Print this page
8485 Remove set but unused variables in usr/src/cmd
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/ipf/tools/ipfcomp.c
+++ new/usr/src/cmd/ipf/tools/ipfcomp.c
1 1 /*
2 2 * Copyright (C) 1993-2001 by Darren Reed.
3 3 *
4 4 * See the IPFILTER.LICENCE file for details on licencing.
5 5 *
6 6 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
7 7 * Use is subject to license terms.
8 + * Copyright 2017 Gary Mills
8 9 */
9 10
10 -#pragma ident "%Z%%M% %I% %E% SMI"
11 -
12 11 #if !defined(lint)
13 12 static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
14 13 static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp $";
15 14 #endif
16 15
17 16 #include "ipf.h"
18 17
19 18
20 19 typedef struct {
21 20 int c;
22 21 int e;
23 22 int n;
24 23 int p;
25 24 int s;
26 25 } mc_t;
27 26
28 27
29 28 static char *portcmp[] = { "*", "==", "!=", "<", ">", "<=", ">=", "**", "***" };
30 29 static int count = 0;
31 30
32 31 int intcmp __P((const void *, const void *));
33 32 static void indent __P((FILE *, int));
34 33 static void printeq __P((FILE *, char *, int, int, int));
35 34 static void printipeq __P((FILE *, char *, int, int, int));
36 35 static void addrule __P((FILE *, frentry_t *));
37 36 static void printhooks __P((FILE *, int, int, frgroup_t *));
38 37 static void emitheader __P((frgroup_t *, u_int, u_int));
39 38 static void emitGroup __P((int, int, void *, frentry_t *, char *,
40 39 u_int, u_int));
41 40 static void emittail __P((void));
42 41 static void printCgroup __P((int, frentry_t *, mc_t *, char *));
43 42
44 43 #define FRC_IFN 0
45 44 #define FRC_V 1
46 45 #define FRC_P 2
47 46 #define FRC_FL 3
48 47 #define FRC_TOS 4
49 48 #define FRC_TTL 5
50 49 #define FRC_SRC 6
51 50 #define FRC_DST 7
52 51 #define FRC_TCP 8
53 52 #define FRC_SP 9
54 53 #define FRC_DP 10
55 54 #define FRC_OPT 11
56 55 #define FRC_SEC 12
57 56 #define FRC_ATH 13
58 57 #define FRC_ICT 14
59 58 #define FRC_ICC 15
60 59 #define FRC_MAX 16
61 60
|
↓ open down ↓ |
40 lines elided |
↑ open up ↑ |
62 61
63 62 static FILE *cfile = NULL;
64 63
65 64 /*
66 65 * This is called once per filter rule being loaded to emit data structures
67 66 * required.
68 67 */
69 68 void printc(fr)
70 69 frentry_t *fr;
71 70 {
72 - fripf_t *ipf;
73 71 u_long *ulp;
74 72 char *and;
75 73 FILE *fp;
76 74 int i;
77 75
78 76 if (fr->fr_v != 4)
79 77 return;
80 78 if ((fr->fr_type != FR_T_IPF) && (fr->fr_type != FR_T_NONE))
81 79 return;
82 80 if ((fr->fr_type == FR_T_IPF) &&
83 81 ((fr->fr_datype != FRI_NORMAL) || (fr->fr_satype != FRI_NORMAL)))
84 82 return;
85 - ipf = fr->fr_ipf;
86 83
87 84 if (cfile == NULL)
88 85 cfile = fopen("ip_rules.c", "w");
89 86 if (cfile == NULL)
90 87 return;
91 88 fp = cfile;
92 89 if (count == 0) {
93 90 fprintf(fp, "/*\n");
94 91 fprintf(fp, "* Copyright (C) 1993-2000 by Darren Reed.\n");
95 92 fprintf(fp, "*\n");
96 93 fprintf(fp, "* Redistribution and use in source and binary forms are permitted\n");
97 94 fprintf(fp, "* provided that this notice is preserved and due credit is given\n");
98 95 fprintf(fp, "* to the original author and the contributors.\n");
99 96 fprintf(fp, "*/\n\n");
100 97
101 98 fprintf(fp, "#include <sys/types.h>\n");
102 99 fprintf(fp, "#include <sys/time.h>\n");
103 100 fprintf(fp, "#include <sys/socket.h>\n");
104 101 fprintf(fp, "#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi)\n");
105 102 fprintf(fp, "# include <sys/systm.h>\n");
106 103 fprintf(fp, "#endif\n");
107 104 fprintf(fp, "#include <sys/errno.h>\n");
108 105 fprintf(fp, "#include <sys/param.h>\n");
109 106 fprintf(fp,
110 107 "#if !defined(__SVR4) && !defined(__svr4__) && !defined(__hpux)\n");
111 108 fprintf(fp, "# include <sys/mbuf.h>\n");
112 109 fprintf(fp, "#endif\n");
113 110 fprintf(fp,
114 111 "#if defined(__FreeBSD__) && (__FreeBSD_version > 220000)\n");
115 112 fprintf(fp, "# include <sys/sockio.h>\n");
116 113 fprintf(fp, "#else\n");
117 114 fprintf(fp, "# include <sys/ioctl.h>\n");
118 115 fprintf(fp, "#endif /* FreeBSD */\n");
119 116 fprintf(fp, "#include <net/if.h>\n");
120 117 fprintf(fp, "#include <netinet/in.h>\n");
121 118 fprintf(fp, "#include <netinet/in_systm.h>\n");
122 119 fprintf(fp, "#include <netinet/ip.h>\n");
123 120 fprintf(fp, "#include <netinet/tcp.h>\n");
124 121 fprintf(fp, "#include \"netinet/ip_compat.h\"\n");
125 122 fprintf(fp, "#include \"netinet/ip_fil.h\"\n\n");
126 123 fprintf(fp, "#include \"netinet/ip_rules.h\"\n\n");
127 124 fprintf(fp, "#ifndef _KERNEL\n");
128 125 fprintf(fp, "# include <string.h>\n");
129 126 fprintf(fp, "#endif /* _KERNEL */\n");
130 127 fprintf(fp, "\n");
131 128 fprintf(fp, "#ifdef IPFILTER_COMPILED\n");
132 129 }
133 130
134 131 addrule(fp, fr);
135 132 fr->fr_type |= FR_T_BUILTIN;
136 133 and = "";
137 134 fr->fr_ref = 1;
138 135 i = sizeof(*fr);
139 136 if (i & -(1 - sizeof(*ulp)))
140 137 i += sizeof(u_long);
141 138 for (i /= sizeof(u_long), ulp = (u_long *)fr; i > 0; i--) {
142 139 fprintf(fp, "%s%#lx", and, *ulp++);
143 140 and = ", ";
144 141 }
145 142 fprintf(fp, "\n};\n");
146 143 fr->fr_type &= ~FR_T_BUILTIN;
147 144
148 145 count++;
149 146
150 147 fflush(fp);
151 148 }
152 149
153 150
154 151 static frgroup_t *groups = NULL;
155 152
156 153
157 154 static void addrule(fp, fr)
158 155 FILE *fp;
159 156 frentry_t *fr;
160 157 {
161 158 frentry_t *f, **fpp;
162 159 frgroup_t *g;
163 160 u_long *ulp;
164 161 char *and;
165 162 int i;
166 163
167 164 f = (frentry_t *)malloc(sizeof(*f));
