From bc2167fa662cc13b9cec9bbc88deddeecbfc39a8 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 22 Sep 2014 16:35:48 +0000 Subject: [PATCH] #552 destination port not zero after parsing nat rule Approved by: glebius (mentor) Obtained from: netbsd CVS repo (r1.4), ipfilter CVS repo (r1.38) --- contrib/ipfilter/tools/ipnat_y.y | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index b8d22f979e88..8c23403b3e03 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -871,9 +871,9 @@ mapport: } free($2); if ($3.p1 < 0 || $3.p1 > 65535) - yyerror("invalid ICMP Id number"); + yyerror("invalid 1st ICMP Id number"); if ($3.p2 < 0 || $3.p2 > 65535) - yyerror("invalid ICMP Id number"); + yyerror("invalid 2nd ICMP Id number"); if (strcmp($2, "ipv6-icmp") == 0) { nat->in_pr[0] = IPPROTO_ICMPV6; nat->in_pr[1] = IPPROTO_ICMPV6; @@ -1058,7 +1058,7 @@ hash: IPNY_HASH { if (!(nat->in_flags & IPN_FILTER)) { ; portstuff: - compare portspec { $$.pc = $1; $$.p1 = $2; } + compare portspec { $$.pc = $1; $$.p1 = $2; $$.p2 = 0; } | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; } ; @@ -1151,7 +1151,7 @@ proto: YY_NUMBER { $$ = $1; | YY_STR { $$ = getproto($1); free($1); if ($$ == -1) - yyerror("unknwon protocol"); + yyerror("unknown protocol"); if ($$ != IPPROTO_TCP && $$ != IPPROTO_UDP) suggest_port = 0; @@ -1172,7 +1172,8 @@ hostname: else #endif family = AF_INET; - bzero(&$$, sizeof($$)); + memset(&($$), 0, sizeof($$)); + memset(&addr, 0, sizeof(addr)); $$.f = family; if (gethost(family, $1, &addr) == 0) { @@ -1184,17 +1185,17 @@ hostname: } free($1); } - | YY_NUMBER { bzero(&$$, sizeof($$)); + | YY_NUMBER { memset(&($$), 0, sizeof($$)); $$.a.in4.s_addr = htonl($1); if ($$.a.in4.s_addr != 0) $$.f = AF_INET; } | ipv4 { $$ = $1; } - | YY_IPV6 { bzero(&$$, sizeof($$)); + | YY_IPV6 { memset(&($$), 0, sizeof($$)); $$.a = $1; $$.f = AF_INET6; } - | YY_NUMBER YY_IPV6 { bzero(&$$, sizeof($$)); + | YY_NUMBER YY_IPV6 { memset(&($$), 0, sizeof($$)); $$.a = $2; $$.f = AF_INET6; } @@ -1429,6 +1430,9 @@ setnatproto(p) nat->in_flags |= IPN_UDP; nat->in_flags &= ~IPN_TCP; break; +#ifdef USE_INET6 + case IPPROTO_ICMPV6 : +#endif case IPPROTO_ICMP : nat->in_flags &= ~IPN_TCPUDP; if (!(nat->in_flags & IPN_ICMPQUERY) && @@ -1508,7 +1512,7 @@ ipnat_addrule(fd, ioctlfunc, ptr) printnat(ipn, opts); if (opts & OPT_DEBUG) - binprint(ipn, sizeof(*ipn)); + binprint(ipn, ipn->in_size); if ((opts & OPT_ZERORULEST) != 0) { if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) {