DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Let snprintf() use buffers completely

Browse Source
This commit is contained in:
Pierre Pronchery 2018-07-24 17:53:16 +02:00
parent b4c75d195f
commit 2a71226968
5 changed files with 140 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
client/config_init.c
View File

@ -1339,22 +1339,22 @@ add_single_var_to_rc(FILE* fhandle, short var_pos, fko_cli_options_t *options)
proto_inttostr(options->spa_proto, val, sizeof(val));
break;
case FWKNOP_CLI_ARG_SPA_SERVER_PORT :
snprintf(val, sizeof(val)-1, "%d", options->spa_dst_port);
snprintf(val, sizeof(val), "%d", options->spa_dst_port);
break;
case FWKNOP_CLI_ARG_SPA_SOURCE_PORT :
snprintf(val, sizeof(val)-1, "%d", options->spa_src_port);
snprintf(val, sizeof(val), "%d", options->spa_src_port);
break;
case FWKNOP_CLI_ARG_FW_TIMEOUT :
snprintf(val, sizeof(val)-1, "%d", options->fw_timeout);
snprintf(val, sizeof(val), "%d", options->fw_timeout);
break;
case FWKNOP_CLI_ARG_ALLOW_IP :
strlcpy(val, options->allow_ip_str, sizeof(val));
break;
case FWKNOP_CLI_ARG_TIME_OFFSET :
if (options->time_offset_minus != 0)
snprintf(val, sizeof(val)-1, "-%d", options->time_offset_minus);
snprintf(val, sizeof(val), "-%d", options->time_offset_minus);
else if (options->time_offset_plus != 0)
snprintf(val, sizeof(val)-1, "%d", options->time_offset_plus);
snprintf(val, sizeof(val), "%d", options->time_offset_plus);
else;
break;
case FWKNOP_CLI_ARG_ENCRYPTION_MODE :
@ -1444,13 +1444,13 @@ add_single_var_to_rc(FILE* fhandle, short var_pos, fko_cli_options_t *options)
bool_to_yesno(options->nat_rand_port, val, sizeof(val));
break;
case FWKNOP_CLI_ARG_NAT_PORT :
snprintf(val, sizeof(val)-1, "%d", options->nat_port);
snprintf(val, sizeof(val), "%d", options->nat_port);
break;
case FWKNOP_CLI_ARG_VERBOSE:
if((options->verbose == 0) || (options->verbose == 1))
bool_to_yesno(options->verbose, val, sizeof(val));
else
snprintf(val, sizeof(val)-1, "%d", options->verbose);
snprintf(val, sizeof(val), "%d", options->verbose);
break;
case FWKNOP_CLI_ARG_RESOLVE_IP_HTTPS:
bool_to_yesno(options->resolve_ip_http_https, val, sizeof(val));

110
server/fw_util_firewalld.c
View File

@ -81,7 +81,7 @@ rule_exists_no_chk_support(const fko_srv_options_t * const opts,
char exp_ts_search[CMD_BUFSIZE] = {0};
char *ndx = NULL;
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_LIST_RULES_ARGS,
opts->fw_config->fw_command,
fwc->table,
fwc->to_chain
@ -98,28 +98,28 @@ rule_exists_no_chk_support(const fko_srv_options_t * const opts,
#endif
if(proto == IPPROTO_TCP)
snprintf(proto_search, CMD_BUFSIZE-1, " tcp ");
snprintf(proto_search, CMD_BUFSIZE, " tcp ");
else if(proto == IPPROTO_UDP)
snprintf(proto_search, CMD_BUFSIZE-1, " udp ");
snprintf(proto_search, CMD_BUFSIZE, " udp ");
else if(proto == IPPROTO_ICMP)
snprintf(proto_search, CMD_BUFSIZE-1, " icmp ");
snprintf(proto_search, CMD_BUFSIZE, " icmp ");
else
snprintf(proto_search, CMD_BUFSIZE-1, " %u ", proto);
snprintf(proto_search, CMD_BUFSIZE, " %u ", proto);
snprintf(port_search, CMD_BUFSIZE-1, "dpt:%u ", port);
snprintf(nat_port_search, CMD_BUFSIZE-1, ":%u", nat_port);
snprintf(target_search, CMD_BUFSIZE-1, " %s ", fwc->target);
snprintf(port_search, CMD_BUFSIZE, "dpt:%u ", port);
snprintf(nat_port_search, CMD_BUFSIZE, ":%u", nat_port);
snprintf(target_search, CMD_BUFSIZE, " %s ", fwc->target);
if (srcip != NULL)
snprintf(srcip_search, CMD_BUFSIZE-1, " %s ", srcip);
snprintf(srcip_search, CMD_BUFSIZE, " %s ", srcip);
if (dstip != NULL)
snprintf(dstip_search, CMD_BUFSIZE-1, " %s ", dstip);
snprintf(dstip_search, CMD_BUFSIZE, " %s ", dstip);
if (natip != NULL)
snprintf(natip_search, CMD_BUFSIZE-1, " to:%s", natip);
snprintf(natip_search, CMD_BUFSIZE, " to:%s", natip);
snprintf(exp_ts_search, CMD_BUFSIZE-1, "%u ", exp_ts);
snprintf(exp_ts_search, CMD_BUFSIZE, "%u ", exp_ts);
/* search for each of the substrings - the rule expiration time is the
* primary search method
@ -193,7 +193,7 @@ rule_exists_chk_support(const fko_srv_options_t * const opts,
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_CHK_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_CHK_RULE_ARGS,
opts->fw_config->fw_command, chain, rule);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
