1 /*- 2 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org> 3 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp> 4 * Internet Initiative Japan, Inc (IIJ) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD$ 29 */ 30 31 #include <sys/param.h> 32 #include <netinet/in.h> 33 #include <arpa/inet.h> 34 #include <netdb.h> 35 #include <netinet/in_systm.h> 36 #include <netinet/ip.h> 37 #include <sys/un.h> 38 39 #include <stdio.h> 40 #include <stdlib.h> 41 #include <strings.h> 42 #include <termios.h> 43 44 #include "layer.h" 45 #include "defs.h" 46 #include "command.h" 47 #include "mbuf.h" 48 #include "log.h" 49 #include "iplist.h" 50 #include "timer.h" 51 #include "throughput.h" 52 #include "lqr.h" 53 #include "hdlc.h" 54 #include "fsm.h" 55 #include "lcp.h" 56 #include "ccp.h" 57 #include "link.h" 58 #include "slcompress.h" 59 #include "ipcp.h" 60 #include "filter.h" 61 #include "descriptor.h" 62 #include "prompt.h" 63 #include "mp.h" 64 #ifndef NORADIUS 65 #include "radius.h" 66 #endif 67 #include "bundle.h" 68 69 static int filter_Nam2Proto(int, char const *const *); 70 static int filter_Nam2Op(const char *); 71 72 static const u_int32_t netmasks[33] = { 73 0x00000000, 74 0x80000000, 0xC0000000, 0xE0000000, 0xF0000000, 75 0xF8000000, 0xFC000000, 0xFE000000, 0xFF000000, 76 0xFF800000, 0xFFC00000, 0xFFE00000, 0xFFF00000, 77 0xFFF80000, 0xFFFC0000, 0xFFFE0000, 0xFFFF0000, 78 0xFFFF8000, 0xFFFFC000, 0xFFFFE000, 0xFFFFF000, 79 0xFFFFF800, 0xFFFFFC00, 0xFFFFFE00, 0xFFFFFF00, 80 0xFFFFFF80, 0xFFFFFFC0, 0xFFFFFFE0, 0xFFFFFFF0, 81 0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF, 82 }; 83 84 struct in_addr 85 bits2mask(int bits) 86 { 87 struct in_addr result; 88 89 result.s_addr = htonl(netmasks[bits]); 90 return result; 91 } 92 93 int 94 ParseAddr(struct ipcp *ipcp, const char *data, 95 struct in_addr *paddr, struct in_addr *pmask, int *pwidth) 96 { 97 int bits, len; 98 char *wp; 99 const char *cp; 100 101 if (pmask) 102 pmask->s_addr = INADDR_BROADCAST; /* Assume 255.255.255.255 as default */ 103 104 cp = pmask || pwidth ? strchr(data, '/') : NULL; 105 len = cp ? cp - data : strlen(data); 106 107 if (ipcp && strncasecmp(data, "HISADDR", len) == 0) 108 *paddr = ipcp->peer_ip; 109 else if (ipcp && strncasecmp(data, "MYADDR", len) == 0) 110 *paddr = ipcp->my_ip; 111 else if (ipcp && strncasecmp(data, "DNS0", len) == 0) 112 *paddr = ipcp->ns.dns[0]; 113 else if (ipcp && strncasecmp(data, "DNS1", len) == 0) 114 *paddr = ipcp->ns.dns[1]; 115 else { 116 char *s; 117 118 s = (char *)alloca(len + 1); 119 strncpy(s, data, len); 120 s[len] = '\0'; 121 *paddr = GetIpAddr(s); 122 if (paddr->s_addr == INADDR_NONE) { 123 log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s); 124 return 0; 125 } 126 } 127 if (cp && *++cp) { 128 bits = strtol(cp, &wp, 0); 129 if (cp == wp || bits < 0 || bits > 32) { 130 log_Printf(LogWARN, "ParseAddr: bad mask width.