bool ParseBAND ( char *text, const sOptionTableInfo &info, sRejectOptionRMB *option ) { FUNCTION_ENTRY ( NULL, "ParseBAND", true ); REJECT_OPTION_E type = OPTION_UNKNOWN; while ( isspace ( *text )) text++; if ( strncmp ( text, "BLIND", 5 ) == 0 ) { type = OPTION_BLIND; text += 5; } else if ( strncmp ( text, "SAFE", 5 ) == 0 ) { type = OPTION_SAFE; text += 4; } else { goto bad_option; } if ( isspace ( *text )) { bool retVal = ParseGeneric ( text, info, option ); option->Banded = true; option->Info = FindByType ( type ); return retVal; } bad_option: ParseError ( "Invalid BAND option." ); return false; }
static int filter_Parse(struct ncp *ncp, int argc, char const *const *argv, struct filterent *ofp) { struct filterent fe; struct protoent *pe; char *wp; int action, family, ruleno, val, width; ruleno = strtol(*argv, &wp, 0); if (*argv == wp || ruleno >= MAXFILTERS) { log_Printf(LogWARN, "Parse: invalid filter number.\n"); return 0; } if (ruleno < 0) { for (ruleno = 0; ruleno < MAXFILTERS; ruleno++) { ofp->f_action = A_NONE; ofp++; } log_Printf(LogWARN, "Parse: filter cleared.\n"); return 1; } ofp += ruleno; if (--argc == 0) { log_Printf(LogWARN, "Parse: missing action.\n"); return 0; } argv++; memset(&fe, '\0', sizeof fe); val = strtol(*argv, &wp, 0); if (!*wp && val >= 0 && val < MAXFILTERS) { if (val <= ruleno) { log_Printf(LogWARN, "Parse: Can only jump forward from rule %d\n", ruleno); return 0; } action = val; } else if (!strcmp(*argv, "permit")) { action = A_PERMIT; } else if (!strcmp(*argv, "deny")) { action = A_DENY; } else if (!strcmp(*argv, "clear")) { ofp->f_action = A_NONE; return 1; } else { log_Printf(LogWARN, "Parse: %s: bad action\n", *argv); return 0; } fe.f_action = action; argc--; argv++; if (argc && argv[0][0] == '!' && !argv[0][1]) { fe.f_invert = 1; argc--; argv++; } ncprange_init(&fe.f_src); ncprange_init(&fe.f_dst); if (argc == 0) pe = NULL; else if ((pe = getprotobyname(*argv)) == NULL && strcmp(*argv, "all") != 0) { if (argc < 2) { log_Printf(LogWARN, "Parse: Protocol or address pair expected\n"); return 0; } else if (strcasecmp(*argv, "any") == 0 || ncprange_aton(&fe.f_src, ncp, *argv)) { family = ncprange_family(&fe.f_src); if (!ncprange_getwidth(&fe.f_src, &width)) width = 0; if (width == 0) ncprange_init(&fe.f_src); fe.f_srctype = addrtype(*argv); argc--; argv++; if (strcasecmp(*argv, "any") == 0 || ncprange_aton(&fe.f_dst, ncp, *argv)) { if (ncprange_family(&fe.f_dst) != AF_UNSPEC && ncprange_family(&fe.f_src) != AF_UNSPEC && family != ncprange_family(&fe.f_dst)) { log_Printf(LogWARN, "Parse: src and dst address families differ\n"); return 0; } if (!ncprange_getwidth(&fe.f_dst, &width)) width = 0; if (width == 0) ncprange_init(&fe.f_dst); fe.f_dsttype = addrtype(*argv); argc--; argv++; } else { log_Printf(LogWARN, "Parse: Protocol or address pair expected\n"); return 0; } if (argc) { if ((pe = getprotobyname(*argv)) == NULL && strcmp(*argv, "all") != 0) { log_Printf(LogWARN, "Parse: %s: Protocol expected\n", *argv); return 0; } else { argc--; argv++; } } } else { log_Printf(LogWARN, "Parse: Protocol or address pair expected\n"); return 0; } } else { argc--; argv++; } if (argc >= 2 && strcmp(*argv, "timeout") == 0) { fe.timeout = strtoul(argv[1], NULL, 10); argc -= 2; argv += 2; } val = 1; fe.f_proto = (pe == NULL) ? 0 : pe->p_proto; switch (fe.f_proto) { case IPPROTO_TCP: case IPPROTO_UDP: case IPPROTO_IPIP: #ifndef NOINET6 case IPPROTO_IPV6: #endif val = ParseUdpOrTcp(argc, argv, pe, &fe); break; case IPPROTO_ICMP: #ifndef NOINET6 case IPPROTO_ICMPV6: #endif val = ParseIcmp(argc, argv, &fe); break; default: val = ParseGeneric(argc, &fe); break; } log_Printf(LogDEBUG, "Parse: Src: %s\n", ncprange_ntoa(&fe.f_src)); log_Printf(LogDEBUG, "Parse: Dst: %s\n", ncprange_ntoa(&fe.f_dst)); log_Printf(LogDEBUG, "Parse: Proto: %d\n", fe.f_proto); log_Printf(LogDEBUG, "Parse: src: %s (%d)\n", filter_Op2Nam(fe.f_srcop), fe.f_srcport); log_Printf(LogDEBUG, "Parse: dst: %s (%d)\n", filter_Op2Nam(fe.f_dstop), fe.f_dstport); log_Printf(LogDEBUG, "Parse: estab: %u\n", fe.f_estab); log_Printf(LogDEBUG, "Parse: syn: %u\n", fe.f_syn); log_Printf(LogDEBUG, "Parse: finrst: %u\n", fe.f_finrst); if (val) *ofp = fe; return val; }