@ -264,7 +264,7 @@ firewd_chk_support(const fko_srv_options_t * const opts)
* supports '-C' to check for it. Set "have_firewd_chk_support" accordingly,
* delete the rule, and return.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_TMP_CHK_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_TMP_CHK_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -283,7 +283,7 @@ firewd_chk_support(const fko_srv_options_t * const opts)
/* Now see if '-C' works
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_TMP_VERIFY_CHK_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_TMP_VERIFY_CHK_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -312,7 +312,7 @@ firewd_chk_support(const fko_srv_options_t * const opts)
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_DEL_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -337,7 +337,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
* match and make sure it exists. If not, return zero. Otherwise, delete
* the rule and return true.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_TMP_COMMENT_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_TMP_COMMENT_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -359,7 +359,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_LIST_RULES_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain
@ -385,7 +385,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_DEL_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -405,7 +405,7 @@ add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_ADD_JUMP_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_ADD_JUMP_RULE_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].from_chain,
@ -440,7 +440,7 @@ chain_exists(const fko_srv_options_t * const opts, const int chain_num)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_CHAIN_EXISTS_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_CHAIN_EXISTS_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain
@ -474,7 +474,7 @@ jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int cha
int exists = 0;
char rule_buf[CMD_BUFSIZE] = {0};
snprintf(rule_buf, CMD_BUFSIZE-1, FIREWD_CHK_JUMP_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, FIREWD_CHK_JUMP_RULE_ARGS,
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain
);
@ -497,7 +497,7 @@ jump_rule_exists_no_chk_support(const fko_srv_options_t * const opts,
int exists = 0;
char chain_search[CMD_BUFSIZE] = {0};
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_LIST_RULES_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].from_chain
@ -505,7 +505,7 @@ jump_rule_exists_no_chk_support(const fko_srv_options_t * const opts,
/* include spaces on either side as produced by 'firewalld -L' output
*/
snprintf(chain_search, CMD_BUFSIZE-1, " %s ",
snprintf(chain_search, CMD_BUFSIZE, " %s ",
fwc.chain[chain_num].to_chain);
if(search_extcmd(cmd_buf, WANT_STDERR,
@ -560,7 +560,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
/* Create the list command
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_LIST_ALL_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_LIST_ALL_RULES_ARGS,
opts->fw_config->fw_command,
ch[i].table
);
@ -594,7 +594,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
/* Create the list command
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_LIST_RULES_ARGS,
opts->fw_config->fw_command,
ch[i].table,
ch[i].to_chain
@ -642,7 +642,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
{
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_DEL_JUMP_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_DEL_JUMP_RULE_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].from_chain,
@ -668,7 +668,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
/* Now flush and remove the chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_FLUSH_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_FLUSH_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].to_chain
@ -688,7 +688,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_DEL_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_DEL_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].to_chain
@ -713,7 +713,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
/* Delete the rule to direct traffic to the NFQ chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_DEL_RULE_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
