blob: cebe21dc8cb948c4e65d3ccc060c402f306097d0 [file] [log] [blame] [raw]
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
/*
* deal with extra bits on end of the line
*/
int extras(cp, fr, linenum)
char ***cp;
struct frentry *fr;
int linenum;
{
u_short secmsk;
u_long opts;
int notopt;
opts = 0;
secmsk = 0;
notopt = 0;
(*cp)++;
if (!**cp)
return -1;
while (**cp) {
if (!strcasecmp(**cp, "not") || !strcasecmp(**cp, "no")) {
notopt = 1;
(*cp)++;
continue;
} else if (!strncasecmp(**cp, "ipopt", 5)) {
if (!notopt)
fr->fr_flx |= FI_OPTIONS;
fr->fr_mflx |= FI_OPTIONS;
goto nextopt;
} else if (!strcasecmp(**cp, "lowttl")) {
if (!notopt)
fr->fr_flx |= FI_LOWTTL;
fr->fr_mflx |= FI_LOWTTL;
goto nextopt;
} else if (!strcasecmp(**cp, "bad-src")) {
if (!notopt)
fr->fr_flx |= FI_BADSRC;
fr->fr_mflx |= FI_BADSRC;
goto nextopt;
} else if (!strncasecmp(**cp, "mbcast", 6)) {
if (!notopt)
fr->fr_flx |= FI_MBCAST;
fr->fr_mflx |= FI_MBCAST;
goto nextopt;
} else if (!strncasecmp(**cp, "nat", 3)) {
if (!notopt)
fr->fr_flx |= FI_NATED;
fr->fr_mflx |= FI_NATED;
goto nextopt;
} else if (!strncasecmp(**cp, "frag", 4)) {
if (!notopt)
fr->fr_flx |= FI_FRAG;
fr->fr_mflx |= FI_FRAG;
goto nextopt;
} else if (!strncasecmp(**cp, "opt", 3)) {
if (!*(*cp + 1)) {
fprintf(stderr, "%d: opt missing arguements\n",
linenum);
return -1;
}
(*cp)++;
if (!(opts = optname(cp, &secmsk, linenum)))
return -1;
if (notopt) {
if (!secmsk) {
fr->fr_optmask |= opts;
} else {
fr->fr_optmask |= (opts & ~0x0100);
fr->fr_secmask |= secmsk;
}
fr->fr_secbits &= ~secmsk;
fr->fr_optbits &= ~opts;
} else {
fr->fr_optmask |= opts;
fr->fr_secmask |= secmsk;
fr->fr_optbits |= opts;
fr->fr_secbits |= secmsk;
}
} else if (!strncasecmp(**cp, "short", 5)) {
if (fr->fr_tcpf) {
fprintf(stderr,
"%d: short cannot be used with TCP flags\n",
linenum);
return -1;
}
if (!notopt)
fr->fr_flx |= FI_SHORT;
fr->fr_mflx |= FI_SHORT;
goto nextopt;
} else
return -1;
nextopt:
notopt = 0;
opts = 0;
secmsk = 0;
(*cp)++;
}
return 0;
}