Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

/*	$NetBSD: mynetworks.c,v 1.2 2017/02/14 01:16:45 christos Exp $	*/

/*++
/* NAME
/*	mynetworks 3
/* SUMMARY
/*	generate patterns for my own interface addresses
/* SYNOPSIS
/*	#include <mynetworks.h>
/*
/*	const char *mynetworks()
/* AUXILIARY FUNCTIONS
/*	const char *mynetworks_host()
/* DESCRIPTION
/*	This routine uses the address list built by own_inet_addr()
/*	to produce a list of patterns that match the corresponding
/*	networks.
/*
/*	The interface list is specified with the "inet_interfaces"
/*	configuration parameter.
/*
/*	The address to netblock conversion style is specified with
/*	the "mynetworks_style" parameter: one of "class" (match
/*	whole class A, B, C or D networks), "subnet" (match local
/*	subnets), or "host" (match local interfaces only).
/*
/*	mynetworks_host() uses the "host" style.
/* LICENSE
/* .ad
/* .fi
/*	The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/*	Wietse Venema
/*	IBM T.J. Watson Research
/*	P.O. Box 704
/*	Yorktown Heights, NY 10598, USA
/*
/*	Dean C. Strik
/*	Department ICT Services
/*	Eindhoven University of Technology
/*	P.O. Box 513
/*	5600 MB  Eindhoven, Netherlands
/*	E-mail: <dean@ipnet6.org>
/*--*/

/* System library. */

#include <sys_defs.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#ifndef IN_CLASSD_NET
#define IN_CLASSD_NET		0xf0000000
#define IN_CLASSD_NSHIFT 	28
#endif

/* Utility library. */

#include <msg.h>
#include <vstring.h>
#include <inet_addr_list.h>
#include <name_mask.h>
#include <myaddrinfo.h>
#include <mask_addr.h>
#include <argv.h>
#include <inet_proto.h>
#include <mymalloc.h>

/* Global library. */

#include <own_inet_addr.h>
#include <mail_params.h>
#include <mynetworks.h>
#include <sock_addr.h>
#include <been_here.h>

/* Application-specific. */

#define MASK_STYLE_CLASS	(1 << 0)
#define MASK_STYLE_SUBNET	(1 << 1)
#define MASK_STYLE_HOST		(1 << 2)

static const NAME_MASK mask_styles[] = {
    MYNETWORKS_STYLE_CLASS, MASK_STYLE_CLASS,
    MYNETWORKS_STYLE_SUBNET, MASK_STYLE_SUBNET,
    MYNETWORKS_STYLE_HOST, MASK_STYLE_HOST,
    0,
};

/* mynetworks_core - return patterns for specific mynetworks style */

static const char *mynetworks_core(const char *style)
{
    const char *myname = "mynetworks_core";
    VSTRING *result;
    INET_ADDR_LIST *my_addr_list;
    INET_ADDR_LIST *my_mask_list;
    unsigned shift;
    unsigned junk;
    int     i;
    unsigned mask_style;
    struct sockaddr_storage *sa;
    struct sockaddr_storage *ma;
    int     net_mask_count = 0;
    ARGV   *argv;
    BH_TABLE *dup_filter;
    char  **cpp;

    /*
     * Avoid run-time errors when all network protocols are disabled. We
     * can't look up interface information, and we can't convert explicit
     * names or addresses.
     */
    if (inet_proto_info()->ai_family_list[0] == 0) {
	if (msg_verbose)
	    msg_info("skipping %s setting - "
		     "all network protocols are disabled",
		     VAR_MYNETWORKS);
	return (mystrdup(""));
    }
    mask_style = name_mask("mynetworks mask style", mask_styles, style);

    /*
     * XXX Workaround: name_mask() needs a flags argument so that we can
     * require exactly one value, or we need to provide an API that is
     * dedicated for single-valued flags.
     * 
     * XXX Why not use name_code() instead?
     */
    for (i = 0, junk = mask_style; junk != 0; junk >>= 1U)
	i += (junk & 1);
    if (i != 1)
	msg_fatal("bad %s value: %s; specify exactly one value",
		  VAR_MYNETWORKS_STYLE, var_mynetworks_style);

    result = vstring_alloc(20);
    my_addr_list = own_inet_addr_list();
    my_mask_list = own_inet_mask_list();

    for (sa = my_addr_list->addrs, ma = my_mask_list->addrs;
	 sa < my_addr_list->addrs + my_addr_list->used;
	 sa++, ma++) {
	unsigned long addr;
	unsigned long mask;
	struct in_addr net;

	if (SOCK_ADDR_FAMILY(sa) == AF_INET) {
	    addr = ntohl(SOCK_ADDR_IN_ADDR(sa).s_addr);
	    mask = ntohl(SOCK_ADDR_IN_ADDR(ma).s_addr);

	    switch (mask_style) {

		/*
		 * Natural mask. This is dangerous if you're customer of an
		 * ISP who gave you a small portion of their network.
		 */
	    case MASK_STYLE_CLASS:
		if (IN_CLASSA(addr)) {
		    mask = IN_CLASSA_NET;
		    shift = IN_CLASSA_NSHIFT;
		} else if (IN_CLASSB(addr)) {
		    mask = IN_CLASSB_NET;
		    shift = IN_CLASSB_NSHIFT;
		} else if (IN_CLASSC(addr)) {
		    mask = IN_CLASSC_NET;
		    shift = IN_CLASSC_NSHIFT;
		} else if (IN_CLASSD(addr)) {
		    mask = IN_CLASSD_NET;
		    shift = IN_CLASSD_NSHIFT;
		} else {
		    msg_fatal("%s: unknown address class: %s",
			      myname, inet_ntoa(SOCK_ADDR_IN_ADDR(sa)));
		}
		break;

