1: /*
2: * MiniUPnP project
3: * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
4: * (c) 2009 Jardel Weyrich
5: * This software is subject to the conditions detailed
6: * in the LICENCE file provided within the distribution
7: */
8: #ifndef __IPFWAUX_H__
9: #define __IPFWAUX_H__
10:
11: #include <stdio.h>
12: #include <stdlib.h>
13: #include <netinet/in.h>
14: #include <netinet/ip_fw.h>
15:
16: #define IP_FW_BASE (IP_FW_ADD - 5)
17: #define IP_FW_INIT (IP_FW_BASE + 1)
18: #define IP_FW_TERM (IP_FW_BASE + 2)
19:
20: static int ipfw_exec(int optname, void * optval, uintptr_t optlen) {
21: static int sock = -1;
22: int result;
23:
24: switch (optname) {
25: case IP_FW_INIT:
26: if (sock == -1)
27: sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
28: if (sock < 0) {
29: syslog(LOG_ERR, "socket(SOCK_RAW): %m");
30: return -1;
31: }
32: break;
33: case IP_FW_TERM:
34: if (sock != -1)
35: close(sock);
36: sock = -1;
37: break;
38: case IP_FW_ADD:
39: case IP_FW_DEL:
40: result = setsockopt(sock, IPPROTO_IP, optname, optval, optlen);
41: if (result == -1) {
42: syslog(LOG_ERR, "setsockopt(): %m");
43: return -1;
44: }
45: break;
46: case IP_FW_GET:
47: result = getsockopt(sock, IPPROTO_IP, optname, optval, (socklen_t *)optlen);
48: if (result == -1) {
49: syslog(LOG_ERR, "getsockopt(): %m");
50: return -1;
51: }
52: break;
53: default:
54: syslog(LOG_ERR, "unhandled option");
55: return -1;
56: }
57:
58: return 0;
59: }
60:
61: static void ipfw_free_ruleset(struct ip_fw ** rules) {
62: if (rules == NULL || *rules == NULL)
63: return;
64: free(*rules);
65: *rules = NULL;
66: }
67:
68: static int ipfw_fetch_ruleset(struct ip_fw ** rules, int * total_fetched, int count) {
69: int fetched;
70: socklen_t size;
71:
72: if (rules == NULL || *total_fetched < 0 || count < 1)
73: return -1;
74:
75: size = sizeof(struct ip_fw) * (*total_fetched + count);
76: *rules = (struct ip_fw *)realloc(*rules, size);
77: if (*rules == NULL) {
78: syslog(LOG_ERR, "realloc(): %m");
79: return -1;
80: }
81:
82: (*rules)->version = IP_FW_CURRENT_API_VERSION;
83: if (ipfw_exec(IP_FW_GET, *rules, (uintptr_t)&size) < 0)
84: return -1;
85: fetched = *total_fetched;
86: *total_fetched = size / sizeof(struct ip_fw);
87:
88: return *total_fetched - fetched;
89: }
90:
91: static int ipfw_validate_protocol(int value) {
92: switch (value) {
93: case IPPROTO_TCP:
94: case IPPROTO_UDP:
95: break;
96: default:
97: syslog(LOG_ERR, "invalid protocol");
98: return -1;
99: }
100: return 0;
101: }
102:
103: static int ipfw_validate_ifname(const char * const value) {
104: int len = strlen(value);
105: if (len < 2 || len > FW_IFNLEN) {
106: syslog(LOG_ERR, "invalid interface name");
107: return -1;
108: }
109: return 0;
110: }
111:
112: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>