summaryrefslogtreecommitdiff
path: root/src/read_config_yy.y
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-02-02 04:35:05 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-02-02 04:35:05 +0000
commit6f7bc84fb819e87a9145394b0e08fd194b1497da (patch)
tree01148959534277e1135231e08676c822f709c3df /src/read_config_yy.y
parentc66ed8fdb8b64fcb8973f6b60a9696b59ba29ee6 (diff)
downloadconntrack-tools-6f7bc84fb819e87a9145394b0e08fd194b1497da.tar.gz
conntrack-tools-6f7bc84fb819e87a9145394b0e08fd194b1497da.zip
add IPv6 support to conntrackd
Diffstat (limited to 'src/read_config_yy.y')
-rw-r--r--src/read_config_yy.y99
1 files changed, 72 insertions, 27 deletions
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 0ba5331..86fee9b 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -177,37 +177,63 @@ ignore_traffic_options :
ignore_traffic_option : T_IPV4_ADDR T_IP
{
union inet_address ip;
- int family = 0;
memset(&ip, 0, sizeof(union inet_address));
- if (inet_aton($2, &ip.ipv4))
- family = AF_INET;
-#ifdef HAVE_INET_PTON_IPV6
- else if (inet_pton(AF_INET6, $2, &ip.ipv6) > 0)
- family = AF_INET6;
-#endif
+ if (!inet_aton($2, &ip.ipv4)) {
+ fprintf(stderr, "%s is not a valid IPv4, ignoring", $2);
+ break;
+ }
+
+ if (!STATE(ignore_pool)) {
+ STATE(ignore_pool) = ignore_pool_create();
+ if (!STATE(ignore_pool)) {
+ fprintf(stderr, "Can't create ignore pool!\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ if (!ignore_pool_add(STATE(ignore_pool), &ip, AF_INET)) {
+ if (errno == EEXIST)
+ fprintf(stderr, "IP %s is repeated "
+ "in the ignore pool\n", $2);
+ if (errno == ENOSPC)
+ fprintf(stderr, "Too many IP in the ignore pool!\n");
+ }
+};
- if (!family) {
- fprintf(stderr, "%s is not a valid IP, ignoring", $2);
+ignore_traffic_option : T_IPV6_ADDR T_IP
+{
+ union inet_address ip;
+
+ memset(&ip, 0, sizeof(union inet_address));
+
+#ifdef HAVE_INET_PTON_IPV6
+ if (inet_pton(AF_INET6, $2, &ip.ipv6) <= 0) {
+ fprintf(stderr, "%s is not a valid IPv6, ignoring", $2);
break;
}
+#else
+ fprintf(stderr, "Cannot find inet_pton(), IPv6 unsupported!");
+ break;
+#endif
if (!STATE(ignore_pool)) {
- STATE(ignore_pool) = ignore_pool_create(family);
+ STATE(ignore_pool) = ignore_pool_create();
if (!STATE(ignore_pool)) {
fprintf(stderr, "Can't create ignore pool!\n");
exit(EXIT_FAILURE);
}
}
- if (!ignore_pool_add(STATE(ignore_pool), &ip)) {
+ if (!ignore_pool_add(STATE(ignore_pool), &ip, AF_INET6)) {
if (errno == EEXIST)
fprintf(stderr, "IP %s is repeated "
"in the ignore pool\n", $2);
if (errno == ENOSPC)
fprintf(stderr, "Too many IP in the ignore pool!\n");
}
+
};
multicast_line : T_MULTICAST '{' multicast_options '}';
@@ -235,8 +261,13 @@ multicast_option : T_IPV4_ADDR T_IP
multicast_option : T_IPV6_ADDR T_IP
{
#ifdef HAVE_INET_PTON_IPV6
- if (inet_pton(AF_INET6, $2, &conf.mcast.in) <= 0)
+ if (inet_pton(AF_INET6, $2, &conf.mcast.in) <= 0) {
fprintf(stderr, "%s is not a valid IPv6 address\n", $2);
+ break;
+ }
+#else
+ fprintf(stderr, "Cannot find inet_pton(), IPv6 unsupported!");
+ break;
#endif
if (conf.mcast.ipproto == AF_INET) {
@@ -247,6 +278,19 @@ multicast_option : T_IPV6_ADDR T_IP
}
conf.mcast.ipproto = AF_INET6;
+
+ if (conf.mcast.iface[0] && !conf.mcast.ifa.interface_index6) {
+ unsigned int idx;
+
+ idx = if_nametoindex($2);
+ if (!idx) {
+ fprintf(stderr, "%s is an invalid interface.\n", $2);
+ break;
+ }
+
+ conf.mcast.ifa.interface_index6 = idx;
+ conf.mcast.ipproto = AF_INET6;
+ }
};
multicast_option : T_IPV4_IFACE T_IP
@@ -268,24 +312,25 @@ multicast_option : T_IPV4_IFACE T_IP
multicast_option : T_IPV6_IFACE T_IP
{
-#ifdef HAVE_INET_PTON_IPV6
- if (inet_pton(AF_INET6, $2, &conf.mcast.ifa) <= 0)
- fprintf(stderr, "%s is not a valid IPv6 address\n", $2);
-#endif
-
- if (conf.mcast.ipproto == AF_INET) {
- fprintf(stderr, "Your multicast interface is IPv6 but "
- "is binded to an IPv4 interface? Surely "
- "this is not what you want\n");
- break;
- }
-
- conf.mcast.ipproto = AF_INET6;
-};
+ fprintf(stderr, "IPv6_interface not required for IPv6, ignoring.\n");
+}
multicast_option : T_IFACE T_STRING
{
strncpy(conf.mcast.iface, $2, IFNAMSIZ);
+
+ if (conf.mcast.ipproto == AF_INET6) {
+ unsigned int idx;
+
+ idx = if_nametoindex($2);
+ if (!idx) {
+ fprintf(stderr, "%s is an invalid interface.\n", $2);
+ break;
+ }
+
+ conf.mcast.ifa.interface_index6 = idx;
+ conf.mcast.ipproto = AF_INET6;
+ }
};
multicast_option : T_BACKLOG T_NUMBER
@@ -690,7 +735,7 @@ init_config(char *filename)
/* create empty pool */
if (!STATE(ignore_pool)) {
- STATE(ignore_pool) = ignore_pool_create(CONFIG(family));
+ STATE(ignore_pool) = ignore_pool_create();
if (!STATE(ignore_pool)) {
fprintf(stderr, "Can't create ignore pool!\n");
exit(EXIT_FAILURE);