static int
_fw_cmp(const struct fw_rule *a, const struct fw_rule *b)
{
if (strcmp(a->fw_device, b->fw_device) != 0 || a->fw_op != b->fw_op ||
a->fw_dir != b->fw_dir || a->fw_proto != b->fw_proto ||
addr_cmp(&a->fw_src, &b->fw_src) != 0 ||
addr_cmp(&a->fw_dst, &b->fw_dst) != 0 ||
memcmp(a->fw_sport, b->fw_sport, sizeof(a->fw_sport)) != 0 ||
memcmp(a->fw_dport, b->fw_dport, sizeof(a->fw_dport)) != 0)
return (-1);
return (0);
}
int
intf_get_src(intf_t *intf, struct intf_entry *entry, struct addr *src)
{
IP_ADAPTER_ADDRESSES *a;
IP_ADAPTER_UNICAST_ADDRESS *addr;
if (src->addr_type != ADDR_TYPE_IP) {
errno = EINVAL;
return (-1);
}
if (_refresh_tables(intf) < 0)
return (-1);
for (a = intf->iftable; a != NULL; a = a->Next) {
for (addr = a->FirstUnicastAddress; addr != NULL; addr = addr->Next) {
struct addr dnet_addr;
addr_ston(addr->Address.lpSockaddr, &dnet_addr);
if (addr_cmp(&dnet_addr, src) == 0) {
_adapter_address_to_entry(intf, a, entry);
return (0);
}
}
}
errno = ENXIO;
return (-1);
}
static PyObject *
netcmp(PyObject *self, PyObject *args)
{
char *astr;
char *bstr;
struct addr a;
struct addr b;
int rval;
int cmp = 0;
struct intf_entry *entry = NULL;
rval = PyArg_ParseTuple(args, "ss:netcmp",
&astr, &bstr);
if (!rval) return NULL;
/* printf("Got addresses %s, %s\n", astr, bstr); */
rval = addr_pton(astr, &a);
if (rval<0)
myerror("Could not read first address");
rval = addr_pton(bstr, &b);
if (rval<0)
myerror("Could not read second address");
cmp = addr_cmp(&a, &b);
return Py_BuildValue("i", cmp);
}
int
addr_contained(struct addr *net, struct addr *addr)
{
struct addr tmp;
tmp = *net;
tmp.addr_bits = IP_ADDR_BITS;
if (addr_cmp(&tmp, addr) > 0)
return (0);
addr_bcast(net, &tmp);
tmp.addr_bits = IP_ADDR_BITS;
if (addr_cmp(&tmp, addr) < 0)
return (0);
return (1);
}
//libdnet callback
static int arp_lookup_ip_address_callback(const struct arp_entry *arp_entry, void *arg) {
struct arp_entry *addr = (struct arp_entry *)arg;
if(!addr_cmp(&addr->arp_ha, &arp_entry->arp_ha)) {
memmove(&addr->arp_pa, &arp_entry->arp_pa, sizeof(addr->arp_pa));
return 1;
}//end if found
return 0;
}//end arp_lookup_ip_address_callback
/* Same as file_info_send, but it's done on sockaddr_in instead of file_info
*/
struct file_info* sockaddr_to_file(struct sockaddr_in dst) {
struct file_info* fi;
for (fi = file_info; fi != 0; fi = fi->next) {
if (addr_cmp(dst, fi->addr) == 0) {
return fi;
}
}
printf("sockaddr not connected to host");
return NULL;
}
int addr_netmatch(const struct xaddr* host, const struct xaddr* net, int masklen) {
struct xaddr tmp_mask, tmp_result;
if (host->af != net->af)
return(-1);
if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
return (-1);
if (addr_and(&tmp_result, host, &tmp_mask) == -1)
return (-1);
return (addr_cmp(&tmp_result, net));
}
/* We uniquely identify a socket connection by the lower of the local TCP/IP address
* and the remote one. Because two connections cannot share TCP/IP addresses, this
* should work.