"INPUT",
@ -734,7 +734,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
/* Flush the NFQ chain
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_FLUSH_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_FLUSH_CHAIN_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN]
@ -754,7 +754,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
/* Delete the NF_QUEUE chains and rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_DEL_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_DEL_CHAIN_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN]
@ -784,7 +784,7 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num)
/* Create the custom chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_NEW_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_NEW_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain
@ -849,7 +849,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
/* Create the NF_QUEUE chains and rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_NEW_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_NEW_CHAIN_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN]
@ -872,7 +872,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
/* Create the rule to direct traffic to the NFQ chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_ADD_JUMP_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_ADD_JUMP_RULE_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
"INPUT",
@ -901,7 +901,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
*/
if(strlen(opts->config[CONF_NFQ_INTERFACE]) > 0)
{
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_NFQ_ADD_ARGS_WITH_IF,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_NFQ_ADD_ARGS_WITH_IF,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN],
@ -912,7 +912,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
}
else
{
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_NFQ_ADD_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_NFQ_ADD_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN],
@ -1172,10 +1172,10 @@ create_rule(const fko_srv_options_t * const opts,
zero_cmd_buffers();
if (strncasecmp(opts->config[CONF_ENABLE_RULE_PREPEND], "Y", 1) == 0) {
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s -I %s %s",
snprintf(cmd_buf, CMD_BUFSIZE, "%s -I %s %s",
opts->fw_config->fw_command, fw_chain, fw_rule);
} else {
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s -A %s %s",
snprintf(cmd_buf, CMD_BUFSIZE, "%s -A %s %s",
opts->fw_config->fw_command, fw_chain, fw_rule);
}
@ -1224,7 +1224,7 @@ firewd_rule(const fko_srv_options_t * const opts,
{
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, fw_rule_macro,
snprintf(rule_buf, CMD_BUFSIZE, fw_rule_macro,
chain->table,
proto,
srcip,
@ -1283,7 +1283,7 @@ static void forward_access_rule(const fko_srv_options_t * const opts,
if(acc->forward_all)
{
snprintf(rule_buf, CMD_BUFSIZE-1, FIREWD_FWD_ALL_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, FIREWD_FWD_ALL_RULE_ARGS,
fwd_chain->table,
spadat->use_src_ip,
exp_ts,
@ -1300,7 +1300,7 @@ static void forward_access_rule(const fko_srv_options_t * const opts,
{
/* Make the FORWARD access rule
*/
snprintf(rule_buf, CMD_BUFSIZE-1, FIREWD_FWD_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, FIREWD_FWD_RULE_ARGS,
fwd_chain->table,
fst_proto,
spadat->use_src_ip,
@ -1335,7 +1335,7 @@ static void dnat_rule(const fko_srv_options_t * const opts,
{
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, FIREWD_DNAT_ALL_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, FIREWD_DNAT_ALL_RULE_ARGS,
dnat_chain->table,
spadat->use_src_ip,
(fwc.use_destination ? spadat->pkt_destination_ip : FIREWD_ANY_IP),
@ -1354,7 +1354,7 @@ static void dnat_rule(const fko_srv_options_t * const opts,
{
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, FIREWD_DNAT_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, FIREWD_DNAT_RULE_ARGS,
dnat_chain->table,
fst_proto,
spadat->use_src_ip,
@ -1398,7 +1398,7 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Default to MASQUERADE */
snat_chain = &(opts->fw_config->chain[FIREWD_MASQUERADE_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1, " ");
snprintf(snat_target, SNAT_TARGET_BUFSIZE, " ");
/* Add SNAT or MASQUERADE rules.
