#552 destination port not zero after parsing nat rule
Approved by: glebius (mentor) Obtained from: netbsd CVS repo (r1.4), ipfilter CVS repo (r1.38)
This commit is contained in:
parent
8937a6a4b7
commit
bc2167fa66
@ -871,9 +871,9 @@ mapport:
|
|||||||
}
|
}
|
||||||
free($2);
|
free($2);
|
||||||
if ($3.p1 < 0 || $3.p1 > 65535)
|
if ($3.p1 < 0 || $3.p1 > 65535)
|
||||||
yyerror("invalid ICMP Id number");
|
yyerror("invalid 1st ICMP Id number");
|
||||||
if ($3.p2 < 0 || $3.p2 > 65535)
|
if ($3.p2 < 0 || $3.p2 > 65535)
|
||||||
yyerror("invalid ICMP Id number");
|
yyerror("invalid 2nd ICMP Id number");
|
||||||
if (strcmp($2, "ipv6-icmp") == 0) {
|
if (strcmp($2, "ipv6-icmp") == 0) {
|
||||||
nat->in_pr[0] = IPPROTO_ICMPV6;
|
nat->in_pr[0] = IPPROTO_ICMPV6;
|
||||||
nat->in_pr[1] = IPPROTO_ICMPV6;
|
nat->in_pr[1] = IPPROTO_ICMPV6;
|
||||||
@ -1058,7 +1058,7 @@ hash: IPNY_HASH { if (!(nat->in_flags & IPN_FILTER)) {
|
|||||||
;
|
;
|
||||||
|
|
||||||
portstuff:
|
portstuff:
|
||||||
compare portspec { $$.pc = $1; $$.p1 = $2; }
|
compare portspec { $$.pc = $1; $$.p1 = $2; $$.p2 = 0; }
|
||||||
| portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; }
|
| portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; }
|
||||||
;
|
;
|
||||||
|
|
||||||
@ -1151,7 +1151,7 @@ proto: YY_NUMBER { $$ = $1;
|
|||||||
| YY_STR { $$ = getproto($1);
|
| YY_STR { $$ = getproto($1);
|
||||||
free($1);
|
free($1);
|
||||||
if ($$ == -1)
|
if ($$ == -1)
|
||||||
yyerror("unknwon protocol");
|
yyerror("unknown protocol");
|
||||||
if ($$ != IPPROTO_TCP &&
|
if ($$ != IPPROTO_TCP &&
|
||||||
$$ != IPPROTO_UDP)
|
$$ != IPPROTO_UDP)
|
||||||
suggest_port = 0;
|
suggest_port = 0;
|
||||||
@ -1172,7 +1172,8 @@ hostname:
|
|||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
family = AF_INET;
|
family = AF_INET;
|
||||||
bzero(&$$, sizeof($$));
|
memset(&($$), 0, sizeof($$));
|
||||||
|
memset(&addr, 0, sizeof(addr));
|
||||||
$$.f = family;
|
$$.f = family;
|
||||||
if (gethost(family, $1,
|
if (gethost(family, $1,
|
||||||
&addr) == 0) {
|
&addr) == 0) {
|
||||||
@ -1184,17 +1185,17 @@ hostname:
|
|||||||
}
|
}
|
||||||
free($1);
|
free($1);
|
||||||
}
|
}
|
||||||
| YY_NUMBER { bzero(&$$, sizeof($$));
|
| YY_NUMBER { memset(&($$), 0, sizeof($$));
|
||||||
$$.a.in4.s_addr = htonl($1);
|
$$.a.in4.s_addr = htonl($1);
|
||||||
if ($$.a.in4.s_addr != 0)
|
if ($$.a.in4.s_addr != 0)
|
||||||
$$.f = AF_INET;
|
$$.f = AF_INET;
|
||||||
}
|
}
|
||||||
| ipv4 { $$ = $1; }
|
| ipv4 { $$ = $1; }
|
||||||
| YY_IPV6 { bzero(&$$, sizeof($$));
|
| YY_IPV6 { memset(&($$), 0, sizeof($$));
|
||||||
$$.a = $1;
|
$$.a = $1;
|
||||||
$$.f = AF_INET6;
|
$$.f = AF_INET6;
|
||||||
}
|
}
|
||||||
| YY_NUMBER YY_IPV6 { bzero(&$$, sizeof($$));
|
| YY_NUMBER YY_IPV6 { memset(&($$), 0, sizeof($$));
|
||||||
$$.a = $2;
|
$$.a = $2;
|
||||||
$$.f = AF_INET6;
|
$$.f = AF_INET6;
|
||||||
}
|
}
|
||||||
@ -1429,6 +1430,9 @@ setnatproto(p)
|
|||||||
nat->in_flags |= IPN_UDP;
|
nat->in_flags |= IPN_UDP;
|
||||||
nat->in_flags &= ~IPN_TCP;
|
nat->in_flags &= ~IPN_TCP;
|
||||||
break;
|
break;
|
||||||
|
#ifdef USE_INET6
|
||||||
|
case IPPROTO_ICMPV6 :
|
||||||
|
#endif
|
||||||
case IPPROTO_ICMP :
|
case IPPROTO_ICMP :
|
||||||
nat->in_flags &= ~IPN_TCPUDP;
|
nat->in_flags &= ~IPN_TCPUDP;
|
||||||
if (!(nat->in_flags & IPN_ICMPQUERY) &&
|
if (!(nat->in_flags & IPN_ICMPQUERY) &&
|
||||||
@ -1508,7 +1512,7 @@ ipnat_addrule(fd, ioctlfunc, ptr)
|
|||||||
printnat(ipn, opts);
|
printnat(ipn, opts);
|
||||||
|
|
||||||
if (opts & OPT_DEBUG)
|
if (opts & OPT_DEBUG)
|
||||||
binprint(ipn, sizeof(*ipn));
|
binprint(ipn, ipn->in_size);
|
||||||
|
|
||||||
if ((opts & OPT_ZERORULEST) != 0) {
|
if ((opts & OPT_ZERORULEST) != 0) {
|
||||||
if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) {
|
if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user