*/
static void get_id(int skt, struct sockaddr_in *addr){
struct sockaddr_in this, that;
socklen_t len;
len = sizeof(that);
if (getsockname(skt, (struct sockaddr *) &that, &len) < 0) {
perror("getsockname");
exit(1);
}
len = sizeof(that);
if (getpeername(skt, (struct sockaddr *) &that, &len) < 0) {;
perror("getpeername");
exit(1);
}
*addr = addr_cmp(this, that) < 0 ? this : that;
}
void retrans(struct my_pkthdr *h, u_char *pack ) {
struct eth_hdr *ethhdr;
struct ip_hdr *iphdr;
struct tcp_hdr *tcphdr;
struct addr srcad, srcha;
char sip[32],smac[32];
int n;
ethhdr = (struct eth_hdr *)pack;
iphdr = (struct ip_hdr *)(pack+ETH_HDR_LEN);
tcphdr= (struct tcp_hdr *)(pack+ETH_HDR_LEN+TCP_HDR_LEN);
addr_pack(&srcha,ADDR_TYPE_ETH,ETH_ADDR_BITS,&(ethhdr->eth_src),ETH_ADDR_LEN);
addr_pack(&srcad,ADDR_TYPE_IP,IP_ADDR_BITS,&(iphdr->ip_src),IP_ADDR_LEN);
if((strcmp(addr_ntoa(&srcha),ahw)==0)){
// Replace source address with my address and destination address
memcpy( ðhdr->eth_src, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_src, &reat_ip.addr_ip, IP_ADDR_LEN);
// Replace destination address with other client
if ( addr_cmp( &srcad, &aad ) == 0 ) {
memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN);
}else{
memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN);
}
/* if(modify_tcp_header(&tcphdr,tcphdr->th_sport,tcphdr->th_dport,next_seq,next_ack,tcphdr->th_flags,tcphdr->th_win,tcphdr->th_sum,tcphdr->th_urp,2)<0){
// return;
}
if(modify_tcp_header(&tcphdr,tcphdr->th_sport,tcphdr->th_dport,next_seq,next_ack,tcphdr->th_flags,tcphdr->th_win,tcphdr->th_sum,tcphdr->th_urp,3)<0){
// return;
}*/
ip_checksum((void *)iphdr, ntohs(iphdr->ip_len));
n = eth_send(e,pack,h->len);
//n=ip_send(e,pack,h->len);
if ( n != h->len ) {
fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len);
} else {
fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len);
}
}
}
void makeflist(flist_t **fl,ftnaddr_t *fa,int mode)
{
faslist_t *j;
char str[MAX_PATH],*flv="hdicf";
DEBUG(('S',1,"Make filelist for %s",ftnaddrtoa(fa)));
asoflist(fl,fa,mode);
for(j=cfgfasl(CFG_FILEBOX);j;j=j->next)
if(addr_cmp(fa,&j->addr)) {
if(!boxflist(fl,j->str))write_log("can't open filebox '%s'",j->str);
break;
}
if(cfgs(CFG_LONGBOXPATH)) {
while(*flv) {
snprintf(str,MAX_STRING,"%s/%d.%d.%d.%d.%c",cfgs(CFG_LONGBOXPATH),fa->z,fa->n,fa->f,fa->p,*flv);
boxflist(fl,str);
flv++;
}
snprintf(str,MAX_STRING,"%s/%d.%d.%d.%d",cfgs(CFG_LONGBOXPATH),fa->z,fa->n,fa->f,fa->p);
boxflist(fl,str);
}
}
static int
arpd_lookup(struct addr *addr)
{
struct arp_entry arpent;
int error;
if (addr_cmp(addr, &arpd_ifent.intf_addr) == 0) {
syslog(LOG_DEBUG, "%s: %s at %s", __func__,
addr_ntoa(addr), addr_ntoa(&arpd_ifent.intf_link_addr));
return (0);
}
memcpy(&arpent.arp_pa, addr, sizeof(*addr));
error = arp_get(arpd_arp, &arpent);
if (error == -1) {
syslog(LOG_DEBUG, "%s: no entry for %s", __func__,
addr_ntoa(addr));
} else {
syslog(LOG_DEBUG, "%s: %s at %s", __func__,
addr_ntoa(addr), addr_ntoa(&arpent.arp_ha));
}
return (error);
}
/* Received a H(ello) message of the form H<addr>:<port>. This is the first message
* that's sent over a TCP connection (in both directions) so the peers can identify
* one another. The port is the server port of the endpoint rather than the
* connection's port.
