d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ingored incoming packets are now dropped when

Browse Source 
deny_incoming option is set to yes.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
This commit is contained in:
Brian Somers 1997-09-06 11:14:03 +00:00
parent 59354a4e8d
commit f9b06d5cbe
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=29163
4 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sbin/natd/HISTORY
View File

@ -111,3 +111,9 @@
fixed. Natd now waits with select(2) for buffer space fixed. Natd now waits with select(2) for buffer space
to become available if write fails. to become available if write fails.
- Packet aliasing library upgraded to 2.2. - Packet aliasing library upgraded to 2.2.
* Version 1.10
- Ignored incoming packets are now dropped when
deny_incoming option is set to yes.
- Packet aliasing library upgraded to 2.4.

16
sbin/natd/natd.c
View File

@ -94,6 +94,7 @@ static char packetBuf[IP_MAXPACKET];
static int packetLen; static int packetLen;
static struct sockaddr_in packetAddr; static struct sockaddr_in packetAddr;
static int packetSock; static int packetSock;
static int dropIgnoredIncoming;
int main (int argc, char** argv) int main (int argc, char** argv)
{ {
@ -161,6 +162,11 @@ int main (int argc, char** argv)
if (inPort == 0 && outPort == 0 && inOutPort == 0) if (inPort == 0 && outPort == 0 && inOutPort == 0)
ParseOption ("port", DEFAULT_SERVICE, 0); ParseOption ("port", DEFAULT_SERVICE, 0);
/*
* Check if ignored packets should be dropped.
*/
dropIgnoredIncoming = PacketAliasSetMode (0, 0);
dropIgnoredIncoming &= PKT_ALIAS_DENY_INCOMING;
/* /*
* Create divert sockets. Use only one socket if -p was specified * Create divert sockets. Use only one socket if -p was specified
* on command line. Otherwise, create separate sockets for * on command line. Otherwise, create separate sockets for
@ -254,7 +260,6 @@ int main (int argc, char** argv)
*/ */
if (aliasAddr.s_addr != INADDR_NONE) if (aliasAddr.s_addr != INADDR_NONE)
PacketAliasSetAddress (aliasAddr); PacketAliasSetAddress (aliasAddr);
/* /*
* We need largest descriptor number for select. * We need largest descriptor number for select.
*/ */
@ -411,6 +416,7 @@ static void DoAliasing (int fd)
{ {
int bytes; int bytes;
int origBytes; int origBytes;
int status;
int addrSize; int addrSize;
struct ip* ip; struct ip* ip;
@ -486,7 +492,13 @@ static void DoAliasing (int fd)
/* /*
* Do aliasing. * Do aliasing.
*/ */
PacketAliasIn (packetBuf, IP_MAXPACKET); status = PacketAliasIn (packetBuf, IP_MAXPACKET);
if (status == PKT_ALIAS_IGNORED &&
dropIgnoredIncoming) {
printf (" dropped.\n");
return;
}
} }
/* /*
* Length might have changed during aliasing. * Length might have changed during aliasing.

6
usr.sbin/natd/HISTORY
View File

@ -111,3 +111,9 @@
fixed. Natd now waits with select(2) for buffer space fixed. Natd now waits with select(2) for buffer space
to become available if write fails. to become available if write fails.
- Packet aliasing library upgraded to 2.2. - Packet aliasing library upgraded to 2.2.
* Version 1.10
- Ignored incoming packets are now dropped when
deny_incoming option is set to yes.
- Packet aliasing library upgraded to 2.4.

16
usr.sbin/natd/natd.c
View File

@ -94,6 +94,7 @@ static char packetBuf[IP_MAXPACKET];
static int packetLen; static int packetLen;
static struct sockaddr_in packetAddr; static struct sockaddr_in packetAddr;
static int packetSock; static int packetSock;
static int dropIgnoredIncoming;
int main (int argc, char** argv) int main (int argc, char** argv)
{ {
@ -161,6 +162,11 @@ int main (int argc, char** argv)
if (inPort == 0 && outPort == 0 && inOutPort == 0) if (inPort == 0 && outPort == 0 && inOutPort == 0)
ParseOption ("port", DEFAULT_SERVICE, 0); ParseOption ("port", DEFAULT_SERVICE, 0);
/*
* Check if ignored packets should be dropped.
*/
dropIgnoredIncoming = PacketAliasSetMode (0, 0);
dropIgnoredIncoming &= PKT_ALIAS_DENY_INCOMING;
/* /*
* Create divert sockets. Use only one socket if -p was specified * Create divert sockets. Use only one socket if -p was specified
* on command line. Otherwise, create separate sockets for * on command line. Otherwise, create separate sockets for
@ -254,7 +260,6 @@ int main (int argc, char** argv)
*/ */
if (aliasAddr.s_addr != INADDR_NONE) if (aliasAddr.s_addr != INADDR_NONE)
PacketAliasSetAddress (aliasAddr); PacketAliasSetAddress (aliasAddr);
/* /*
* We need largest descriptor number for select. * We need largest descriptor number for select.
*/ */
@ -411,6 +416,7 @@ static void DoAliasing (int fd)
{ {
int bytes; int bytes;
int origBytes; int origBytes;
int status;
int addrSize; int addrSize;
struct ip* ip; struct ip* ip;
@ -486,7 +492,13 @@ static void DoAliasing (int fd)
/* /*
* Do aliasing. * Do aliasing.
*/ */
PacketAliasIn (packetBuf, IP_MAXPACKET); status = PacketAliasIn (packetBuf, IP_MAXPACKET);
if (status == PKT_ALIAS_IGNORED &&
dropIgnoredIncoming) {
printf (" dropped.\n");
return;
}
} }
/* /*
* Length might have changed during aliasing. * Length might have changed during aliasing.