\n"); 131 return 0; 132 } 133 } else if (paddr->s_addr == INADDR_ANY) 134 /* An IP of 0.0.0.0 without a width is anything */ 135 bits = 0; 136 else 137 /* If a valid IP is given without a width, assume 32 bits */ 138 bits = 32; 139 140 if (pwidth) 141 *pwidth = bits; 142 143 if (pmask) { 144 if (paddr->s_addr == INADDR_ANY) 145 pmask->s_addr = INADDR_ANY; 146 else 147 *pmask = bits2mask(bits); 148 } 149 150 return 1; 151 } 152 153 static int 154 ParsePort(const char *service, int proto) 155 { 156 const char *protocol_name; 157 char *cp; 158 struct servent *servent; 159 int port; 160 161 switch (proto) { 162 case P_IPIP: 163 protocol_name = "ipip"; 164 break; 165 case P_UDP: 166 protocol_name = "udp"; 167 break; 168 case P_TCP: 169 protocol_name = "tcp"; 170 break; 171 default: 172 protocol_name = 0; 173 } 174 175 servent = getservbyname(service, protocol_name); 176 if (servent != 0) 177 return ntohs(servent->s_port); 178 179 port = strtol(service, &cp, 0); 180 if (cp == service) { 181 log_Printf(LogWARN, "ParsePort: %s is not a port name or number.\n", 182 service); 183 return 0; 184 } 185 return port; 186 } 187 188 /* 189 * ICMP Syntax: src eq icmp_message_type 190 */ 191 static int 192 ParseIcmp(int argc, char const *const *argv, struct filterent *tgt) 193 { 194 int type; 195 char *cp; 196 197 switch (argc) { 198 case 0: 199 /* permit/deny all ICMP types */ 200 tgt->f_srcop = OP_NONE; 201 break; 202 203 case 3: 204 if (!strcmp(*argv, "src") && !strcmp(argv[1], "eq")) { 205 type = strtol(argv[2], &cp, 0); 206 if (cp == argv[2]) { 207 log_Printf(LogWARN, "ParseIcmp: type is expected.\n"); 208 return 0; 209 } 210 tgt->f_srcop = OP_EQ; 211 tgt->f_srcport = type; 212 } 213 break; 214 215 default: 216 log_Printf(LogWARN, "ParseIcmp: bad icmp syntax.\n"); 217 return 0; 218 } 219 return 1; 220 } 221 222 /* 223 * UDP Syntax: [src op port] [dst op port] 224 */ 225 static int 226 ParseUdpOrTcp(int argc, char const *const *argv, int proto, 227 struct filterent *tgt) 228 { 229 tgt->f_srcop = tgt->f_dstop = OP_NONE; 230 tgt->f_estab = tgt->f_syn = tgt->f_finrst = 0; 231 232 if (argc >= 3 && !strcmp(*argv, "src")) { 233 tgt->f_srcop = filter_Nam2Op(argv[1]); 234 if (tgt->f_srcop == OP_NONE) { 235 log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n"); 236 return 0; 237 } 238 tgt->f_srcport = ParsePort(argv[2], proto); 239 if (tgt->f_srcport == 0) 240 return 0; 241 argc -= 3; 242 argv += 3; 243 } 244 245 if (argc >= 3 && !strcmp(argv[0], "dst")) { 246 tgt->f_dstop = filter_Nam2Op(argv[1]); 247 if (tgt->f_dstop == OP_NONE) { 248 log_Printf(LogWARN, "ParseUdpOrTcp: bad operation\n"); 249 return 0; 250 } 251 tgt->f_dstport = ParsePort(argv[2], proto); 252 if (tgt->f_dstport == 0) 253 return 0; 254 argc -= 3; 255 argv += 3; 256 } 257 258 if (proto == P_TCP) { 259 for (; argc > 0; argc--, argv++) 260 if (!strcmp(*argv, "estab")) 261 tgt->f_estab = 1; 262 else if (!strcmp(*argv, "syn")) 263 tgt->f_syn = 1; 264 else if (!strcmp(*argv, "finrst")) 265 tgt->f_finrst = 1; 266 else 267 break; 268 } 269 270 if (argc > 0) { 271 log_Printf(LogWARN, "ParseUdpOrTcp: bad src/dst port syntax: %s\n", *argv); 272 return 0; 273 } 274 275 return 1; 276 } 277 278 static int 279 ParseIgmp(int argc, char const * const *argv, struct filterent *tgt) 280 { 281 /* 282 * Filter currently is a catch-all. Requests are either permitted or 283 * dropped. 284 */ 285 if (argc != 0) { 286 log_Printf(LogWARN, "ParseIgmp: Too many parameters\n"); 287 return 0; 288 } else 289 tgt->f_srcop = OP_NONE; 290 291 return 1; 292 } 293 294 #ifdef P_GRE 295 static int 296 ParseGRE(int argc, char const * const *argv, struct filterent *tgt) 297 { 298 /* 299 * Filter currently is a catch-all. Requests are either permitted or 300 * dropped. 301 */ 302 if (argc != 0) { 303 log_Printf(LogWARN, "ParseGRE: Too many parameters\n"); 304 return 0; 305 } else 306 tgt->f_srcop = OP_NONE; 307 308 return 1; 309 } 310 #endif 311 312 #ifdef P_OSPF 313 static int 314 ParseOspf(int argc, char const * const *argv, struct filterent *tgt) 315 { 316 /* 317 * Filter currently is a catch-all. Requests are either permitted or 318 * dropped. 319 */ 320 if (argc != 0) { 321 log_Printf(LogWARN, "ParseOspf: Too many parameters\n"); 322 return 0; 323 } else 324 tgt->f_srcop = OP_NONE; 325 326 return 1; 327 } 328 #endif 329 330 static unsigned 331 addrtype(const char *addr) 332 { 333 if (!strncasecmp(addr, "MYADDR", 6) && (addr[6] == '\0' || addr[6] == '/')) 334 return T_MYADDR; 335 if (!strncasecmp(addr, "HISADDR", 7) && (addr[7] == '\0' || addr[7] == '/')) 336 return T_HISADDR; 337 if (!strncasecmp(addr, "DNS0", 4) && (addr[4] == '\0' || addr[4] == '/')) 338 return T_DNS0; 339 if (!strncasecmp(addr, "DNS1", 4) && (addr[4] == '\0' || addr[4] == '/')) 340 return T_DNS1; 341 342 return T_ADDR; 343 } 344 345 static const char * 346 addrstr(struct in_addr addr, unsigned type) 347 { 348 switch (type) { 349 case T_MYADDR: 350 return "MYADDR"; 351 case T_HISADDR: 352 return "HISADDR"; 353 case T_DNS0: 354 return "DNS0"; 355 case T_DNS1: 356 return "DNS1"; 357 } 358 return inet_ntoa(addr); 359 } 360 361 static const char * 362 maskstr(int bits) 363 { 364 static char str[4]; 365 366 if (bits == 32) 367 *str = '\0'; 368 else 369 snprintf(str, sizeof str, "/%d", bits); 370 371 return str; 372 } 373 374 static int 375 Parse(struct ipcp *ipcp, int argc, char const *const *argv, 376 struct filterent *ofp) 377 { 378 int action, proto; 379 int val, ruleno; 380 char *wp; 381 struct filterent filterdata; 382 383 ruleno = strtol(*argv, &wp, 0); 384 if (*argv == wp || ruleno >= MAXFILTERS) { 385 log_Printf(LogWARN, "Parse: invalid filter number.\n"); 386 return 0; 387 } 388 if (ruleno < 0) { 389 for (ruleno = 0; ruleno < MAXFILTERS; ruleno++) { 390 ofp->f_action = A_NONE; 391 ofp++; 392 } 393 log_Printf(LogWARN, "Parse: filter cleared.\n"); 394 return 1; 395 } 396 ofp += ruleno; 397 398 if (--argc == 0) { 399 log_Printf(LogWARN, "Parse: missing action.