Changeset 1844

Timestamp:

04/26/07 19:42:36 (21 months ago)

Author:

aturner

Message:

change how check_ip_cidr and ip_in_cidr() return 1/0 not TCPR_DIR_*
which was just *ugly*! anyways, this fixes the issue where all TCPR_DIR_*
values were > 0 and hence always returned 'true' and caused us to rewrite all
IP addresses since it always matched.
refs #170 (need to commit big endian test case)

Location:

branches/3.0

Files:

• src/common/cidr.c (modified) (6 diffs)
• src/common/cidr.h (modified) (1 diff)
• src/common/xX.c (modified) (2 diffs)
• src/tcpprep.c (modified) (1 diff)
• test/test2.rewrite_pnat (modified) (previous)

branches/3.0/src/common/cidr.c

@@ -375 +375 @@
 }
 
-/*
+/* 
  * checks to see if the ip address is in the cidr
- * returns TCPR_DIR_C2S for true, TCPR_DIR_S2C for false
- */
-
-tcpr_dir_t
+ * returns 1 for true, 0 for false
+ */
+int
 ip_in_cidr(const tcpr_cidr_t * mycidr, const unsigned long ip)
 {
     unsigned long ipaddr = 0, network = 0, mask = 0;
-    int ret;
+    int ret = 0;
     
     /* always return 1 if 0.0.0.0/0 */
     if (mycidr->masklen == 0 && mycidr->network == 0)
-        return TCPR_DIR_C2S;
+        return 1;
 
     mask = ~0;                  /* turn on all the bits */
@@ -407 +406 @@
             get_addr2name4(htonl(network), RESOLVE), mycidr->masklen);
 
-        ret = TCPR_DIR_C2S;
+        ret = 1;
     }
     else {
@@ -415 +414 @@
             get_addr2name4(htonl(network), RESOLVE), mycidr->masklen);
 
-        ret = TCPR_DIR_S2C;
+        ret = 0;
     }
     return ret;
-}
+
+}
+
 
 /*
  * iterates over cidrdata to find if a given ip matches
- * returns TCPR_DIR_C2S for true, TCPR_DIR_S2C for false
- */
-
-tcpr_dir_t
+ * returns 1 for true, 0 for false
+ */
+
+int
 check_ip_cidr(tcpr_cidr_t * cidrdata, const unsigned long ip)
 {
@@ -434 +435 @@
      */
     if (cidrdata == NULL) {
-        return TCPR_DIR_S2C;
+        return 1;
     }
 
@@ -443 +444 @@
 
         /* if match, return 1 */
-        if (ip_in_cidr(mycidr, ip) == TCPR_DIR_C2S) {
+        if (ip_in_cidr(mycidr, ip)) {
             dbgx(3, "Found %s in cidr", get_addr2name4(ip, RESOLVE));
-            return TCPR_DIR_C2S;
+            return 1;
         }
         /* check for next record */
@@ -458 +459 @@
     /* if we get here, no match */
     dbgx(3, "Didn't find %s in cidr", get_addr2name4(ip, RESOLVE));
-    return TCPR_DIR_S2C;
+    return 0;
 }
 

branches/3.0/src/common/cidr.h

@@ -51 +51 @@
 typedef struct tcpr_cidrmap_s tcpr_cidrmap_t;
 
-tcpr_dir_t ip_in_cidr(const tcpr_cidr_t *, const unsigned long);
-tcpr_dir_t check_ip_cidr(tcpr_cidr_t *, const unsigned long);
+int ip_in_cidr(const tcpr_cidr_t *, const unsigned long);
+int check_ip_cidr(tcpr_cidr_t *, const unsigned long);
 int parse_cidr(tcpr_cidr_t **, char *, char *delim);
 int parse_cidr_map(tcpr_cidrmap_t **, const char *);

branches/3.0/src/common/xX.c

@@ -134 +134 @@
              * and NOT true/false or 1/0, etc!
              */
-            return check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) == TCPR_DIR_C2S ? DONT_SEND : SEND;
+            return check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) ? DONT_SEND : SEND;
             break;
         case xXDest:
-            return check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr) == TCPR_DIR_C2S ? DONT_SEND : SEND;
+            return check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr)  ? DONT_SEND : SEND;
         case xXBoth:
-            return (check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr) == TCPR_DIR_C2S &&
-                    check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) == TCPR_DIR_C2S) ? DONT_SEND : SEND;
+            return (check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr)  &&
+                    check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) ) ? DONT_SEND : SEND;
             break;
         case xXEither:
-            return (check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr) == TCPR_DIR_C2S ||
-                    check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) == TCPR_DIR_C2S) ? DONT_SEND : SEND;
+            return (check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr)  ||
+                    check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) ) ? DONT_SEND : SEND;
             break;
         }
@@ -152 +152 @@
         switch (mode) {
         case xXSource:
-            return check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) == TCPR_DIR_C2S ? SEND : DONT_SEND;
+            return check_ip_cidr(cidr, ip_hdr->ip_src.s_addr)  ? SEND : DONT_SEND;
             break;
         case xXDest:
-            return check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr) == TCPR_DIR_C2S ? SEND : DONT_SEND;
+            return check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr)  ? SEND : DONT_SEND;
             break;
         case xXBoth:
-            return (check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr) == TCPR_DIR_C2S &&
-                    check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) == TCPR_DIR_C2S) ? SEND : DONT_SEND;
+            return (check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr)  &&
+                    check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) ) ? SEND : DONT_SEND;
             break;
         case xXEither:
-            return (check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr) == TCPR_DIR_C2S ||
-                    check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) == TCPR_DIR_C2S) ? SEND : DONT_SEND;
+            return (check_ip_cidr(cidr, ip_hdr->ip_dst.s_addr)  ||
+                    check_ip_cidr(cidr, ip_hdr->ip_src.s_addr) ) ? SEND : DONT_SEND;
             break;
         }

branches/3.0/src/tcpprep.c

@@ -365 +365 @@
             dbg(2, "processing cidr mode...");
             cache_result = add_cache(&options.cachedata, SEND,
-                      check_ip_cidr(options.cidrdata, ip_hdr->ip_src.s_addr));
+                      check_ip_cidr(options.cidrdata, ip_hdr->ip_src.s_addr) ? TCPR_DIR_C2S : TCPR_DIR_S2C );
             break;
         case MAC_MODE: