Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/blacklist/bin Handle interfaces in configuratio...
details: https://anonhg.NetBSD.org/src/rev/af614cc9ecdc
branches: trunk
changeset: 335833:af614cc9ecdc
user: christos <christos%NetBSD.org@localhost>
date: Sun Jan 25 20:59:39 2015 +0000
description:
Handle interfaces in configuration files, requested by kardel@
diffstat:
external/bsd/blacklist/bin/blacklistd.8 | 4 +-
external/bsd/blacklist/bin/blacklistd.c | 30 +++++-
external/bsd/blacklist/bin/conf.c | 156 ++++++++++++++++++++++++++-----
external/bsd/blacklist/bin/internal.c | 5 +-
external/bsd/blacklist/bin/internal.h | 3 +-
5 files changed, 165 insertions(+), 33 deletions(-)
diffs (truncated from 378 to 300 lines):
diff -r 80cc13d43b7f -r af614cc9ecdc external/bsd/blacklist/bin/blacklistd.8
--- a/external/bsd/blacklist/bin/blacklistd.8 Sun Jan 25 20:50:30 2015 +0000
+++ b/external/bsd/blacklist/bin/blacklistd.8 Sun Jan 25 20:59:39 2015 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: blacklistd.8,v 1.5 2015/01/24 18:34:05 christos Exp $
+.\" $NetBSD: blacklistd.8,v 1.6 2015/01/25 20:59:39 christos Exp $
.\"
.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -130,7 +130,7 @@
for all fields.
The fields of the configuration file are as follows:
.Bd -literal -offset indent
-[address:]service
+[address|interface:]service
socket-type
protocol
user
diff -r 80cc13d43b7f -r af614cc9ecdc external/bsd/blacklist/bin/blacklistd.c
--- a/external/bsd/blacklist/bin/blacklistd.c Sun Jan 25 20:50:30 2015 +0000
+++ b/external/bsd/blacklist/bin/blacklistd.c Sun Jan 25 20:59:39 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.28 2015/01/24 07:46:20 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.29 2015/01/25 20:59:39 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistd.c,v 1.28 2015/01/24 07:46:20 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.29 2015/01/25 20:59:39 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -58,6 +58,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <time.h>
+#include <ifaddrs.h>
#include <netinet/in.h>
#include "bl.h"
@@ -101,7 +102,8 @@
static __dead void
usage(int c)
{
- warnx("Unknown option `%c'", (char)c);
+ if (c)
+ warnx("Unknown option `%c'", (char)c);
fprintf(stderr, "Usage: %s [-vdf] [-c <config>] [-r <rulename>] "
"[-P <sockpathsfile>] [-C <controlprog>] [-D <dbfile>] "
"[-t <timeout>]\n", getprogname());
@@ -249,6 +251,21 @@
}
static void
+update_interfaces(void)
+{
+ struct ifaddrs *oifas, *nifas;
+
+ if (getifaddrs(&nifas) == -1)
+ return;
+
+ oifas = ifas;
+ ifas = nifas;
+
+ if (oifas)
+ freeifaddrs(oifas);
+}
+
+static void
update(void)
{
struct timespec ts;
@@ -359,6 +376,10 @@
}
}
+ argc -= optind;
+ if (argc)
+ usage(0);
+
signal(SIGHUP, sighup);
signal(SIGINT, sigdone);
signal(SIGQUIT, sigdone);
@@ -377,6 +398,7 @@
tout = 15000;
}
+ update_interfaces();
conf_parse(configfile);
if (reset) {
for (size_t i = 0; i < nconf; i++)
@@ -436,6 +458,8 @@
}
if (t % 100 == 0)
state_sync(state);
+ if (t % 10000 == 0)
+ update_interfaces();
update();
}
state_close(state);
diff -r 80cc13d43b7f -r af614cc9ecdc external/bsd/blacklist/bin/conf.c
--- a/external/bsd/blacklist/bin/conf.c Sun Jan 25 20:50:30 2015 +0000
+++ b/external/bsd/blacklist/bin/conf.c Sun Jan 25 20:59:39 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.13 2015/01/22 16:19:53 christos Exp $ */
+/* $NetBSD: conf.c,v 1.14 2015/01/25 20:59:39 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: conf.c,v 1.13 2015/01/22 16:19:53 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.14 2015/01/25 20:59:39 christos Exp $");
#include <stdio.h>
#include <string.h>
@@ -48,14 +48,29 @@
#endif
#include <stdlib.h>
#include <limits.h>
+#include <ifaddrs.h>
#include <arpa/inet.h>
#include <netinet/in.h>
+#include <net/if.h>
#include <sys/socket.h>
#include "bl.h"