\n"); 400 return 0; 401 } 402 argv++; 403 404 proto = P_NONE; 405 memset(&filterdata, '\0', sizeof filterdata); 406 407 val = strtol(*argv, &wp, 0); 408 if (!*wp && val >= 0 && val < MAXFILTERS) { 409 if (val <= ruleno) { 410 log_Printf(LogWARN, "Parse: Can only jump forward from rule %d\n", 411 ruleno); 412 return 0; 413 } 414 action = val; 415 } else if (!strcmp(*argv, "permit")) { 416 action = A_PERMIT; 417 } else if (!strcmp(*argv, "deny")) { 418 action = A_DENY; 419 } else if (!strcmp(*argv, "clear")) { 420 ofp->f_action = A_NONE; 421 return 1; 422 } else { 423 log_Printf(LogWARN, "Parse: bad action: %s\n", *argv); 424 return 0; 425 } 426 filterdata.f_action = action; 427 428 argc--; 429 argv++; 430 431 if (argc && argv[0][0] == '!' && !argv[0][1]) { 432 filterdata.f_invert = 1; 433 argc--; 434 argv++; 435 } 436 437 proto = filter_Nam2Proto(argc, argv); 438 if (proto == P_NONE) { 439 if (!argc) 440 log_Printf(LogWARN, "Parse: address/mask is expected.\n"); 441 else if (ParseAddr(ipcp, *argv, &filterdata.f_src.ipaddr, 442 &filterdata.f_src.mask, &filterdata.f_src.width)) { 443 filterdata.f_srctype = addrtype(*argv); 444 argc--; 445 argv++; 446 proto = filter_Nam2Proto(argc, argv); 447 if (!argc) 448 log_Printf(LogWARN, "Parse: address/mask is expected.\n"); 449 else if (proto == P_NONE) { 450 if (ParseAddr(ipcp, *argv, &filterdata.f_dst.ipaddr, 451 &filterdata.f_dst.mask, &filterdata.f_dst.width)) { 452 filterdata.f_dsttype = addrtype(*argv); 453 argc--; 454 argv++; 455 } else 456 filterdata.f_dsttype = T_ADDR; 457 if (argc) { 458 proto = filter_Nam2Proto(argc, argv); 459 if (proto == P_NONE) { 460 log_Printf(LogWARN, "Parse: %s: Invalid protocol\n", *argv); 461 return 0; 462 } else { 463 argc--; 464 argv++; 465 } 466 } 467 } else { 468 argc--; 469 argv++; 470 } 471 } else { 472 log_Printf(LogWARN, "Parse: Address/protocol expected.\n"); 473 return 0; 474 } 475 } else { 476 argc--; 477 argv++; 478 } 479 480 if (argc >= 2 && strcmp(argv[argc - 2], "timeout") == 0) { 481 filterdata.timeout = strtoul(argv[argc - 1], NULL, 10); 482 argc -= 2; 483 } 484 485 val = 1; 486 filterdata.f_proto = proto; 487 488 switch (proto) { 489 case P_TCP: 490 val = ParseUdpOrTcp(argc, argv, P_TCP, &filterdata); 491 break; 492 case P_UDP: 493 val = ParseUdpOrTcp(argc, argv, P_UDP, &filterdata); 494 break; 495 case P_IPIP: 496 val = ParseUdpOrTcp(argc, argv, P_IPIP, &filterdata); 497 break; 498 case P_ICMP: 499 val = ParseIcmp(argc, argv, &filterdata); 500 break; 501 case P_IGMP: 502 val = ParseIgmp(argc, argv, &filterdata); 503 break; 504 #ifdef P_OSPF 505 case P_OSPF: 506 val = ParseOspf(argc, argv, &filterdata); 507 break; 508 #endif 509 #ifdef P_GRE 510 case P_GRE: 511 val = ParseGRE(argc, argv, &filterdata); 512 break; 513 #endif 514 } 515 516 log_Printf(LogDEBUG, "Parse: Src: %s\n", inet_ntoa(filterdata.f_src.ipaddr)); 517 log_Printf(LogDEBUG, "Parse: Src mask: %s\n", 518 inet_ntoa(filterdata.f_src.mask)); 519 log_Printf(LogDEBUG, "Parse: Dst: %s\n", inet_ntoa(filterdata.f_dst.ipaddr)); 520 