*/
@ -1406,7 +1406,7 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Using static SNAT */
snat_chain = &(opts->fw_config->chain[FIREWD_SNAT_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-source %s", acc->force_snat_ip);
}
else if((opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
@ -1414,13 +1414,13 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Using static SNAT */
snat_chain = &(opts->fw_config->chain[FIREWD_SNAT_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-source %s", opts->config[CONF_SNAT_TRANSLATE_IP]);
}
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, FIREWD_SNAT_ALL_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, FIREWD_SNAT_ALL_RULE_ARGS,
snat_chain->table,
spadat->use_src_ip,
exp_ts,
@ -1440,14 +1440,14 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Using static SNAT */
snat_chain = &(opts->fw_config->chain[FIREWD_SNAT_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-source %s", acc->force_snat_ip);
}
else if(acc->force_snat && acc->force_masquerade)
{
/* Using MASQUERADE */
snat_chain = &(opts->fw_config->chain[FIREWD_MASQUERADE_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-ports %i", fst_port);
}
else if((opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
@ -1455,20 +1455,20 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Using static SNAT */
snat_chain = &(opts->fw_config->chain[FIREWD_SNAT_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-source %s", opts->config[CONF_SNAT_TRANSLATE_IP]);
}
else
{
/* Using MASQUERADE */
snat_chain = &(opts->fw_config->chain[FIREWD_MASQUERADE_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-ports %i", fst_port);
}
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, FIREWD_SNAT_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, FIREWD_SNAT_RULE_ARGS,
snat_chain->table,
fst_proto,
nat_ip,
@ -1773,7 +1773,7 @@ rm_expired_rules(const fko_srv_options_t * const opts,
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_DEL_RULE_ARGS,
opts->fw_config->fw_command,
ch[cpos].table,
ch[cpos].to_chain,
@ -1868,7 +1868,7 @@ check_firewall_rules(const fko_srv_options_t * const opts,
* from fwknopd) to take advantage of fwknopd's timeout
* mechanism.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " FIREWD_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " FIREWD_LIST_RULES_ARGS,
opts->fw_config->fw_command,
ch[i].table,
ch[i].to_chain

28
server/fw_util_ipfw.c
View File

@ -74,7 +74,7 @@ ipfw_set_exists(const fko_srv_options_t *opts,
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_LIST_SET_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_LIST_SET_RULES_ARGS,
fw_command,
set_num
);
@ -111,7 +111,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
/* Create the list command for all rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_LIST_ALL_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_LIST_ALL_RULES_ARGS,
opts->fw_config->fw_command
);
@ -137,7 +137,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
/* Create the list command for active rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_LIST_RULES_ARGS,
opts->fw_config->fw_command,
opts->fw_config->active_set_num
);
@ -158,7 +158,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
/* Create the list command for expired rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_LIST_RULES_ARGS,
opts->fw_config->fw_command,
opts->fw_config->expire_set_num
);
@ -284,7 +284,7 @@ fw_initialize(const fko_srv_options_t * const opts)
{
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_ADD_CHECK_STATE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_ADD_CHECK_STATE_ARGS,
fwc.fw_command,
fwc.start_rule_num,
fwc.active_set_num
@ -316,7 +316,7 @@ fw_initialize(const fko_srv_options_t * const opts)
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_DISABLE_SET_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_DISABLE_SET_ARGS,
fwc.fw_command,
fwc.expire_set_num
);
@ -339,7 +339,7 @@ fw_initialize(const fko_srv_options_t * const opts)
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_LIST_EXP_SET_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_LIST_EXP_SET_RULES_ARGS,
opts->fw_config->fw_command,
fwc.expire_set_num
);
@ -421,7 +421,7 @@ fw_cleanup(const fko_srv_options_t * const opts)
{
/* Create the set delete command for active rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_DEL_RULE_SET_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_DEL_RULE_SET_ARGS,
