Print this page
8485 Remove set but unused variables in usr/src/cmd
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/ipf/tools/ipfcomp.c
+++ new/usr/src/cmd/ipf/tools/ipfcomp.c
1 1 /*
2 2 * Copyright (C) 1993-2001 by Darren Reed.
3 3 *
4 4 * See the IPFILTER.LICENCE file for details on licencing.
5 5 *
6 6 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
7 7 * Use is subject to license terms.
8 + * Copyright 2017 Gary Mills
8 9 */
9 10
10 -#pragma ident "%Z%%M% %I% %E% SMI"
11 -
12 -#if !defined(lint)
13 -static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
14 -static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp $";
15 -#endif
16 -
17 11 #include "ipf.h"
18 12
19 13
20 14 typedef struct {
21 15 int c;
22 16 int e;
23 17 int n;
24 18 int p;
25 19 int s;
26 20 } mc_t;
27 21
28 22
29 23 static char *portcmp[] = { "*", "==", "!=", "<", ">", "<=", ">=", "**", "***" };
30 24 static int count = 0;
31 25
32 26 int intcmp __P((const void *, const void *));
33 27 static void indent __P((FILE *, int));
34 28 static void printeq __P((FILE *, char *, int, int, int));
35 29 static void printipeq __P((FILE *, char *, int, int, int));
36 30 static void addrule __P((FILE *, frentry_t *));
37 31 static void printhooks __P((FILE *, int, int, frgroup_t *));
38 32 static void emitheader __P((frgroup_t *, u_int, u_int));
39 33 static void emitGroup __P((int, int, void *, frentry_t *, char *,
40 34 u_int, u_int));
41 35 static void emittail __P((void));
42 36 static void printCgroup __P((int, frentry_t *, mc_t *, char *));
43 37
44 38 #define FRC_IFN 0
45 39 #define FRC_V 1
46 40 #define FRC_P 2
47 41 #define FRC_FL 3
48 42 #define FRC_TOS 4
49 43 #define FRC_TTL 5
50 44 #define FRC_SRC 6
51 45 #define FRC_DST 7
52 46 #define FRC_TCP 8
53 47 #define FRC_SP 9
54 48 #define FRC_DP 10
55 49 #define FRC_OPT 11
56 50 #define FRC_SEC 12
57 51 #define FRC_ATH 13
58 52 #define FRC_ICT 14
59 53 #define FRC_ICC 15
60 54 #define FRC_MAX 16
61 55
|
↓ open down ↓ |
35 lines elided |
↑ open up ↑ |
62 56
63 57 static FILE *cfile = NULL;
64 58
65 59 /*
66 60 * This is called once per filter rule being loaded to emit data structures
67 61 * required.
68 62 */
69 63 void printc(fr)
70 64 frentry_t *fr;
71 65 {
72 - fripf_t *ipf;
73 66 u_long *ulp;
74 67 char *and;
75 68 FILE *fp;
76 69 int i;
77 70
78 71 if (fr->fr_v != 4)
79 72 return;
80 73 if ((fr->fr_type != FR_T_IPF) && (fr->fr_type != FR_T_NONE))
81 74 return;
82 75 if ((fr->fr_type == FR_T_IPF) &&
83 76 ((fr->fr_datype != FRI_NORMAL) || (fr->fr_satype != FRI_NORMAL)))
84 77 return;
85 - ipf = fr->fr_ipf;
86 78
87 79 if (cfile == NULL)
88 80 cfile = fopen("ip_rules.c", "w");
89 81 if (cfile == NULL)
90 82 return;
91 83 fp = cfile;
92 84 if (count == 0) {
93 85 fprintf(fp, "/*\n");
94 86 fprintf(fp, "* Copyright (C) 1993-2000 by Darren Reed.\n");
95 87 fprintf(fp, "*\n");
96 88 fprintf(fp, "* Redistribution and use in source and binary forms are permitted\n");
97 89 fprintf(fp, "* provided that this notice is preserved and due credit is given\n");
98 90 fprintf(fp, "* to the original author and the contributors.\n");
99 91 fprintf(fp, "*/\n\n");
100 92
101 93 fprintf(fp, "#include <sys/types.h>\n");
102 94 fprintf(fp, "#include <sys/time.h>\n");
103 95 fprintf(fp, "#include <sys/socket.h>\n");
104 96 fprintf(fp, "#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi)\n");
105 97 fprintf(fp, "# include <sys/systm.h>\n");
106 98 fprintf(fp, "#endif\n");
107 99 fprintf(fp, "#include <sys/errno.h>\n");
108 100 fprintf(fp, "#include <sys/param.h>\n");
109 101 fprintf(fp,
110 102 "#if !defined(__SVR4) && !defined(__svr4__) && !defined(__hpux)\n");
111 103 fprintf(fp, "# include <sys/mbuf.h>\n");
112 104 fprintf(fp, "#endif\n");
113 105 fprintf(fp,
114 106 "#if defined(__FreeBSD__) && (__FreeBSD_version > 220000)\n");
115 107 fprintf(fp, "# include <sys/sockio.h>\n");
116 108 fprintf(fp, "#else\n");
117 109 fprintf(fp, "# include <sys/ioctl.h>\n");
118 110 fprintf(fp, "#endif /* FreeBSD */\n");
119 111 fprintf(fp, "#include <net/if.h>\n");
120 112 fprintf(fp, "#include <netinet/in.h>\n");
121 113 fprintf(fp, "#include <netinet/in_systm.h>\n");
122 114 fprintf(fp, "#include <netinet/ip.h>\n");
123 115 fprintf(fp, "#include <netinet/tcp.h>\n");
124 116 fprintf(fp, "#include \"netinet/ip_compat.h\"\n");
125 117 fprintf(fp, "#include \"netinet/ip_fil.h\"\n\n");
126 118 fprintf(fp, "#include \"netinet/ip_rules.h\"\n\n");
127 119 fprintf(fp, "#ifndef _KERNEL\n");
128 120 fprintf(fp, "# include <string.h>\n");
129 121 fprintf(fp, "#endif /* _KERNEL */\n");
130 122 fprintf(fp, "\n");
131 123 fprintf(fp, "#ifdef IPFILTER_COMPILED\n");
132 124 }
133 125
134 126 addrule(fp, fr);
135 127 fr->fr_type |= FR_T_BUILTIN;
136 128 and = "";
137 129 fr->fr_ref = 1;
138 130 i = sizeof(*fr);
139 131 if (i & -(1 - sizeof(*ulp)))
140 132 i += sizeof(u_long);
141 133 for (i /= sizeof(u_long), ulp = (u_long *)fr; i > 0; i--) {
142 134 fprintf(fp, "%s%#lx", and, *ulp++);
143 135 and = ", ";
144 136 }
145 137 fprintf(fp, "\n};\n");
146 138 fr->fr_type &= ~FR_T_BUILTIN;
147 139
148 140 count++;
149 141
150 142 fflush(fp);
151 143 }
152 144
153 145
154 146 static frgroup_t *groups = NULL;
155 147
156 148
157 149 static void addrule(fp, fr)
158 150 FILE *fp;
159 151 frentry_t *fr;
160 152 {
161 153 frentry_t *f, **fpp;
162 154 frgroup_t *g;
163 155 u_long *ulp;
164 156 char *and;
165 157 int i;
166 158
167 159 f = (frentry_t *)malloc(sizeof(*f));
168 160 if (f == NULL) {