log_Printf(LogDEBUG, "Parse: Dst mask: %s\n", 521 inet_ntoa(filterdata.f_dst.mask)); 522 log_Printf(LogDEBUG, "Parse: Proto = %d\n", proto); 523 524 log_Printf(LogDEBUG, "Parse: src: %s (%d)\n", 525 filter_Op2Nam(filterdata.f_srcop), filterdata.f_srcport); 526 log_Printf(LogDEBUG, "Parse: dst: %s (%d)\n", 527 filter_Op2Nam(filterdata.f_dstop), filterdata.f_dstport); 528 log_Printf(LogDEBUG, "Parse: estab: %u\n", filterdata.f_estab); 529 log_Printf(LogDEBUG, "Parse: syn: %u\n", filterdata.f_syn); 530 log_Printf(LogDEBUG, "Parse: finrst: %u\n", filterdata.f_finrst); 531 532 if (val) 533 *ofp = filterdata; 534 535 return val; 536 } 537 538 int 539 filter_Set(struct cmdargs const *arg) 540 { 541 struct filter *filter; 542 543 if (arg->argc < arg->argn+2) 544 return -1; 545 546 if (!strcmp(arg->argv[arg->argn], "in")) 547 filter = &arg->bundle->filter.in; 548 else if (!strcmp(arg->argv[arg->argn], "out")) 549 filter = &arg->bundle->filter.out; 550 else if (!strcmp(arg->argv[arg->argn], "dial")) 551 filter = &arg->bundle->filter.dial; 552 else if (!strcmp(arg->argv[arg->argn], "alive")) 553 filter = &arg->bundle->filter.alive; 554 else { 555 log_Printf(LogWARN, "filter_Set: %s: Invalid filter name.\n", 556 arg->argv[arg->argn]); 557 return -1; 558 } 559 560 Parse(&arg->bundle->ncp.ipcp, arg->argc - arg->argn - 1, 561 arg->argv + arg->argn + 1, filter->rule); 562 return 0; 563 } 564 565 const char * 566 filter_Action2Nam(int act) 567 { 568 static const char * const actname[] = { " none ", "permit ", " deny " }; 569 static char buf[8]; 570 571 if (act >= 0 && act < MAXFILTERS) { 572 snprintf(buf, sizeof buf, "%6d ", act); 573 return buf; 574 } else if (act >= A_NONE && act < A_NONE + sizeof(actname)/sizeof(char *)) 575 return actname[act - A_NONE]; 576 else 577 return "?????? "; 578 } 579 580 static void 581 doShowFilter(struct filterent *fp, struct prompt *prompt) 582 { 583 int n; 584 585 for (n = 0; n < MAXFILTERS; n++, fp++) { 586 if (fp->f_action != A_NONE) { 587 prompt_Printf(prompt, " %2d %s", n, filter_Action2Nam(fp->f_action)); 588 prompt_Printf(prompt, "%c ", fp->f_invert ? '!' : ' '); 589 prompt_Printf(prompt, "%s%s ", addrstr(fp->f_src.ipaddr, fp->f_srctype), 590 maskstr(fp->f_src.width)); 591 prompt_Printf(prompt, "%s%s ", addrstr(fp->f_dst.ipaddr, fp->f_dsttype), 592 maskstr(fp->f_dst.width)); 593 if (fp->f_proto) { 594 prompt_Printf(prompt, "%s", filter_Proto2Nam(fp->f_proto)); 595 596 if (fp->f_srcop) 597 prompt_Printf(prompt, " src %s %d", filter_Op2Nam(fp->f_srcop), 598 fp->f_srcport); 599 if (fp->f_dstop) 600 prompt_Printf(prompt, " dst %s %d", filter_Op2Nam(fp->f_dstop), 601 fp->f_dstport); 602 if (fp->f_estab) 603 prompt_Printf(prompt, " estab"); 604 if (fp->f_syn) 605 prompt_Printf(prompt, " syn"); 606 if (fp->f_finrst) 607 prompt_Printf(prompt, " finrst"); 608 } 609 if (fp->timeout != 0) 610 prompt_Printf(prompt, " timeout %u", fp->timeout); 611 prompt_Printf(prompt, "\n"); 612 } 613 } 614 } 615 616 int 