![]() ![]() | ![]() |
1.1.1.2 ! misho 1: /* $Id: ipfwaux.h,v 1.3 2011/02/20 23:43:41 nanard Exp $ */
1.1 misho 2: /*
3: * MiniUPnP project
4: * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
5: * (c) 2009 Jardel Weyrich
6: * This software is subject to the conditions detailed
7: * in the LICENCE file provided within the distribution
8: */
9: #ifndef __IPFWAUX_H__
10: #define __IPFWAUX_H__
11:
12: #include <stdio.h>
13: #include <stdlib.h>
14: #include <netinet/in.h>
15: #include <netinet/ip_fw.h>
16:
17: #define IP_FW_BASE (IP_FW_ADD - 5)
18: #define IP_FW_INIT (IP_FW_BASE + 1)
19: #define IP_FW_TERM (IP_FW_BASE + 2)
20:
21: static int ipfw_exec(int optname, void * optval, uintptr_t optlen) {
22: static int sock = -1;
23: int result;
24:
25: switch (optname) {
26: case IP_FW_INIT:
27: if (sock == -1)
28: sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
29: if (sock < 0) {
30: syslog(LOG_ERR, "socket(SOCK_RAW): %m");
31: return -1;
32: }
33: break;
34: case IP_FW_TERM:
35: if (sock != -1)
36: close(sock);
37: sock = -1;
38: break;
39: case IP_FW_ADD:
40: case IP_FW_DEL:
41: result = setsockopt(sock, IPPROTO_IP, optname, optval, optlen);
42: if (result == -1) {
43: syslog(LOG_ERR, "setsockopt(): %m");
44: return -1;
45: }
46: break;
47: case IP_FW_GET:
48: result = getsockopt(sock, IPPROTO_IP, optname, optval, (socklen_t *)optlen);
49: if (result == -1) {
50: syslog(LOG_ERR, "getsockopt(): %m");
51: return -1;
52: }
53: break;
54: default:
55: syslog(LOG_ERR, "unhandled option");
56: return -1;
57: }
58:
59: return 0;
60: }
61:
62: static void ipfw_free_ruleset(struct ip_fw ** rules) {
63: if (rules == NULL || *rules == NULL)
64: return;
65: free(*rules);
66: *rules = NULL;
67: }
68:
69: static int ipfw_fetch_ruleset(struct ip_fw ** rules, int * total_fetched, int count) {
70: int fetched;
71: socklen_t size;
72:
73: if (rules == NULL || *total_fetched < 0 || count < 1)
74: return -1;
75:
76: size = sizeof(struct ip_fw) * (*total_fetched + count);
77: *rules = (struct ip_fw *)realloc(*rules, size);
78: if (*rules == NULL) {
79: syslog(LOG_ERR, "realloc(): %m");
80: return -1;
81: }
82:
83: (*rules)->version = IP_FW_CURRENT_API_VERSION;
84: if (ipfw_exec(IP_FW_GET, *rules, (uintptr_t)&size) < 0)
85: return -1;
86: fetched = *total_fetched;
87: *total_fetched = size / sizeof(struct ip_fw);
88:
89: return *total_fetched - fetched;
90: }
91:
92: static int ipfw_validate_protocol(int value) {
93: switch (value) {
94: case IPPROTO_TCP:
95: case IPPROTO_UDP:
96: break;
97: default:
98: syslog(LOG_ERR, "invalid protocol");
99: return -1;
100: }
101: return 0;
102: }
103:
104: static int ipfw_validate_ifname(const char * const value) {
105: int len = strlen(value);
106: if (len < 2 || len > FW_IFNLEN) {
107: syslog(LOG_ERR, "invalid interface name");
108: return -1;
109: }
110: return 0;
111: }
112:
113: #endif