168 165 if (f == NULL) {
169 166 fprintf(stderr, "out of memory\n");
170 167 exit(1);
171 168 }
172 169 bcopy((char *)fr, (char *)f, sizeof(*fr));
173 170 if (fr->fr_ipf) {
174 171 f->fr_ipf = (fripf_t *)malloc(sizeof(*f->fr_ipf));
175 172 if (f->fr_ipf == NULL) {
176 173 fprintf(stderr, "out of memory\n");
177 174 exit(1);
178 175 }
179 176 bcopy((char *)fr->fr_ipf, (char *)f->fr_ipf,
180 177 sizeof(*fr->fr_ipf));
181 178 }
182 179
183 180 f->fr_next = NULL;
184 181 for (g = groups; g != NULL; g = g->fg_next)
185 182 if ((strncmp(g->fg_name, f->fr_group, FR_GROUPLEN) == 0) &&
186 183 (g->fg_flags == (f->fr_flags & FR_INOUT)))
187 184 break;
188 185
189 186 if (g == NULL) {
190 187 g = (frgroup_t *)calloc(1, sizeof(*g));
191 188 if (g == NULL) {
192 189 fprintf(stderr, "out of memory\n");
193 190 exit(1);
194 191 }
195 192 g->fg_next = groups;
196 193 groups = g;
197 194 g->fg_head = f;
198 195 bcopy(f->fr_group, g->fg_name, FR_GROUPLEN);
199 196 g->fg_ref = 0;
200 197 g->fg_flags = f->fr_flags & FR_INOUT;
201 198 }
202 199
203 200 for (fpp = &g->fg_start; *fpp != NULL; )
204 201 fpp = &((*fpp)->fr_next);
205 202 *fpp = f;
206 203
207 204 if (fr->fr_dsize > 0) {
208 205 fprintf(fp, "\
209 206 static u_long ipf%s_rule_data_%s_%u[] = {\n",
210 207 f->fr_flags & FR_INQUE ? "in" : "out",
211 208 g->fg_name, g->fg_ref);
212 209 and = "";
213 210 i = fr->fr_dsize;
214 211 ulp = fr->fr_data;
215 212 for (i /= sizeof(u_long); i > 0; i--) {
216 213 fprintf(fp, "%s%#lx", and, *ulp++);
217 214 and = ", ";
218 215 }
219 216 fprintf(fp, "\n};\n");
220 217 }
221 218
222 219 fprintf(fp, "\nstatic u_long %s_rule_%s_%d[] = {\n",
223 220 f->fr_flags & FR_INQUE ? "in" : "out", g->fg_name, g->fg_ref);
224 221
225 222 g->fg_ref++;
226 223
227 224 if (f->fr_grhead != 0) {
228 225 for (g = groups; g != NULL; g = g->fg_next)
229 226 if ((strncmp(g->fg_name, f->fr_grhead,
230 227 FR_GROUPLEN) == 0) &&
231 228 g->fg_flags == (f->fr_flags & FR_INOUT))
232 229 break;
233 230 if (g == NULL) {
234 231 g = (frgroup_t *)calloc(1, sizeof(*g));
235 232 if (g == NULL) {
236 233 fprintf(stderr, "out of memory\n");
237 234 exit(1);
238 235 }
239 236 g->fg_next = groups;
240 237 groups = g;
241 238 g->fg_head = f;
242 239 bcopy(f->fr_grhead, g->fg_name, FR_GROUPLEN);
243 240 g->fg_ref = 0;
244 241 g->fg_flags = f->fr_flags & FR_INOUT;
245 242 }
246 243 }
247 244 }
248 245
249 246
250 247 int intcmp(c1, c2)
251 248 const void *c1, *c2;
252 249 {
253 250 const mc_t *i1 = (const mc_t *)c1, *i2 = (const mc_t *)c2;
254 251
255 252 if (i1->n == i2->n) {
256 253 return i1->c - i2->c;
257 254 }
258 255 return i2->n - i1->n;
259 256 }
260 257
261 258
262 259 static void indent(fp, in)
263 260 FILE *fp;
264 261 int in;
265 262 {
266 263 for (; in; in--)
267 264 fputc('\t', fp);
268 265 }
269 266
270 267 static void printeq(fp, var, m, max, v)
271 268 FILE *fp;
272 269 char *var;
273 270 int m, max, v;
274 271 {
275 272 if (m == max)
276 273 fprintf(fp, "%s == %#x) {\n", var, v);
277 274 else
278 275 fprintf(fp, "(%s & %#x) == %#x) {\n", var, m, v);
279 276 }
280 277
281 278 /*
282 279 * Parameters: var - IP# being compared
283 280 * fl - 0 for positive match, 1 for negative match
284 281 * m - netmask
285 282 * v - required address
286 283 */
287 284 static void printipeq(fp, var, fl, m, v)
288 285 FILE *fp;
289 286 char *var;
290 287 int fl, m, v;
291 288 {
292 289 if (m == 0xffffffff)
293 290 fprintf(fp, "%s ", var);
294 291 else
295 292 fprintf(fp, "(%s & %#x) ", var, m);
296 293 fprintf(fp, "%c", fl ? '!' : '=');
297 294 fprintf(fp, "= %#x) {\n", v);
298 295 }
299 296
300 297
301 298 void emit(num, dir, v, fr)
302 299 int num, dir;
303 300 void *v;
304 301 frentry_t *fr;
305 302 {
306 303 u_int incnt, outcnt;
307 304 frgroup_t *g;
308 305 frentry_t *f;
309 306
310 307 for (g = groups; g != NULL; g = g->fg_next) {
311 308 if (dir == 0 || dir == -1) {
312 309 if ((g->fg_flags & FR_INQUE) == 0)
313 310 continue;
314 311 for (incnt = 0, f = g->fg_start; f != NULL;
315 312 f = f->fr_next)
316 313 incnt++;
317 314 emitGroup(num, dir, v, fr, g->fg_name, incnt, 0);
318 315 }
319 316 if (dir == 1 || dir == -1) {
320 317 if ((g->fg_flags & FR_OUTQUE) == 0)
321 318 continue;
322 319 for (outcnt = 0, f = g->fg_start; f != NULL;
323 320 f = f->fr_next)
324 321 outcnt++;
325 322 emitGroup(num, dir, v, fr, g->fg_name, 0, outcnt);
326 323 }
327 324 }
328 325
329 326 if (num == -1 && dir == -1) {
330 327 for (g = groups; g != NULL; g = g->fg_next) {
331 328 if ((g->fg_flags & FR_INQUE) != 0) {
332 329 for (incnt = 0, f = g->fg_start; f != NULL;
333 330 f = f->fr_next)
334 331 incnt++;
335 332 if (incnt > 0)
336 333 emitheader(g, incnt, 0);
337 334 }
338 335 if ((g->fg_flags & FR_OUTQUE) != 0) {
339 336 for (outcnt = 0, f = g->fg_start; f != NULL;
340 337 f = f->fr_next)
341 338 outcnt++;
342 339 if (outcnt > 0)
343 340 emitheader(g, 0, outcnt);
344 341 }
345 342 }
346 343 emittail();
347 344 fprintf(cfile, "#endif /* IPFILTER_COMPILED */\n");
348 345 }
349 346
350 347 }
351 348
352 349
353 350 static void emitheader(grp, incount, outcount)
354 351 frgroup_t *grp;
355 352 u_int incount, outcount;
356 353 {
357 354 static FILE *fph = NULL;
358 355 frgroup_t *g;
359 356
360 357 if (fph == NULL) {
361 358 fph = fopen("ip_rules.h", "w");
362 359 if (fph == NULL)
363 360 return;
364 361
365 362 fprintf(fph, "extern int ipfrule_add __P((void));\n");
366 363 fprintf(fph, "extern int ipfrule_remove __P((void));\n");
367 364 }
368 365
