d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#552 destination port not zero after parsing nat rule

Browse Source 
Approved by:	glebius (mentor)
Obtained from:	netbsd CVS repo (r1.4), ipfilter CVS repo (r1.38)
This commit is contained in:
Cy Schubert 2014-09-22 16:35:48 +00:00
parent 19455ef7e4
commit 24211cc919
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=271978
1 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
contrib/ipfilter/tools/ipnat_y.y
View File

@ -871,9 +871,9 @@ mapport:
} }
free($2); free($2);
if ($3.p1 < 0 || $3.p1 > 65535) if ($3.p1 < 0 || $3.p1 > 65535)
yyerror("invalid ICMP Id number"); yyerror("invalid 1st ICMP Id number");
if ($3.p2 < 0 || $3.p2 > 65535) if ($3.p2 < 0 || $3.p2 > 65535)
yyerror("invalid ICMP Id number"); yyerror("invalid 2nd ICMP Id number");
if (strcmp($2, "ipv6-icmp") == 0) { if (strcmp($2, "ipv6-icmp") == 0) {
nat->in_pr[0] = IPPROTO_ICMPV6; nat->in_pr[0] = IPPROTO_ICMPV6;
nat->in_pr[1] = IPPROTO_ICMPV6; nat->in_pr[1] = IPPROTO_ICMPV6;
@ -1058,7 +1058,7 @@ hash: IPNY_HASH { if (!(nat->in_flags & IPN_FILTER)) {
; ;
portstuff: portstuff:
compare portspec { $$.pc = $1; $$.p1 = $2; } compare portspec { $$.pc = $1; $$.p1 = $2; $$.p2 = 0; }
| portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; } | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; }
; ;
@ -1151,7 +1151,7 @@ proto: YY_NUMBER { $$ = $1;
| YY_STR { $$ = getproto($1); | YY_STR { $$ = getproto($1);
free($1); free($1);
if ($$ == -1) if ($$ == -1)
yyerror("unknwon protocol"); yyerror("unknown protocol");
if ($$ != IPPROTO_TCP && if ($$ != IPPROTO_TCP &&
$$ != IPPROTO_UDP) $$ != IPPROTO_UDP)
suggest_port = 0; suggest_port = 0;
@ -1172,7 +1172,8 @@ hostname:
else else
#endif #endif
family = AF_INET; family = AF_INET;
bzero(&$$, sizeof($$)); memset(&($$), 0, sizeof($$));
memset(&addr, 0, sizeof(addr));
$$.f = family; $$.f = family;
if (gethost(family, $1, if (gethost(family, $1,
&addr) == 0) { &addr) == 0) {
@ -1184,17 +1185,17 @@ hostname:
} }
free($1); free($1);
} }
| YY_NUMBER { bzero(&$$, sizeof($$)); | YY_NUMBER { memset(&($$), 0, sizeof($$));
$$.a.in4.s_addr = htonl($1); $$.a.in4.s_addr = htonl($1);
if ($$.a.in4.s_addr != 0) if ($$.a.in4.s_addr != 0)
$$.f = AF_INET; $$.f = AF_INET;
} }
| ipv4 { $$ = $1; } | ipv4 { $$ = $1; }
| YY_IPV6 { bzero(&$$, sizeof($$)); | YY_IPV6 { memset(&($$), 0, sizeof($$));
$$.a = $1; $$.a = $1;
$$.f = AF_INET6; $$.f = AF_INET6;
} }
| YY_NUMBER YY_IPV6 { bzero(&$$, sizeof($$)); | YY_NUMBER YY_IPV6 { memset(&($$), 0, sizeof($$));
$$.a = $2; $$.a = $2;
$$.f = AF_INET6; $$.f = AF_INET6;
} }
@ -1429,6 +1430,9 @@ setnatproto(p)
nat->in_flags |= IPN_UDP; nat->in_flags |= IPN_UDP;
nat->in_flags &= ~IPN_TCP; nat->in_flags &= ~IPN_TCP;
break; break;
#ifdef USE_INET6
case IPPROTO_ICMPV6 :
#endif
case IPPROTO_ICMP : case IPPROTO_ICMP :
nat->in_flags &= ~IPN_TCPUDP; nat->in_flags &= ~IPN_TCPUDP;
if (!(nat->in_flags & IPN_ICMPQUERY) && if (!(nat->in_flags & IPN_ICMPQUERY) &&
@ -1508,7 +1512,7 @@ ipnat_addrule(fd, ioctlfunc, ptr)
printnat(ipn, opts); printnat(ipn, opts);
if (opts & OPT_DEBUG) if (opts & OPT_DEBUG)
binprint(ipn, sizeof(*ipn)); binprint(ipn, ipn->in_size);
if ((opts & OPT_ZERORULEST) != 0) { if ((opts & OPT_ZERORULEST) != 0) {
if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) { if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) {