*
* Sometimes accidentally peers try to connect to one another at the same time.
* This code kills one of the connections.
*/
void hello_received(struct file_info *fi, char *addr_port){
char *p = index(addr_port, ':');
if (p == 0) {
fprintf(stderr, "do_hello: format is H<addr>:<port>\n");
return;
}
*p++ = 0;
struct sockaddr_in addr;
if (addr_get(&addr, addr_port, atoi(p)) < 0) {
return;
}
*--p = ':';
printf("Got hello from %s:%d on socket %d\n", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port), fi->fd);
/* If a connection breaks and is re-established, a duplicate hello message is likely
* to arrive, but we can ignore it as we already know the peer.
*/
if (fi->status == FI_KNOWN) {
fprintf(stderr, "Duplicate hello (ignoring)\n");
if (addr_cmp(addr, fi->addr) != 0) {
fprintf(stderr, "do_hello: address has changed???\n");
}
return;
}
/* It is possible to set up a connection to self. We deal with it by ignoring the
* Hello message but keeping the connection established.
*/
if (addr_cmp(addr, my_addr) == 0) {
fprintf(stderr, "Got hello from self??? (ignoring)\n");
return;
}
/* Search the connections to see if there is already a connection to this peer.
*/
struct file_info *fi2;
for (fi2 = file_info; fi2 != 0; fi2 = fi2->next) {
if (fi2->type == FI_FREE || fi2->status != FI_KNOWN) {
continue;
}
if (addr_cmp(fi2->addr, addr) != 0) {
continue;
}
/* Found another connection. We're going to keep just one. First see if
* this is actually an existing connection. It may have broken.
*/
if (fi2->fd == -1) {
printf("Found a defunct connection---dropping that one\n");
if (fi2->type == FI_OUTGOING) {
fi->type = FI_OUTGOING;
fi->u.fi_outgoing = fi2->u.fi_outgoing;
}
fi2->type = FI_FREE;
return;
}
/* Of the two, we keep the "lowest one". We identify a connection by the lowest
* endpoint address.
*/
struct sockaddr_in mine, other;
get_id(fi->fd, &mine);
get_id(fi2->fd, &other);
if (addr_cmp(mine, other) < 0) {
/* We keep mine.
*/
printf("duplicate connection -- keep mine\n");
if (fi2->type == FI_OUTGOING) {
fi->type = FI_OUTGOING;
fi->u.fi_outgoing = fi2->u.fi_outgoing;
}
close(fi2->fd);
fi2->type = FI_FREE;
}
else {
printf("duplicate connection -- keep other\n");
/* The other one wins.
*/
if (fi->type == FI_OUTGOING) {
fi2->type = FI_OUTGOING;
fi2->u.fi_outgoing = fi->u.fi_outgoing;
}
close(fi->fd);
fi->type = FI_FREE;
return;
}
}
/* No other connection. Keep this one.
