCH },
{ "timest", IPFY_ICMPT_TIMEST },
{ "timestrep", IPFY_ICMPT_TIMESTREP },
{ "timex", IPFY_ICMPT_TIMEX },
{ NULL, 0 },
};
static struct wordtab icmpcodewords[] = {
{ "cutoff-preced", IPFY_ICMPC_CUTPRE },
{ "filter-prohib", IPFY_ICMPC_FLTPRO },
{ "isolate", IPFY_ICMPC_ISOLATE },
{ "needfrag", IPFY_ICMPC_NEEDF },
{ "net-prohib", IPFY_ICMPC_NETPRO },
{ "net-tos", IPFY_ICMPC_NETTOS },
{ "host-preced", IPFY_ICMPC_HSTPRE },
{ "host-prohib", IPFY_ICMPC_HSTPRO },
{ "host-tos", IPFY_ICMPC_HSTTOS },
{ "host-unk", IPFY_ICMPC_HSTUNK },
{ "host-unr", IPFY_ICMPC_HSTUNR },
{ "net-unk", IPFY_ICMPC_NETUNK },
{ "net-unr", IPFY_ICMPC_NETUNR },
{ "port-unr", IPFY_ICMPC_PORUNR },
{ "proto-unr", IPFY_ICMPC_PROUNR },
{ "srcfail", IPFY_ICMPC_SRCFAIL },
{ NULL, 0 },
};
static struct wordtab ipv4optwords[] = {
{ "addext", IPFY_IPOPT_ADDEXT },
{ "cipso", IPFY_IPOPT_CIPSO },
{ "dps", IPFY_IPOPT_DPS },
{ "e-sec", IPFY_IPOPT_ESEC },
{ "eip", IPFY_IPOPT_EIP },
{ "encode", IPFY_IPOPT_ENCODE },
{ "finn", IPFY_IPOPT_FINN },
{ "imitd", IPFY_IPOPT_IMITD },
{ "lsrr", IPFY_IPOPT_LSRR },
{ "mtup", IPFY_IPOPT_MTUP },
{ "mtur", IPFY_IPOPT_MTUR },
{ "nop", IPFY_IPOPT_NOP },
{ "nsapa", IPFY_IPOPT_NSAPA },
{ "rr", IPFY_IPOPT_RR },
{ "rtralrt", IPFY_IPOPT_RTRALRT },
{ "satid", IPFY_IPOPT_SATID },
{ "sdb", IPFY_IPOPT_SDB },
{ "sec", IPFY_IPOPT_SEC },
{ "sec-class", IPFY_SECCLASS },
{ "secret", IPFY_SEC_SEC },
{ "set-tag", IPFY_SETTAG },
{ "skip", IPFY_SKIP },
{ "squench", IPFY_ICMPT_SQUENCH },
{ "short", IPFY_SHORT },
{ "srcfail", IPFY_ICMPC_SRCFAIL },
{ "ssrr", IPFY_IPOPT_SSRR },
{ "state", IPFY_STATE },
{ "strict", IPFY_STRICT },
{ "tcp", IPFY_TCP },
{ "tcp-udp", IPFY_TCPUDP },
{ "timest", IPFY_ICMPT_TIMEST },
{ "timestrep", IPFY_ICMPT_TIMESTREP },
{ "timex", IPFY_ICMPT_TIMEX },
{ "tos", IPFY_TOS },
{ "topsecret", IPFY_SEC_TS },
{ "to", IPFY_TO },
{ "tr", IPFY_IPOPT_TR },
{ "ts", IPFY_IPOPT_TS },
{ "ttl", IPFY_TTL },
{ "udp", IPFY_UDP },
{ "ump", IPFY_IPOPT_UMP },
{ "unclass", IPFY_SEC_UNC },
{ "unreach", IPFY_ICMPT_UNR },
{ "v6hdrs", IPF6_V6HDRS },
{ "visa", IPFY_IPOPT_VISA },
{ "with", IPFY_WITH },
{ "zsu", IPFY_IPOPT_ZSU },
{ NULL, 0 }
{ NULL, 0 },
};
static struct wordtab ipv4secwords[] = {
{ "confid", IPFY_SEC_CONF },
{ "reserv-1", IPFY_SEC_RSV1 },
{ "reserv-2", IPFY_SEC_RSV2 },
{ "reserv-3", IPFY_SEC_RSV3 },
{ "reserv-4", IPFY_SEC_RSV4 },
{ "secret", IPFY_SEC_SEC },
{ "topsecret", IPFY_SEC_TS },
{ "unclass", IPFY_SEC_UNC },
{ NULL, 0 },
};
static struct wordtab ipv6optwords[] = {
{ "hopopts", IPFY_IPV6OPT_HOPOPTS },
{ "ipv6", IPFY_IPV6OPT_IPV6 },
{ "none", IPFY_IPV6OPT_NONE },
{ "routing", IPFY_IPV6OPT_ROUTING },
{ NULL, 0 },
};
static struct wordtab logwords[] = {
{ "kern", IPFY_FAC_KERN },
@ -1910,17 +1982,16 @@ void *ptr;
}
}
static void setsyslog()
{
savewords = yysettab(logwords);
yysetdict(logwords);
yybreakondot = 1;
}
static void unsetsyslog()
{
yysettab(savewords);
yyresetdict();
yybreakondot = 0;
}