169 161 fprintf(stderr, "out of memory\n");
170 162 exit(1);
171 163 }
172 164 bcopy((char *)fr, (char *)f, sizeof(*fr));
173 165 if (fr->fr_ipf) {
174 166 f->fr_ipf = (fripf_t *)malloc(sizeof(*f->fr_ipf));
175 167 if (f->fr_ipf == NULL) {
176 168 fprintf(stderr, "out of memory\n");
177 169 exit(1);
178 170 }
179 171 bcopy((char *)fr->fr_ipf, (char *)f->fr_ipf,
180 172 sizeof(*fr->fr_ipf));
181 173 }
182 174
183 175 f->fr_next = NULL;
184 176 for (g = groups; g != NULL; g = g->fg_next)
185 177 if ((strncmp(g->fg_name, f->fr_group, FR_GROUPLEN) == 0) &&
186 178 (g->fg_flags == (f->fr_flags & FR_INOUT)))
187 179 break;
188 180
189 181 if (g == NULL) {
190 182 g = (frgroup_t *)calloc(1, sizeof(*g));
191 183 if (g == NULL) {
192 184 fprintf(stderr, "out of memory\n");
193 185 exit(1);
194 186 }
195 187 g->fg_next = groups;
196 188 groups = g;
197 189 g->fg_head = f;
198 190 bcopy(f->fr_group, g->fg_name, FR_GROUPLEN);
199 191 g->fg_ref = 0;
200 192 g->fg_flags = f->fr_flags & FR_INOUT;
201 193 }
202 194
203 195 for (fpp = &g->fg_start; *fpp != NULL; )
204 196 fpp = &((*fpp)->fr_next);
205 197 *fpp = f;
206 198
207 199 if (fr->fr_dsize > 0) {
208 200 fprintf(fp, "\
209 201 static u_long ipf%s_rule_data_%s_%u[] = {\n",
210 202 f->fr_flags & FR_INQUE ? "in" : "out",
211 203 g->fg_name, g->fg_ref);
212 204 and = "";
213 205 i = fr->fr_dsize;
214 206 ulp = fr->fr_data;
215 207 for (i /= sizeof(u_long); i > 0; i--) {
216 208 fprintf(fp, "%s%#lx", and, *ulp++);
217 209 and = ", ";
218 210 }
219 211 fprintf(fp, "\n};\n");
220 212 }
221 213
222 214 fprintf(fp, "\nstatic u_long %s_rule_%s_%d[] = {\n",
223 215 f->fr_flags & FR_INQUE ? "in" : "out", g->fg_name, g->fg_ref);
224 216
225 217 g->fg_ref++;
226 218
227 219 if (f->fr_grhead != 0) {
228 220 for (g = groups; g != NULL; g = g->fg_next)
229 221 if ((strncmp(g->fg_name, f->fr_grhead,
230 222 FR_GROUPLEN) == 0) &&
231 223 g->fg_flags == (f->fr_flags & FR_INOUT))
232 224 break;
233 225 if (g == NULL) {
234 226 g = (frgroup_t *)calloc(1, sizeof(*g));
235 227 if (g == NULL) {
236 228 fprintf(stderr, "out of memory\n");
237 229 exit(1);
238 230 }
239 231 g->fg_next = groups;
240 232 groups = g;
241 233 g->fg_head = f;
242 234 bcopy(f->fr_grhead, g->fg_name, FR_GROUPLEN);
243 235 g->fg_ref = 0;
244 236 g->fg_flags = f->fr_flags & FR_INOUT;
245 237 }
246 238 }
247 239 }
248 240
249 241
250 242 int intcmp(c1, c2)
251 243 const void *c1, *c2;
252 244 {
253 245 const mc_t *i1 = (const mc_t *)c1, *i2 = (const mc_t *)c2;
254 246
255 247 if (i1->n == i2->n) {
256 248 return i1->c - i2->c;
257 249 }
258 250 return i2->n - i1->n;
259 251 }
260 252
261 253
262 254 static void indent(fp, in)
263 255 FILE *fp;
264 256 int in;
265 257 {
266 258 for (; in; in--)
267 259 fputc('\t', fp);
268 260 }
269 261
270 262 static void printeq(fp, var, m, max, v)
271 263 FILE *fp;
272 264 char *var;
273 265 int m, max, v;
274 266 {
275 267 if (m == max)
276 268 fprintf(fp, "%s == %#x) {\n", var, v);
277 269 else
278 270 fprintf(fp, "(%s & %#x) == %#x) {\n", var, m, v);
279 271 }
280 272
281 273 /*
282 274 * Parameters: var - IP# being compared
283 275 * fl - 0 for positive match, 1 for negative match
284 276 * m - netmask
285 277 * v - required address
286 278 */
287 279 static void printipeq(fp, var, fl, m, v)
288 280 FILE *fp;
289 281 char *var;
290 282 int fl, m, v;
291 283 {
292 284 if (m == 0xffffffff)
293 285 fprintf(fp, "%s ", var);
294 286 else
295 287 fprintf(fp, "(%s & %#x) ", var, m);
296 288 fprintf(fp, "%c", fl ? '!' : '=');
297 289 fprintf(fp, "= %#x) {\n", v);
298 290 }
299 291
300 292
301 293 void emit(num, dir, v, fr)
302 294 int num, dir;
303 295 void *v;
304 296 frentry_t *fr;
305 297 {
306 298 u_int incnt, outcnt;
307 299 frgroup_t *g;
308 300 frentry_t *f;
309 301
310 302 for (g = groups; g != NULL; g = g->fg_next) {
311 303 if (dir == 0 || dir == -1) {
312 304 if ((g->fg_flags & FR_INQUE) == 0)
313 305 continue;
314 306 for (incnt = 0, f = g->fg_start; f != NULL;
315 307 f = f->fr_next)
316 308 incnt++;
317 309 emitGroup(num, dir, v, fr, g->fg_name, incnt, 0);
318 310 }
319 311 if (dir == 1 || dir == -1) {
320 312 if ((g->fg_flags & FR_OUTQUE) == 0)
321 313 continue;
322 314 for (outcnt = 0, f = g->fg_start; f != NULL;
323 315 f = f->fr_next)
324 316 outcnt++;
325 317 emitGroup(num, dir, v, fr, g->fg_name, 0, outcnt);
326 318 }
327 319 }
328 320
329 321 if (num == -1 && dir == -1) {
330 322 for (g = groups; g != NULL; g = g->fg_next) {
331 323 if ((g->fg_flags & FR_INQUE) != 0) {
332 324 for (incnt = 0, f = g->fg_start; f != NULL;
333 325 f = f->fr_next)
334 326 incnt++;
335 327 if (incnt > 0)
336 328 emitheader(g, incnt, 0);
337 329 }
338 330 if ((g->fg_flags & FR_OUTQUE) != 0) {
339 331 for (outcnt = 0, f = g->fg_start; f != NULL;
340 332 f = f->fr_next)
341 333 outcnt++;
342 334 if (outcnt > 0)
343 335 emitheader(g, 0, outcnt);
344 336 }
345 337 }
346 338 emittail();
347 339 fprintf(cfile, "#endif /* IPFILTER_COMPILED */\n");
348 340 }
349 341
350 342 }
351 343
352 344
353 345 static void emitheader(grp, incount, outcount)
354 346 frgroup_t *grp;
355 347 u_int incount, outcount;
356 348 {
357 349 static FILE *fph = NULL;
358 350 frgroup_t *g;
359 351
360 352 if (fph == NULL) {
361 353 fph = fopen("ip_rules.h", "w");
362 354 if (fph == NULL)
363 355 return;
364 356
365 357 fprintf(fph, "extern int ipfrule_add __P((void));\n");
366 358 fprintf(fph, "extern int ipfrule_remove __P((void));\n");
367 359 }
368 360
