4 * Copyright (C) 2012 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
10 #include <sys/ioctl.h>
15 #include "netinet/ip_scan.h"
21 extern void yyerror __P((char *));
22 extern int yyparse __P((void));
23 extern int yylex __P((void));
27 extern void printbuf __P((char *, int, int));
30 void printent __P((ipscan_t *));
31 void showlist __P((void));
32 int getportnum __P((char *));
33 struct in_addr gethostip __P((char *));
34 struct in_addr combine __P((int, int, int, int));
35 char **makepair __P((char *, char *));
36 void addtag __P((char *, char **, char **, struct action *));
37 int cram __P((char *, char *));
38 void usage __P((char *));
39 int main __P((int, char **));
57 %type <act> action redirect result
60 %type <astr> matchup onehalf twohalves
62 %token <num> YY_NUMBER YY_HEX
65 %token YY_CMP_EQ YY_CMP_NE YY_CMP_LE YY_CMP_GE YY_CMP_LT YY_CMP_GT
66 %token YY_RANGE_OUT YY_RANGE_IN
68 %token IPSL_START IPSL_STARTGROUP IPSL_CONTENT
70 %token IPSL_CLOSE IPSL_TRACK IPSL_EOF IPSL_REDIRECT IPSL_ELSE
80 line: IPSL_START dline
81 | IPSL_STARTGROUP gline
85 dline: cline { resetlexer(); }
86 | sline { resetlexer(); }
87 | csline { resetlexer(); }
90 gline: YY_STR ':' glist '=' action
98 assign: YY_STR assigning YY_STR
99 { set_variable($1, $3);
108 '=' { yyvarnext = 1; }
111 cline: tag ':' matchup '=' action { addtag($1, $3, NULL, &$5); }
114 sline: tag ':' '(' ')' ',' matchup '=' action { addtag($1, NULL, $6, &$8); }
117 csline: tag ':' matchup ',' matchup '=' action { addtag($1, $3, $5, &$7); }
124 tag: YY_STR { $$ = $1; }
129 | twohalves { $$ = $1; }
132 action: result { $$.act_val = $1.act_val;
133 $$.act_ip = $1.act_ip;
134 $$.act_port = $1.act_port; }
135 | result IPSL_ELSE result { $$.act_val = $1.act_val;
136 $$.act_else = $3.act_val;
137 if ($1.act_val == IPSL_REDIRECT) {
138 $$.act_ip = $1.act_ip;
139 $$.act_port = $1.act_port;
141 if ($3.act_val == IPSL_REDIRECT) {
142 $$.act_eip = $3.act_eip;
143 $$.act_eport = $3.act_eport;
147 result: IPSL_CLOSE { $$.act_val = IPSL_CLOSE; }
148 | IPSL_TRACK { $$.act_val = IPSL_TRACK; }
149 | redirect { $$.act_val = IPSL_REDIRECT;
150 $$.act_ip = $1.act_ip;
151 $$.act_port = $1.act_port; }
155 '(' YY_STR ')' { $$ = makepair($2, NULL); }
159 '(' YY_STR ',' YY_STR ')' { $$ = makepair($2, $4); }
163 IPSL_REDIRECT '(' ipaddr ')' { $$.act_ip = $3;
165 | IPSL_REDIRECT '(' ipaddr ',' portnum ')'
171 ipaddr: YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER
172 { $$ = combine($1,$3,$5,$7); }
173 | YY_STR { $$ = gethostip($1);
179 YY_NUMBER { $$ = htons($1); }
180 | YY_STR { $$ = getportnum($1);
188 static struct wordtab yywords[] = {
189 { "close", IPSL_CLOSE },
190 { "content", IPSL_CONTENT },
191 { "else", IPSL_ELSE },
192 { "start-group", IPSL_STARTGROUP },
193 { "redirect", IPSL_REDIRECT },
194 { "start", IPSL_START },
195 { "track", IPSL_TRACK },
211 for (u = dst, i = 0; (i <= ISC_TLEN) && (s < t); ) {
219 if (j && (!ISDIGIT(c) || (c > '7') ||
228 if (ISALPHA(c) || (c > '7')) {
244 } else if (ISDIGIT(c)) {
251 } while ((i <= ISC_TLEN) && (s <= t) && (j > 0));
262 char buf[ISC_TLEN+1];
266 buf[ISC_TLEN] = '\0';
267 bcopy(isc->ipsc_ctxt, buf, ISC_TLEN);
268 printf("%s : (\"", isc->ipsc_tag);
269 printbuf(isc->ipsc_ctxt, isc->ipsc_clen, 0);
271 bcopy(isc->ipsc_cmsk, buf, ISC_TLEN);
272 printf("\", \"%s\"), (\"", buf);
274 printbuf(isc->ipsc_stxt, isc->ipsc_slen, 0);
276 bcopy(isc->ipsc_smsk, buf, ISC_TLEN);
277 printf("\", \"%s\") = ", buf);
279 switch (isc->ipsc_action)
284 case ISC_A_REDIRECT :
286 printf("(%s", inet_ntoa(isc->ipsc_ip));
288 printf(",%d", isc->ipsc_port);
298 if (isc->ipsc_else != ISC_A_NONE) {
300 switch (isc->ipsc_else)
305 case ISC_A_REDIRECT :
307 printf("(%s", inet_ntoa(isc->ipsc_eip));
309 printf(",%d", isc->ipsc_eport);
321 if (opts & OPT_DEBUG) {
322 for (u = (u_char *)isc, i = sizeof(*isc); i; ) {
324 for (j = 32; (j > 0) && (i > 0); j--, i--)
325 printf("%s%02x", (j & 7) ? "" : " ", *u++);
329 if (opts & OPT_VERBOSE) {
330 printf("# hits %d active %d fref %d sref %d\n",
331 isc->ipsc_hits, isc->ipsc_active, isc->ipsc_fref,
337 void addtag(tstr, cp, sp, act)
344 bzero((char *)&isc, sizeof(isc));
346 strncpy(isc.ipsc_tag, tstr, sizeof(isc.ipsc_tag));
347 isc.ipsc_tag[sizeof(isc.ipsc_tag) - 1] = '\0';
350 isc.ipsc_clen = cram(isc.ipsc_ctxt, cp[0]);
352 if (cram(isc.ipsc_cmsk, cp[1]) != isc.ipsc_clen) {
354 "client text/mask strings different length\n");
361 isc.ipsc_slen = cram(isc.ipsc_stxt, sp[0]);
363 if (cram(isc.ipsc_smsk, sp[1]) != isc.ipsc_slen) {
365 "server text/mask strings different length\n");
371 if (act->act_val == IPSL_CLOSE) {
372 isc.ipsc_action = ISC_A_CLOSE;
373 } else if (act->act_val == IPSL_TRACK) {
374 isc.ipsc_action = ISC_A_TRACK;
375 } else if (act->act_val == IPSL_REDIRECT) {
376 isc.ipsc_action = ISC_A_REDIRECT;
377 isc.ipsc_ip = act->act_ip;
378 isc.ipsc_port = act->act_port;
379 fprintf(stderr, "%d: redirect unsupported\n", yylineNum + 1);
382 if (act->act_else == IPSL_CLOSE) {
383 isc.ipsc_else = ISC_A_CLOSE;
384 } else if (act->act_else == IPSL_TRACK) {
385 isc.ipsc_else = ISC_A_TRACK;
386 } else if (act->act_else == IPSL_REDIRECT) {
387 isc.ipsc_else = ISC_A_REDIRECT;
388 isc.ipsc_eip = act->act_eip;
389 isc.ipsc_eport = act->act_eport;
390 fprintf(stderr, "%d: redirect unsupported\n", yylineNum + 1);
393 if (!(opts & OPT_DONOTHING)) {
395 if (opts & OPT_REMOVE) {
396 if (ioctl(fd, SIOCRMSCA, &iscp) == -1)
399 if (ioctl(fd, SIOCADSCA, &iscp) == -1)
404 if (opts & OPT_VERBOSE)
409 char **makepair(s1, s2)
414 a = malloc(sizeof(char *) * 2);
421 struct in_addr combine(a1, a2, a3, a4)
427 in.s_addr = a1 << 24;
429 in.s_addr |= (a2 << 16);
431 in.s_addr |= (a3 << 8);
434 in.s_addr = htonl(in.s_addr);
439 struct in_addr gethostip(host)
447 hp = gethostbyname(host);
450 bcopy(hp->h_addr, (char *)&in, sizeof(in));
460 s = getservbyname(port, "tcp");
469 ipscanstat_t ipsc, *ipscp = &ipsc;
472 if (ioctl(fd, SIOCGSCST, &ipscp) == -1)
473 perror("ioctl(SIOCGSCST)");
474 else if (opts & OPT_SHOWLIST) {
475 while (ipsc.iscs_list != NULL) {
476 if (kmemcpy((char *)&isc, (u_long)ipsc.iscs_list,
477 sizeof(isc)) == -1) {
482 ipsc.iscs_list = isc.ipsc_next;
486 printf("scan entries loaded\t%d\n", ipsc.iscs_entries);
487 printf("scan entries matches\t%ld\n", ipsc.iscs_acted);
488 printf("negative matches\t%ld\n", ipsc.iscs_else);
496 fprintf(stderr, "Usage:\t%s [-dnrv] -f <filename>\n", prog);
497 fprintf(stderr, "\t%s [-dlv]\n", prog);
509 (void) yysettab(yywords);
514 while ((c = getopt(argc, argv, "df:lnrsv")) != -1)
522 if (!strcmp(optarg, "-"))
525 fp = fopen(optarg, "r");
534 opts |= OPT_SHOWLIST;
537 opts |= OPT_DONOTHING;
550 if (!(opts & OPT_DONOTHING)) {
551 fd = open(IPL_SCAN, O_RDWR);
553 perror("open(IPL_SCAN)");
567 if (opts & (OPT_SHOWLIST|OPT_STAT)) {
projects / FreeBSD / releng / 10.2.git / blob