Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed Darren's original IPv6 icmp-type patch (rev 1.8) to display

Browse Source 
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.

Consider the following rules:

  # cat /etc/ipf6.conf
  pass in quick proto ipv6-icmp from any to any icmp-type 128
  pass in quick proto ipv6-icmp from any to any icmp-type echo

Use of symbolic names give now the following error:

  # ipf -Fa -6f /etc/ipf6.conf
  2: Unknown ICMPv6 type (echo) specified (use numeric value instead)

The first rule with numeric value will work as expected:

  # ipfstat -6hi
  0 pass in quick proto ipv6-icmp from any to any icmp-type 128

NOTE: You MUST use numerical values for ICMPv6 types. See
      /sys/netinet/icmp6.h for available codes!
This commit is contained in:
martti 2002-02-04 19:07:47 +00:00
parent 1b7ae2b741
commit c6a4a9d33a
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
dist/ipf/parse.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: parse.c,v 1.9 2002/02/04 12:00:52 martti Exp $ */
/* $NetBSD: parse.c,v 1.10 2002/02/04 19:07:47 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@ -998,6 +998,10 @@ int linenum;
linenum, **cp);
return -1;
}
} else if (fp->fr_proto == IPPROTO_ICMPV6) {
fprintf(stderr, "%d: Unknown ICMPv6 type (%s) specified "
"(use numeric value instead)\n", linenum, **cp);
return -1;
} else {
for (t = icmptypes, i = 0; ; t++, i++) {
if (!*t)
@ -1291,7 +1295,7 @@ struct frentry *fp;
printf(" frag");
}
}
if (fp->fr_proto == IPPROTO_ICMP && fp->fr_icmpm) {
if (fp->fr_proto == IPPROTO_ICMP && fp->fr_icmpm != 0) {
int type = fp->fr_icmp, code;
type = ntohs(fp->fr_icmp);
@ -1305,6 +1309,16 @@ struct frentry *fp;
if (ntohs(fp->fr_icmpm) & 0xff)
printf(" code %d", code);
}
if (fp->fr_proto == IPPROTO_ICMPV6 && fp->fr_icmpm != 0) {
int type = fp->fr_icmp, code;
type = ntohs(fp->fr_icmp);
code = type & 0xff;
type /= 256;
printf(" icmp-type %d", type);
if (ntohs(fp->fr_icmpm) & 0xff)
printf(" code %d", code);
}
if (fp->fr_proto == IPPROTO_TCP && (fp->fr_tcpf || fp->fr_tcpfm)) {
printf(" flags ");
if (fp->fr_tcpf & ~TCPF_ALL)