proxmox-mirrors/mirror_iproute2
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_iproute2 synced 2025-10-11 06:20:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[iproute2] XFRM: support ICMP/ICMPv6's type and code

Browse Source 
(Logical change 1.85)
This commit is contained in:
org[shemminger]!nakam 2004-09-28 18:42:35 +00:00
parent 2f4675f71f
commit c70b36d231
3 changed files with 80 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
ip/ipxfrm.c
View File

@ -389,10 +389,25 @@ void xfrm_selector_print(struct xfrm_selector *sel, __u16 family,
if (sel->proto) if (sel->proto)
fprintf(fp, "proto %s ", strxf_proto(sel->proto)); fprintf(fp, "proto %s ", strxf_proto(sel->proto));
if (sel->sport) switch (sel->proto) {
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_SCTP:
default: /* XXX */
if (sel->sport_mask)
fprintf(fp, "sport %u ", ntohs(sel->sport)); fprintf(fp, "sport %u ", ntohs(sel->sport));
if (sel->dport) if (sel->dport_mask)
fprintf(fp, "dport %u ", ntohs(sel->dport)); fprintf(fp, "dport %u ", ntohs(sel->dport));
break;
case IPPROTO_ICMP:
case IPPROTO_ICMPV6:
/* type/code is stored at sport/dport in selector */
if (sel->sport_mask)
fprintf(fp, "type %u ", ntohs(sel->sport));
if (sel->dport_mask)
fprintf(fp, "code %u ", ntohs(sel->dport));
break;
}
if (sel->ifindex > 0) { if (sel->ifindex > 0) {
char buf[IF_NAMESIZE]; char buf[IF_NAMESIZE];
@ -677,6 +692,10 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
{ {
int argc = *argcp; int argc = *argcp;
char **argv = *argvp; char **argv = *argvp;
char *sportp = NULL;
char *dportp = NULL;
char *typep = NULL;
char *codep = NULL;
while (1) { while (1) {
if (strcmp(*argv, "proto") == 0) { if (strcmp(*argv, "proto") == 0) {
@ -701,6 +720,8 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
filter.upspec_proto_mask = XFRM_FILTER_MASK_FULL; filter.upspec_proto_mask = XFRM_FILTER_MASK_FULL;
} else if (strcmp(*argv, "sport") == 0) { } else if (strcmp(*argv, "sport") == 0) {
sportp = *argv;
NEXT_ARG(); NEXT_ARG();
if (get_u16(&sel->sport, *argv, 0)) if (get_u16(&sel->sport, *argv, 0))
@ -712,6 +733,8 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
filter.upspec_sport_mask = XFRM_FILTER_MASK_FULL; filter.upspec_sport_mask = XFRM_FILTER_MASK_FULL;
} else if (strcmp(*argv, "dport") == 0) { } else if (strcmp(*argv, "dport") == 0) {
dportp = *argv;
NEXT_ARG(); NEXT_ARG();
if (get_u16(&sel->dport, *argv, 0)) if (get_u16(&sel->dport, *argv, 0))
@ -722,6 +745,33 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL; filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL;
} else if (strcmp(*argv, "type") == 0) {
typep = *argv;
NEXT_ARG();
if (get_u16(&sel->sport, *argv, 0) ||
(sel->sport & ~((__u16)0xff)))
invarg("\"type\" value is invalid", *argv);
sel->sport = htons(sel->sport);
sel->sport_mask = ~((__u16)0);
filter.upspec_sport_mask = XFRM_FILTER_MASK_FULL;
} else if (strcmp(*argv, "code") == 0) {
codep = *argv;
NEXT_ARG();
if (get_u16(&sel->dport, *argv, 0) ||
(sel->dport & ~((__u16)0xff)))
invarg("\"code\" value is invalid", *argv);
sel->dport = htons(sel->dport);
sel->dport_mask = ~((__u16)0);
filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL;
} else { } else {
PREV_ARG(); /* back track */ PREV_ARG(); /* back track */
break; break;
@ -733,6 +783,27 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
} }
if (argc == *argcp) if (argc == *argcp)
missarg("UPSPEC"); missarg("UPSPEC");
if (sportp || dportp) {
switch (sel->proto) {
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_SCTP:
break;
default:
fprintf(stderr, "\"sport\" and \"dport\" are invalid with proto=%s\n", strxf_proto(sel->proto));
exit(1);
}
}
if (typep || codep) {
switch (sel->proto) {
case IPPROTO_ICMP:
case IPPROTO_ICMPV6:
break;
default:
fprintf(stderr, "\"type\" and \"code\" are invalid with proto=%s\n", strxf_proto(sel->proto));
exit(1);
}
}
*argcp = argc; *argcp = argc;
*argvp = argv; *argvp = argv;

3
ip/xfrm_policy.c
View File

@ -62,7 +62,8 @@ static void usage(void)
fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]\n"); fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]\n");
fprintf(stderr, "UPSPEC := proto PROTO [ sport PORT ] [ dport PORT ]\n"); fprintf(stderr, "UPSPEC := proto PROTO [ [ sport PORT ] [ dport PORT ] |\n");
fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] ]\n");
//fprintf(stderr, "DEV - device name(default=none)\n"); //fprintf(stderr, "DEV - device name(default=none)\n");

4
ip/xfrm_state.c
View File

@ -91,7 +91,9 @@ static void usage(void)
fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ upspec UPSPEC ] [ dev DEV ]\n"); fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ upspec UPSPEC ] [ dev DEV ]\n");
fprintf(stderr, "UPSPEC := proto PROTO [ sport PORT ] [ dport PORT ]\n"); fprintf(stderr, "UPSPEC := proto PROTO [ [ sport PORT ] [ dport PORT ] |\n");
fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] ]\n");
//fprintf(stderr, "DEV - device name(default=none)\n"); //fprintf(stderr, "DEV - device name(default=none)\n");
fprintf(stderr, "LIMIT-LIST := [ LIMIT-LIST ] | [ limit LIMIT ]\n"); fprintf(stderr, "LIMIT-LIST := [ LIMIT-LIST ] | [ limit LIMIT ]\n");