369 361 printhooks(cfile, incount, outcount, grp);
370 362
371 363 if (incount) {
372 364 fprintf(fph, "\n\
373 365 extern frentry_t *ipfrule_match_in_%s __P((fr_info_t *, u_32_t *));\n\
374 366 extern frentry_t *ipf_rules_in_%s[%d];\n",
375 367 grp->fg_name, grp->fg_name, incount);
376 368
377 369 for (g = groups; g != grp; g = g->fg_next)
378 370 if ((strncmp(g->fg_name, grp->fg_name,
379 371 FR_GROUPLEN) == 0) &&
380 372 g->fg_flags == grp->fg_flags)
381 373 break;
382 374 if (g == grp) {
383 375 fprintf(fph, "\n\
384 376 extern int ipfrule_add_in_%s __P((void));\n\
385 377 extern int ipfrule_remove_in_%s __P((void));\n", grp->fg_name, grp->fg_name);
386 378 }
387 379 }
388 380 if (outcount) {
389 381 fprintf(fph, "\n\
390 382 extern frentry_t *ipfrule_match_out_%s __P((fr_info_t *, u_32_t *));\n\
391 383 extern frentry_t *ipf_rules_out_%s[%d];\n",
392 384 grp->fg_name, grp->fg_name, outcount);
393 385
394 386 for (g = groups; g != g; g = g->fg_next)
395 387 if ((strncmp(g->fg_name, grp->fg_name,
396 388 FR_GROUPLEN) == 0) &&
397 389 g->fg_flags == grp->fg_flags)
398 390 break;
399 391 if (g == grp) {
400 392 fprintf(fph, "\n\
401 393 extern int ipfrule_add_out_%s __P((void));\n\
402 394 extern int ipfrule_remove_out_%s __P((void));\n",
403 395 grp->fg_name, grp->fg_name);
404 396 }
405 397 }
406 398 }
407 399
408 400 static void emittail()
409 401 {
410 402 frgroup_t *g;
411 403
412 404 fprintf(cfile, "\n\
413 405 int ipfrule_add()\n\
414 406 {\n\
415 407 int err;\n\
416 408 \n");
417 409 for (g = groups; g != NULL; g = g->fg_next)
418 410 fprintf(cfile, "\
419 411 err = ipfrule_add_%s_%s();\n\
420 412 if (err != 0)\n\
421 413 return err;\n",
422 414 (g->fg_flags & FR_INQUE) ? "in" : "out", g->fg_name);
423 415 fprintf(cfile, "\
424 416 return 0;\n");
425 417 fprintf(cfile, "}\n\
426 418 \n");
427 419
428 420 fprintf(cfile, "\n\
429 421 int ipfrule_remove()\n\
430 422 {\n\
431 423 int err;\n\
432 424 \n");
433 425 for (g = groups; g != NULL; g = g->fg_next)
434 426 fprintf(cfile, "\
435 427 err = ipfrule_remove_%s_%s();\n\
436 428 if (err != 0)\n\
437 429 return err;\n",
438 430 (g->fg_flags & FR_INQUE) ? "in" : "out", g->fg_name);
439 431 fprintf(cfile, "\
440 432 return 0;\n");
441 433 fprintf(cfile, "}\n");
442 434 }
443 435
444 436
445 437 static void emitGroup(num, dir, v, fr, group, incount, outcount)
446 438 int num, dir;
447 439 void *v;
448 440 frentry_t *fr;
449 441 char *group;
450 442 u_int incount, outcount;
451 443 {
452 444 static FILE *fp = NULL;
453 445 static int header[2] = { 0, 0 };
454 446 static char egroup[FR_GROUPLEN] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
455 447 static int openfunc = 0;
456 448 static mc_t *n = NULL;
457 449 static int sin = 0;
458 450 frentry_t *f;
459 451 frgroup_t *g;
460 452 fripf_t *ipf;
461 453 int i, in, j;
462 454 mc_t *m = v;
463 455
464 456 if (fp == NULL)
465 457 fp = cfile;
466 458 if (fp == NULL)
467 459 return;
468 460 if (strncmp(egroup, group, FR_GROUPLEN)) {
469 461 for (sin--; sin > 0; sin--) {
470 462 indent(fp, sin);
471 463 fprintf(fp, "}\n");
472 464 }
473 465 if (openfunc == 1) {
474 466 fprintf(fp, "\treturn fr;\n}\n");
475 467 openfunc = 0;
476 468 if (n != NULL) {
477 469 free(n);
478 470 n = NULL;
479 471 }
480 472 }
481 473 sin = 0;
482 474 header[0] = 0;
483 475 header[1] = 0;
484 476 strncpy(egroup, group, FR_GROUPLEN);
485 477 } else if (openfunc == 1 && num < 0) {
486 478 if (n != NULL) {
487 479 free(n);
488 480 n = NULL;
489 481 }
490 482 for (sin--; sin > 0; sin--) {
491 483 indent(fp, sin);
492 484 fprintf(fp, "}\n");
493 485 }
494 486 if (openfunc == 1) {
495 487 fprintf(fp, "\treturn fr;\n}\n");
496 488 openfunc = 0;
497 489 }
498 490 }
499 491
500 492 if (dir == -1)
501 493 return;
502 494
503 495 for (g = groups; g != NULL; g = g->fg_next) {
504 496 if (dir == 0 && (g->fg_flags & FR_INQUE) == 0)
505 497 continue;
506 498 else if (dir == 1 && (g->fg_flags & FR_OUTQUE) == 0)
507 499 continue;
508 500 if (strncmp(g->fg_name, group, FR_GROUPLEN) != 0)
509 501 continue;
510 502 break;
511 503 }
512 504
513 505 /*
514 506 * Output the array of pointers to rules for this group.
515 507 */
516 508 if (num == -2 && dir == 0 && header[0] == 0 && incount != 0) {
517 509 fprintf(fp, "\nfrentry_t *ipf_rules_in_%s[%d] = {",
518 510 group, incount);
519 511 for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) {
520 512 if ((f->fr_flags & FR_INQUE) == 0)
521 513 continue;
522 514 if ((i & 1) == 0) {
523 515 fprintf(fp, "\n\t");
524 516 }
525 517 fprintf(fp,
526 518 "(frentry_t *)&in_rule_%s_%d",
527 519 f->fr_group, i);
528 520 if (i + 1 < incount)
529 521 fprintf(fp, ", ");
530 522 i++;
531 523 }
532 524 fprintf(fp, "\n};\n");
533 525 }
534 526
535 527 if (num == -2 && dir == 1 && header[1] == 0 && outcount != 0) {
536 528 fprintf(fp, "\nfrentry_t *ipf_rules_out_%s[%d] = {",
537 529 group, outcount);
538 530 for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) {
539 531 if ((f->fr_flags & FR_OUTQUE) == 0)
540 532 continue;
541 533 if ((i & 1) == 0) {
542 534 fprintf(fp, "\n\t");
543 535 }
544 536 fprintf(fp,
545 537 "(frentry_t *)&out_rule_%s_%d",
546 538 f->fr_group, i);
547 539 if (i + 1 < outcount)
548 540 fprintf(fp, ", ");
549 541 i++;
550 542 }
551 543 fprintf(fp, "\n};\n");
552 544 fp = NULL;
553 545 }
554 546
555 547 if (num < 0)
556 548 return;
557 549
558 550 in = 0;
559 551 ipf = fr->fr_ipf;
560 552
561 553 /*
562 554 * If the function header has not been printed then print it now.