fwc.fw_command,
fwc.active_set_num
);
@ -448,7 +448,7 @@ fw_cleanup(const fko_srv_options_t * const opts)
{
/* Create the set delete command for expired rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_DEL_RULE_SET_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_DEL_RULE_SET_ARGS,
fwc.fw_command,
fwc.expire_set_num
);
@ -530,7 +530,7 @@ process_spa_request(const fko_srv_options_t * const opts,
{
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_ADD_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_ADD_RULE_ARGS,
fwc.fw_command,
rule_num,
fwc.active_set_num,
@ -632,7 +632,7 @@ check_firewall_rules(const fko_srv_options_t * const opts,
/* There should be a rule to delete. Get the current list of
* rules for this chain and delete the ones that are expired.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_LIST_SET_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_LIST_SET_RULES_ARGS,
opts->fw_config->fw_command,
fwc.active_set_num
);
@ -748,7 +748,7 @@ check_firewall_rules(const fko_srv_options_t * const opts,
/* Move the rule to the expired rules set.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_MOVE_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_MOVE_RULE_ARGS,
opts->fw_config->fw_command,
curr_rule,
fwc.expire_set_num
@ -818,7 +818,7 @@ ipfw_purge_expired_rules(const fko_srv_options_t *opts)
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_LIST_SET_DYN_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_LIST_SET_DYN_RULES_ARGS,
opts->fw_config->fw_command,
fwc.expire_set_num
);
@ -923,7 +923,7 @@ ipfw_purge_expired_rules(const fko_srv_options_t *opts)
curr_rule = fwc.start_rule_num + i;
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPFW_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPFW_DEL_RULE_ARGS,
opts->fw_config->fw_command,
#ifndef __APPLE__
fwc.expire_set_num,

110
server/fw_util_iptables.c
View File

@ -91,35 +91,35 @@ rule_exists_no_chk_support(const fko_srv_options_t * const opts,
log_msg(LOG_WARNING, "[ignore] Code coverage: Executed command");
#endif
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_LIST_RULES_ARGS,
opts->fw_config->fw_command,
fwc->table,
fwc->to_chain
);
if(proto == IPPROTO_TCP)
snprintf(proto_search, CMD_BUFSIZE-1, " tcp ");
snprintf(proto_search, CMD_BUFSIZE, " tcp ");
else if(proto == IPPROTO_UDP)
snprintf(proto_search, CMD_BUFSIZE-1, " udp ");
snprintf(proto_search, CMD_BUFSIZE, " udp ");
else if(proto == IPPROTO_ICMP)
snprintf(proto_search, CMD_BUFSIZE-1, " icmp ");
snprintf(proto_search, CMD_BUFSIZE, " icmp ");
else
snprintf(proto_search, CMD_BUFSIZE-1, " %u ", proto);
snprintf(proto_search, CMD_BUFSIZE, " %u ", proto);
snprintf(port_search, CMD_BUFSIZE-1, "dpt:%u ", port);
snprintf(nat_port_search, CMD_BUFSIZE-1, ":%u", nat_port);
snprintf(target_search, CMD_BUFSIZE-1, " %s ", fwc->target);
snprintf(port_search, CMD_BUFSIZE, "dpt:%u ", port);
snprintf(nat_port_search, CMD_BUFSIZE, ":%u", nat_port);
snprintf(target_search, CMD_BUFSIZE, " %s ", fwc->target);
if (srcip != NULL)
snprintf(srcip_search, CMD_BUFSIZE-1, " %s ", srcip);
snprintf(srcip_search, CMD_BUFSIZE, " %s ", srcip);
if (dstip != NULL)
snprintf(dstip_search, CMD_BUFSIZE-1, " %s ", dstip);
snprintf(dstip_search, CMD_BUFSIZE, " %s ", dstip);
if (natip != NULL)
snprintf(dstip_search, CMD_BUFSIZE-1, " to:%s", natip);
snprintf(dstip_search, CMD_BUFSIZE, " to:%s", natip);
snprintf(exp_ts_search, CMD_BUFSIZE-1, "%u ", exp_ts);
snprintf(exp_ts_search, CMD_BUFSIZE, "%u ", exp_ts);
/* search for each of the substrings - the rule expiration time is the
* primary search method
@ -193,7 +193,7 @@ rule_exists_chk_support(const fko_srv_options_t * const opts,
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHK_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_CHK_RULE_ARGS,
opts->fw_config->fw_command, chain, rule);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
@ -264,7 +264,7 @@ ipt_chk_support(const fko_srv_options_t * const opts)
* supports '-C' to check for it. Set "have_ipt_chk_support" accordingly,
* delete the rule, and return.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_TMP_CHK_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_TMP_CHK_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -283,7 +283,7 @@ ipt_chk_support(const fko_srv_options_t * const opts)