*/
printf("New Connection\n");
fi->addr = addr;
fi->status = FI_KNOWN;
if(!nl)
{
nl = (struct node_list *) nl_create();
char *my_addr_str = addr_to_string(my_addr);
nl_add(nl, my_addr_str);
free(my_addr_str);
}
char *addr_str = addr_to_string(addr);
nl_add(nl, addr_str);
free(addr_str);
updateGraph();
send_gossip();
}
int
intf_set(intf_t *intf, const struct intf_entry *entry)
{
struct ifreq ifr;
struct intf_entry *orig;
struct addr bcast;
u_char buf[BUFSIZ];
orig = (struct intf_entry *)buf;
orig->intf_len = sizeof(buf);
strcpy(orig->intf_name, entry->intf_name);
if (intf_get(intf, orig) < 0)
return (-1);
/* Delete any existing aliases. */
if (_intf_delete_aliases(intf, orig) < 0)
return (-1);
/* Delete any existing addrs. */
if (_intf_delete_addrs(intf, orig) < 0)
return (-1);
memset(&ifr, 0, sizeof(ifr));
strlcpy(ifr.ifr_name, entry->intf_name, sizeof(ifr.ifr_name));
/* Set interface MTU. */
if (entry->intf_mtu != 0) {
ifr.ifr_mtu = entry->intf_mtu;
#ifdef SIOCSIFMTU
if (ioctl(intf->fd, SIOCSIFMTU, &ifr) < 0)
#endif
return (-1);
}
/* Set interface address. */
if (entry->intf_addr.addr_type == ADDR_TYPE_IP) {
#ifdef BSD
/* XXX - why must this happen before SIOCSIFADDR? */
if (addr_btos(entry->intf_addr.addr_bits,
&ifr.ifr_addr) == 0) {
if (ioctl(intf->fd, SIOCSIFNETMASK, &ifr) < 0)
return (-1);
}
#endif
if (addr_ntos(&entry->intf_addr, &ifr.ifr_addr) < 0)
return (-1);
if (ioctl(intf->fd, SIOCSIFADDR, &ifr) < 0 && errno != EEXIST)
return (-1);
if (addr_btos(entry->intf_addr.addr_bits, &ifr.ifr_addr) == 0
#ifdef __linux__
&& entry->intf_addr.addr_ip != 0
#endif
) {
if (ioctl(intf->fd, SIOCSIFNETMASK, &ifr) < 0)
return (-1);
}
if (addr_bcast(&entry->intf_addr, &bcast) == 0) {
if (addr_ntos(&bcast, &ifr.ifr_broadaddr) == 0) {
/* XXX - ignore error from non-broadcast ifs */
ioctl(intf->fd, SIOCSIFBRDADDR, &ifr);
}
}
}
/* Set link-level address. */
if (entry->intf_link_addr.addr_type == ADDR_TYPE_ETH &&
addr_cmp(&entry->intf_link_addr, &orig->intf_link_addr) != 0) {
#if defined(SIOCSIFHWADDR)
if (addr_ntos(&entry->intf_link_addr, &ifr.ifr_hwaddr) < 0)
return (-1);
if (ioctl(intf->fd, SIOCSIFHWADDR, &ifr) < 0)
return (-1);
#elif defined (SIOCSIFLLADDR)
memcpy(ifr.ifr_addr.sa_data, &entry->intf_link_addr.addr_eth,
ETH_ADDR_LEN);
ifr.ifr_addr.sa_len = ETH_ADDR_LEN;
if (ioctl(intf->fd, SIOCSIFLLADDR, &ifr) < 0)
return (-1);
#else
eth_t *eth;
if ((eth = eth_open(entry->intf_name)) == NULL)
return (-1);
if (eth_set(eth, &entry->intf_link_addr.addr_eth) < 0) {
eth_close(eth);
return (-1);
}
eth_close(eth);
#endif
}
/* Set point-to-point destination. */
if (entry->intf_dst_addr.addr_type == ADDR_TYPE_IP) {
if (addr_ntos(&entry->intf_dst_addr, &ifr.ifr_dstaddr) < 0)
return (-1);
if (ioctl(intf->fd, SIOCSIFDSTADDR, &ifr) < 0 &&
errno != EEXIST)
return (-1);
}
/* Add aliases. */
if (_intf_add_aliases(intf, entry) < 0)
return (-1);
/* Set interface flags. */
if (ioctl(intf->fd, SIOCGIFFLAGS, &ifr) < 0)
return (-1);
ifr.ifr_flags = intf_flags_to_iff(entry->intf_flags, ifr.ifr_flags);
if (ioctl(intf->fd, SIOCSIFFLAGS, &ifr) < 0)
return (-1);
return (0);
}
void retrans(struct my_pkthdr *h, u_char *pack ) {
struct eth_hdr *ethhdr;
struct ip_hdr *iphdr;