369 366 printhooks(cfile, incount, outcount, grp);
370 367
371 368 if (incount) {
372 369 fprintf(fph, "\n\
373 370 extern frentry_t *ipfrule_match_in_%s __P((fr_info_t *, u_32_t *));\n\
374 371 extern frentry_t *ipf_rules_in_%s[%d];\n",
375 372 grp->fg_name, grp->fg_name, incount);
376 373
377 374 for (g = groups; g != grp; g = g->fg_next)
378 375 if ((strncmp(g->fg_name, grp->fg_name,
379 376 FR_GROUPLEN) == 0) &&
380 377 g->fg_flags == grp->fg_flags)
381 378 break;
382 379 if (g == grp) {
383 380 fprintf(fph, "\n\
384 381 extern int ipfrule_add_in_%s __P((void));\n\
385 382 extern int ipfrule_remove_in_%s __P((void));\n", grp->fg_name, grp->fg_name);
386 383 }
387 384 }
388 385 if (outcount) {
389 386 fprintf(fph, "\n\
390 387 extern frentry_t *ipfrule_match_out_%s __P((fr_info_t *, u_32_t *));\n\
391 388 extern frentry_t *ipf_rules_out_%s[%d];\n",
392 389 grp->fg_name, grp->fg_name, outcount);
393 390
394 391 for (g = groups; g != g; g = g->fg_next)
395 392 if ((strncmp(g->fg_name, grp->fg_name,
396 393 FR_GROUPLEN) == 0) &&
397 394 g->fg_flags == grp->fg_flags)
398 395 break;
399 396 if (g == grp) {
400 397 fprintf(fph, "\n\
401 398 extern int ipfrule_add_out_%s __P((void));\n\
402 399 extern int ipfrule_remove_out_%s __P((void));\n",
403 400 grp->fg_name, grp->fg_name);
404 401 }
405 402 }
406 403 }
407 404
408 405 static void emittail()
409 406 {
410 407 frgroup_t *g;
411 408
412 409 fprintf(cfile, "\n\
413 410 int ipfrule_add()\n\
414 411 {\n\
415 412 int err;\n\
416 413 \n");
417 414 for (g = groups; g != NULL; g = g->fg_next)
418 415 fprintf(cfile, "\
419 416 err = ipfrule_add_%s_%s();\n\
420 417 if (err != 0)\n\
421 418 return err;\n",
422 419 (g->fg_flags & FR_INQUE) ? "in" : "out", g->fg_name);
423 420 fprintf(cfile, "\
424 421 return 0;\n");
425 422 fprintf(cfile, "}\n\
426 423 \n");
427 424
428 425 fprintf(cfile, "\n\
429 426 int ipfrule_remove()\n\
430 427 {\n\
431 428 int err;\n\
432 429 \n");
433 430 for (g = groups; g != NULL; g = g->fg_next)
434 431 fprintf(cfile, "\
435 432 err = ipfrule_remove_%s_%s();\n\
436 433 if (err != 0)\n\
437 434 return err;\n",
438 435 (g->fg_flags & FR_INQUE) ? "in" : "out", g->fg_name);
439 436 fprintf(cfile, "\
440 437 return 0;\n");
441 438 fprintf(cfile, "}\n");
442 439 }
443 440
444 441
445 442 static void emitGroup(num, dir, v, fr, group, incount, outcount)
446 443 int num, dir;
447 444 void *v;
448 445 frentry_t *fr;
449 446 char *group;
450 447 u_int incount, outcount;
451 448 {
452 449 static FILE *fp = NULL;
453 450 static int header[2] = { 0, 0 };
454 451 static char egroup[FR_GROUPLEN] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
455 452 static int openfunc = 0;
456 453 static mc_t *n = NULL;
457 454 static int sin = 0;
458 455 frentry_t *f;
459 456 frgroup_t *g;
460 457 fripf_t *ipf;
461 458 int i, in, j;
462 459 mc_t *m = v;
463 460
464 461 if (fp == NULL)
465 462 fp = cfile;
466 463 if (fp == NULL)
467 464 return;
468 465 if (strncmp(egroup, group, FR_GROUPLEN)) {
469 466 for (sin--; sin > 0; sin--) {
470 467 indent(fp, sin);
471 468 fprintf(fp, "}\n");
472 469 }
473 470 if (openfunc == 1) {
474 471 fprintf(fp, "\treturn fr;\n}\n");
475 472 openfunc = 0;
476 473 if (n != NULL) {
477 474 free(n);
478 475 n = NULL;
479 476 }
480 477 }
481 478 sin = 0;
482 479 header[0] = 0;
483 480 header[1] = 0;
484 481 strncpy(egroup, group, FR_GROUPLEN);
485 482 } else if (openfunc == 1 && num < 0) {
486 483 if (n != NULL) {
487 484 free(n);
488 485 n = NULL;
489 486 }
490 487 for (sin--; sin > 0; sin--) {
491 488 indent(fp, sin);
492 489 fprintf(fp, "}\n");
493 490 }
494 491 if (openfunc == 1) {
495 492 fprintf(fp, "\treturn fr;\n}\n");
496 493 openfunc = 0;
497 494 }
498 495 }
499 496
500 497 if (dir == -1)
501 498 return;
502 499
503 500 for (g = groups; g != NULL; g = g->fg_next) {
504 501 if (dir == 0 && (g->fg_flags & FR_INQUE) == 0)
505 502 continue;
506 503 else if (dir == 1 && (g->fg_flags & FR_OUTQUE) == 0)
507 504 continue;
508 505 if (strncmp(g->fg_name, group, FR_GROUPLEN) != 0)
509 506 continue;
510 507 break;
511 508 }
512 509
513 510 /*
514 511 * Output the array of pointers to rules for this group.
515 512 */
516 513 if (num == -2 && dir == 0 && header[0] == 0 && incount != 0) {
517 514 fprintf(fp, "\nfrentry_t *ipf_rules_in_%s[%d] = {",
518 515 group, incount);
519 516 for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) {
520 517 if ((f->fr_flags & FR_INQUE) == 0)
521 518 continue;
522 519 if ((i & 1) == 0) {
523 520 fprintf(fp, "\n\t");
524 521 }
525 522 fprintf(fp,
526 523 "(frentry_t *)&in_rule_%s_%d",
527 524 f->fr_group, i);
528 525 if (i + 1 < incount)
529 526 fprintf(fp, ", ");
530 527 i++;
531 528 }
532 529 fprintf(fp, "\n};\n");
533 530 }
534 531
535 532 if (num == -2 && dir == 1 && header[1] == 0 && outcount != 0) {
536 533 fprintf(fp, "\nfrentry_t *ipf_rules_out_%s[%d] = {",
537 534 group, outcount);
538 535 for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) {
539 536 if ((f->fr_flags & FR_OUTQUE) == 0)
540 537 continue;
541 538 if ((i & 1) == 0) {
542 539 fprintf(fp, "\n\t");
543 540 }
544 541 fprintf(fp,
545 542 "(frentry_t *)&out_rule_%s_%d",
546 543 f->fr_group, i);
547 544 if (i + 1 < outcount)
548 545 fprintf(fp, ", ");
549 546 i++;
550 547 }
551 548 fprintf(fp, "\n};\n");
552 549 fp = NULL;
553 550 }
554 551
555 552 if (num < 0)
556 553 return;
557 554
558 555 in = 0;
559 556 ipf = fr->fr_ipf;
560 557
561 558 /*
562 559 * If the function header has not been printed then print it now.
