projects
/
l2tpns.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
2f5b811
)
oops
author
Brendan O'Dea
<bod@optus.net>
Mon, 29 Nov 2004 03:55:19 +0000
(
03:55
+0000)
committer
Brendan O'Dea
<bod@optus.net>
Mon, 29 Nov 2004 03:55:19 +0000
(
03:55
+0000)
cli.c
patch
|
blob
|
history
l2tpns.c
patch
|
blob
|
history
diff --git
a/cli.c
b/cli.c
index
836c0e9
..
cce382b
100644
(file)
--- a/
cli.c
+++ b/
cli.c
@@
-2,7
+2,7
@@
// vim: sw=8 ts=8
char const *cvs_name = "$Name: $";
// vim: sw=8 ts=8
char const *cvs_name = "$Name: $";
-char const *cvs_id_cli = "$Id: cli.c,v 1.3
4 2004-11-29 02:17:17
bodea Exp $";
+char const *cvs_id_cli = "$Id: cli.c,v 1.3
5 2004-11-29 03:55:19
bodea Exp $";
#include <stdio.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdarg.h>
@@
-3008,6
+3008,9
@@
static int cmd_show_access_list(struct cli_def *cli, char *command, char **argv,
return CLI_OK;
}
return CLI_OK;
}
+ if (i)
+ cli_print(cli, "");
+
cli_print(cli, "%s IP access list %s",
ip_filters[f].extended ? "Extended" : "Standard",
ip_filters[f].name);
cli_print(cli, "%s IP access list %s",
ip_filters[f].extended ? "Extended" : "Standard",
ip_filters[f].name);
diff --git
a/l2tpns.c
b/l2tpns.c
index
2c3f345
..
488287f
100644
(file)
--- a/
l2tpns.c
+++ b/
l2tpns.c
@@
-4,7
+4,7
@@
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.6
0 2004-11-29 02:17:17
bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.6
1 2004-11-29 03:55:21
bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
#include <arpa/inet.h>
#include <assert.h>
@@
-4418,18
+4418,17
@@
int ip_filter(u8 *buf, int len, u8 filter)
if (len < 20) // up to end of destination address
return 0;
if (len < 20) // up to end of destination address
return 0;
- if (
*buf >>
4) // IPv4
+ if (
(*buf >> 4) !=
4) // IPv4
return 0;
return 0;
-
- frag_offset = ntohs(*(u16 *) (buf + 0)) & 0x1fff;
+ frag_offset = ntohs(*(u16 *) (buf + 6)) & 0x1fff;
proto = buf[9];
src_ip = *(u32 *) (buf + 12);
dst_ip = *(u32 *) (buf + 16);
if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP))
{
proto = buf[9];
src_ip = *(u32 *) (buf + 12);
dst_ip = *(u32 *) (buf + 16);
if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP))
{
- int l =
buf[0] & 0xf;
+ int l =
(buf[0] & 0xf) * 4; // length of IP header
if (len < l + 4) // ports
return 0;
if (len < l + 4) // ports
return 0;
@@
-4437,16
+4436,16
@@
int ip_filter(u8 *buf, int len, u8 filter)
dst_port = ntohs(*(u16 *) (buf + l + 2));
if (proto == IPPROTO_TCP)
{
dst_port = ntohs(*(u16 *) (buf + l + 2));
if (proto == IPPROTO_TCP)
{
- if (len < l + 1
5
) // flags
+ if (len < l + 1
4
) // flags
return 0;
return 0;
- flags = buf[l + 1
4
] & 0x3f;
+ flags = buf[l + 1
3
] & 0x3f;
}
}
for (rule = ip_filters[filter].rules; rule->action; rule++)
{
}
}
for (rule = ip_filters[filter].rules; rule->action; rule++)
{
- if (
proto
&& proto != rule->proto)
+ if (
rule->proto != IPPROTO_IP
&& proto != rule->proto)
continue;
if (rule->src_wild != INADDR_BROADCAST &&
continue;
if (rule->src_wild != INADDR_BROADCAST &&