[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nufw-devel] [PATCH 5 of 5] plaintext: Add ICMP type support
From: |
Mikael Berthe |
Subject: |
[Nufw-devel] [PATCH 5 of 5] plaintext: Add ICMP type support |
Date: |
Tue, 25 Oct 2005 19:56:07 +0200 |
# HG changeset patch
# User Mikael Berthe <address@hidden>
# Node ID 75bcd35c8664a918a5a1e5b7c2dfc5a87dfbe980
# Parent 1f225ee997a7d8a64474e754a8c76bc520c3d39a
plaintext: Add ICMP type support
diff -r 1f225ee997a7 -r 75bcd35c8664 conf/acls.nufw
--- a/conf/acls.nufw Sun Oct 23 22:25:44 2005 +0200
+++ b/conf/acls.nufw Sun Oct 23 23:25:23 2005 +0200
@@ -8,6 +8,7 @@
# gid=100,101 # which groups are concerned
# gid=103 # several lines can be used
# proto=6 # TCP (only 1 proto allowed per ACL, of course)
+# type=0 # Type, for ICMP protocol only
# SrcIP=10.10.0.1 # Source IP, equivalent to 10.10.0.1/32
# SrcPort=1024-65535 # List of source ports (a single port is ok)
# DstIP=10.10.0.5 # Destination IP address
diff -r 1f225ee997a7 -r 75bcd35c8664
src/nuauth/modules/plaintext/auth_plaintext.h
--- a/src/nuauth/modules/plaintext/auth_plaintext.h Sun Oct 23 22:25:44
2005 +0200
+++ b/src/nuauth/modules/plaintext/auth_plaintext.h Sun Oct 23 23:25:23
2005 +0200
@@ -58,6 +58,8 @@
GSList *apps;
GSList *os;
+ GSList *types;
+
GSList *src_ip;
GSList *src_ports;
diff -r 1f225ee997a7 -r 75bcd35c8664 src/nuauth/modules/plaintext/plaintext.c
--- a/src/nuauth/modules/plaintext/plaintext.c Sun Oct 23 22:25:44 2005 +0200
+++ b/src/nuauth/modules/plaintext/plaintext.c Sun Oct 23 23:25:23 2005 +0200
@@ -62,50 +62,50 @@
}
/**
- * parse_groups()
- * Extracts group ids in groupline and fills *p_grouplist.
+ * parse_ints()
+ * Extracts integers (like group ids) in intline and fills *p_intlist.
* prefix is displayed in front of the log messages.
* Returns 0 if successful.
*/
-int parse_groups(char *groupline, GSList **p_grouplist, char *prefix)
+int parse_ints(char *intline, GSList **p_intlist, char *prefix)
{
- char *p_nextgroup;
- char *p_groups = groupline;
- GSList *grouplist = *p_grouplist;
- int group;
-
- // parsing groups
- while (p_groups) {
- p_nextgroup = strchr(p_groups, ',');
- if (p_nextgroup) {
- *p_nextgroup = 0;
- }
- if (sscanf(p_groups, "%u", &group) != 1) {
- // We can't read a group. This will be an error only if we can
+ char *p_nextint;
+ char *p_ints = intline;
+ GSList *intlist = *p_intlist;
+ int number;
+
+ // parsing ints
+ while (p_ints) {
+ p_nextint = strchr(p_ints, ',');
+ if (p_nextint) {
+ *p_nextint = 0;
+ }
+ if (sscanf(p_ints, "%u", &number) != 1) {
+ // We can't read a number. This will be an error only if we can
// see a comma next.
- if (p_nextgroup) {
+ if (p_nextint) {
if (DEBUG_OR_NOT(DEBUG_LEVEL_WARNING,DEBUG_AREA_MAIN))
- g_message("%s parse_groups: Malformed line",
+ g_message("%s parse_ints: Malformed line",
prefix);
- *p_grouplist = grouplist;
+ *p_intlist = intlist;
return 1;
}
if (DEBUG_OR_NOT(DEBUG_LEVEL_WARNING,DEBUG_AREA_MAIN))
- g_message("%s parse_groups: Garbarge at end of line", prefix);
+ g_message("%s parse_ints: Garbarge at end of line", prefix);
} else {
- // One group to add...
- grouplist = g_slist_prepend(grouplist,
- GINT_TO_POINTER((u_int32_t)group));
-#ifdef DEBUG_ENABLE
- if (DEBUG_OR_NOT(DEBUG_LEVEL_VERBOSE_DEBUG,DEBUG_AREA_MAIN))
- g_message("%s Added group %d", prefix, group);
-#endif
- }
- if ((p_groups = p_nextgroup))
- p_groups++;
- }
-
- *p_grouplist = grouplist;
+ // One number (group, integer...) to add
+ intlist = g_slist_prepend(intlist,
+ GINT_TO_POINTER((u_int32_t)number));
+#ifdef DEBUG_ENABLE
+ if (DEBUG_OR_NOT(DEBUG_LEVEL_VERBOSE_DEBUG,DEBUG_AREA_MAIN))
+ g_message("%s Added group/int %d", prefix, number);
+#endif
+ }
+ if ((p_ints = p_nextint))
+ p_ints++;
+ }
+
+ *p_intlist = intlist;
return 0;
}
@@ -363,7 +363,7 @@
snprintf(log_prefix, 15, "L.%d: ", ln);
// parsing groups
- if (parse_groups(p_groups, &plaintext_user->groups, log_prefix)) {
+ if (parse_ints(p_groups, &plaintext_user->groups, log_prefix)) {
g_free(plaintext_user);
fclose(fd);
return 2;
@@ -508,7 +508,7 @@
char log_prefix[16];
snprintf(log_prefix, 15, "L.%d: ", ln);
// parsing groups
- if (parse_groups(p_value, &newacl->groups, log_prefix)) {
+ if (parse_ints(p_value, &newacl->groups, log_prefix)) {
fclose(fd);
return 2;
}
@@ -524,6 +524,14 @@
if (DEBUG_OR_NOT(DEBUG_LEVEL_VERBOSE_DEBUG,DEBUG_AREA_MAIN))
g_message("L.%d: Read proto = %d", ln, newacl->proto);
#endif
+ } else if (!strcasecmp("type", p_key)) { // Type (icmp)
+ char log_prefix[16];
+ snprintf(log_prefix, 15, "L.%d: ", ln);
+ // parse type values
+ if (parse_ints(p_value, &newacl->types, log_prefix)) {
+ fclose(fd);
+ return 2;
+ }
} else if (!strcasecmp("srcip", p_key)) { // SrcIP
char log_prefix[16];
snprintf(log_prefix, 15, "L.%d: ", ln);
@@ -1001,11 +1009,17 @@
// ICMP?
if (netdata->protocol == IPPROTO_ICMP) {
- // TODO Check ICMP
- g_message("[plaintext] ICMP code not yet supported! :-(\n");
- g_message("[plaintext] faking ICMP support");
if (p_acl->proto == IPPROTO_ICMP){
- g_message("[plaintext] ICMP acls");
+ int found = 0;
+ GSList *sl_type = p_acl->types;
+ for ( ; sl_type ; sl_type = g_slist_next(sl_type)) {
+ if (*((int*)sl_type->data) == netdata->type) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found)
+ continue;
}
} else {
// Following is only for TCP / UDP (ports stuff...)