563 560 */
564 561 if (header[dir] == 0) {
565 562 int pdst = 0, psrc = 0;
566 563
567 564 openfunc = 1;
568 565 fprintf(fp, "\nfrentry_t *ipfrule_match_%s_%s(fin, passp)\n",
569 566 (dir == 0) ? "in" : "out", group);
570 567 fprintf(fp, "fr_info_t *fin;\n");
571 568 fprintf(fp, "u_32_t *passp;\n");
572 569 fprintf(fp, "{\n");
573 570 fprintf(fp, "\tfrentry_t *fr = NULL;\n");
574 571
575 572 /*
576 573 * Print out any variables that need to be declared.
577 574 */
578 575 for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) {
579 576 if (incount + outcount > m[FRC_SRC].e + 1)
580 577 psrc = 1;
581 578 if (incount + outcount > m[FRC_DST].e + 1)
582 579 pdst = 1;
583 580 }
584 581 if (psrc == 1)
585 582 fprintf(fp, "\tu_32_t src = ntohl(%s);\n",
586 583 "fin->fin_fi.fi_saddr");
587 584 if (pdst == 1)
588 585 fprintf(fp, "\tu_32_t dst = ntohl(%s);\n",
589 586 "fin->fin_fi.fi_daddr");
590 587 }
591 588
592 589 for (i = 0; i < FRC_MAX; i++) {
593 590 switch(m[i].c)
594 591 {
595 592 case FRC_IFN :
596 593 if (*fr->fr_ifname)
597 594 m[i].s = 1;
598 595 break;
599 596 case FRC_V :
600 597 if (ipf != NULL && ipf->fri_mip.fi_v != 0)
601 598 m[i].s = 1;
602 599 break;
603 600 case FRC_FL :
604 601 if (ipf != NULL && ipf->fri_mip.fi_flx != 0)
605 602 m[i].s = 1;
606 603 break;
607 604 case FRC_P :
608 605 if (ipf != NULL && ipf->fri_mip.fi_p != 0)
609 606 m[i].s = 1;
610 607 break;
611 608 case FRC_TTL :
612 609 if (ipf != NULL && ipf->fri_mip.fi_ttl != 0)
613 610 m[i].s = 1;
614 611 break;
615 612 case FRC_TOS :
616 613 if (ipf != NULL && ipf->fri_mip.fi_tos != 0)
617 614 m[i].s = 1;
618 615 break;
619 616 case FRC_TCP :
620 617 if (ipf == NULL)
621 618 break;
622 619 if ((ipf->fri_ip.fi_p == IPPROTO_TCP) &&
623 620 fr->fr_tcpfm != 0)
624 621 m[i].s = 1;
625 622 break;
626 623 case FRC_SP :
627 624 if (ipf == NULL)
628 625 break;
629 626 if (fr->fr_scmp == FR_INRANGE)
630 627 m[i].s = 1;
631 628 else if (fr->fr_scmp == FR_OUTRANGE)
632 629 m[i].s = 1;
633 630 else if (fr->fr_scmp != 0)
634 631 m[i].s = 1;
635 632 break;
636 633 case FRC_DP :
637 634 if (ipf == NULL)
638 635 break;
639 636 if (fr->fr_dcmp == FR_INRANGE)
640 637 m[i].s = 1;
641 638 else if (fr->fr_dcmp == FR_OUTRANGE)
642 639 m[i].s = 1;
643 640 else if (fr->fr_dcmp != 0)
644 641 m[i].s = 1;
645 642 break;
646 643 case FRC_SRC :
647 644 if (ipf == NULL)
648 645 break;
649 646 if (fr->fr_satype == FRI_LOOKUP) {
650 647 ;
651 648 } else if ((fr->fr_smask != 0) ||
652 649 (fr->fr_flags & FR_NOTSRCIP) != 0)
653 650 m[i].s = 1;
654 651 break;
655 652 case FRC_DST :
656 653 if (ipf == NULL)
657 654 break;
658 655 if (fr->fr_datype == FRI_LOOKUP) {
659 656 ;
660 657 } else if ((fr->fr_dmask != 0) ||
661 658 (fr->fr_flags & FR_NOTDSTIP) != 0)
662 659 m[i].s = 1;
663 660 break;
664 661 case FRC_OPT :
665 662 if (ipf == NULL)
666 663 break;
667 664 if (fr->fr_optmask != 0)
668 665 m[i].s = 1;
669 666 break;
670 667 case FRC_SEC :
671 668 if (ipf == NULL)
672 669 break;
673 670 if (fr->fr_secmask != 0)
674 671 m[i].s = 1;
675 672 break;
676 673 case FRC_ATH :
677 674 if (ipf == NULL)
678 675 break;
679 676 if (fr->fr_authmask != 0)
680 677 m[i].s = 1;
681 678 break;
682 679 case FRC_ICT :
683 680 if (ipf == NULL)
684 681 break;
685 682 if ((fr->fr_icmpm & 0xff00) != 0)
686 683 m[i].s = 1;
687 684 break;
688 685 case FRC_ICC :
689 686 if (ipf == NULL)
690 687 break;
691 688 if ((fr->fr_icmpm & 0xff) != 0)
692 689 m[i].s = 1;
693 690 break;
694 691 }
695 692 }
696 693
697 694 if (!header[dir]) {
698 695 fprintf(fp, "\n");
699 696 header[dir] = 1;
700 697 sin = 0;
701 698 }
702 699
703 700 qsort(m, FRC_MAX, sizeof(mc_t), intcmp);
704 701
705 702 if (n) {
706 703 /*
707 704 * Calculate the indentation interval upto the last common
708 705 * common comparison being made.
709 706 */
710 707 for (i = 0, in = 1; i < FRC_MAX; i++) {
711 708 if (n[i].c != m[i].c)
712 709 break;
713 710 if (n[i].s != m[i].s)
714 711 break;
715 712 if (n[i].s) {
716 713 if (n[i].n && (n[i].n > n[i].e)) {
717 714 m[i].p++;
718 715 in += m[i].p;
719 716 break;
720 717 }
721 718 if (n[i].e > 0) {
722 719 in++;
723 720 } else
724 721 break;
725 722 }
726 723 }
727 724 if (sin != in) {
728 725 for (j = sin - 1; j >= in; j--) {
729 726 indent(fp, j);
730 727 fprintf(fp, "}\n");
731 728 }
732 729 }
733 730 } else {
734 731 in = 1;
735 732 i = 0;
736 733 }
737 734
738 735 /*
739 736 * print out C code that implements a filter rule.
