bool ParseBAND ( char *text, const sOptionTableInfo &info, sRejectOptionRMB *option )
{
FUNCTION_ENTRY ( NULL, "ParseBAND", true );
REJECT_OPTION_E type = OPTION_UNKNOWN;
while ( isspace ( *text )) text++;
if ( strncmp ( text, "BLIND", 5 ) == 0 ) {
type = OPTION_BLIND;
text += 5;
} else if ( strncmp ( text, "SAFE", 5 ) == 0 ) {
type = OPTION_SAFE;
text += 4;
} else {
goto bad_option;
}
if ( isspace ( *text )) {
bool retVal = ParseGeneric ( text, info, option );
option->Banded = true;
option->Info = FindByType ( type );
return retVal;
}
bad_option:
ParseError ( "Invalid BAND option." );
return false;
}
static int
filter_Parse(struct ncp *ncp, int argc, char const *const *argv,
struct filterent *ofp)
{
struct filterent fe;
struct protoent *pe;
char *wp;
int action, family, ruleno, val, width;
ruleno = strtol(*argv, &wp, 0);
if (*argv == wp || ruleno >= MAXFILTERS) {
log_Printf(LogWARN, "Parse: invalid filter number.\n");
return 0;
}
if (ruleno < 0) {
for (ruleno = 0; ruleno < MAXFILTERS; ruleno++) {
ofp->f_action = A_NONE;
ofp++;
}
log_Printf(LogWARN, "Parse: filter cleared.\n");
return 1;
}
ofp += ruleno;
if (--argc == 0) {
log_Printf(LogWARN, "Parse: missing action.\n");
return 0;
}
argv++;
memset(&fe, '\0', sizeof fe);
val = strtol(*argv, &wp, 0);
if (!*wp && val >= 0 && val < MAXFILTERS) {
if (val <= ruleno) {
log_Printf(LogWARN, "Parse: Can only jump forward from rule %d\n",
ruleno);
return 0;
}
action = val;
} else if (!strcmp(*argv, "permit")) {
action = A_PERMIT;
} else if (!strcmp(*argv, "deny")) {
action = A_DENY;
} else if (!strcmp(*argv, "clear")) {
ofp->f_action = A_NONE;
return 1;
} else {
log_Printf(LogWARN, "Parse: %s: bad action\n", *argv);
return 0;
}
fe.f_action = action;
argc--;
argv++;
if (argc && argv[0][0] == '!' && !argv[0][1]) {
fe.f_invert = 1;
argc--;
argv++;
}
ncprange_init(&fe.f_src);
ncprange_init(&fe.f_dst);
if (argc == 0)
pe = NULL;
else if ((pe = getprotobyname(*argv)) == NULL && strcmp(*argv, "all") != 0) {
if (argc < 2) {
log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
return 0;
} else if (strcasecmp(*argv, "any") == 0 ||
ncprange_aton(&fe.f_src, ncp, *argv)) {
family = ncprange_family(&fe.f_src);
if (!ncprange_getwidth(&fe.f_src, &width))
width = 0;
if (width == 0)
ncprange_init(&fe.f_src);
fe.f_srctype = addrtype(*argv);
argc--;
argv++;
if (strcasecmp(*argv, "any") == 0 ||
ncprange_aton(&fe.f_dst, ncp, *argv)) {
if (ncprange_family(&fe.f_dst) != AF_UNSPEC &&
ncprange_family(&fe.f_src) != AF_UNSPEC &&
family != ncprange_family(&fe.f_dst)) {
log_Printf(LogWARN, "Parse: src and dst address families differ\n");
return 0;
}
if (!ncprange_getwidth(&fe.f_dst, &width))
width = 0;
if (width == 0)
ncprange_init(&fe.f_dst);
fe.f_dsttype = addrtype(*argv);
argc--;
argv++;
} else {
log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
return 0;
}
if (argc) {
if ((pe = getprotobyname(*argv)) == NULL && strcmp(*argv, "all") != 0) {
log_Printf(LogWARN, "Parse: %s: Protocol expected\n", *argv);
return 0;
} else {
argc--;
argv++;
}
}
} else {
log_Printf(LogWARN, "Parse: Protocol or address pair expected\n");
return 0;
}
} else {
argc--;
argv++;
}
if (argc >= 2 && strcmp(*argv, "timeout") == 0) {
fe.timeout = strtoul(argv[1], NULL, 10);
argc -= 2;
argv += 2;
}
val = 1;
fe.f_proto = (pe == NULL) ? 0 : pe->p_proto;
switch (fe.f_proto) {
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_IPIP:
#ifndef NOINET6
case IPPROTO_IPV6:
#endif
val = ParseUdpOrTcp(argc, argv, pe, &fe);
break;
case IPPROTO_ICMP:
#ifndef NOINET6
case IPPROTO_ICMPV6:
#endif
val = ParseIcmp(argc, argv, &fe);
break;
default:
val = ParseGeneric(argc, &fe);
break;
}
log_Printf(LogDEBUG, "Parse: Src: %s\n", ncprange_ntoa(&fe.f_src));
log_Printf(LogDEBUG, "Parse: Dst: %s\n", ncprange_ntoa(&fe.f_dst));
log_Printf(LogDEBUG, "Parse: Proto: %d\n", fe.f_proto);
log_Printf(LogDEBUG, "Parse: src: %s (%d)\n",
filter_Op2Nam(fe.f_srcop), fe.f_srcport);
log_Printf(LogDEBUG, "Parse: dst: %s (%d)\n",
filter_Op2Nam(fe.f_dstop), fe.f_dstport);
log_Printf(LogDEBUG, "Parse: estab: %u\n", fe.f_estab);
log_Printf(LogDEBUG, "Parse: syn: %u\n", fe.f_syn);
log_Printf(LogDEBUG, "Parse: finrst: %u\n", fe.f_finrst);
if (val)
*ofp = fe;
return val;
}
