diff options
| author | Brian Somers <brian@FreeBSD.org> | 2001-04-24 02:13:34 +0000 |
|---|---|---|
| committer | Brian Somers <brian@FreeBSD.org> | 2001-04-24 02:13:34 +0000 |
| commit | da70ad60813b4285bebb2a5b82ff86ffffacb865 (patch) | |
| tree | 5503a1ce2a12615f7a2a54358261eeff29b0ff77 /usr.sbin/ppp | |
| parent | 33a9ed9d0e26ec60b5237d33dc09026841b9bf67 (diff) | |
| download | src-da70ad60813b4285bebb2a5b82ff86ffffacb865.tar.gz src-da70ad60813b4285bebb2a5b82ff86ffffacb865.zip | |
Handle IP over IP (IPPROTO_IPV4) properly.
We now unwrap IP/IP and apply filter rules to both the outer
layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
the payload (reinterpreted by the filter rules).
``set log tcp/ip'' will now show both the outer wrapper and
the (reinterpreted) payload contents.
Notes
Notes:
svn path=/head/; revision=75894
Diffstat (limited to 'usr.sbin/ppp')
| -rw-r--r-- | usr.sbin/ppp/filter.c | 8 | ||||
| -rw-r--r-- | usr.sbin/ppp/filter.h | 7 | ||||
| -rw-r--r-- | usr.sbin/ppp/ip.c | 23 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp.8 | 3 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp.8.m4 | 3 |
5 files changed, 32 insertions, 12 deletions
diff --git a/usr.sbin/ppp/filter.c b/usr.sbin/ppp/filter.c index 99c36eedc0c4..bee102173342 100644 --- a/usr.sbin/ppp/filter.c +++ b/usr.sbin/ppp/filter.c @@ -153,6 +153,9 @@ ParsePort(const char *service, int proto) int port; switch (proto) { + case P_IPIP: + protocol_name = "ipip"; + break; case P_UDP: protocol_name = "udp"; break; @@ -483,6 +486,9 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv, case P_UDP: val = ParseUdpOrTcp(argc, argv, P_UDP, &filterdata); break; + case P_IPIP: + val = ParseUdpOrTcp(argc, argv, P_IPIP, &filterdata); + break; case P_ICMP: val = ParseIcmp(argc, argv, &filterdata); break; @@ -641,7 +647,7 @@ filter_Show(struct cmdargs const *arg) } static const char * const protoname[] = { - "none", "tcp", "udp", "icmp", "ospf", "igmp", "gre" + "none", "tcp", "udp", "icmp", "ospf", "igmp", "gre", "ipip" }; const char * diff --git a/usr.sbin/ppp/filter.h b/usr.sbin/ppp/filter.h index b3a5992d23e7..75599c3242d5 100644 --- a/usr.sbin/ppp/filter.h +++ b/usr.sbin/ppp/filter.h @@ -30,10 +30,11 @@ #endif #define P_IGMP 5 #ifdef IPPROTO_GRE -#define P_GRE 6 +#define P_GRE 6 #endif -#define P_ESP 7 -#define P_AH 8 +#define P_ESP 7 +#define P_AH 8 +#define P_IPIP 9 /* Operations - f_srcop, f_dstop */ #define OP_NONE 0 diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c index 34aa1c2a5043..6857c137c9a8 100644 --- a/usr.sbin/ppp/ip.c +++ b/usr.sbin/ppp/ip.c @@ -279,11 +279,16 @@ FilterCheck(const struct ip *pip, const struct filter *filter, unsigned *psecs) estab = syn = finrst = -1; sport = ntohs(0); break; - case IPPROTO_UDP: case IPPROTO_IPIP: + cproto = P_IPIP; + sport = dport = 0; + estab = syn = finrst = -1; + break; + case IPPROTO_UDP: cproto = P_UDP; if (datalen < 8) { /* UDP header is 8 octets */ - log_Printf(LogFILTER, " error: UDP must be at least 8 octets\n"); + log_Printf(LogFILTER, " error: UDP/IPIP" + " must be at least 8 octets\n"); return 1; } @@ -635,14 +640,20 @@ PacketCheck(struct bundle *bundle, unsigned char *cp, int nb, case IPPROTO_IPIP: if (logit && loglen < sizeof logbuf) { - uh = (struct udphdr *) ptop; snprintf(logbuf + loglen, sizeof logbuf - loglen, - "IPIP: %s:%d ---> ", inet_ntoa(pip->ip_src), - ntohs(uh->uh_sport)); + "IPIP: %s ---> ", inet_ntoa(pip->ip_src)); loglen += strlen(logbuf + loglen); snprintf(logbuf + loglen, sizeof logbuf - loglen, - "%s:%d", inet_ntoa(pip->ip_dst), ntohs(uh->uh_dport)); + "%s", inet_ntoa(pip->ip_dst)); loglen += strlen(logbuf + loglen); + + if (((struct ip *)ptop)->ip_v == 4) { + snprintf(logbuf + loglen, sizeof logbuf - loglen, " contains "); + result = PacketCheck(bundle, ptop, nb - (ptop - cp), filter, + logbuf, psecs); + if (result != -2) + return result; + } } break; diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index d97884a7a141..077e42dc502d 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -1702,6 +1702,7 @@ command below. must be one of .Sq icmp , .Sq igmp , +.Sq ipip , .Sq ospf , .Sq udp or @@ -4587,7 +4588,7 @@ as they travel across the link. .Oo Op host .Ar src_addr Ns Op / Ns Ar width .Op Ar dst_addr Ns Op / Ns Ar width -.Oc [ tcp|udp|ospf|igmp|icmp Op src lt|eq|gt Ar port +.Oc [ tcp|udp|ospf|ipip|igmp|icmp Op src lt|eq|gt Ar port .Op dst lt|eq|gt Ar port .Op estab .Op syn diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index d97884a7a141..077e42dc502d 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -1702,6 +1702,7 @@ command below. must be one of .Sq icmp , .Sq igmp , +.Sq ipip , .Sq ospf , .Sq udp or @@ -4587,7 +4588,7 @@ as they travel across the link. .Oo Op host .Ar src_addr Ns Op / Ns Ar width .Op Ar dst_addr Ns Op / Ns Ar width -.Oc [ tcp|udp|ospf|igmp|icmp Op src lt|eq|gt Ar port +.Oc [ tcp|udp|ospf|ipip|igmp|icmp Op src lt|eq|gt Ar port .Op dst lt|eq|gt Ar port .Op estab .Op syn |