1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * Copyright (C) 1993-2001 by Darren Reed. 3*0Sstevel@tonic-gate * 4*0Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing. 5*0Sstevel@tonic-gate * 6*0Sstevel@tonic-gate * $Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp $ 7*0Sstevel@tonic-gate */ 8*0Sstevel@tonic-gate 9*0Sstevel@tonic-gate #include "ipf.h" 10*0Sstevel@tonic-gate 11*0Sstevel@tonic-gate 12*0Sstevel@tonic-gate /* 13*0Sstevel@tonic-gate * deal with extra bits on end of the line 14*0Sstevel@tonic-gate */ 15*0Sstevel@tonic-gate int extras(cp, fr, linenum) 16*0Sstevel@tonic-gate char ***cp; 17*0Sstevel@tonic-gate struct frentry *fr; 18*0Sstevel@tonic-gate int linenum; 19*0Sstevel@tonic-gate { 20*0Sstevel@tonic-gate u_short secmsk; 21*0Sstevel@tonic-gate u_long opts; 22*0Sstevel@tonic-gate int notopt; 23*0Sstevel@tonic-gate 24*0Sstevel@tonic-gate opts = 0; 25*0Sstevel@tonic-gate secmsk = 0; 26*0Sstevel@tonic-gate notopt = 0; 27*0Sstevel@tonic-gate (*cp)++; 28*0Sstevel@tonic-gate if (!**cp) 29*0Sstevel@tonic-gate return -1; 30*0Sstevel@tonic-gate 31*0Sstevel@tonic-gate while (**cp) { 32*0Sstevel@tonic-gate if (!strcasecmp(**cp, "not") || !strcasecmp(**cp, "no")) { 33*0Sstevel@tonic-gate notopt = 1; 34*0Sstevel@tonic-gate (*cp)++; 35*0Sstevel@tonic-gate continue; 36*0Sstevel@tonic-gate } else if (!strncasecmp(**cp, "ipopt", 5)) { 37*0Sstevel@tonic-gate if (!notopt) 38*0Sstevel@tonic-gate fr->fr_flx |= FI_OPTIONS; 39*0Sstevel@tonic-gate fr->fr_mflx |= FI_OPTIONS; 40*0Sstevel@tonic-gate goto nextopt; 41*0Sstevel@tonic-gate } else if (!strcasecmp(**cp, "lowttl")) { 42*0Sstevel@tonic-gate if (!notopt) 43*0Sstevel@tonic-gate fr->fr_flx |= FI_LOWTTL; 44*0Sstevel@tonic-gate fr->fr_mflx |= FI_LOWTTL; 45*0Sstevel@tonic-gate goto nextopt; 46*0Sstevel@tonic-gate } else if (!strcasecmp(**cp, "bad-src")) { 47*0Sstevel@tonic-gate if (!notopt) 48*0Sstevel@tonic-gate fr->fr_flx |= FI_BADSRC; 49*0Sstevel@tonic-gate fr->fr_mflx |= FI_BADSRC; 50*0Sstevel@tonic-gate goto nextopt; 51*0Sstevel@tonic-gate } else if (!strncasecmp(**cp, "mbcast", 6)) { 52*0Sstevel@tonic-gate if (!notopt) 53*0Sstevel@tonic-gate fr->fr_flx |= FI_MBCAST; 54*0Sstevel@tonic-gate fr->fr_mflx |= FI_MBCAST; 55*0Sstevel@tonic-gate goto nextopt; 56*0Sstevel@tonic-gate } else if (!strncasecmp(**cp, "nat", 3)) { 57*0Sstevel@tonic-gate if (!notopt) 58*0Sstevel@tonic-gate fr->fr_flx |= FI_NATED; 59*0Sstevel@tonic-gate fr->fr_mflx |= FI_NATED; 60*0Sstevel@tonic-gate goto nextopt; 61*0Sstevel@tonic-gate } else if (!strncasecmp(**cp, "frag", 4)) { 62*0Sstevel@tonic-gate if (!notopt) 63*0Sstevel@tonic-gate fr->fr_flx |= FI_FRAG; 64*0Sstevel@tonic-gate fr->fr_mflx |= FI_FRAG; 65*0Sstevel@tonic-gate goto nextopt; 66*0Sstevel@tonic-gate } else if (!strncasecmp(**cp, "opt", 3)) { 67*0Sstevel@tonic-gate if (!*(*cp + 1)) { 68*0Sstevel@tonic-gate fprintf(stderr, "%d: opt missing arguements\n", 69*0Sstevel@tonic-gate linenum); 70*0Sstevel@tonic-gate return -1; 71*0Sstevel@tonic-gate } 72*0Sstevel@tonic-gate (*cp)++; 73*0Sstevel@tonic-gate if (!(opts = optname(cp, &secmsk, linenum))) 74*0Sstevel@tonic-gate return -1; 75*0Sstevel@tonic-gate 76*0Sstevel@tonic-gate if (notopt) { 77*0Sstevel@tonic-gate if (!secmsk) { 78*0Sstevel@tonic-gate fr->fr_optmask |= opts; 79*0Sstevel@tonic-gate } else { 80*0Sstevel@tonic-gate fr->fr_optmask |= (opts & ~0x0100); 81*0Sstevel@tonic-gate fr->fr_secmask |= secmsk; 82*0Sstevel@tonic-gate } 83*0Sstevel@tonic-gate fr->fr_secbits &= ~secmsk; 84*0Sstevel@tonic-gate fr->fr_optbits &= ~opts; 85*0Sstevel@tonic-gate } else { 86*0Sstevel@tonic-gate fr->fr_optmask |= opts; 87*0Sstevel@tonic-gate fr->fr_secmask |= secmsk; 88*0Sstevel@tonic-gate fr->fr_optbits |= opts; 89*0Sstevel@tonic-gate fr->fr_secbits |= secmsk; 90*0Sstevel@tonic-gate } 91*0Sstevel@tonic-gate } else if (!strncasecmp(**cp, "short", 5)) { 92*0Sstevel@tonic-gate if (fr->fr_tcpf) { 93*0Sstevel@tonic-gate fprintf(stderr, 94*0Sstevel@tonic-gate "%d: short cannot be used with TCP flags\n", 95*0Sstevel@tonic-gate linenum); 96*0Sstevel@tonic-gate return -1; 97*0Sstevel@tonic-gate } 98*0Sstevel@tonic-gate 99*0Sstevel@tonic-gate if (!notopt) 100*0Sstevel@tonic-gate fr->fr_flx |= FI_SHORT; 101*0Sstevel@tonic-gate fr->fr_mflx |= FI_SHORT; 102*0Sstevel@tonic-gate goto nextopt; 103*0Sstevel@tonic-gate } else 104*0Sstevel@tonic-gate return -1; 105*0Sstevel@tonic-gate nextopt: 106*0Sstevel@tonic-gate notopt = 0; 107*0Sstevel@tonic-gate opts = 0; 108*0Sstevel@tonic-gate secmsk = 0; 109*0Sstevel@tonic-gate (*cp)++; 110*0Sstevel@tonic-gate } 111*0Sstevel@tonic-gate return 0; 112*0Sstevel@tonic-gate } 113