617 filter_Show(struct cmdargs const *arg) 618 { 619 if (arg->argc > arg->argn+1) 620 return -1; 621 622 if (arg->argc == arg->argn+1) { 623 struct filter *filter; 624 625 if (!strcmp(arg->argv[arg->argn], "in")) 626 filter = &arg->bundle->filter.in; 627 else if (!strcmp(arg->argv[arg->argn], "out")) 628 filter = &arg->bundle->filter.out; 629 else if (!strcmp(arg->argv[arg->argn], "dial")) 630 filter = &arg->bundle->filter.dial; 631 else if (!strcmp(arg->argv[arg->argn], "alive")) 632 filter = &arg->bundle->filter.alive; 633 else 634 return -1; 635 doShowFilter(filter->rule, arg->prompt); 636 } else { 637 struct filter *filter[4]; 638 int f; 639 640 filter[0] = &arg->bundle->filter.in; 641 filter[1] = &arg->bundle->filter.out; 642 filter[2] = &arg->bundle->filter.dial; 643 filter[3] = &arg->bundle->filter.alive; 644 for (f = 0; f < 4; f++) { 645 if (f) 646 prompt_Printf(arg->prompt, "\n"); 647 prompt_Printf(arg->prompt, "%s:\n", filter[f]->name); 648 doShowFilter(filter[f]->rule, arg->prompt); 649 } 650 } 651 652 return 0; 653 } 654 655 static const char * const protoname[] = { 656 "none", "tcp", "udp", "icmp", "ospf", "igmp", "gre", "ipip" 657 }; 658 659 const char * 660 filter_Proto2Nam(int proto) 661 { 662 if (proto >= sizeof protoname / sizeof protoname[0]) 663 return "unknown"; 664 return protoname[proto]; 665 } 666 667 static int 668 filter_Nam2Proto(int argc, char const *const *argv) 669 { 670 int proto; 671 672 if (argc == 0) 673 proto = 0; 674 else 675 for (proto = sizeof protoname / sizeof protoname[0] - 1; proto; proto--) 676 if (!strcasecmp(*argv, protoname[proto])) 677 break; 678 679 return proto; 680 } 681 682 static const char * const opname[] = {"none", "eq", "gt", "lt"}; 683 684 const char * 685 filter_Op2Nam(int op) 686 { 687 if (op >= sizeof opname / sizeof opname[0]) 688 return "unknown"; 689 return opname[op]; 690 691 } 692 693 static int 694 filter_Nam2Op(const char *cp) 695 { 696 int op; 697 698 for (op = sizeof opname / sizeof opname[0] - 1; op; op--) 699 if (!strcasecmp(cp, opname[op])) 700 break; 701 702 return op; 703 } 704 705 void 706 filter_AdjustAddr(struct filter *filter, struct in_addr *my_ip, 707 struct in_addr *peer_ip, struct in_addr dns[2]) 708 { 709 struct filterent *fp; 710 int n; 711 712 for (fp = filter->rule, n = 0; n < MAXFILTERS; fp++, n++) 713 if (fp->f_action != A_NONE) { 714 if (my_ip) { 715 if (fp->f_srctype == T_MYADDR) 716 fp->f_src.ipaddr = *my_ip; 717 if (fp->f_dsttype == T_MYADDR) 718 fp->f_dst.ipaddr = *my_ip; 719 } 720 if (peer_ip) { 721 if (fp->f_srctype == T_HISADDR) 722 fp->f_src.ipaddr = *peer_ip; 723 if (fp->f_dsttype == T_HISADDR) 724 fp->f_dst.ipaddr = *peer_ip; 725 } 726 if (dns) { 727 if (fp->f_srctype == T_DNS0) 728 fp->f_src.ipaddr = dns[0]; 729 if (fp->f_dsttype == T_DNS0) 730 fp->f_dst.ipaddr = dns[0]; 731 if (fp->f_srctype == T_DNS1) 732 fp->f_src.ipaddr = dns[1]; 733 if (fp->f_dsttype == T_DNS1) 734 fp->f_dst.ipaddr = dns[1]; 735 } 736 } 737 } 738