46
dist/ipf/tools/ipnat_y.y vendored
View File

@ -1,5 +1,3 @@
/* $NetBSD: ipnat_y.y,v 1.2 2004/05/26 20:32:48 christos Exp $ */
%{
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
@ -124,9 +122,12 @@ assigning:
xx: { newnatrule(); }
;
rule: map
| mapblock
| redir
rule: map eol
| mapblock eol
| redir eol
;
eol: | ';'
;
map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions
@ -153,7 +154,7 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions
strncpy(nat->in_ifnames[1],
nat->in_ifnames[0],
sizeof(nat->in_ifnames[0]));
if ((nat->in_flags & IPN_TCPUDP) == 0)
if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0)
setnatproto(nat->in_p);
if (((nat->in_redir & NAT_MAPBLK) != 0) ||
((nat->in_flags & IPN_AUTOPORTMAP) != 0))
@ -179,7 +180,7 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions
strncpy(nat->in_ifnames[1],
nat->in_ifnames[0],
sizeof(nat->in_ifnames[0]));
if ((nat->in_flags & IPN_TCPUDP) == 0)
if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0)
setnatproto(nat->in_p);
if (((nat->in_redir & NAT_MAPBLK) != 0) ||
((nat->in_flags & IPN_AUTOPORTMAP) != 0))
@ -289,9 +290,14 @@ dport: | IPNY_PORT YY_NUMBER { nat->in_pmin = htons($2);
nat->in_pmax = htons($2); }
| IPNY_PORT YY_NUMBER '-' YY_NUMBER { nat->in_pmin = htons($2);
nat->in_pmax = htons($4); }
| IPNY_PORT YY_NUMBER ':' YY_NUMBER { nat->in_pmin = htons($2);
nat->in_pmax = htons($4); }
;
nport: IPNY_PORT YY_NUMBER { nat->in_pnext = htons($2); }
nport: IPNY_PORT YY_NUMBER { nat->in_pnext = htons($2); }
| IPNY_PORT '=' YY_NUMBER { nat->in_pnext = htons($3);
nat->in_flags |= IPN_FIXEDDPORT;
}
;
ports: | IPNY_PORTS numports { nat->in_pmin = $2; }
@ -346,11 +352,23 @@ otherifname:
mapport:
IPNY_PORTMAP tcpudp YY_NUMBER ':' YY_NUMBER
{ nat->in_pmin = htons($3);
nat->in_pmax = htons($5); }
| IPNY_PORTMAP tcpudp IPNY_AUTO { nat->in_flags |= IPN_AUTOPORTMAP;
nat->in_pmin = htons(1024);
nat->in_pmax = htons(65535); }
{ nat->in_pmin = htons($3);
nat->in_pmax = htons($5);
}
| IPNY_PORTMAP tcpudp IPNY_AUTO
{ nat->in_flags |= IPN_AUTOPORTMAP;
nat->in_pmin = htons(1024);
nat->in_pmax = htons(65535);
}
| IPNY_ICMPIDMAP YY_STR YY_NUMBER ':' YY_NUMBER
{ if (strcmp($2, "icmp") != 0) {
yyerror("icmpidmap not followed by icmp");
}
free($2);
nat->in_flags = IPN_ICMPQUERY;
nat->in_pmin = htons($3);
nat->in_pmax = htons($5);
}
;
sobject:
@ -684,8 +702,8 @@ int fd;
ioctlfunc_t ioctlfunc;
void *ptr;
{
ipfobj_t obj;
ioctlcmd_t add, del;
ipfobj_t obj;
ipnat_t *ipn;
ipn = ptr;