/* Now see if '-C' works - any output indicates failure
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_TMP_VERIFY_CHK_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_TMP_VERIFY_CHK_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -312,7 +312,7 @@ ipt_chk_support(const fko_srv_options_t * const opts)
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_DEL_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -337,7 +337,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
* match and make sure it exists. If not, return zero. Otherwise, delete
* the rule and return true.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_TMP_COMMENT_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_TMP_COMMENT_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -354,7 +354,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_LIST_RULES_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain
@ -380,7 +380,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_DEL_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
@ -400,7 +400,7 @@ add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_ADD_JUMP_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_ADD_JUMP_RULE_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].from_chain,
@ -435,7 +435,7 @@ chain_exists(const fko_srv_options_t * const opts, const int chain_num)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHAIN_EXISTS_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_CHAIN_EXISTS_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain
@ -465,7 +465,7 @@ jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int cha
int exists = 0;
char rule_buf[CMD_BUFSIZE] = {0};
snprintf(rule_buf, CMD_BUFSIZE-1, IPT_CHK_JUMP_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, IPT_CHK_JUMP_RULE_ARGS,
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain
);
@ -488,7 +488,7 @@ jump_rule_exists_no_chk_support(const fko_srv_options_t * const opts,
int exists = 0;
char chain_search[CMD_BUFSIZE] = {0};
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_LIST_RULES_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].from_chain
@ -496,7 +496,7 @@ jump_rule_exists_no_chk_support(const fko_srv_options_t * const opts,
/* include spaces on either side as produced by 'iptables -L' output
*/
snprintf(chain_search, CMD_BUFSIZE-1, " %s ",
snprintf(chain_search, CMD_BUFSIZE, " %s ",
fwc.chain[chain_num].to_chain);
if(search_extcmd(cmd_buf, WANT_STDERR,
@ -548,7 +548,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
/* Create the list command
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_ALL_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_LIST_ALL_RULES_ARGS,
opts->fw_config->fw_command,
ch[i].table
);
@ -582,7 +582,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
/* Create the list command
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_LIST_RULES_ARGS,
opts->fw_config->fw_command,
ch[i].table,
ch[i].to_chain
@ -630,7 +630,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
{
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_JUMP_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_DEL_JUMP_RULE_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].from_chain,
@ -656,7 +656,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
/* Now flush and remove the chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_FLUSH_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_FLUSH_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].to_chain
@ -676,7 +676,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_DEL_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].to_chain
@ -702,7 +702,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
/* Delete the rule to direct traffic to the NFQ chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_DEL_RULE_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
"INPUT",
@ -723,7 +723,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
/* Flush the NFQ chain
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_FLUSH_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_FLUSH_CHAIN_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN]
@ -743,7 +743,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
/* Delete the NF_QUEUE chains and rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_DEL_CHAIN_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN]
@ -772,7 +772,7 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num)