		/*
		 * Subnet mask. This is less unsafe, but still bad if you're
		 * connected to a large subnet.
		 */
	    case MASK_STYLE_SUBNET:
		for (junk = mask, shift = MAI_V4ADDR_BITS; junk != 0;
		     shift--, junk <<= 1)
		     /* void */ ;
		break;

		/*
		 * Host only. Do not relay authorize other hosts.
		 */
	    case MASK_STYLE_HOST:
		mask = ~0UL;
		shift = 0;
		break;

	    default:
		msg_panic("unknown mynetworks mask style: %s",
			  var_mynetworks_style);
	    }
	    net.s_addr = htonl(addr & mask);
	    vstring_sprintf_append(result, "%s/%d ",
				   inet_ntoa(net), MAI_V4ADDR_BITS - shift);
	    net_mask_count++;
	    continue;
	}
#ifdef HAS_IPV6
	else if (SOCK_ADDR_FAMILY(sa) == AF_INET6) {
	    MAI_HOSTADDR_STR hostaddr;
	    unsigned char *ac;
	    unsigned char *end;
	    unsigned char ch;
	    struct sockaddr_in6 net6;

	    switch (mask_style) {

		/*
		 * There are no classes for IPv6. We default to subnets
		 * instead.
		 */
	    case MASK_STYLE_CLASS:

		/* FALLTHROUGH */

		/*
		 * Subnet mask.
		 */
	    case MASK_STYLE_SUBNET:
		ac = (unsigned char *) &SOCK_ADDR_IN6_ADDR(ma);
		end = ac + sizeof(SOCK_ADDR_IN6_ADDR(ma));
		shift = MAI_V6ADDR_BITS;
		while (ac < end) {
		    if ((ch = *ac++) == (unsigned char) ~0U) {
			shift -= CHAR_BIT;
			continue;
		    } else {
			while (ch != 0)
			    shift--, ch <<= 1;
			break;
		    }
		}
		break;

		/*
		 * Host only. Do not relay authorize other hosts.
		 */
	    case MASK_STYLE_HOST:
		shift = 0;
		break;

	    default:
		msg_panic("unknown mynetworks mask style: %s",
			  var_mynetworks_style);
	    }
	    /* FIX 200501: IPv6 patch did not clear host bits. */
	    net6 = *SOCK_ADDR_IN6_PTR(sa);
	    mask_addr((unsigned char *) &net6.sin6_addr,
		      sizeof(net6.sin6_addr),
		      MAI_V6ADDR_BITS - shift);
	    SOCKADDR_TO_HOSTADDR(SOCK_ADDR_PTR(&net6), SOCK_ADDR_LEN(&net6),
				 &hostaddr, (MAI_SERVPORT_STR *) 0, 0);
	    vstring_sprintf_append(result, "[%s]/%d ",
				   hostaddr.buf, MAI_V6ADDR_BITS - shift);
	    net_mask_count++;
	    continue;
	}
#endif
	else {
	    msg_warn("%s: skipping unknown address family %d",
		     myname, SOCK_ADDR_FAMILY(sa));
	    continue;
	}
    }

    /*
     * FIX 200501 IPv6 patch produced repeated results. Some systems report
     * the same interface multiple times, notably multi-homed systems with
     * IPv6 link-local or site-local addresses. A straight-forward sort+uniq
     * produces ugly results, though. Instead we preserve the original order
     * and use a duplicate filter to suppress repeated information.
     */
    if (net_mask_count > 1) {
	argv = argv_split(vstring_str(result), " ");
	VSTRING_RESET(result);
	dup_filter = been_here_init(net_mask_count, BH_FLAG_NONE);
	for (cpp = argv->argv; cpp < argv->argv + argv->argc; cpp++)
	    if (!been_here_fixed(dup_filter, *cpp))
		vstring_sprintf_append(result, "%s ", *cpp);
	argv_free(argv);
	been_here_free(dup_filter);
    }
    if (msg_verbose)
	msg_info("%s: %s", myname, vstring_str(result));
    return (vstring_export(result));
}

/* mynetworks - return patterns that match my own networks */

const char *mynetworks(void)
{
    static const char *result;

    if (result == 0)
	result = mynetworks_core(var_mynetworks_style);
    return (result);
}

/* mynetworks_host - return patterns for "host" mynetworks style */

const char *mynetworks_host(void)
{
    static const char *result;

    if (result == 0)
	result = mynetworks_core(MYNETWORKS_STYLE_HOST);
    return (result);
}

#ifdef TEST
#include <inet_proto.h>

char   *var_inet_interfaces;
char   *var_mynetworks_style;

int     main(int argc, char **argv)
{
    INET_PROTO_INFO *proto_info;

    if (argc != 4)
	msg_fatal("usage: %s protocols mask_style interface_list (e.g. \"all subnet all\")",
		  argv[0]);
    msg_verbose = 10;
    proto_info = inet_proto_init(argv[0], argv[1]);
    var_mynetworks_style = argv[2];
    var_inet_interfaces = argv[3];
    mynetworks();
    return (0);
}

#endif