563 555 */
564 556 if (header[dir] == 0) {
565 557 int pdst = 0, psrc = 0;
566 558
567 559 openfunc = 1;
568 560 fprintf(fp, "\nfrentry_t *ipfrule_match_%s_%s(fin, passp)\n",
569 561 (dir == 0) ? "in" : "out", group);
570 562 fprintf(fp, "fr_info_t *fin;\n");
571 563 fprintf(fp, "u_32_t *passp;\n");
572 564 fprintf(fp, "{\n");
573 565 fprintf(fp, "\tfrentry_t *fr = NULL;\n");
574 566
575 567 /*
576 568 * Print out any variables that need to be declared.
577 569 */
578 570 for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) {
579 571 if (incount + outcount > m[FRC_SRC].e + 1)
580 572 psrc = 1;
581 573 if (incount + outcount > m[FRC_DST].e + 1)
582 574 pdst = 1;
583 575 }
584 576 if (psrc == 1)
585 577 fprintf(fp, "\tu_32_t src = ntohl(%s);\n",
586 578 "fin->fin_fi.fi_saddr");
587 579 if (pdst == 1)
588 580 fprintf(fp, "\tu_32_t dst = ntohl(%s);\n",
589 581 "fin->fin_fi.fi_daddr");
590 582 }
591 583
592 584 for (i = 0; i < FRC_MAX; i++) {
593 585 switch(m[i].c)
594 586 {
595 587 case FRC_IFN :
596 588 if (*fr->fr_ifname)
597 589 m[i].s = 1;
598 590 break;
599 591 case FRC_V :
600 592 if (ipf != NULL && ipf->fri_mip.fi_v != 0)
601 593 m[i].s = 1;
602 594 break;
603 595 case FRC_FL :
604 596 if (ipf != NULL && ipf->fri_mip.fi_flx != 0)
605 597 m[i].s = 1;
606 598 break;
607 599 case FRC_P :
608 600 if (ipf != NULL && ipf->fri_mip.fi_p != 0)
609 601 m[i].s = 1;
610 602 break;
611 603 case FRC_TTL :
612 604 if (ipf != NULL && ipf->fri_mip.fi_ttl != 0)
613 605 m[i].s = 1;
614 606 break;
615 607 case FRC_TOS :
616 608 if (ipf != NULL && ipf->fri_mip.fi_tos != 0)
617 609 m[i].s = 1;
618 610 break;
619 611 case FRC_TCP :
620 612 if (ipf == NULL)
621 613 break;
622 614 if ((ipf->fri_ip.fi_p == IPPROTO_TCP) &&
623 615 fr->fr_tcpfm != 0)
624 616 m[i].s = 1;
625 617 break;
626 618 case FRC_SP :
627 619 if (ipf == NULL)
628 620 break;
629 621 if (fr->fr_scmp == FR_INRANGE)
630 622 m[i].s = 1;
631 623 else if (fr->fr_scmp == FR_OUTRANGE)
632 624 m[i].s = 1;
633 625 else if (fr->fr_scmp != 0)
634 626 m[i].s = 1;
635 627 break;
636 628 case FRC_DP :
637 629 if (ipf == NULL)
638 630 break;
639 631 if (fr->fr_dcmp == FR_INRANGE)
640 632 m[i].s = 1;
641 633 else if (fr->fr_dcmp == FR_OUTRANGE)
642 634 m[i].s = 1;
643 635 else if (fr->fr_dcmp != 0)
644 636 m[i].s = 1;
645 637 break;
646 638 case FRC_SRC :
647 639 if (ipf == NULL)
648 640 break;
649 641 if (fr->fr_satype == FRI_LOOKUP) {
650 642 ;
651 643 } else if ((fr->fr_smask != 0) ||
652 644 (fr->fr_flags & FR_NOTSRCIP) != 0)
653 645 m[i].s = 1;
654 646 break;
655 647 case FRC_DST :
656 648 if (ipf == NULL)
657 649 break;
658 650 if (fr->fr_datype == FRI_LOOKUP) {
659 651 ;
660 652 } else if ((fr->fr_dmask != 0) ||
661 653 (fr->fr_flags & FR_NOTDSTIP) != 0)
662 654 m[i].s = 1;
663 655 break;
664 656 case FRC_OPT :
665 657 if (ipf == NULL)
666 658 break;
667 659 if (fr->fr_optmask != 0)
668 660 m[i].s = 1;
669 661 break;
670 662 case FRC_SEC :
671 663 if (ipf == NULL)
672 664 break;
673 665 if (fr->fr_secmask != 0)
674 666 m[i].s = 1;
675 667 break;
676 668 case FRC_ATH :
677 669 if (ipf == NULL)
678 670 break;
679 671 if (fr->fr_authmask != 0)
680 672 m[i].s = 1;
681 673 break;
682 674 case FRC_ICT :
683 675 if (ipf == NULL)
684 676 break;
685 677 if ((fr->fr_icmpm & 0xff00) != 0)
686 678 m[i].s = 1;
687 679 break;
688 680 case FRC_ICC :
689 681 if (ipf == NULL)
690 682 break;
691 683 if ((fr->fr_icmpm & 0xff) != 0)
692 684 m[i].s = 1;
693 685 break;
694 686 }
695 687 }
696 688
697 689 if (!header[dir]) {
698 690 fprintf(fp, "\n");
699 691 header[dir] = 1;
700 692 sin = 0;
701 693 }
702 694
703 695 qsort(m, FRC_MAX, sizeof(mc_t), intcmp);
704 696
705 697 if (n) {
706 698 /*
707 699 * Calculate the indentation interval upto the last common
708 700 * common comparison being made.
709 701 */
710 702 for (i = 0, in = 1; i < FRC_MAX; i++) {
711 703 if (n[i].c != m[i].c)
712 704 break;
713 705 if (n[i].s != m[i].s)
714 706 break;
715 707 if (n[i].s) {
716 708 if (n[i].n && (n[i].n > n[i].e)) {
717 709 m[i].p++;
718 710 in += m[i].p;
719 711 break;
720 712 }
721 713 if (n[i].e > 0) {
722 714 in++;
723 715 } else
724 716 break;
725 717 }
726 718 }
727 719 if (sin != in) {
728 720 for (j = sin - 1; j >= in; j--) {
729 721 indent(fp, j);
730 722 fprintf(fp, "}\n");
731 723 }
732 724 }
733 725 } else {
734 726 in = 1;
735 727 i = 0;
736 728 }
737 729
738 730 /*
739 731 * print out C code that implements a filter rule.