/* Create the custom chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_NEW_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_NEW_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain
@ -838,7 +838,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
/* Create the NF_QUEUE chains and rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_NEW_CHAIN_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_NEW_CHAIN_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN]
@ -861,7 +861,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
/* Create the rule to direct traffic to the NFQ chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_ADD_JUMP_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_ADD_JUMP_RULE_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
"INPUT",
@ -890,7 +890,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
*/
if(strlen(opts->config[CONF_NFQ_INTERFACE]) > 0)
{
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_NFQ_ADD_ARGS_WITH_IF,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_NFQ_ADD_ARGS_WITH_IF,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN],
@ -901,7 +901,7 @@ create_fw_chains(const fko_srv_options_t * const opts)
}
else
{
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_NFQ_ADD_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_NFQ_ADD_ARGS,
fwc.fw_command,
opts->config[CONF_NFQ_TABLE],
opts->config[CONF_NFQ_CHAIN],
@ -1155,10 +1155,10 @@ create_rule(const fko_srv_options_t * const opts,
zero_cmd_buffers();
if (strncasecmp(opts->config[CONF_ENABLE_RULE_PREPEND], "Y", 1) == 0) {
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s -I %s %s",
snprintf(cmd_buf, CMD_BUFSIZE, "%s -I %s %s",
opts->fw_config->fw_command, fw_chain, fw_rule);
} else {
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s -A %s %s",
snprintf(cmd_buf, CMD_BUFSIZE, "%s -A %s %s",
opts->fw_config->fw_command, fw_chain, fw_rule);
}
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, WANT_STDERR,
@ -1207,7 +1207,7 @@ ipt_rule(const fko_srv_options_t * const opts,
{
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, fw_rule_macro,
snprintf(rule_buf, CMD_BUFSIZE, fw_rule_macro,
chain->table,
proto,
srcip,
@ -1266,7 +1266,7 @@ static void forward_access_rule(const fko_srv_options_t * const opts,
if(acc->forward_all)
{
snprintf(rule_buf, CMD_BUFSIZE-1, IPT_FWD_ALL_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, IPT_FWD_ALL_RULE_ARGS,
fwd_chain->table,
spadat->use_src_ip,
exp_ts,
@ -1281,7 +1281,7 @@ static void forward_access_rule(const fko_srv_options_t * const opts,
}
else
{
snprintf(rule_buf, CMD_BUFSIZE-1, IPT_FWD_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, IPT_FWD_RULE_ARGS,
fwd_chain->table,
fst_proto,
spadat->use_src_ip,
@ -1318,7 +1318,7 @@ static void dnat_rule(const fko_srv_options_t * const opts,
{
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, IPT_DNAT_ALL_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, IPT_DNAT_ALL_RULE_ARGS,
dnat_chain->table,
spadat->use_src_ip,
(fwc.use_destination ? spadat->pkt_destination_ip : IPT_ANY_IP),
@ -1337,7 +1337,7 @@ static void dnat_rule(const fko_srv_options_t * const opts,
{
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, IPT_DNAT_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, IPT_DNAT_RULE_ARGS,
dnat_chain->table,
fst_proto,
spadat->use_src_ip,
@ -1381,7 +1381,7 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Default to MASQUERADE */
snat_chain = &(opts->fw_config->chain[IPT_MASQUERADE_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1, " ");
snprintf(snat_target, SNAT_TARGET_BUFSIZE, " ");
/* Add SNAT or MASQUERADE rules.
*/
@ -1389,7 +1389,7 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Using static SNAT */
snat_chain = &(opts->fw_config->chain[IPT_SNAT_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-source %s", acc->force_snat_ip);
}
else if((opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
@ -1397,13 +1397,13 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Using static SNAT */
snat_chain = &(opts->fw_config->chain[IPT_SNAT_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-source %s", opts->config[CONF_SNAT_TRANSLATE_IP]);
}
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, IPT_SNAT_ALL_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, IPT_SNAT_ALL_RULE_ARGS,
snat_chain->table,
spadat->use_src_ip,
exp_ts,