740 737 */
741 738 for (; i < FRC_MAX; i++) {
742 739 switch(m[i].c)
743 740 {
744 741 case FRC_IFN :
745 742 if (m[i].s) {
746 743 indent(fp, in);
747 744 fprintf(fp, "if (fin->fin_ifp == ");
748 745 fprintf(fp, "ipf_rules_%s_%s[%d]->fr_ifa) {\n",
749 746 dir ? "out" : "in", group, num);
750 747 in++;
751 748 }
752 749 break;
753 750 case FRC_V :
754 751 if (m[i].s) {
755 752 indent(fp, in);
756 753 fprintf(fp, "if (fin->fin_v == %d) {\n",
757 754 ipf->fri_ip.fi_v);
758 755 in++;
759 756 }
760 757 break;
761 758 case FRC_FL :
762 759 if (m[i].s) {
763 760 indent(fp, in);
764 761 fprintf(fp, "if (");
765 762 printeq(fp, "fin->fin_flx",
766 763 ipf->fri_mip.fi_flx, 0xf,
767 764 ipf->fri_ip.fi_flx);
768 765 in++;
769 766 }
770 767 break;
771 768 case FRC_P :
772 769 if (m[i].s) {
773 770 indent(fp, in);
774 771 fprintf(fp, "if (fin->fin_p == %d) {\n",
775 772 ipf->fri_ip.fi_p);
776 773 in++;
777 774 }
778 775 break;
779 776 case FRC_TTL :
780 777 if (m[i].s) {
781 778 indent(fp, in);
782 779 fprintf(fp, "if (");
783 780 printeq(fp, "fin->fin_ttl",
784 781 ipf->fri_mip.fi_ttl, 0xff,
785 782 ipf->fri_ip.fi_ttl);
786 783 in++;
787 784 }
788 785 break;
789 786 case FRC_TOS :
790 787 if (m[i].s) {
791 788 indent(fp, in);
792 789 fprintf(fp, "if (fin->fin_tos");
793 790 printeq(fp, "fin->fin_tos",
794 791 ipf->fri_mip.fi_tos, 0xff,
795 792 ipf->fri_ip.fi_tos);
796 793 in++;
797 794 }
798 795 break;
799 796 case FRC_TCP :
800 797 if (m[i].s) {
801 798 indent(fp, in);
802 799 fprintf(fp, "if (");
803 800 printeq(fp, "fin->fin_tcpf", fr->fr_tcpfm,
804 801 0xff, fr->fr_tcpf);
805 802 in++;
806 803 }
807 804 break;
808 805 case FRC_SP :
809 806 if (!m[i].s)
810 807 break;
811 808 if (fr->fr_scmp == FR_INRANGE) {
812 809 indent(fp, in);
813 810 fprintf(fp, "if ((fin->fin_data[0] > %d) && ",
814 811 fr->fr_sport);
815 812 fprintf(fp, "(fin->fin_data[0] < %d)",
816 813 fr->fr_stop);
817 814 fprintf(fp, ") {\n");
818 815 in++;
819 816 } else if (fr->fr_scmp == FR_OUTRANGE) {
820 817 indent(fp, in);
821 818 fprintf(fp, "if ((fin->fin_data[0] < %d) || ",
822 819 fr->fr_sport);
823 820 fprintf(fp, "(fin->fin_data[0] > %d)",
824 821 fr->fr_stop);
825 822 fprintf(fp, ") {\n");
826 823 in++;
827 824 } else if (fr->fr_scmp) {
828 825 indent(fp, in);
829 826 fprintf(fp, "if (fin->fin_data[0] %s %d)",
830 827 portcmp[fr->fr_scmp], fr->fr_sport);
831 828 fprintf(fp, " {\n");
832 829 in++;
833 830 }
834 831 break;
835 832 case FRC_DP :
836 833 if (!m[i].s)
837 834 break;
838 835 if (fr->fr_dcmp == FR_INRANGE) {
839 836 indent(fp, in);
840 837 fprintf(fp, "if ((fin->fin_data[1] > %d) && ",
841 838 fr->fr_dport);
842 839 fprintf(fp, "(fin->fin_data[1] < %d)",
843 840 fr->fr_dtop);
844 841 fprintf(fp, ") {\n");
845 842 in++;
846 843 } else if (fr->fr_dcmp == FR_OUTRANGE) {
847 844 indent(fp, in);
848 845 fprintf(fp, "if ((fin->fin_data[1] < %d) || ",
849 846 fr->fr_dport);
850 847 fprintf(fp, "(fin->fin_data[1] > %d)",
851 848 fr->fr_dtop);
852 849 fprintf(fp, ") {\n");
853 850 in++;
854 851 } else if (fr->fr_dcmp) {
855 852 indent(fp, in);
856 853 fprintf(fp, "if (fin->fin_data[1] %s %d)",
857 854 portcmp[fr->fr_dcmp], fr->fr_dport);
858 855 fprintf(fp, " {\n");
859 856 in++;
860 857 }
861 858 break;
862 859 case FRC_SRC :
863 860 if (!m[i].s)
864 861 break;
865 862 if (fr->fr_satype == FRI_LOOKUP) {
866 863 ;
867 864 } else if ((fr->fr_smask != 0) ||
868 865 (fr->fr_flags & FR_NOTSRCIP) != 0) {
869 866 indent(fp, in);
870 867 fprintf(fp, "if (");
871 868 printipeq(fp, "src",
872 869 fr->fr_flags & FR_NOTSRCIP,
873 870 fr->fr_smask, fr->fr_saddr);
874 871 in++;
875 872 }
876 873 break;
877 874 case FRC_DST :
878 875 if (!m[i].s)
879 876 break;
880 877 if (fr->fr_datype == FRI_LOOKUP) {
881 878 ;
882 879 } else if ((fr->fr_dmask != 0) ||
883 880 (fr->fr_flags & FR_NOTDSTIP) != 0) {
884 881 indent(fp, in);
885 882 fprintf(fp, "if (");
886 883 printipeq(fp, "dst",
887 884 fr->fr_flags & FR_NOTDSTIP,
888 885 fr->fr_dmask, fr->fr_daddr);
889 886 in++;
890 887 }
891 888 break;
892 889 case FRC_OPT :
893 890 if (m[i].s) {
894 891 indent(fp, in);
895 892 fprintf(fp, "if (");
896 893 printeq(fp, "fin->fin_fi.fi_optmsk",
897 894 fr->fr_optmask, 0xffffffff,
898 895 fr->fr_optbits);
899 896 in++;
900 897 }
901 898 break;
902 899 case FRC_SEC :
903 900 if (m[i].s) {
904 901 indent(fp, in);
905 902 fprintf(fp, "if (");
906 903 printeq(fp, "fin->fin_fi.fi_secmsk",
907 904 fr->fr_secmask, 0xffff,
908 905 fr->fr_secbits);
909 906 in++;
910 907 }
911 908 break;
912 909 case FRC_ATH :
913 910 if (m[i].s) {
914 911 indent(fp, in);
915 912 fprintf(fp, "if (");
916 913 printeq(fp, "fin->fin_fi.fi_authmsk",
917 914 fr->fr_authmask, 0xffff,
918 915 fr->fr_authbits);
919 916 in++;
920 917 }
921 918 break;
922 919 case FRC_ICT :
923 920 if (m[i].s) {
924 921 indent(fp, in);
925 922 fprintf(fp, "if (");
926 923 printeq(fp, "fin->fin_data[0]",
927 924 fr->fr_icmpm & 0xff00, 0xffff,
928 925 fr->fr_icmp & 0xff00);
929 926 in++;
930 927 }
931 928 break;
932 929 case FRC_ICC :
933 930 if (m[i].s) {
934 931 indent(fp, in);
935 932 fprintf(fp, "if (");
936 933 printeq(fp, "fin->fin_data[0]",
937 934 fr->fr_icmpm & 0xff, 0xffff,
938 935 fr->fr_icmp & 0xff);
939 936 in++;
940 937 }
941 938 break;
942 939 }
943 940
944 941 }
945 942
946 943 indent(fp, in);
947 944 if (fr->fr_flags & FR_QUICK) {
948 945 fprintf(fp, "return (frentry_t *)&%s_rule_%s_%d;\n",
949 946 fr->fr_flags & FR_INQUE ? "in" : "out",
950 947 fr->fr_group, num);
951 948 } else {
952 949 fprintf(fp, "fr = (frentry_t *)&%s_rule_%s_%d;\n",
953 950 fr->fr_flags & FR_INQUE ? "in" : "out",
954 951 fr->fr_group, num);
955 952 }
956 953 if (n == NULL) {
957 954 n = (mc_t *)malloc(sizeof(*n) * FRC_MAX);
958 955 if (n == NULL) {
959 956 fprintf(stderr, "out of memory\n");
960 957 exit(1);
961 958 }
962 959 }
963 960 bcopy((char *)m, (char *)n, sizeof(*n) * FRC_MAX);
964 961 sin = in;
965 962 }
966 963
967 964
968 965 void printC(dir)
969 966 int dir;
970 967 {
971 968 static mc_t *m = NULL;
972 969 frgroup_t *g;
973 970
974 971 if (m == NULL) {
975 972 m = (mc_t *)calloc(1, sizeof(*m) * FRC_MAX);
976 973 if (m == NULL) {
977 974 fprintf(stderr, "out of memory\n");
978 975 exit(1);
979 976 }
980 977 }
981 978
982 979 for (g = groups; g != NULL; g = g->fg_next) {
983 980 if ((dir == 0) && ((g->fg_flags & FR_INQUE) != 0))
984 981 printCgroup(dir, g->fg_start, m, g->fg_name);
985 982 if ((dir == 1) && ((g->fg_flags & FR_OUTQUE) != 0))
986 983 printCgroup(dir, g->fg_start, m, g->fg_name);
987 984 }
988 985
989 986 emit(-1, dir, m, NULL);
990 987 }
991 988
992 989
993 990 /*
994 991 * Now print out code to implement all of the rules.
995 992 */
996 993 static void printCgroup(dir, top, m, group)
997 994 int dir;
998 995 frentry_t *top;
999 996 mc_t *m;
1000 997 char *group;
1001 998 {
1002 999 frentry_t *fr, *fr1;
1003 1000 int i, n, rn;
1004 1001 u_int count;
1005 1002
1006 1003 for (count = 0, fr1 = top; fr1 != NULL; fr1 = fr1->fr_next) {
1007 1004 if ((dir == 0) && ((fr1->fr_flags & FR_INQUE) != 0))
1008 1005 count++;
1009 1006 else if ((dir == 1) && ((fr1->fr_flags & FR_OUTQUE) != 0))
1010 1007 count++;
1011 1008 }
1012 1009
1013 1010 if (dir == 0)
1014 1011 emitGroup(-2, dir, m, fr1, group, count, 0);
1015 1012 else if (dir == 1)
1016 1013 emitGroup(-2, dir, m, fr1, group, 0, count);
1017 1014
1018 1015 /*
1019 1016 * Before printing each rule, check to see how many of its fields are
1020 1017 * matched by subsequent rules.
1021 1018 */
1022 1019 for (fr1 = top, rn = 0; fr1 != NULL; fr1 = fr1->fr_next, rn++) {
1023 1020 if (!dir && !(fr1->fr_flags & FR_INQUE))
1024 1021 continue;
1025 1022 if (dir && !(fr1->fr_flags & FR_OUTQUE))
1026 1023 continue;
1027 1024 n = 0xfffffff;
1028 1025
1029 1026 for (i = 0; i < FRC_MAX; i++)
1030 1027 m[i].e = 0;
1031 1028 qsort(m, FRC_MAX, sizeof(mc_t), intcmp);
1032 1029
1033 1030 for (i = 0; i < FRC_MAX; i++) {
1034 1031 m[i].c = i;
1035 1032 m[i].e = 0;
1036 1033 m[i].n = 0;
1037 1034 m[i].s = 0;
1038 1035 }
1039 1036
1040 1037 for (fr = fr1->fr_next; fr; fr = fr->fr_next) {
1041 1038 if (!dir && !(fr->fr_flags & FR_INQUE))
1042 1039 continue;
1043 1040 if (dir && !(fr->fr_flags & FR_OUTQUE))
1044 1041 continue;
1045 1042
1046 1043 if ((n & 0x0001) &&
1047 1044 !strcmp(fr1->fr_ifname, fr->fr_ifname)) {
1048 1045 m[FRC_IFN].e++;
1049 1046 m[FRC_IFN].n++;
1050 1047 } else
1051 1048 n &= ~0x0001;
1052 1049
1053 1050 if ((n & 0x0002) && (fr1->fr_v == fr->fr_v)) {
1054 1051 m[FRC_V].e++;
1055 1052 m[FRC_V].n++;
1056 1053 } else
1057 1054 n &= ~0x0002;
1058 1055
1059 1056 if ((n & 0x0004) &&
1060 1057 (fr->fr_type == fr1->fr_type) &&
1061 1058 (fr->fr_type == FR_T_IPF) &&
1062 1059 (fr1->fr_mip.fi_flx == fr->fr_mip.fi_flx) &&
1063 1060 (fr1->fr_ip.fi_flx == fr->fr_ip.fi_flx)) {
1064 1061 m[FRC_FL].e++;
1065 1062 m[FRC_FL].n++;
1066 1063 } else
1067 1064 n &= ~0x0004;
1068 1065
1069 1066 if ((n & 0x0008) &&
1070 1067 (fr->fr_type == fr1->fr_type) &&
1071 1068 (fr->fr_type == FR_T_IPF) &&
1072 1069 (fr1->fr_proto == fr->fr_proto)) {
1073 1070 m[FRC_P].e++;
1074 1071 m[FRC_P].n++;
1075 1072 } else
1076 1073 n &= ~0x0008;
1077 1074
1078 1075 if ((n & 0x0010) &&
1079 1076 (fr->fr_type == fr1->fr_type) &&
1080 1077 (fr->fr_type == FR_T_IPF) &&
