Check-in [50168f46c0]
Overview
Comment:Move a bunch of includes to packetbl.h, and also fix what appears to be a small signing problem (THIS one doesn't break anything)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 50168f46c0073269dc3be5f7116304448cb36aca
User & Date: rmiller on 2011-03-01 22:34:18
Other Links: manifest | tags
Context
2011-03-06
01:57
it compiles and links properly. I don't guarantee ANYTHING else. This is a very major change - I have removed dotconf and am replacing with libconfig. Also did some cleanup along with it. Some parts are messy. I hope it's functional. check-in: 9a13922db2 user: rmiller tags: trunk
2011-03-01
22:34
Move a bunch of includes to packetbl.h, and also fix what appears to be a small signing problem (THIS one doesn't break anything) check-in: 50168f46c0 user: rmiller tags: trunk
2011-02-28
22:23
Under FC14, libnfnetlink needs to be explicitly checked for. This is due to some kind of DSO linker change. Oh well. check-in: d9110d0335 user: rmiller tags: trunk
Changes

Modified packetbl.c from [cd3b07c2c0] to [6783fc984d].

72
73
74
75
76
77
78


79
80
81
82
83
84
85
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87







+
+







# define PBL_HANDLE nfq_q_handle
# define PBL_SET_MODE nfq_set_mode
# define PBL_COPY_PACKET NFQNL_COPY_PACKET
# define PBL_ID_T u_int32_t
# define PBL_ERRSTR ""

#define DEBUG(x, y) if (conf.debug >= x) { printf(y "\n"); }
#define INVALID_OCTET(x) x < 0 || x > 255

struct packet_info {

	uint8_t b1;
	uint8_t b2;
	uint8_t b3;
	uint8_t b4;

215
216
217
218
219
220
221
222

223
224
225
226
227
228
229
217
218
219
220
221
222
223

224
225
226
227
228
229
230
231







-
+







	fprintf(stderr, "[error] %s\n", msg);
	return 1;

}

/*
 * SYNOPSIS:
 *   void daeomize(void);
 *   void daemonize(void);
 *
 * NOTES:
 *   This function accomplishes everything needed to become a daemon.
 *   Including closing standard in/out/err and forking.
 *   It returns nothing, on failure the program must abort.
 *
 */
534
535
536
537
538
539
540
541

542
543
544
545
546
547
548
536
537
538
539
540
541
542

543
544
545
546
547
548
549
550







-
+








static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
        struct nfq_data *nfa, void *data) {

	int ret;
	int id;
	struct nfqnl_msg_packet_hdr *ph;
	char *nfdata;
	unsigned char *nfdata;
	struct packet_info ip;

	DEBUG(2, "Entering callback");

	if (ph = nfq_get_msg_packet_hdr(nfa)) {
		id = ntohl(ph->packet_id);
	}
1155
1156
1157
1158
1159
1160
1161

1162

1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179

1180
1181
1182
1183
1184

1185
1186
1187
1188
1189
1190
1191

1192
1193
1194
1195
1196
1197
1198

1199
1200
1201
1202
1203
1204
1205
1206











1207
1208
1209
1210
1211
1212
1213
1214
1215
1157
1158
1159
1160
1161
1162
1163
1164

1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185



1186


1187
1188



1189


1190
1191



1192


1193
1194




1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205


1206
1207
1208
1209
1210
1211
1212







+
-
+

















+


-
-
-
+
-
-


-
-
-
+
-
-


-
-
-
+
-
-


-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
-
-







 *   This routine is rather tortured, but it works and is believed
 *   correct.  Please don't mess with it without a good reason.
 *
 */
int parse_cidr(struct config_entry *ce) {

	int sep = 0;			// which separator we're on.
	int i = 0;
	char *counter, *c1;
	char *counter, *c1, *numptr;
	char number[BUFFERSIZE];

	if (ce == NULL) {
		return -1;
	}

	c1 = ce->string; // initialize state counter

	for (counter = ce->string; 
			(counter - ce->string) < strlen(ce->string); 
			counter++) {
		switch (*counter) {
			case '.':
			case '/':
				// separator
				strncpy(number, c1, (int)(counter - c1));
				number[(int)(counter - c1)] = '\0';
				i = atoi(number);
				switch(sep) {
					case 0:
						ce->ip.b1 = atoi(number);
						if (ce->ip.b1 < 0 ||
							ce->ip.b1 > 255) {
						numptr = &ce->ip.b1;
							return -1;
						}
						break;
					case 1:
						ce->ip.b2 = atoi(number);
						if (ce->ip.b2 < 0 ||
							ce->ip.b2 > 255) {
						numptr = &ce->ip.b2;
							return -1;
						}
						break;
					case 2:
						ce->ip.b3 = atoi(number);
						if (ce->ip.b3 < 0 ||
							ce->ip.b3 > 255) {
						numptr = &ce->ip.b3;
							return -1;
						}
						break;
					case 3:
						ce->ip.b4 = atoi(number);
						if (ce->ip.b4 < 0 ||
							ce->ip.b4 > 255) {
							return -1;
						numptr = &ce->ip.b4;
						break;
					default:
						/* shouldn't happen.
						FIXME: add error */
						;
						
				}
				ce->ip.b1 = i;
				if (INVALID_OCTET(*numptr)) {
					return -1;
						}
						break;
				}
				sep++;
				c1 = counter + 1;
				break;
			case '0':
			case '1':
			case '2':