struct addr srcad, srcha;
char sip[32],smac[32];
int n;
ethhdr = (struct eth_hdr *)pack;
iphdr = (struct ip_hdr *)(pack + ETH_HDR_LEN);
/*
DELETE ME WHEN FINISHED
struct addr ad;
struct addr mad, mha; // my ip, mac
struct addr vad, vha, vprt; // victim ip, mac
struct addr aad, aha, aprt; // attacker ip, mac
struct addr revi_ip, revi_mac; // replay victim ip, mac
struct addr reat_ip, reat_mac; // replay attacker ip, mac
char mip[32], mhw[32]; // my ip, mac
char vip[32], vhw[32], vpt[32]; // victim ip, mac
char aip[32], ahw[32], apt[32]; // attacker ip, mac
char rvip[32], rvmc[32]; // replay victim ip, mac
char ratip[32], ratmac[32]; // replay attacker ip, mac*/
// Get source addresses from packet (mac and ip)
addr_pack(&srcha,ADDR_TYPE_ETH,ETH_ADDR_BITS,&(ethhdr->eth_src),ETH_ADDR_LEN);
addr_pack(&srcad,ADDR_TYPE_IP,IP_ADDR_BITS,&(iphdr->ip_src),IP_ADDR_LEN);
if((strcmp(addr_ntoa(&srcha),vhw)==0)){
// Replace source address with my address and destination address
memcpy( ðhdr->eth_src, &revi_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_src, &revi_ip.addr_ip, IP_ADDR_LEN);
// Replace destination address with other client
if ( addr_cmp( &srcad, &vad ) == 0 ) {
memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN);
}else{
memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN);
}
// Compute both ip and tcp checksums
ip_checksum((void *)iphdr, ntohs(iphdr->ip_len));
// Send packet
n = eth_send(e,pack,h->len);
if ( n != h->len ) {
fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len);
} else {
fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len);
}
}
if((strcmp(addr_ntoa(&srcha),ahw)==0)){
// Replace source address with my address and destination address
memcpy( ðhdr->eth_src, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_src, &reat_ip.addr_ip, IP_ADDR_LEN);
// Replace destination address with other client
if ( addr_cmp( &srcad, &aad ) == 0 ) {
memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN);
}else{
memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN);
}
// Compute both ip and tcp checksums
ip_checksum((void *)iphdr, ntohs(iphdr->ip_len));
// Send packet
n = eth_send(e,pack,h->len);
if ( n != h->len ) {
fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len);
} else {
fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len);
}
}
}
static int most_free_space_last(oldSpace **s1, oldSpace **s2) {
int u1= (*s1)->oops_free(), u2= (*s2)->oops_free();
return u1 < u2 ? -1 : u1 > u2 ? 1 : addr_cmp(s1, s2); }
static int most_used_space_first(oldSpace **s1, oldSpace **s2) {
int u1= (*s1)->used(), u2= (*s2)->used();
return u1 > u2 ? -1 : u1 < u2 ? 1 : addr_cmp(s1, s2); }
static int conf_link_set(struct ipc_user *u, char *data, size_t len, __unused struct blob_buf *reply)
{
conf conf = container_of(u, conf_s, ipc_users[CONF_IPC_LINK_SET]);
struct blob_attr *tb[CONF_LINK_MAX];
iface_flags flags = 0, flags_mod = 0;
iface i;
int ret = 0;
if(blobmsg_parse(conf_link_attrs, CONF_LINK_MAX, tb, data, len) ||
!tb[CONF_LINK_DEV])
return -EINVAL;
if(tb[CONF_LINK_LLQC] || tb[CONF_LINK_ROBUSTNESS]) {
return -EOPNOTSUPP;
}
if(!(i = iface_get_byname(conf->igs, blobmsg_get_string(tb[CONF_LINK_DEV]), 1)))
return -ENOMEM;
