1 /* $KAME: prefix.c,v 1.13 2003/09/02 22:50:17 itojun Exp $ */
5 * Copyright (C) 2000 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/types.h>
34 #include <sys/socket.h>
35 #include <netinet/in.h>
44 #define offsetof(type, member) ((size_t)(u_long)(&((type *)0)->member))
50 static int prefix_set(const char *, struct prefix *, int);
51 static struct config *config_load1(const char *);
53 static void config_show1(const struct config *);
54 static void config_show(void);
57 struct config *config_list = NULL;
58 const int niflags = NI_NUMERICHOST;
61 prefix_set(const char *s, struct prefix *prefix, int slash)
63 char *p = NULL, *q, *r;
64 struct addrinfo hints, *res = NULL;
77 memset(&hints, 0, sizeof(hints));
78 hints.ai_family = PF_UNSPEC;
79 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
80 hints.ai_flags = AI_NUMERICHOST;
81 if (getaddrinfo(p, "0", &hints, &res))
83 if (res->ai_next || res->ai_addrlen > sizeof(prefix->a))
85 memcpy(&prefix->a, res->ai_addr, res->ai_addrlen);
87 switch (prefix->a.ss_family) {
101 prefix->l = (int)strtoul(q, &r, 10);
104 if (prefix->l < 0 || prefix->l > max)
124 prefix_string(const struct prefix *prefix)
126 static char buf[NI_MAXHOST + 20];
127 char hbuf[NI_MAXHOST];
129 if (getnameinfo((const struct sockaddr *)&prefix->a, prefix->a.ss_len,
130 hbuf, sizeof(hbuf), NULL, 0, niflags))
132 snprintf(buf, sizeof(buf), "%s/%d", hbuf, prefix->l);
137 prefix_match(const struct prefix *prefix, const struct sockaddr *sa)
139 struct sockaddr_storage a, b;
143 if (prefix->a.ss_family != sa->sa_family ||
144 prefix->a.ss_len != sa->sa_len)
147 if (prefix->a.ss_len > sizeof(a) || sa->sa_len > sizeof(b))
150 switch (prefix->a.ss_family) {
152 off = offsetof(struct sockaddr_in, sin_addr);
155 off = offsetof(struct sockaddr_in6, sin6_addr);
158 if (memcmp(&prefix->a, sa, prefix->a.ss_len) != 0)
164 memcpy(&a, &prefix->a, prefix->a.ss_len);
165 memcpy(&b, sa, sa->sa_len);
166 l = prefix->l / 8 + (prefix->l % 8 ? 1 : 0);
169 if (off + l > a.ss_len)
172 pa = ((char *)&a) + off;
173 pb = ((char *)&b) + off;
175 pa[prefix->l / 8] &= 0xff00 >> (prefix->l % 8);
176 pb[prefix->l / 8] &= 0xff00 >> (prefix->l % 8);
178 if (memcmp(pa, pb, l) != 0)
185 * prefix/prefixlen permit/deny prefix/prefixlen [srcaddr]
186 * 3ffe::/16 permit 10.0.0.0/8 10.1.1.1
188 static struct config *
189 config_load1(const char *line)
197 if (strlen(line) + 1 > sizeof(buf))
199 strlcpy(buf, line, sizeof(buf));
201 p = strchr(buf, '\n');
205 p = strchr(buf, '#');
208 if (strlen(buf) == 0)
212 memset(token, 0, sizeof(token));
213 for (i = 0; i < sizeof(token) / sizeof(token[0]); i++) {
214 token[i] = strtok(p, "\t ");
216 if (token[i] == NULL)
220 if (strtok(p, "\t ") != NULL)
222 /* insufficient tokens */
231 conf = (struct config *)malloc(sizeof(*conf));
234 memset(conf, 0, sizeof(*conf));
236 if (strcasecmp(token[1], "permit") == 0)
238 else if (strcasecmp(token[1], "deny") == 0)
241 /* invalid keyword is considered as "deny" */
245 if (prefix_set(token[0], &conf->match, 1) < 0)
247 if (prefix_set(token[2], &conf->dest, 1) < 0)
250 if (prefix_set(token[3], &conf->src, 0) < 0)
262 config_load(const char *configfile)
266 struct config *conf, *p;
267 struct config sentinel;
272 configfile = _PATH_PREFIX_CONF;
273 fp = fopen(configfile, "r");
278 sentinel.next = NULL;
279 while (fgets(buf, sizeof(buf), fp) != NULL) {
280 conf = config_load1(buf);
286 config_list = sentinel.next;
294 config_show1(const struct config *conf)
298 p = prefix_string(&conf->match);
299 printf("%s", p ? p : "?");
306 p = prefix_string(&conf->dest);
307 printf(" %s", p ? p : "?");
317 for (conf = config_list; conf; conf = conf->next)
322 const struct config *
323 config_match(struct sockaddr *sa1, struct sockaddr *sa2)
325 static struct config conf;
326 const struct config *p;
328 if (sa1->sa_len > sizeof(conf.match.a) ||
329 sa2->sa_len > sizeof(conf.dest.a))
332 memset(&conf, 0, sizeof(conf));
335 memcpy(&conf.match.a, sa1, sa1->sa_len);
336 memcpy(&conf.dest.a, sa2, sa2->sa_len);
340 for (p = config_list; p; p = p->next)
341 if (prefix_match(&p->match, sa1) && prefix_match(&p->dest, sa2))
projects / FreeBSD / releng / 10.0.git / blob