@ -1423,14 +1423,14 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Using static SNAT */
snat_chain = &(opts->fw_config->chain[IPT_SNAT_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-source %s", acc->force_snat_ip);
}
else if(acc->force_snat && acc->force_masquerade)
{
/* Using MASQUERADE */
snat_chain = &(opts->fw_config->chain[IPT_MASQUERADE_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-ports %i", fst_port);
}
else if((opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
@ -1438,20 +1438,20 @@ static void snat_rule(const fko_srv_options_t * const opts,
{
/* Using static SNAT */
snat_chain = &(opts->fw_config->chain[IPT_SNAT_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-source %s", opts->config[CONF_SNAT_TRANSLATE_IP]);
}
else
{
/* Using MASQUERADE */
snat_chain = &(opts->fw_config->chain[IPT_MASQUERADE_ACCESS]);
snprintf(snat_target, SNAT_TARGET_BUFSIZE-1,
snprintf(snat_target, SNAT_TARGET_BUFSIZE,
"--to-ports %i", fst_port);
}
memset(rule_buf, 0, CMD_BUFSIZE);
snprintf(rule_buf, CMD_BUFSIZE-1, IPT_SNAT_RULE_ARGS,
snprintf(rule_buf, CMD_BUFSIZE, IPT_SNAT_RULE_ARGS,
snat_chain->table,
fst_proto,
nat_ip,
@ -1757,7 +1757,7 @@ rm_expired_rules(const fko_srv_options_t * const opts,
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_RULE_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_DEL_RULE_ARGS,
opts->fw_config->fw_command,
ch[cpos].table,
ch[cpos].to_chain,
@ -1852,7 +1852,7 @@ check_firewall_rules(const fko_srv_options_t * const opts,
* from fwknopd) to take advantage of fwknopd's timeout
* mechanism.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " IPT_LIST_RULES_ARGS,
opts->fw_config->fw_command,
ch[i].table,
ch[i].to_chain

18
server/fw_util_pf.c
View File

@ -65,7 +65,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
/* Create the list command for active rules
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_LIST_ANCHOR_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " PF_LIST_ANCHOR_RULES_ARGS,
opts->fw_config->fw_command,
opts->fw_config->anchor
);
@ -98,12 +98,12 @@ anchor_active(const fko_srv_options_t *opts)
/* Build our anchor search string
*/
snprintf(anchor_search_str, MAX_PF_ANCHOR_SEARCH_LEN-1, "%s\n",
snprintf(anchor_search_str, MAX_PF_ANCHOR_SEARCH_LEN, "%s\n",
opts->fw_config->anchor);
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_ANCHOR_CHECK_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " PF_ANCHOR_CHECK_ARGS,
opts->fw_config->fw_command
);
@ -123,7 +123,7 @@ delete_all_anchor_rules(const fko_srv_options_t *opts)
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_DEL_ALL_ANCHOR_RULES,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " PF_DEL_ALL_ANCHOR_RULES,
fwc.fw_command,
fwc.anchor
);
@ -231,7 +231,7 @@ process_spa_request(const fko_srv_options_t * const opts,
{
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_LIST_ANCHOR_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " PF_LIST_ANCHOR_RULES_ARGS,
opts->fw_config->fw_command,
opts->fw_config->anchor
);
@ -244,7 +244,7 @@ process_spa_request(const fko_srv_options_t * const opts,
/* Build the new rule string
*/
memset(new_rule, 0x0, MAX_PF_NEW_RULE_LEN);
snprintf(new_rule, MAX_PF_NEW_RULE_LEN-1, PF_ADD_RULE_ARGS "\n",
snprintf(new_rule, MAX_PF_NEW_RULE_LEN, PF_ADD_RULE_ARGS "\n",
ple->proto,
spadat->use_src_ip,
(fwc.use_destination ? spadat->pkt_destination_ip : PF_ANY_IP),
@ -260,7 +260,7 @@ process_spa_request(const fko_srv_options_t * const opts,
memset(write_cmd, 0x0, CMD_BUFSIZE);
snprintf(write_cmd, CMD_BUFSIZE-1, "%s " PF_WRITE_ANCHOR_RULES_ARGS,
snprintf(write_cmd, CMD_BUFSIZE, "%s " PF_WRITE_ANCHOR_RULES_ARGS,
opts->fw_config->fw_command,
opts->fw_config->anchor
);
@ -362,7 +362,7 @@ check_firewall_rules(const fko_srv_options_t * const opts,
/* There should be a rule to delete. Get the current list of
* rules and delete the ones that are expired.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_LIST_ANCHOR_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE, "%s " PF_LIST_ANCHOR_RULES_ARGS,
opts->fw_config->fw_command,
opts->fw_config->anchor
);
@ -503,7 +503,7 @@ check_firewall_rules(const fko_srv_options_t * const opts,
{
memset(write_cmd, 0x0, CMD_BUFSIZE);
snprintf(write_cmd, CMD_BUFSIZE-1, "%s " PF_WRITE_ANCHOR_RULES_ARGS,
snprintf(write_cmd, CMD_BUFSIZE, "%s " PF_WRITE_ANCHOR_RULES_ARGS,
opts->fw_config->fw_command,
opts->fw_config->anchor
);