72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
+
+
|
# define PBL_HANDLE nfq_q_handle
# define PBL_SET_MODE nfq_set_mode
# define PBL_COPY_PACKET NFQNL_COPY_PACKET
# define PBL_ID_T u_int32_t
# define PBL_ERRSTR ""
#define DEBUG(x, y) if (conf.debug >= x) { printf(y "\n"); }
#define INVALID_OCTET(x) x < 0 || x > 255
struct packet_info {
uint8_t b1;
uint8_t b2;
uint8_t b3;
uint8_t b4;
|
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
-
+
|
fprintf(stderr, "[error] %s\n", msg);
return 1;
}
/*
* SYNOPSIS:
* void daeomize(void);
* void daemonize(void);
*
* NOTES:
* This function accomplishes everything needed to become a daemon.
* Including closing standard in/out/err and forking.
* It returns nothing, on failure the program must abort.
*
*/
|
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
|
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
|
-
+
|
static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
struct nfq_data *nfa, void *data) {
int ret;
int id;
struct nfqnl_msg_packet_hdr *ph;
char *nfdata;
unsigned char *nfdata;
struct packet_info ip;
DEBUG(2, "Entering callback");
if (ph = nfq_get_msg_packet_hdr(nfa)) {
id = ntohl(ph->packet_id);
}
|
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
|
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
|
+
-
+
+
-
-
-
+
-
-
-
-
-
+
-
-
-
-
-
+
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
-
-
|
* This routine is rather tortured, but it works and is believed
* correct. Please don't mess with it without a good reason.
*
*/
int parse_cidr(struct config_entry *ce) {
int sep = 0; // which separator we're on.
int i = 0;
char *counter, *c1;
char *counter, *c1, *numptr;
char number[BUFFERSIZE];
if (ce == NULL) {
return -1;
}
c1 = ce->string; // initialize state counter
for (counter = ce->string;
(counter - ce->string) < strlen(ce->string);
counter++) {
switch (*counter) {
case '.':
case '/':
// separator
strncpy(number, c1, (int)(counter - c1));
number[(int)(counter - c1)] = '\0';
i = atoi(number);
switch(sep) {
case 0:
ce->ip.b1 = atoi(number);
if (ce->ip.b1 < 0 ||
ce->ip.b1 > 255) {
return -1;
}
ce->ip.b2 = atoi(number);
if (ce->ip.b2 < 0 ||
ce->ip.b2 > 255) {
return -1;
}
ce->ip.b3 = atoi(number);
if (ce->ip.b3 < 0 ||
ce->ip.b3 > 255) {
return -1;
}
ce->ip.b4 = atoi(number);
if (ce->ip.b4 < 0 ||
ce->ip.b4 > 255) {
return -1;
numptr = &ce->ip.b4;
break;
default:
/* shouldn't happen.
FIXME: add error */
;
}
ce->ip.b1 = i;
if (INVALID_OCTET(*numptr)) {
return -1;
}
break;
|