iface_ref(i);
#define _(attr, flag) \
if(attr) { \
flags_mod |= flag; \
if(blobmsg_get_bool(attr)) { \
flags |= flag; \
} else { \
flags &= ~(flag); \
} \
}\
_(tb[CONF_LINK_PIM], IFACE_FLAG_PIM);
_(tb[CONF_LINK_SSBIDIR], IFACE_FLAG_SSBIDIR);
_(tb[CONF_LINK_MLD], IFACE_FLAG_MLD_QUERIER);
_(tb[CONF_LINK_IGMP], IFACE_FLAG_IGMP_QUERIER);
#undef _
if(tb[CONF_LINK_PROXY]) {
char *s = NULL;
char *port = NULL;
struct in6_addr addr;
if(!(s = blobmsg_get_string(tb[CONF_LINK_PROXY])))
return -EINVAL;
if(!strcmp(s, "off")) {
flags_mod |= IFACE_FLAG_PROXY;
flags &= ~(IFACE_FLAG_PROXY);
} else if(!(port = strchr(s, ' ')) || strchr(port + 1, ' ')) {
return -EINVAL;
} else {
*port = '\0';
port++;
int p;
if((sscanf(port, "%d", &p) != 1) || p >= 65536 || p<=0 || !addr_pton(&addr, s))
return -EINVAL;
if(i->proxy_port != p || addr_cmp(&i->proxy_addr, &addr)) {
addr_cpy(&i->proxy_addr, &addr);
i->proxy_port = (in_port_t) p;
flags_mod |= IFACE_FLAG_PROXY;
flags |= IFACE_FLAG_PROXY;
}
}
}
conf_set_iface_flags(i, flags, flags_mod);
if(tb[CONF_LINK_HELLO]) {
int hello = blobmsg_get_u32(tb[CONF_LINK_HELLO]);
conf_set_ifvalue(i, CIFV_PIM_HELLO_PERIOD_MS, (hello>0)?hello:INT_MIN);
}
if(tb[CONF_LINK_JOIN]) {
int join = blobmsg_get_u32(tb[CONF_LINK_JOIN]);
conf_set_ifvalue(i, CIFV_PIM_US_T_PERIODIC_MS, (join>0)?join:INT_MIN);
}
iface_unref(i);
return ret;
}
static char *
arpd_expandips(int naddresses, char **addresses)
{
static char filter[1024];
char line[1024], *p;
struct addr dst;
if (naddresses == 0)
return (NULL);
filter[0] = '\0';
while (naddresses--) {
/* Get current address */
p = *addresses++;
if (filter[0] != '\0') {
if (strlcat(filter, " or ", sizeof(filter)) >= sizeof(filter))
errx(1, "%s: too many address for filter",
__func__);
}
if (addr_pton(p, &dst) != -1) {
snprintf(line, sizeof(line), "dst %s%s",
dst.addr_bits != 32 ? "net ": "", p);
} else {
char *first, *second;
struct addr astart, aend;
struct in_addr in;
ip_addr_t istart, iend;
second = p;
first = strsep(&second, "-");
if (second == NULL)
errx(1, "%s: Invalid network range: %s",
__func__, p);
line[0] = '\0';
if (addr_pton(first, &astart) == -1 ||
addr_pton(second, &aend) == -1)
errx(1, "%s: bad addresses %s-%s", __func__,
first, second);
#ifdef HAVE_BROKEN_DNET
if (addr_cmp(&astart, &aend) <= 0)
#else
if (addr_cmp(&astart, &aend) >= 0)
#endif
errx(1, "%s: inverted range %s-%s", __func__,
first, second);
/* Completely, IPv4 specific */
istart = ntohl(astart.addr_ip);
iend = ntohl(aend.addr_ip);
while (istart <= iend) {
char single[32];
int count = 0, done = 0;
ip_addr_t tmp;
do {
ip_addr_t bit = 1 << count;
ip_addr_t mask;
mask = ~(~0 << count);
tmp = istart | mask;
if (istart & bit)
done = 1;
if (iend < tmp) {
count--;
mask = ~(~0 << count);
tmp = istart | mask;
break;
} else if (done)
break;
count++;
} while (count < IP_ADDR_BITS);
if (line[0] != '\0')
strlcat(line, " or ", sizeof(line));
in.s_addr = htonl(istart);
snprintf(single, sizeof(single),
"dst net %s/%d",
inet_ntoa(in), 32 - count);
strlcat(line, single, sizeof(line));
istart = tmp + 1;
}
}
if (strlcat(filter, line, sizeof(filter)) >= sizeof(filter))
errx(1, "%s: too many address for filter",
__func__);
}
return (filter);
}