#include "internal.h"
#include "conf.h"
+
+struct sockaddr_if {
+ uint8_t sif_len;
+ sa_family_t sif_family;
+ in_port_t sif_port;
+ char sif_name[16];
+};
+
+#define SIF_NAME(a) \
+ ((const struct sockaddr_if *)(const void *)(a))->sif_name
+
+static int conf_is_interface(const char *);
+
static void
advance(char **p)
{
@@ -164,34 +179,45 @@
struct conf *c = v;
if ((d = strstr(p, "]:")) != NULL) {
- struct sockaddr_in6 *s6 = (void *)&c->c_ss;
+ struct sockaddr_in6 *sin6 = (void *)&c->c_ss;
*d++ = '\0';
p++;
if (debug)
(*lfun)(LOG_DEBUG, "%s: host6 %s", __func__, p);
if (strcmp(p, "*") != 0) {
- if (inet_pton(AF_INET6, p, &s6->sin6_addr) == -1)
+ if (inet_pton(AF_INET6, p, &sin6->sin6_addr) == -1)
goto out;
- s6->sin6_family = AF_INET6;
+ sin6->sin6_family = AF_INET6;
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
- s6->sin6_len = sizeof(*s6);
+ sin6->sin6_len = sizeof(*sin6);
#endif
- port = &s6->sin6_port;
+ port = &sin6->sin6_port;
}
p = ++d;
} else if ((d = strrchr(p, ':')) != NULL) {
- struct sockaddr_in *s = (void *)&c->c_ss;
+ struct sockaddr_in *sin = (void *)&c->c_ss;
+ struct sockaddr_if *sif = (void *)&c->c_ss;
*d++ = '\0';
if (debug)
(*lfun)(LOG_DEBUG, "%s: host4 %s", __func__, p);
if (strcmp(p, "*") != 0) {
- if (inet_pton(AF_INET, p, &s->sin_addr) == -1)
- goto out;
- s->sin_family = AF_INET;
+ if (conf_is_interface(p)) {
+ sif->sif_family = AF_MAX;
+ strlcpy(sif->sif_name, p,
+ sizeof(sif->sif_name));
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
- s->sin_len = sizeof(*s);
+ sif->sif_len = sizeof(*sif);
#endif
- port = &s->sin_port;
+ port = &sif->sif_port;
+ } else if (inet_pton(AF_INET, p, &sin->sin_addr) != -1)
+ {
+ sin->sin_family = AF_INET;
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ sin->sin_len = sizeof(*sin);
+#endif
+ port = &sif->sif_port;
+ } else
+ goto out;
}
p = d;
}
@@ -332,15 +358,85 @@
}
static int
+conf_is_interface(const char *name)
+{
+ const struct ifaddrs *ifa;
+
+ for (ifa = ifas; ifas; ifa = ifa->ifa_next)
+ if (strcmp(ifa->ifa_name, name) == 0)
+ return 1;
+ return 0;
+}
+
+static int
+conf_addr_in_interface(const struct sockaddr_storage *s1,
+ const struct sockaddr_storage *s2)
+{
+ const char *name = SIF_NAME(s2);
+ const struct ifaddrs *ifa;
+ socklen_t slen;
+ const struct sockaddr_in *sin = (const void *)s1;
+ const struct sockaddr_in6 *sin6 = (const void *)s1;
+
+ for (ifa = ifas; ifa; ifa = ifa->ifa_next) {
+ if ((ifa->ifa_flags & IFF_UP) == 0)
+ continue;
+
+ if (strcmp(ifa->ifa_name, name) != 0)
+ continue;
+
+ if (s1->ss_family != ifa->ifa_addr->sa_family)
+ continue;
+
+ const void *v = ifa->ifa_addr;
+ const void *p1, *p2;
+ switch (s1->ss_family) {
+ case AF_INET:
+ p1 = &sin->sin_addr;
+ p2 = &((const struct sockaddr_in *)v)->sin_addr;
+ slen = sizeof(sin->sin_addr);
+ break;
+ case AF_INET6:
+ p1 = &sin6->sin6_addr;
+ p2 = &((const struct sockaddr_in6 *)v)->sin6_addr;
+ slen = sizeof(sin6->sin6_addr);
+ break;
+ default:
+ (*lfun)(LOG_ERR, "Bad family %u", s1->ss_family);
+ continue;
+ }
+ if (memcmp(p1, p2, slen) == 0)
+ return 1;
+ }
+ return 0;
+}
+
+static int
+conf_addr_eq(const struct sockaddr_storage *s1,
+ const struct sockaddr_storage *s2)
+{
+ switch (s2->ss_family) {
+ case 0:
+ return 1;
+ case AF_MAX:
+ return conf_addr_in_interface(s1, s2);
+ default:
+ if (memcmp(s1, s2, sizeof(*s2))) {
+ if (debug > 1)
+ (*lfun)(LOG_DEBUG, "%s: c_ss fail", __func__);
+ return 0;
+ }
+ return 1;
+ }
+}
+
+static int
conf_eq(const struct conf *c1, const struct conf *c2)
{
- if (c2->c_ss.ss_family != 0 &&
- memcmp(&c1->c_ss, &c2->c_ss, sizeof(c1->c_ss))) {
- if (debug > 1)
- (*lfun)(LOG_DEBUG, "%s: c_ss fail", __func__);
+
+ if (!conf_addr_eq(&c1->c_ss, &c2->c_ss))
return 0;
- }
-
+
#define CMP(a, b, f) \
if ((a)->f != (b)->f && (b)->f != -1) { \
Home |
Main Index |
Thread Index |
Old Index