Remember if MYADDR or HISADDR is used in a filter add tweak all

filters any time either value changes.

usr.sbin/ppp/bundle.c

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: bundle.c,v 1.53 1999/05/12 09:48:41 brian Exp $
+ *	$Id: bundle.c,v 1.54 1999/05/27 08:42:15 brian Exp $
  */
 
 #include <sys/param.h>
@@ -1710,3 +1710,13 @@ bundle_Exception(struct bundle *bundle, int fd)
 
   return 0;
 }
+
+void
+bundle_AdjustFilters(struct bundle *bundle, struct in_addr *my_ip,
+                     struct in_addr *peer_ip)
+{
+  filter_AdjustAddr(&bundle->filter.in, my_ip, peer_ip);
+  filter_AdjustAddr(&bundle->filter.out, my_ip, peer_ip);
+  filter_AdjustAddr(&bundle->filter.dial, my_ip, peer_ip);
+  filter_AdjustAddr(&bundle->filter.alive, my_ip, peer_ip);
+}

usr.sbin/ppp/bundle.h

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: bundle.h,v 1.20 1998/12/10 18:36:30 brian Exp $
+ *	$Id: bundle.h,v 1.21 1999/01/28 01:56:30 brian Exp $
  */
 
 #define	PHASE_DEAD		0	/* Link is dead */
@@ -189,3 +189,5 @@ extern void bundle_setsid(struct bundle *, int);
 extern void bundle_LockTun(struct bundle *);
 extern int bundle_HighestState(struct bundle *);
 extern int bundle_Exception(struct bundle *, int);
+extern void bundle_AdjustFilters(struct bundle *, struct in_addr *,
+                                 struct in_addr *);

usr.sbin/ppp/command.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: command.c,v 1.193 1999/05/12 09:48:44 brian Exp $
+ * $Id: command.c,v 1.194 1999/05/15 02:24:16 brian Exp $
  *
  */
 #include <sys/param.h>
@@ -143,7 +143,7 @@
 #define NEG_DNS		52
 
 const char Version[] = "2.21";
-const char VersionDate[] = "$Date: 1999/05/12 09:48:44 $";
+const char VersionDate[] = "$Date: 1999/05/15 02:24:16 $";
 
 static int ShowCommand(struct cmdargs const *);
 static int TerminalCommand(struct cmdargs const *);
@@ -1312,6 +1312,7 @@ SetInterfaceAddr(struct cmdargs const *arg)
     ipcp->cfg.my_range.width = 0;
   }
   ipcp->my_ip.s_addr = ipcp->cfg.my_range.ipaddr.s_addr;
+  bundle_AdjustFilters(arg->bundle, &ipcp->my_ip, NULL);
 
   if (hisaddr && !ipcp_UseHisaddr(arg->bundle, hisaddr,
                                   arg->bundle->phys_type.all & PHYS_AUTO))

usr.sbin/ppp/filter.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: filter.c,v 1.27 1999/01/28 01:56:31 brian Exp $
+ * $Id: filter.c,v 1.28 1999/05/08 11:06:33 brian Exp $
  *
  *	TODO: Shoud send ICMP error message when we discard packets.
  */
@@ -261,6 +261,29 @@ ParseUdpOrTcp(int argc, char const *const *argv, int proto,
   return 1;
 }
 
+static unsigned
+addrtype(const char *addr)
+{
+  if (!strncasecmp(addr, "MYADDR", 6) && (addr[6] == '\0' || addr[6] == '/'))
+    return T_MYADDR;
+  if (!strncasecmp(addr, "HISADDR", 7) && (addr[7] == '\0' || addr[7] == '/'))
+    return T_HISADDR;
+
+  return T_ADDR;
+}
+
+static const char *
+addrstr(struct in_addr addr, unsigned type)
+{
+  switch (type) {
+    case T_MYADDR:
+      return "MYADDR";
+    case T_HISADDR:
+      return "HISADDR";
+  }
+  return inet_ntoa(addr);
+}
+
 static int
 Parse(struct ipcp *ipcp, int argc, char const *const *argv,
       struct filterent *ofp)
@@ -326,19 +349,22 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
   if (proto == P_NONE) {
     if (!argc)
       log_Printf(LogWARN, "Parse: address/mask is expected.\n");
-    else if (ParseAddr(ipcp, *argv, &filterdata.saddr, &filterdata.smask,
-                       &filterdata.swidth)) {
+    else if (ParseAddr(ipcp, *argv, &filterdata.src.ipaddr,
+                       &filterdata.src.mask, &filterdata.src.width)) {
+      filterdata.srctype = addrtype(*argv);
       argc--;
       argv++;
       proto = filter_Nam2Proto(argc, argv);
       if (!argc)
         log_Printf(LogWARN, "Parse: address/mask is expected.\n");
       else if (proto == P_NONE) {
-	if (ParseAddr(ipcp, *argv, &filterdata.daddr, &filterdata.dmask,
-                      &filterdata.dwidth)) {
+	if (ParseAddr(ipcp, *argv, &filterdata.dst.ipaddr, &filterdata.dst.mask,
+                      &filterdata.dst.width)) {
+          filterdata.dsttype = addrtype(*argv);
 	  argc--;
 	  argv++;
-	}
+	} else
+          filterdata.dsttype = T_ADDR;
 	proto = filter_Nam2Proto(argc, argv);
 	if (argc && proto != P_NONE) {
 	  argc--;
@@ -372,10 +398,10 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
     break;
   }
 
-  log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.saddr));
-  log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.smask));
-  log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.daddr));
-  log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dmask));
+  log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.src.ipaddr));
+  log_Printf(LogDEBUG, "Parse: Src mask: %s\n", inet_ntoa(filterdata.src.mask));
+  log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.dst.ipaddr));
+  log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", inet_ntoa(filterdata.dst.mask));
   log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto);
 
   log_Printf(LogDEBUG, "Parse: src:  %s (%d)\n",
@@ -439,8 +465,10 @@ doShowFilter(struct filterent *fp, struct prompt *prompt)
         prompt_Printf(prompt, "port ");
       else
         prompt_Printf(prompt, "     ");
-      prompt_Printf(prompt, "%s/%d ", inet_ntoa(fp->saddr), fp->swidth);
-      prompt_Printf(prompt, "%s/%d ", inet_ntoa(fp->daddr), fp->dwidth);
+      prompt_Printf(prompt, "%s/%d ", addrstr(fp->src.ipaddr, fp->srctype),
+                    fp->src.width);
+      prompt_Printf(prompt, "%s/%d ", addrstr(fp->dst.ipaddr, fp->dsttype),
+                    fp->dst.width);
       if (fp->proto) {
 	prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->proto));
 
@@ -548,3 +576,27 @@ filter_Nam2Op(const char *cp)
 
   return op;
 }
+
+void
+filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip,
+                  struct in_addr *peer_ip)
+{
+  struct filterent *fp;
+  int n;
+
+  for (fp = filter->rule, n = 0; n < MAXFILTERS; fp++, n++)
+    if (fp->action != A_NONE) {
+      if (my_ip) {
+        if (fp->srctype == T_MYADDR)
+          fp->src.ipaddr = *my_ip;
+        if (fp->dsttype == T_MYADDR)
+          fp->dst.ipaddr = *my_ip;
+      }
+      if (peer_ip) {
+        if (fp->srctype == T_HISADDR)
+          fp->src.ipaddr = *peer_ip;
+        if (fp->dsttype == T_HISADDR)
+          fp->dst.ipaddr = *peer_ip;
+      }
+    }
+}

usr.sbin/ppp/filter.h

@@ -15,14 +15,12 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: filter.h,v 1.13 1999/01/19 22:16:01 brian Exp $
+ * $Id: filter.h,v 1.14 1999/01/28 01:56:31 brian Exp $
  *
  *	TODO:
  */
 
-/*
- *   Actions
- */
+/* Actions */
 #define	A_NONE		0
 #define	A_PERMIT	1
 #define	A_DENY		2
@@ -30,30 +28,29 @@
 #define	A_UHOST		4
 #define	A_UPORT		8
 
-/*
- *   Known protocols
- */
+/* Known protocols */
 #define	P_NONE	0
 #define	P_TCP	1
 #define	P_UDP	2
 #define	P_ICMP	3
 
-/*
- *   Operations
- */
+/* Operations */
 #define	OP_NONE	0
 #define	OP_EQ	1
 #define	OP_GT	2
 #define	OP_LT	4
 
+/* srctype or dsttype */
+#define T_ADDR		0
+#define T_MYADDR	1
+#define T_HISADDR	2
+
 struct filterent {
   int action;			/* Filtering action */
-  int swidth;			/* Effective source address width */
-  struct in_addr saddr;		/* Source address */
-  struct in_addr smask;		/* Source address mask */
-  int dwidth;			/* Effective destination address width */
-  struct in_addr daddr;		/* Destination address */
-  struct in_addr dmask;		/* Destination address mask */
+  unsigned srctype : 2;		/* T_ value of src */
+  struct in_range src;		/* Source address */
+  unsigned dsttype : 2;		/* T_ value of dst */
+  struct in_range dst;		/* Destination address */
   int proto;			/* Protocol */
   struct {
     short srcop;
@@ -91,3 +88,5 @@ extern const char * filter_Action2Nam(int);
 extern const char *filter_Proto2Nam(int);
 extern const char *filter_Op2Nam(int);
 extern struct in_addr bits2mask(int);
+extern void filter_AdjustAddr(struct filter *, struct in_addr *,
+                              struct in_addr *);

usr.sbin/ppp/iface.c

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: iface.c,v 1.5 1999/05/08 11:06:40 brian Exp $
+ *	$Id: iface.c,v 1.6 1999/05/27 08:42:17 brian Exp $
  */
 
 #include <sys/param.h>
@@ -59,9 +59,9 @@
 #include "hdlc.h"
 #include "throughput.h"
 #include "slcompress.h"
-#include "filter.h"
 #include "descriptor.h"
 #include "ipcp.h"
+#include "filter.h"
 #include "lcp.h"
 #include "ccp.h"
 #include "link.h"

usr.sbin/ppp/ip.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: ip.c,v 1.60 1999/05/09 20:02:19 brian Exp $
+ * $Id: ip.c,v 1.61 1999/05/14 09:35:51 brian Exp $
  *
  *	TODO:
  *		o Return ICMP message for filterd packet
@@ -113,7 +113,7 @@ FilterCheck(struct ip *pip, struct filter *filter)
     cproto = gotinfo = estab = syn = finrst = didname = 0;
     sport = dport = 0;
     for (n = 0; n < MAXFILTERS; n++) {
-      if (fp->action) {
+      if (fp->action != A_NONE) {
 	/* permit fragments on in and out filter */
         if (filter->fragok && (ntohs(pip->ip_off) & IP_OFFMASK) != 0)
 	  return (A_PERMIT);
@@ -122,10 +122,10 @@ FilterCheck(struct ip *pip, struct filter *filter)
           log_Printf(LogDEBUG, "%s filter:\n", filter->name);
         didname = 1;
 
-	if ((pip->ip_src.s_addr & fp->smask.s_addr) ==
-	    (fp->saddr.s_addr & fp->smask.s_addr) &&
-	    (pip->ip_dst.s_addr & fp->dmask.s_addr) ==
-	    (fp->daddr.s_addr & fp->dmask.s_addr)) {
+	if ((pip->ip_src.s_addr & fp->src.mask.s_addr) ==
+	    (fp->src.ipaddr.s_addr & fp->src.mask.s_addr) &&
+	    (pip->ip_dst.s_addr & fp->dst.mask.s_addr) ==
+	    (fp->dst.ipaddr.s_addr & fp->dst.mask.s_addr)) {
 	  if (fp->proto) {
 	    if (!gotinfo) {
 	      ptop = (char *) pip + (pip->ip_hl << 2);

usr.sbin/ppp/ipcp.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: ipcp.c,v 1.76 1999/05/08 11:06:45 brian Exp $
+ * $Id: ipcp.c,v 1.77 1999/05/09 20:02:19 brian Exp $
  *
  *	TODO:
  *		o Support IPADDRS properly
@@ -903,6 +903,7 @@ IpcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type,
 		   inet_ntoa(ipcp->my_ip));
 	  log_Printf(LogIPCP, "%s --> %s\n", tbuff2, inet_ntoa(ipaddr));
 	  ipcp->my_ip = ipaddr;
+          bundle_AdjustFilters(fp->bundle, &ipcp->my_ip, NULL);
 	} else {
 	  log_Printf(log_IsKept(LogIPCP) ? LogIPCP : LogPHASE,
                     "%s: Unacceptable address!\n", inet_ntoa(ipaddr));
@@ -1186,7 +1187,7 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
       ipcp->peer_ip = ChooseHisAddr(bundle, ipcp->my_ip);
       if (ipcp->peer_ip.s_addr == INADDR_ANY) {
         log_Printf(LogWARN, "%s: None available !\n", ipcp->cfg.peer_list.src);
-        return(0);
+        return 0;
       }
       ipcp->cfg.peer_range.ipaddr.s_addr = ipcp->peer_ip.s_addr;
       ipcp->cfg.peer_range.mask.s_addr = INADDR_BROADCAST;
@@ -1206,7 +1207,9 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
   } else
     return 0;
 
-  return 1;
+  bundle_AdjustFilters(bundle, NULL, &ipcp->peer_ip);
+
+  return 1;	/* Ok */
 }
 
 struct in_addr