740 732 */
741 733 for (; i < FRC_MAX; i++) {
742 734 switch(m[i].c)
743 735 {
744 736 case FRC_IFN :
745 737 if (m[i].s) {
746 738 indent(fp, in);
747 739 fprintf(fp, "if (fin->fin_ifp == ");
748 740 fprintf(fp, "ipf_rules_%s_%s[%d]->fr_ifa) {\n",
749 741 dir ? "out" : "in", group, num);
750 742 in++;
751 743 }
752 744 break;
753 745 case FRC_V :
754 746 if (m[i].s) {
755 747 indent(fp, in);
756 748 fprintf(fp, "if (fin->fin_v == %d) {\n",
757 749 ipf->fri_ip.fi_v);
758 750 in++;
759 751 }
760 752 break;
761 753 case FRC_FL :
762 754 if (m[i].s) {
763 755 indent(fp, in);
764 756 fprintf(fp, "if (");
765 757 printeq(fp, "fin->fin_flx",
766 758 ipf->fri_mip.fi_flx, 0xf,
767 759 ipf->fri_ip.fi_flx);
768 760 in++;
769 761 }
770 762 break;
771 763 case FRC_P :
772 764 if (m[i].s) {
773 765 indent(fp, in);
774 766 fprintf(fp, "if (fin->fin_p == %d) {\n",
775 767 ipf->fri_ip.fi_p);
776 768 in++;
777 769 }
778 770 break;
779 771 case FRC_TTL :
780 772 if (m[i].s) {
781 773 indent(fp, in);
782 774 fprintf(fp, "if (");
783 775 printeq(fp, "fin->fin_ttl",
784 776 ipf->fri_mip.fi_ttl, 0xff,
785 777 ipf->fri_ip.fi_ttl);
786 778 in++;
787 779 }
788 780 break;
789 781 case FRC_TOS :
790 782 if (m[i].s) {
791 783 indent(fp, in);
792 784 fprintf(fp, "if (fin->fin_tos");
793 785 printeq(fp, "fin->fin_tos",
794 786 ipf->fri_mip.fi_tos, 0xff,
795 787 ipf->fri_ip.fi_tos);
796 788 in++;
797 789 }
798 790 break;
799 791 case FRC_TCP :
800 792 if (m[i].s) {
801 793 indent(fp, in);
802 794 fprintf(fp, "if (");
803 795 printeq(fp, "fin->fin_tcpf", fr->fr_tcpfm,
804 796 0xff, fr->fr_tcpf);
805 797 in++;
806 798 }
807 799 break;
808 800 case FRC_SP :
809 801 if (!m[i].s)
810 802 break;
811 803 if (fr->fr_scmp == FR_INRANGE) {
812 804 indent(fp, in);
813 805 fprintf(fp, "if ((fin->fin_data[0] > %d) && ",
814 806 fr->fr_sport);
815 807 fprintf(fp, "(fin->fin_data[0] < %d)",
816 808 fr->fr_stop);
817 809 fprintf(fp, ") {\n");
818 810 in++;
819 811 } else if (fr->fr_scmp == FR_OUTRANGE) {
820 812 indent(fp, in);
821 813 fprintf(fp, "if ((fin->fin_data[0] < %d) || ",
822 814 fr->fr_sport);
823 815 fprintf(fp, "(fin->fin_data[0] > %d)",
824 816 fr->fr_stop);
825 817 fprintf(fp, ") {\n");
826 818 in++;
827 819 } else if (fr->fr_scmp) {
828 820 indent(fp, in);
829 821 fprintf(fp, "if (fin->fin_data[0] %s %d)",
830 822 portcmp[fr->fr_scmp], fr->fr_sport);
831 823 fprintf(fp, " {\n");
832 824 in++;
833 825 }
834 826 break;
835 827 case FRC_DP :
836 828 if (!m[i].s)
837 829 break;
838 830 if (fr->fr_dcmp == FR_INRANGE) {
839 831 indent(fp, in);
840 832 fprintf(fp, "if ((fin->fin_data[1] > %d) && ",
841 833 fr->fr_dport);
842 834 fprintf(fp, "(fin->fin_data[1] < %d)",
843 835 fr->fr_dtop);
844 836 fprintf(fp, ") {\n");
845 837 in++;
846 838 } else if (fr->fr_dcmp == FR_OUTRANGE) {
847 839 indent(fp, in);
848 840 fprintf(fp, "if ((fin->fin_data[1] < %d) || ",
849 841 fr->fr_dport);
850 842 fprintf(fp, "(fin->fin_data[1] > %d)",
851 843 fr->fr_dtop);
852 844 fprintf(fp, ") {\n");
853 845 in++;
854 846 } else if (fr->fr_dcmp) {
855 847 indent(fp, in);
856 848 fprintf(fp, "if (fin->fin_data[1] %s %d)",
857 849 portcmp[fr->fr_dcmp], fr->fr_dport);
858 850 fprintf(fp, " {\n");
859 851 in++;
860 852 }
861 853 break;
862 854 case FRC_SRC :
863 855 if (!m[i].s)
864 856 break;
865 857 if (fr->fr_satype == FRI_LOOKUP) {
866 858 ;
867 859 } else if ((fr->fr_smask != 0) ||
868 860 (fr->fr_flags & FR_NOTSRCIP) != 0) {
869 861 indent(fp, in);
870 862 fprintf(fp, "if (");
871 863 printipeq(fp, "src",
872 864 fr->fr_flags & FR_NOTSRCIP,
873 865 fr->fr_smask, fr->fr_saddr);
874 866 in++;
875 867 }
876 868 break;
877 869 case FRC_DST :
878 870 if (!m[i].s)
879 871 break;
880 872 if (fr->fr_datype == FRI_LOOKUP) {
881 873 ;
882 874 } else if ((fr->fr_dmask != 0) ||
883 875 (fr->fr_flags & FR_NOTDSTIP) != 0) {
884 876 indent(fp, in);
885 877 fprintf(fp, "if (");
886 878 printipeq(fp, "dst",
887 879 fr->fr_flags & FR_NOTDSTIP,
888 880 fr->fr_dmask, fr->fr_daddr);
889 881 in++;
890 882 }
891 883 break;
892 884 case FRC_OPT :
893 885 if (m[i].s) {
894 886 indent(fp, in);
895 887 fprintf(fp, "if (");
896 888 printeq(fp, "fin->fin_fi.fi_optmsk",
897 889 fr->fr_optmask, 0xffffffff,
898 890 fr->fr_optbits);
899 891 in++;
900 892 }
901 893 break;
902 894 case FRC_SEC :
903 895 if (m[i].s) {
904 896 indent(fp, in);
905 897 fprintf(fp, "if (");
906 898 printeq(fp, "fin->fin_fi.fi_secmsk",
907 899 fr->fr_secmask, 0xffff,
908 900 fr->fr_secbits);
909 901 in++;
910 902 }
911 903 break;
912 904 case FRC_ATH :
913 905 if (m[i].s) {
914 906 indent(fp, in);
915 907 fprintf(fp, "if (");
916 908 printeq(fp, "fin->fin_fi.fi_authmsk",
917 909 fr->fr_authmask, 0xffff,
918 910 fr->fr_authbits);
919 911 in++;
920 912 }
921 913 break;
922 914 case FRC_ICT :
923 915 if (m[i].s) {
924 916 indent(fp, in);
925 917 fprintf(fp, "if (");
926 918 printeq(fp, "fin->fin_data[0]",
927 919 fr->fr_icmpm & 0xff00, 0xffff,
928 920 fr->fr_icmp & 0xff00);
929 921 in++;
930 922 }
931 923 break;
932 924 case FRC_ICC :
933 925 if (m[i].s) {
934 926 indent(fp, in);
935 927 fprintf(fp, "if (");
936 928 printeq(fp, "fin->fin_data[0]",
937 929 fr->fr_icmpm & 0xff, 0xffff,
938 930 fr->fr_icmp & 0xff);
939 931 in++;
940 932 }
941 933 break;
942 934 }
943 935
944 936 }
945 937
946 938 indent(fp, in);
947 939 if (fr->fr_flags & FR_QUICK) {
948 940 fprintf(fp, "return (frentry_t *)&%s_rule_%s_%d;\n",
949 941 fr->fr_flags & FR_INQUE ? "in" : "out",
950 942 fr->fr_group, num);
951 943 } else {
952 944 fprintf(fp, "fr = (frentry_t *)&%s_rule_%s_%d;\n",
953 945 fr->fr_flags & FR_INQUE ? "in" : "out",
954 946 fr->fr_group, num);
955 947 }
956 948 if (n == NULL) {
957 949 n = (mc_t *)malloc(sizeof(*n) * FRC_MAX);
958 950 if (n == NULL) {
959 951 fprintf(stderr, "out of memory\n");
960 952 exit(1);
961 953 }
962 954 }
963 955 bcopy((char *)m, (char *)n, sizeof(*n) * FRC_MAX);
964 956 sin = in;
965 957 }
966 958
967 959
968 960 void printC(dir)
969 961 int dir;
970 962 {
971 963 static mc_t *m = NULL;
972 964 frgroup_t *g;
973 965
974 966 if (m == NULL) {
975 967 m = (mc_t *)calloc(1, sizeof(*m) * FRC_MAX);
976 968 if (m == NULL) {
977 969 fprintf(stderr, "out of memory\n");
978 970 exit(1);
979 971 }
980 972 }
981 973
982 974 for (g = groups; g != NULL; g = g->fg_next) {
983 975 if ((dir == 0) && ((g->fg_flags & FR_INQUE) != 0))
984 976 printCgroup(dir, g->fg_start, m, g->fg_name);
985 977 if ((dir == 1) && ((g->fg_flags & FR_OUTQUE) != 0))
986 978 printCgroup(dir, g->fg_start, m, g->fg_name);
987 979 }
988 980
989 981 emit(-1, dir, m, NULL);
990 982 }
991 983
992 984
993 985 /*
994 986 * Now print out code to implement all of the rules.
995 987 */
996 988 static void printCgroup(dir, top, m, group)
997 989 int dir;
998 990 frentry_t *top;
999 991 mc_t *m;
1000 992 char *group;
1001 993 {
1002 994 frentry_t *fr, *fr1;
1003 995 int i, n, rn;
1004 996 u_int count;
1005 997
1006 998 for (count = 0, fr1 = top; fr1 != NULL; fr1 = fr1->fr_next) {
1007 999 if ((dir == 0) && ((fr1->fr_flags & FR_INQUE) != 0))
1008 1000 count++;
1009 1001 else if ((dir == 1) && ((fr1->fr_flags & FR_OUTQUE) != 0))
1010 1002 count++;
1011 1003 }
1012 1004
1013 1005 if (dir == 0)
1014 1006 emitGroup(-2, dir, m, fr1, group, count, 0);
1015 1007 else if (dir == 1)
1016 1008 emitGroup(-2, dir, m, fr1, group, 0, count);
1017 1009
1018 1010 /*
1019 1011 * Before printing each rule, check to see how many of its fields are
1020 1012 * matched by subsequent rules.
1021 1013 */
1022 1014 for (fr1 = top, rn = 0; fr1 != NULL; fr1 = fr1->fr_next, rn++) {
1023 1015 if (!dir && !(fr1->fr_flags & FR_INQUE))
1024 1016 continue;
1025 1017 if (dir && !(fr1->fr_flags & FR_OUTQUE))
1026 1018 continue;
1027 1019 n = 0xfffffff;
1028 1020
1029 1021 for (i = 0; i < FRC_MAX; i++)
1030 1022 m[i].e = 0;
1031 1023 qsort(m, FRC_MAX, sizeof(mc_t), intcmp);
1032 1024
1033 1025 for (i = 0; i < FRC_MAX; i++) {
1034 1026 m[i].c = i;
1035 1027 m[i].e = 0;
1036 1028 m[i].n = 0;
1037 1029 m[i].s = 0;
1038 1030 }
1039 1031
1040 1032 for (fr = fr1->fr_next; fr; fr = fr->fr_next) {
1041 1033 if (!dir && !(fr->fr_flags & FR_INQUE))
1042 1034 continue;
1043 1035 if (dir && !(fr->fr_flags & FR_OUTQUE))
1044 1036 continue;
1045 1037
1046 1038 if ((n & 0x0001) &&
1047 1039 !strcmp(fr1->fr_ifname, fr->fr_ifname)) {
1048 1040 m[FRC_IFN].e++;
1049 1041 m[FRC_IFN].n++;
1050 1042 } else
1051 1043 n &= ~0x0001;
1052 1044
1053 1045 if ((n & 0x0002) && (fr1->fr_v == fr->fr_v)) {
1054 1046 m[FRC_V].e++;
1055 1047 m[FRC_V].n++;
1056 1048 } else
1057 1049 n &= ~0x0002;
1058 1050
1059 1051 if ((n & 0x0004) &&
1060 1052 (fr->fr_type == fr1->fr_type) &&
1061 1053 (fr->fr_type == FR_T_IPF) &&
1062 1054 (fr1->fr_mip.fi_flx == fr->fr_mip.fi_flx) &&
1063 1055 (fr1->fr_ip.fi_flx == fr->fr_ip.fi_flx)) {
1064 1056 m[FRC_FL].e++;
1065 1057 m[FRC_FL].n++;
1066 1058 } else
1067 1059 n &= ~0x0004;
1068 1060
1069 1061 if ((n & 0x0008) &&
1070 1062 (fr->fr_type == fr1->fr_type) &&
1071 1063 (fr->fr_type == FR_T_IPF) &&
1072 1064 (fr1->fr_proto == fr->fr_proto)) {
1073 1065 m[FRC_P].e++;
1074 1066 m[FRC_P].n++;
1075 1067 } else
1076 1068 n &= ~0x0008;
1077 1069
1078 1070 if ((n & 0x0010) &&
1079 1071 (fr->fr_type == fr1->fr_type) &&
1080 1072 (fr->fr_type == FR_T_IPF) &&
