From 396750cef533cf72c7e6a72e47a9c93e2e431cb7 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 13 Aug 2016 22:34:11 +0100 Subject: [PATCH] Refactor openBSD pftables code to remove blatant copyright violation. --- src/tables.c | 90 +++++++++++++++++++++--------------------------------------- 1 file changed, 32 insertions(+), 58 deletions(-) diff --git a/src/tables.c b/src/tables.c index aae1252..4fa3487 100644 --- a/src/tables.c +++ b/src/tables.c @@ -53,52 +53,6 @@ static char *pfr_strerror(int errnum) } } -static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags) -{ - struct pfioc_table io; - - if (size < 0 || (size && tbl == NULL)) - { - errno = EINVAL; - return (-1); - } - bzero(&io, sizeof io); - io.pfrio_flags = flags; - io.pfrio_buffer = tbl; - io.pfrio_esize = sizeof(*tbl); - io.pfrio_size = size; - if (ioctl(dev, DIOCRADDTABLES, &io)) - return (-1); - if (nadd != NULL) - *nadd = io.pfrio_nadd; - return (0); -} - -static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_addr* addr) { - if ( !addr || !ipaddr) - { - my_syslog(LOG_ERR, _("error: fill_addr missused")); - return -1; - } - bzero(addr, sizeof(*addr)); -#ifdef HAVE_IPV6 - if (flags & F_IPV6) - { - addr->pfra_af = AF_INET6; - addr->pfra_net = 0x80; - memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); - } - else -#endif - { - addr->pfra_af = AF_INET; - addr->pfra_net = 0x20; - addr->pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; - } - return 1; -} - -/*****************************************************************************/ void ipset_init(void) { @@ -111,14 +65,13 @@ void ipset_init(void) } int add_to_ipset(const char *setname, const struct all_addr *ipaddr, - int flags, int remove) + int flags, int remove) { struct pfr_addr addr; struct pfioc_table io; struct pfr_table table; - int n = 0, rc = 0; - if ( dev == -1 ) + if (dev == -1) { my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device); return -1; @@ -126,31 +79,52 @@ int add_to_ipset(const char *setname, const struct all_addr *ipaddr, bzero(&table, sizeof(struct pfr_table)); table.pfrt_flags |= PFR_TFLAG_PERSIST; - if ( strlen(setname) >= PF_TABLE_NAME_SIZE ) + if (strlen(setname) >= PF_TABLE_NAME_SIZE) { my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname); errno = ENAMETOOLONG; return -1; } - if ( strlcpy(table.pfrt_name, setname, - sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) + if (strlcpy(table.pfrt_name, setname, + sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) { my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname); return -1; } - if ((rc = pfr_add_tables(&table, 1, &n, 0))) + bzero(&io, sizeof io); + io.pfrio_flags = 0; + io.pfrio_buffer = &table; + io.pfrio_esize = sizeof(table); + io.pfrio_size = 1; + if (ioctl(dev, DIOCRADDTABLES, &io)) { - my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"), - pfr_strerror(errno),rc); + my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno)); + return -1; } + table.pfrt_flags &= ~PFR_TFLAG_PERSIST; - if (n) + if (io.pfrio_nadd) my_syslog(LOG_INFO, _("info: table created")); - - fill_addr(ipaddr,flags,&addr); + + bzero(&addr, sizeof(addr)); +#ifdef HAVE_IPV6 + if (flags & F_IPV6) + { + addr.pfra_af = AF_INET6; + addr.pfra_net = 0x80; + memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); + } + else +#endif + { + addr.pfra_af = AF_INET; + addr.pfra_net = 0x20; + addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; + } + bzero(&io, sizeof(io)); io.pfrio_flags = 0; io.pfrio_table = table; -- 2.9.3