1081 1078 (fr1->fr_ttl == fr->fr_ttl)) {
1082 1079 m[FRC_TTL].e++;
1083 1080 m[FRC_TTL].n++;
1084 1081 } else
1085 1082 n &= ~0x0010;
1086 1083
1087 1084 if ((n & 0x0020) &&
1088 1085 (fr->fr_type == fr1->fr_type) &&
1089 1086 (fr->fr_type == FR_T_IPF) &&
1090 1087 (fr1->fr_tos == fr->fr_tos)) {
1091 1088 m[FRC_TOS].e++;
1092 1089 m[FRC_TOS].n++;
1093 1090 } else
1094 1091 n &= ~0x0020;
1095 1092
1096 1093 if ((n & 0x0040) &&
1097 1094 (fr->fr_type == fr1->fr_type) &&
1098 1095 (fr->fr_type == FR_T_IPF) &&
1099 1096 ((fr1->fr_tcpfm == fr->fr_tcpfm) &&
1100 1097 (fr1->fr_tcpf == fr->fr_tcpf))) {
1101 1098 m[FRC_TCP].e++;
1102 1099 m[FRC_TCP].n++;
1103 1100 } else
1104 1101 n &= ~0x0040;
1105 1102
1106 1103 if ((n & 0x0080) &&
1107 1104 (fr->fr_type == fr1->fr_type) &&
1108 1105 (fr->fr_type == FR_T_IPF) &&
1109 1106 ((fr1->fr_scmp == fr->fr_scmp) &&
1110 1107 (fr1->fr_stop == fr->fr_stop) &&
1111 1108 (fr1->fr_sport == fr->fr_sport))) {
1112 1109 m[FRC_SP].e++;
1113 1110 m[FRC_SP].n++;
1114 1111 } else
1115 1112 n &= ~0x0080;
1116 1113
1117 1114 if ((n & 0x0100) &&
1118 1115 (fr->fr_type == fr1->fr_type) &&
1119 1116 (fr->fr_type == FR_T_IPF) &&
1120 1117 ((fr1->fr_dcmp == fr->fr_dcmp) &&
1121 1118 (fr1->fr_dtop == fr->fr_dtop) &&
1122 1119 (fr1->fr_dport == fr->fr_dport))) {
1123 1120 m[FRC_DP].e++;
1124 1121 m[FRC_DP].n++;
1125 1122 } else
1126 1123 n &= ~0x0100;
1127 1124
1128 1125 if ((n & 0x0200) &&
1129 1126 (fr->fr_type == fr1->fr_type) &&
1130 1127 (fr->fr_type == FR_T_IPF) &&
1131 1128 ((fr1->fr_satype == FRI_LOOKUP) &&
1132 1129 (fr->fr_satype == FRI_LOOKUP) &&
1133 1130 (fr1->fr_srcnum == fr->fr_srcnum))) {
1134 1131 m[FRC_SRC].e++;
1135 1132 m[FRC_SRC].n++;
1136 1133 } else if ((n & 0x0200) &&
1137 1134 (fr->fr_type == fr1->fr_type) &&
1138 1135 (fr->fr_type == FR_T_IPF) &&
1139 1136 (((fr1->fr_flags & FR_NOTSRCIP) ==
1140 1137 (fr->fr_flags & FR_NOTSRCIP)))) {
1141 1138 if ((fr1->fr_smask == fr->fr_smask) &&
1142 1139 (fr1->fr_saddr == fr->fr_saddr))
1143 1140 m[FRC_SRC].e++;
1144 1141 else
1145 1142 n &= ~0x0200;
1146 1143 if (fr1->fr_smask &&
1147 1144 (fr1->fr_saddr & fr1->fr_smask) ==
1148 1145 (fr->fr_saddr & fr1->fr_smask)) {
1149 1146 m[FRC_SRC].n++;
1150 1147 n |= 0x0200;
1151 1148 }
1152 1149 } else {
1153 1150 n &= ~0x0200;
1154 1151 }
1155 1152
1156 1153 if ((n & 0x0400) &&
1157 1154 (fr->fr_type == fr1->fr_type) &&
1158 1155 (fr->fr_type == FR_T_IPF) &&
1159 1156 ((fr1->fr_datype == FRI_LOOKUP) &&
1160 1157 (fr->fr_datype == FRI_LOOKUP) &&
1161 1158 (fr1->fr_dstnum == fr->fr_dstnum))) {
1162 1159 m[FRC_DST].e++;
1163 1160 m[FRC_DST].n++;
1164 1161 } else if ((n & 0x0400) &&
1165 1162 (fr->fr_type == fr1->fr_type) &&
1166 1163 (fr->fr_type == FR_T_IPF) &&
1167 1164 (((fr1->fr_flags & FR_NOTDSTIP) ==
1168 1165 (fr->fr_flags & FR_NOTDSTIP)))) {
1169 1166 if ((fr1->fr_dmask == fr->fr_dmask) &&
1170 1167 (fr1->fr_daddr == fr->fr_daddr))
1171 1168 m[FRC_DST].e++;
1172 1169 else
1173 1170 n &= ~0x0400;
1174 1171 if (fr1->fr_dmask &&
1175 1172 (fr1->fr_daddr & fr1->fr_dmask) ==
1176 1173 (fr->fr_daddr & fr1->fr_dmask)) {
1177 1174 m[FRC_DST].n++;
1178 1175 n |= 0x0400;
1179 1176 }
1180 1177 } else {
1181 1178 n &= ~0x0400;
1182 1179 }
1183 1180
1184 1181 if ((n & 0x0800) &&
1185 1182 (fr->fr_type == fr1->fr_type) &&
1186 1183 (fr->fr_type == FR_T_IPF) &&
1187 1184 (fr1->fr_optmask == fr->fr_optmask) &&
1188 1185 (fr1->fr_optbits == fr->fr_optbits)) {
1189 1186 m[FRC_OPT].e++;
1190 1187 m[FRC_OPT].n++;
1191 1188 } else
1192 1189 n &= ~0x0800;
1193 1190
1194 1191 if ((n & 0x1000) &&
1195 1192 (fr->fr_type == fr1->fr_type) &&
1196 1193 (fr->fr_type == FR_T_IPF) &&
1197 1194 (fr1->fr_secmask == fr->fr_secmask) &&
1198 1195 (fr1->fr_secbits == fr->fr_secbits)) {
1199 1196 m[FRC_SEC].e++;
1200 1197 m[FRC_SEC].n++;
1201 1198 } else
1202 1199 n &= ~0x1000;
1203 1200
1204 1201 if ((n & 0x10000) &&
1205 1202 (fr->fr_type == fr1->fr_type) &&
1206 1203 (fr->fr_type == FR_T_IPF) &&
1207 1204 (fr1->fr_authmask == fr->fr_authmask) &&
1208 1205 (fr1->fr_authbits == fr->fr_authbits)) {
1209 1206 m[FRC_ATH].e++;
1210 1207 m[FRC_ATH].n++;
1211 1208 } else
1212 1209 n &= ~0x10000;
1213 1210
1214 1211 if ((n & 0x20000) &&
1215 1212 (fr->fr_type == fr1->fr_type) &&
1216 1213 (fr->fr_type == FR_T_IPF) &&
1217 1214 ((fr1->fr_icmpm & 0xff00) ==
1218 1215 (fr->fr_icmpm & 0xff00)) &&
1219 1216 ((fr1->fr_icmp & 0xff00) ==
1220 1217 (fr->fr_icmp & 0xff00))) {
1221 1218 m[FRC_ICT].e++;
1222 1219 m[FRC_ICT].n++;
1223 1220 } else
1224 1221 n &= ~0x20000;
1225 1222
1226 1223 if ((n & 0x40000) &&
1227 1224 (fr->fr_type == fr1->fr_type) &&