1081 1073 (fr1->fr_ttl == fr->fr_ttl)) {
1082 1074 m[FRC_TTL].e++;
1083 1075 m[FRC_TTL].n++;
1084 1076 } else
1085 1077 n &= ~0x0010;
1086 1078
1087 1079 if ((n & 0x0020) &&
1088 1080 (fr->fr_type == fr1->fr_type) &&
1089 1081 (fr->fr_type == FR_T_IPF) &&
1090 1082 (fr1->fr_tos == fr->fr_tos)) {
1091 1083 m[FRC_TOS].e++;
1092 1084 m[FRC_TOS].n++;
1093 1085 } else
1094 1086 n &= ~0x0020;
1095 1087
1096 1088 if ((n & 0x0040) &&
1097 1089 (fr->fr_type == fr1->fr_type) &&
1098 1090 (fr->fr_type == FR_T_IPF) &&
1099 1091 ((fr1->fr_tcpfm == fr->fr_tcpfm) &&
1100 1092 (fr1->fr_tcpf == fr->fr_tcpf))) {
1101 1093 m[FRC_TCP].e++;
1102 1094 m[FRC_TCP].n++;
1103 1095 } else
1104 1096 n &= ~0x0040;
1105 1097
1106 1098 if ((n & 0x0080) &&
1107 1099 (fr->fr_type == fr1->fr_type) &&
1108 1100 (fr->fr_type == FR_T_IPF) &&
1109 1101 ((fr1->fr_scmp == fr->fr_scmp) &&
1110 1102 (fr1->fr_stop == fr->fr_stop) &&
1111 1103 (fr1->fr_sport == fr->fr_sport))) {
1112 1104 m[FRC_SP].e++;
1113 1105 m[FRC_SP].n++;
1114 1106 } else
1115 1107 n &= ~0x0080;
1116 1108
1117 1109 if ((n & 0x0100) &&
1118 1110 (fr->fr_type == fr1->fr_type) &&
1119 1111 (fr->fr_type == FR_T_IPF) &&
1120 1112 ((fr1->fr_dcmp == fr->fr_dcmp) &&
1121 1113 (fr1->fr_dtop == fr->fr_dtop) &&
1122 1114 (fr1->fr_dport == fr->fr_dport))) {
1123 1115 m[FRC_DP].e++;
1124 1116 m[FRC_DP].n++;
1125 1117 } else
1126 1118 n &= ~0x0100;
1127 1119
1128 1120 if ((n & 0x0200) &&
1129 1121 (fr->fr_type == fr1->fr_type) &&
1130 1122 (fr->fr_type == FR_T_IPF) &&
1131 1123 ((fr1->fr_satype == FRI_LOOKUP) &&
1132 1124 (fr->fr_satype == FRI_LOOKUP) &&
1133 1125 (fr1->fr_srcnum == fr->fr_srcnum))) {
1134 1126 m[FRC_SRC].e++;
1135 1127 m[FRC_SRC].n++;
1136 1128 } else if ((n & 0x0200) &&
1137 1129 (fr->fr_type == fr1->fr_type) &&
1138 1130 (fr->fr_type == FR_T_IPF) &&
1139 1131 (((fr1->fr_flags & FR_NOTSRCIP) ==
1140 1132 (fr->fr_flags & FR_NOTSRCIP)))) {
1141 1133 if ((fr1->fr_smask == fr->fr_smask) &&
1142 1134 (fr1->fr_saddr == fr->fr_saddr))
1143 1135 m[FRC_SRC].e++;
1144 1136 else
1145 1137 n &= ~0x0200;
1146 1138 if (fr1->fr_smask &&
1147 1139 (fr1->fr_saddr & fr1->fr_smask) ==
1148 1140 (fr->fr_saddr & fr1->fr_smask)) {
1149 1141 m[FRC_SRC].n++;
1150 1142 n |= 0x0200;
1151 1143 }
1152 1144 } else {
1153 1145 n &= ~0x0200;
1154 1146 }
1155 1147
1156 1148 if ((n & 0x0400) &&
1157 1149 (fr->fr_type == fr1->fr_type) &&
1158 1150 (fr->fr_type == FR_T_IPF) &&
1159 1151 ((fr1->fr_datype == FRI_LOOKUP) &&
1160 1152 (fr->fr_datype == FRI_LOOKUP) &&
1161 1153 (fr1->fr_dstnum == fr->fr_dstnum))) {
1162 1154 m[FRC_DST].e++;
1163 1155 m[FRC_DST].n++;
1164 1156 } else if ((n & 0x0400) &&
1165 1157 (fr->fr_type == fr1->fr_type) &&
1166 1158 (fr->fr_type == FR_T_IPF) &&
1167 1159 (((fr1->fr_flags & FR_NOTDSTIP) ==
1168 1160 (fr->fr_flags & FR_NOTDSTIP)))) {
1169 1161 if ((fr1->fr_dmask == fr->fr_dmask) &&
1170 1162 (fr1->fr_daddr == fr->fr_daddr))
1171 1163 m[FRC_DST].e++;
1172 1164 else
1173 1165 n &= ~0x0400;
1174 1166 if (fr1->fr_dmask &&
1175 1167 (fr1->fr_daddr & fr1->fr_dmask) ==
1176 1168 (fr->fr_daddr & fr1->fr_dmask)) {
1177 1169 m[FRC_DST].n++;
1178 1170 n |= 0x0400;
1179 1171 }
1180 1172 } else {
1181 1173 n &= ~0x0400;
1182 1174 }
1183 1175
1184 1176 if ((n & 0x0800) &&
1185 1177 (fr->fr_type == fr1->fr_type) &&
1186 1178 (fr->fr_type == FR_T_IPF) &&
1187 1179 (fr1->fr_optmask == fr->fr_optmask) &&
1188 1180 (fr1->fr_optbits == fr->fr_optbits)) {
1189 1181 m[FRC_OPT].e++;
1190 1182 m[FRC_OPT].n++;
1191 1183 } else
1192 1184 n &= ~0x0800;
1193 1185
1194 1186 if ((n & 0x1000) &&
1195 1187 (fr->fr_type == fr1->fr_type) &&
1196 1188 (fr->fr_type == FR_T_IPF) &&
1197 1189 (fr1->fr_secmask == fr->fr_secmask) &&
1198 1190 (fr1->fr_secbits == fr->fr_secbits)) {
1199 1191 m[FRC_SEC].e++;
1200 1192 m[FRC_SEC].n++;
1201 1193 } else
1202 1194 n &= ~0x1000;
1203 1195
1204 1196 if ((n & 0x10000) &&
1205 1197 (fr->fr_type == fr1->fr_type) &&
1206 1198 (fr->fr_type == FR_T_IPF) &&
1207 1199 (fr1->fr_authmask == fr->fr_authmask) &&
1208 1200 (fr1->fr_authbits == fr->fr_authbits)) {
1209 1201 m[FRC_ATH].e++;
1210 1202 m[FRC_ATH].n++;
1211 1203 } else
1212 1204 n &= ~0x10000;
1213 1205
1214 1206 if ((n & 0x20000) &&
1215 1207 (fr->fr_type == fr1->fr_type) &&
1216 1208 (fr->fr_type == FR_T_IPF) &&
1217 1209 ((fr1->fr_icmpm & 0xff00) ==
1218 1210 (fr->fr_icmpm & 0xff00)) &&
1219 1211 ((fr1->fr_icmp & 0xff00) ==
1220 1212 (fr->fr_icmp & 0xff00))) {
1221 1213 m[FRC_ICT].e++;
1222 1214 m[FRC_ICT].n++;
1223 1215 } else
1224 1216 n &= ~0x20000;
1225 1217
1226 1218 if ((n & 0x40000) &&
1227 1219 (fr->fr_type == fr1->fr_type) &&
