DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Begin to allow IPv6 addresses in source stanzas

Browse Source
This commit is contained in:
Pierre Pronchery 2018-07-24 15:44:14 +02:00
parent 987875616a
commit 1fd5fe197d
1 changed files with 58 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
server/access.c
View File

@ -360,6 +360,7 @@ add_int_ent(acc_int_list_t **ilist, const char *ip)
struct in_addr mask_in; struct in_addr mask_in;
struct addrinfo *ai, hints; struct addrinfo *ai, hints;
struct sockaddr_in *sin; struct sockaddr_in *sin;
struct sockaddr_in6 *sin6;
acc_int_list_t *last_sle, *new_sle, *tmp_sle; acc_int_list_t *last_sle, *new_sle, *tmp_sle;
@ -395,7 +396,7 @@ add_int_ent(acc_int_list_t **ilist, const char *ip)
mask_len = strlen(ip) - (ndx-ip+1); mask_len = strlen(ip) - (ndx-ip+1);
if(mask_len > 2) if(mask_len > 3)
{ {
if(mask_len >= MIN_IPV4_STR_LEN && mask_len < MAX_IPV4_STR_LEN) if(mask_len >= MIN_IPV4_STR_LEN && mask_len < MAX_IPV4_STR_LEN)
{ {
@ -422,10 +423,7 @@ add_int_ent(acc_int_list_t **ilist, const char *ip)
return 0; return 0;
} }
} }
else else if(mask_len > 0) {
{
if(mask_len > 0)
{
/* CIDR mask /* CIDR mask
*/ */
mask = strtol_wrapper(ndx+1, 1, 128, NO_EXIT_UPON_ERR, &is_err); mask = strtol_wrapper(ndx+1, 1, 128, NO_EXIT_UPON_ERR, &is_err);
@ -444,7 +442,6 @@ add_int_ent(acc_int_list_t **ilist, const char *ip)
new_sle = NULL; new_sle = NULL;
return 0; return 0;
} }
}
strlcpy(ip_str, ip, (ndx-ip)+1); strlcpy(ip_str, ip, (ndx-ip)+1);
} }
@ -478,6 +475,41 @@ add_int_ent(acc_int_list_t **ilist, const char *ip)
case AF_INET: case AF_INET:
sin = (struct sockaddr_in *)ai->ai_addr; sin = (struct sockaddr_in *)ai->ai_addr;
in = sin->sin_addr; in = sin->sin_addr;
/* Store our mask converted from CIDR to a 32-bit value.
*/
if(mask > 32)
{
log_msg(LOG_ERR, "[*] Invalid IP mask '%u'.", mask);
freeaddrinfo(ai);
free(new_sle);
new_sle = NULL;
return 0;
}
else if(mask == 32)
new_sle->acc_int.inet.mask = 0xFFFFFFFF;
else if(need_shift && (mask > 0 && mask < 32))
new_sle->acc_int.inet.mask = (0xFFFFFFFF << (32 - mask));
else
new_sle->acc_int.inet.mask = mask;
/* Store our masked address for comparisons with future incoming
* packets.
*/
new_sle->acc_int.inet.maddr = ntohl(in.s_addr) & new_sle->acc_int.inet.mask;
break;
case AF_INET6:
sin6 = (struct sockaddr_in6 *)ai->ai_addr;
new_sle->acc_int.inet6.maddr = sin6->sin6_addr;
if(mask > 128)
{
log_msg(LOG_ERR, "[*] Invalid IPv6 prefix '%u'.", mask);
freeaddrinfo(ai);
free(new_sle);
new_sle = NULL;
return 0;
}
new_sle->acc_int.inet6.prefix = mask;
break; break;
default: default:
log_msg(LOG_ERR, log_msg(LOG_ERR,
@ -490,20 +522,6 @@ add_int_ent(acc_int_list_t **ilist, const char *ip)
} }
new_sle->family = ai->ai_family; new_sle->family = ai->ai_family;
freeaddrinfo(ai); freeaddrinfo(ai);
/* Store our mask converted from CIDR to a 32-bit value.
*/
if(mask == 32)
new_sle->acc_int.inet.mask = 0xFFFFFFFF;
else if(need_shift && (mask > 0 && mask < 32))
new_sle->acc_int.inet.mask = (0xFFFFFFFF << (32 - mask));
else
new_sle->acc_int.inet.mask = mask;
/* Store our masked address for comparisons with future incoming
* packets.
*/
new_sle->acc_int.inet.maddr = ntohl(in.s_addr) & new_sle->acc_int.inet.mask;
} }
/* If this is not the first entry, we walk our pointer to the /* If this is not the first entry, we walk our pointer to the