1228 1225 (fr->fr_type == FR_T_IPF) &&
1229 1226 ((fr1->fr_icmpm & 0xff) == (fr->fr_icmpm & 0xff)) &&
1230 1227 ((fr1->fr_icmp & 0xff) == (fr->fr_icmp & 0xff))) {
1231 1228 m[FRC_ICC].e++;
1232 1229 m[FRC_ICC].n++;
1233 1230 } else
1234 1231 n &= ~0x40000;
1235 1232 }
1236 1233 /*msort(m);*/
1237 1234
1238 1235 if (dir == 0)
1239 1236 emitGroup(rn, dir, m, fr1, group, count, 0);
1240 1237 else if (dir == 1)
1241 1238 emitGroup(rn, dir, m, fr1, group, 0, count);
1242 1239 }
1243 1240 }
1244 1241
1245 1242 static void printhooks(fp, in, out, grp)
1246 1243 FILE *fp;
1247 1244 int in;
1248 1245 int out;
1249 1246 frgroup_t *grp;
1250 1247 {
1251 1248 frentry_t *fr;
1252 1249 char *group;
1253 1250 int dogrp, i;
1254 1251 char *instr;
1255 1252
1256 1253 group = grp->fg_name;
1257 1254 dogrp = 0;
1258 1255
1259 1256 if (in && out) {
1260 1257 fprintf(stderr,
1261 1258 "printhooks called with both in and out set\n");
1262 1259 exit(1);
1263 1260 }
1264 1261
1265 1262 if (in) {
1266 1263 instr = "in";
1267 1264 } else if (out) {
1268 1265 instr = "out";
1269 1266 } else {
1270 1267 instr = "???";
1271 1268 }
1272 1269 fprintf(fp, "static frentry_t ipfrule_%s_%s;\n", instr, group);
1273 1270
1274 1271 fprintf(fp, "\
1275 1272 \n\
1276 1273 int ipfrule_add_%s_%s()\n", instr, group);
1277 1274 fprintf(fp, "\
1278 1275 {\n\
1279 1276 int i, j, err = 0, max;\n\
1280 1277 frentry_t *fp;\n");
1281 1278
1282 1279 if (dogrp)
1283 1280 fprintf(fp, "\
1284 1281 frgroup_t *fg;\n");
1285 1282
1286 1283 fprintf(fp, "\n");
1287 1284
1288 1285 for (i = 0, fr = grp->fg_start; fr != NULL; i++, fr = fr->fr_next)
1289 1286 if (fr->fr_dsize > 0) {
1290 1287 fprintf(fp, "\
1291 1288 ipf_rules_%s_%s[%d]->fr_data = &ipf%s_rule_data_%s_%u;\n",
1292 1289 instr, grp->fg_name, i,
1293 1290 instr, grp->fg_name, i);
1294 1291 }
1295 1292 fprintf(fp, "\
1296 1293 max = sizeof(ipf_rules_%s_%s)/sizeof(frentry_t *);\n\
1297 1294 for (i = 0; i < max; i++) {\n\
1298 1295 fp = ipf_rules_%s_%s[i];\n\
1299 1296 fp->fr_next = NULL;\n", instr, group, instr, group);
1300 1297
1301 1298 fprintf(fp, "\
1302 1299 for (j = i + 1; j < max; j++)\n\
1303 1300 if (strncmp(fp->fr_group,\n\
1304 1301 ipf_rules_%s_%s[j]->fr_group,\n\
1305 1302 FR_GROUPLEN) == 0) {\n\
1306 1303 fp->fr_next = ipf_rules_%s_%s[j];\n\
1307 1304 break;\n\
1308 1305 }\n", instr, group, instr, group);
1309 1306 if (dogrp)
1310 1307 fprintf(fp, "\
1311 1308 \n\
1312 1309 if (fp->fr_grhead != 0) {\n\
1313 1310 fg = fr_addgroup(fp->fr_grhead, fp, FR_INQUE,\n\
1314 1311 IPL_LOGIPF, 0);\n\
1315 1312 if (fg != NULL)\n\
1316 1313 fp->fr_grp = &fg->fg_start;\n\
1317 1314 }\n");
1318 1315 fprintf(fp, "\
1319 1316 }\n\
1320 1317 \n\
1321 1318 fp = &ipfrule_%s_%s;\n", instr, group);
1322 1319 fprintf(fp, "\
1323 1320 bzero((char *)fp, sizeof(*fp));\n\
1324 1321 fp->fr_type = FR_T_CALLFUNC|FR_T_BUILTIN;\n\
1325 1322 fp->fr_flags = FR_%sQUE|FR_NOMATCH;\n\
1326 1323 fp->fr_data = (void *)ipf_rules_%s_%s[0];\n",
1327 1324 (in != 0) ? "IN" : "OUT", instr, group);
1328 1325 fprintf(fp, "\
1329 1326 fp->fr_dsize = sizeof(ipf_rules_%s_%s[0]);\n",
1330 1327 instr, group);
1331 1328
1332 1329 fprintf(fp, "\
1333 1330 fp->fr_v = 4;\n\
1334 1331 fp->fr_func = (ipfunc_t)ipfrule_match_%s_%s;\n\
1335 1332 err = frrequest(IPL_LOGIPF, SIOCADDFR, (caddr_t)fp, fr_active, 0);\n",
1336 1333 instr, group);
1337 1334 fprintf(fp, "\treturn err;\n}\n");
1338 1335
1339 1336 fprintf(fp, "\n\n\
1340 1337 int ipfrule_remove_%s_%s()\n", instr, group);
1341 1338 fprintf(fp, "\
1342 1339 {\n\
1343 1340 int err = 0, i;\n\
1344 1341 frentry_t *fp;\n\
1345 1342 \n\
1346 1343 /*\n\
1347 1344 * Try to remove the %sbound rule.\n", instr);
1348 1345
1349 1346 fprintf(fp, "\
1350 1347 */\n\
1351 1348 if (ipfrule_%s_%s.fr_ref > 0) {\n", instr, group);
1352 1349
1353 1350 fprintf(fp, "\
1354 1351 err = EBUSY;\n\
1355 1352 } else {\n");
1356 1353
1357 1354 fprintf(fp, "\
1358 1355 i = sizeof(ipf_rules_%s_%s)/sizeof(frentry_t *) - 1;\n\
1359 1356 for (; i >= 0; i--) {\n\
1360 1357 fp = ipf_rules_%s_%s[i];\n\
1361 1358 if (fp->fr_ref > 1) {\n\
1362 1359 err = EBUSY;\n\
1363 1360 break;\n\
1364 1361 }\n\
1365 1362 }\n\
1366 1363 }\n\
1367 1364 if (err == 0)\n\
1368 1365 err = frrequest(IPL_LOGIPF, SIOCDELFR,\n\
1369 1366 (caddr_t)&ipfrule_%s_%s, fr_active, 0);\n",
1370 1367 instr, group, instr, group, instr, group);
1371 1368 fprintf(fp, "\
1372 1369 if (err)\n\
1373 1370 return err;\n\
1374 1371 \n\n");
1375 1372
1376 1373 fprintf(fp, "\treturn err;\n}\n");
1377 1374 }
|
↓ open down ↓ |
1282 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX