d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Do not crash on incorrect "flow" type inputs.

Browse Source 
* Do not auto-create tables for operations other than add.
This commit is contained in:
Alexander V. Chernikov 2014-08-13 06:16:37 +00:00
parent 658331e530
commit 35df97d0e2
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/projects/ipfw/; revision=269910
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
sbin/ipfw/tables.c
View File

@ -67,7 +67,7 @@ static void table_show_list(ipfw_obj_header *oh, int need_header);
static void table_show_entry(ipfw_xtable_info *i, ipfw_obj_tentry *tent);
static void tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent,
char *key, uint8_t *ptype, uint8_t *pvtype, ipfw_xtable_info *xi);
char *key, int add, uint8_t *ptype, uint8_t *pvtype, ipfw_xtable_info *xi);
static void tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent,
char *arg, uint8_t type, uint8_t vtype);
@ -932,7 +932,7 @@ table_modify_record(ipfw_obj_header *oh, int ac, char *av[], int add,
memset(&xi, 0, sizeof(xi));
count = 0;
while (ac > 0) {
tentry_fill_key(oh, ptent, *av, &type, &vtype, &xi);
tentry_fill_key(oh, ptent, *av, add, &type, &vtype, &xi);
/*
* compability layer: auto-create table if not exists
@ -1073,7 +1073,7 @@ table_do_lookup(ipfw_obj_header *oh, char *key, ipfw_xtable_info *xi,
tent->head.length = sizeof(*tent);
tent->idx = 1;
tentry_fill_key(oh, tent, key, &type, &vtype, xi);
tentry_fill_key(oh, tent, key, 0, &type, &vtype, xi);
oh->ntlv.type = type;
sz = sizeof(xbuf);
@ -1196,7 +1196,7 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
tfe = &tentry->k.flow;
af = 0;
/* Handle <ipv4|ipv6>*/
/* Handle <ipv4|ipv6> */
if ((tflags & IPFW_TFFLAG_SRCIP) != 0) {
if ((p = strchr(arg, ',')) != NULL)
*p++ = '\0';
@ -1220,6 +1220,8 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
/* Handle <proto-num|proto-name> */
if ((tflags & IPFW_TFFLAG_PROTO) != 0) {
if (arg == NULL)
errx(EX_DATAERR, "invalid key: proto missing");
if ((p = strchr(arg, ',')) != NULL)
*p++ = '\0';
@ -1242,6 +1244,8 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
/* Handle <port-num|service-name> */
if ((tflags & IPFW_TFFLAG_SRCPORT) != 0) {
if (arg == NULL)
errx(EX_DATAERR, "invalid key: src port missing");
if ((p = strchr(arg, ',')) != NULL)
*p++ = '\0';
@ -1260,6 +1264,8 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
/* Handle <ipv4|ipv6>*/
if ((tflags & IPFW_TFFLAG_DSTIP) != 0) {
if (arg == NULL)
errx(EX_DATAERR, "invalid key: dst ip missing");
if ((p = strchr(arg, ',')) != NULL)
*p++ = '\0';
/* Determine family using temporary storage */
@ -1282,6 +1288,8 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
/* Handle <port-num|service-name> */
if ((tflags & IPFW_TFFLAG_DSTPORT) != 0) {
if (arg == NULL)
errx(EX_DATAERR, "invalid key: dst port missing");
if ((p = strchr(arg, ',')) != NULL)
*p++ = '\0';
@ -1312,7 +1320,7 @@ tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
static void
tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *key,
uint8_t *ptype, uint8_t *pvtype, ipfw_xtable_info *xi)
int add, uint8_t *ptype, uint8_t *pvtype, ipfw_xtable_info *xi)
{
uint8_t type, tflags, vtype;
int error;
@ -1336,6 +1344,9 @@ tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *key,
if (error != ESRCH)
errx(EX_OSERR, "Error requesting table %s info",
oh->ntlv.name);
if (add == 0)
errx(EX_DATAERR, "Table %s does not exist",
oh->ntlv.name);
/*
* Table does not exist.
* Compability layer: try to interpret data as CIDR