45
dist/ipf/tools/lexer.c vendored
View File

@ -1,5 +1,3 @@
/* $NetBSD: lexer.c,v 1.3 2004/05/22 17:59:37 christos Exp $ */
/*
* Copyright (C) 2003 by Darren Reed.
*
@ -34,6 +32,7 @@ extern int string_start;
extern int string_end;
extern char *string_val;
extern int pos;
extern int yydebug;
char *yystr = NULL;
int yytext[YYBUFSIZ+1];
@ -44,8 +43,10 @@ int yyexpectaddr = 0;
int yybreakondot = 0;
int yyvarnext = 0;
int yytokentype = 0;
int *yycont;
wordtab_t *yywordtab = NULL;
int yysavedepth = 0;
wordtab_t *yysavewords[30];
static wordtab_t *yyfindkey __P((char *));
static int yygetc __P((void));
@ -54,7 +55,6 @@ static int yyswallow __P((int));
static char *yytexttostr __P((int, int));
static void yystrtotext __P((char *));
static int yygetc()
{
int c;
@ -72,6 +72,8 @@ static int yygetc()
yypos++;
} else {
c = fgetc(yyin);
if (c == '\n')
yylineNum++;
}
yytext[yypos++] = c;
yylast = yypos;
@ -84,8 +86,6 @@ static int yygetc()
static void yyunputc(c)
int c;
{
if (c == '\n')
yylineNum--;
yytext[--yypos] = c;
}
@ -148,7 +148,7 @@ int offset, max;
int yylex()
{
int c, n, isbuilding, rval, lnext;
int c, n, isbuilding, rval, lnext, nokey = 0;
char *name;
isbuilding = 0;
@ -166,7 +166,6 @@ nextchar:
switch (c)
{
case '\n' :
yylineNum++;
case '\t' :
case '\r' :
case ' ' :
@ -190,6 +189,8 @@ nextchar:
yypos--;
} else
yypos--;
if (yypos == 0)
nokey = 1;
goto nextchar;
}
break;
@ -431,7 +432,6 @@ nextchar:
} while (isdigit(n));
yyunputc(n);
rval = YY_NUMBER;
yyvarnext = 0;
goto done;
}
@ -447,9 +447,13 @@ done:
w = NULL;
isbuilding = 0;
if (yyvarnext == 0)
if ((yyvarnext == 0) && (nokey == 0)) {
w = yyfindkey(yystr);
else
if (w == NULL) {
yyresetdict();
w = yyfindkey(yystr);
}
} else
yyvarnext = 0;
if (w != NULL)
rval = w->w_value;
@ -555,6 +559,25 @@ char *msg;
}
void yysetdict(newdict)
wordtab_t *newdict;
{
yysavewords[yysavedepth++] = yysettab(newdict);
if (yydebug)
printf("yysavedepth++ => %d\n", yysavedepth);
}
void yyresetdict()
{
if (yysavedepth > 0) {
yysettab(yysavewords[--yysavedepth]);
if (yydebug)
printf("yysavedepth-- => %d\n", yysavedepth);
}
}
#ifdef TEST_LEXER
int main(argc, argv)
int argc;

5
dist/ipf/tools/lexer.h vendored
View File

@ -1,5 +1,3 @@
/* $NetBSD: lexer.h,v 1.2 2004/05/09 03:53:23 christos Exp $ */
typedef struct wordtab {
char *w_word;
@ -23,14 +21,15 @@ typedef struct wordtab {
#define YYBUFSIZ 8192
extern wordtab_t *yysettab __P((wordtab_t *));
extern void yysetdict __P((wordtab_t *));
extern int yylex __P((void));
extern void yyerror __P((char *));
extern char *yykeytostr __P((int));
extern void yyresetdict __P((void));
extern FILE *yyin;
extern int yylineNum;
extern int yyexpectaddr;
extern int *yycont;
extern int yybreakondot;
extern int yyvarnext;