1228 1220 (fr->fr_type == FR_T_IPF) &&
1229 1221 ((fr1->fr_icmpm & 0xff) == (fr->fr_icmpm & 0xff)) &&
1230 1222 ((fr1->fr_icmp & 0xff) == (fr->fr_icmp & 0xff))) {
1231 1223 m[FRC_ICC].e++;
1232 1224 m[FRC_ICC].n++;
1233 1225 } else
1234 1226 n &= ~0x40000;
1235 1227 }
1236 1228 /*msort(m);*/
1237 1229
1238 1230 if (dir == 0)
1239 1231 emitGroup(rn, dir, m, fr1, group, count, 0);
1240 1232 else if (dir == 1)
1241 1233 emitGroup(rn, dir, m, fr1, group, 0, count);
1242 1234 }
1243 1235 }
1244 1236
1245 1237 static void printhooks(fp, in, out, grp)
1246 1238 FILE *fp;
1247 1239 int in;
1248 1240 int out;
1249 1241 frgroup_t *grp;
1250 1242 {
1251 1243 frentry_t *fr;
1252 1244 char *group;
1253 1245 int dogrp, i;
1254 1246 char *instr;
1255 1247
1256 1248 group = grp->fg_name;
1257 1249 dogrp = 0;
1258 1250
1259 1251 if (in && out) {
1260 1252 fprintf(stderr,
1261 1253 "printhooks called with both in and out set\n");
1262 1254 exit(1);
1263 1255 }
1264 1256
1265 1257 if (in) {
1266 1258 instr = "in";
1267 1259 } else if (out) {
1268 1260 instr = "out";
1269 1261 } else {
1270 1262 instr = "???";
1271 1263 }
1272 1264 fprintf(fp, "static frentry_t ipfrule_%s_%s;\n", instr, group);
1273 1265
1274 1266 fprintf(fp, "\
1275 1267 \n\
1276 1268 int ipfrule_add_%s_%s()\n", instr, group);
1277 1269 fprintf(fp, "\
1278 1270 {\n\
1279 1271 int i, j, err = 0, max;\n\
1280 1272 frentry_t *fp;\n");
1281 1273
1282 1274 if (dogrp)
1283 1275 fprintf(fp, "\
1284 1276 frgroup_t *fg;\n");
1285 1277
1286 1278 fprintf(fp, "\n");
1287 1279
1288 1280 for (i = 0, fr = grp->fg_start; fr != NULL; i++, fr = fr->fr_next)
1289 1281 if (fr->fr_dsize > 0) {
1290 1282 fprintf(fp, "\
1291 1283 ipf_rules_%s_%s[%d]->fr_data = &ipf%s_rule_data_%s_%u;\n",
1292 1284 instr, grp->fg_name, i,
1293 1285 instr, grp->fg_name, i);
1294 1286 }
1295 1287 fprintf(fp, "\
1296 1288 max = sizeof(ipf_rules_%s_%s)/sizeof(frentry_t *);\n\
1297 1289 for (i = 0; i < max; i++) {\n\
1298 1290 fp = ipf_rules_%s_%s[i];\n\
1299 1291 fp->fr_next = NULL;\n", instr, group, instr, group);
1300 1292
1301 1293 fprintf(fp, "\
1302 1294 for (j = i + 1; j < max; j++)\n\
1303 1295 if (strncmp(fp->fr_group,\n\
1304 1296 ipf_rules_%s_%s[j]->fr_group,\n\
1305 1297 FR_GROUPLEN) == 0) {\n\
1306 1298 fp->fr_next = ipf_rules_%s_%s[j];\n\
1307 1299 break;\n\
1308 1300 }\n", instr, group, instr, group);
1309 1301 if (dogrp)
1310 1302 fprintf(fp, "\
1311 1303 \n\
1312 1304 if (fp->fr_grhead != 0) {\n\
1313 1305 fg = fr_addgroup(fp->fr_grhead, fp, FR_INQUE,\n\
1314 1306 IPL_LOGIPF, 0);\n\
1315 1307 if (fg != NULL)\n\
1316 1308 fp->fr_grp = &fg->fg_start;\n\
1317 1309 }\n");
1318 1310 fprintf(fp, "\
1319 1311 }\n\
1320 1312 \n\
1321 1313 fp = &ipfrule_%s_%s;\n", instr, group);
1322 1314 fprintf(fp, "\
1323 1315 bzero((char *)fp, sizeof(*fp));\n\
1324 1316 fp->fr_type = FR_T_CALLFUNC|FR_T_BUILTIN;\n\
1325 1317 fp->fr_flags = FR_%sQUE|FR_NOMATCH;\n\
1326 1318 fp->fr_data = (void *)ipf_rules_%s_%s[0];\n",
1327 1319 (in != 0) ? "IN" : "OUT", instr, group);
1328 1320 fprintf(fp, "\
1329 1321 fp->fr_dsize = sizeof(ipf_rules_%s_%s[0]);\n",
1330 1322 instr, group);
1331 1323
1332 1324 fprintf(fp, "\
1333 1325 fp->fr_v = 4;\n\
1334 1326 fp->fr_func = (ipfunc_t)ipfrule_match_%s_%s;\n\
1335 1327 err = frrequest(IPL_LOGIPF, SIOCADDFR, (caddr_t)fp, fr_active, 0);\n",
1336 1328 instr, group);
1337 1329 fprintf(fp, "\treturn err;\n}\n");
1338 1330
1339 1331 fprintf(fp, "\n\n\
1340 1332 int ipfrule_remove_%s_%s()\n", instr, group);
1341 1333 fprintf(fp, "\
1342 1334 {\n\
1343 1335 int err = 0, i;\n\
1344 1336 frentry_t *fp;\n\
1345 1337 \n\
1346 1338 /*\n\
1347 1339 * Try to remove the %sbound rule.\n", instr);
1348 1340
1349 1341 fprintf(fp, "\
1350 1342 */\n\
1351 1343 if (ipfrule_%s_%s.fr_ref > 0) {\n", instr, group);
1352 1344
1353 1345 fprintf(fp, "\
1354 1346 err = EBUSY;\n\
1355 1347 } else {\n");
1356 1348
1357 1349 fprintf(fp, "\
1358 1350 i = sizeof(ipf_rules_%s_%s)/sizeof(frentry_t *) - 1;\n\
1359 1351 for (; i >= 0; i--) {\n\
1360 1352 fp = ipf_rules_%s_%s[i];\n\
1361 1353 if (fp->fr_ref > 1) {\n\
1362 1354 err = EBUSY;\n\
1363 1355 break;\n\
1364 1356 }\n\
1365 1357 }\n\
1366 1358 }\n\
1367 1359 if (err == 0)\n\
1368 1360 err = frrequest(IPL_LOGIPF, SIOCDELFR,\n\
1369 1361 (caddr_t)&ipfrule_%s_%s, fr_active, 0);\n",
1370 1362 instr, group, instr, group, instr, group);
1371 1363 fprintf(fp, "\
1372 1364 if (err)\n\
1373 1365 return err;\n\
1374 1366 \n\n");
1375 1367
1376 1368 fprintf(fp, "\treturn err;\n}\n");
1377 1369 }
|
↓ open down ↓ |
1282 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX