Various changes on IPv6

Seb35 · Jan 15, 2024 · abee34a · abee34a
1 parent 2f98e06
commit abee34a
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 16 deletions.
diff --git a/client/http_resolve_host.c b/client/http_resolve_host.c
@@ -56,16 +56,16 @@ struct url
 };
 
 static int resolve_ip(const char * resp, fko_cli_options_t *options, const char * extraerror1,char *extraerror2) {
-  struct  addrinfo *result=NULL;
-  struct  addrinfo *rp;
-  struct  addrinfo hints;
-  int error;
-
-  memset(&hints, 0, sizeof(struct addrinfo));
-  hints.ai_family = AF_UNSPEC;
-  hints.ai_flags  = AI_NUMERICHOST | AI_CANONNAME;
-  error = getaddrinfo(resp, NULL, &hints, &result);
-  if (error != 0)
+    struct  addrinfo *result=NULL;
+    struct  addrinfo *rp;
+    struct  addrinfo hints;
+    int error;
+
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family = AF_UNSPEC;
+    hints.ai_flags  = AI_NUMERICHOST | AI_CANONNAME;
+    error = getaddrinfo(resp, NULL, &hints, &result);
+    if (error != 0)
     {
         log_msg(LOG_VERBOSITY_ERROR,
 		"[-] Could not resolve IP via: '%s%s'", extraerror1, extraerror2);

diff --git a/common/fko_util.c b/common/fko_util.c
@@ -199,6 +199,9 @@ is_valid_hostname(const char * const hostname_str, const int len)
     if (*ndx == '-')
         return 0;
 
+    if (*ndx == '.')
+        label_size--;
+
     if (label_size > 63)
         return 0;
 

diff --git a/server/access.c b/server/access.c
@@ -2087,7 +2087,7 @@ compare_addr_list_ipv4(acc_int_list_t *ip_list, uint32_t ip)
     {
         if(ip_list->family == AF_UNSPEC)
             return 1;
-        if(ip_list->family != AF_INET6)
+        if(ip_list->family != AF_INET)
             continue;
         if((ip & ip_list->acc_int.inet.mask) == (ip_list->acc_int.inet.maddr & ip_list->acc_int.inet.mask))
             return 1;

diff --git a/server/fw_util_iptables.c b/server/fw_util_iptables.c
@@ -496,13 +496,13 @@ jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int cha
 
 static int
 jump_rule_exists_no_chk_support(const fko_srv_options_t * const opts,
-        const int chain_num)
+        const int chain_num, int ipv6)
 {
     int     exists = 0;
     char    chain_search[CMD_BUFSIZE] = {0};
 
     snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
-        fwc.fw_command,
+        ipv6 ? fwc.fw_command6 : fwc.fw_command,
         fwc.chain[chain_num].table,
         fwc.chain[chain_num].from_chain
     );
@@ -532,7 +532,7 @@ jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num, int
     if(have_ipt_chk_support == 1)
         exists = jump_rule_exists_chk_support(opts, chain_num, ipv6);
     else
-        exists = jump_rule_exists_no_chk_support(opts, chain_num);
+        exists = jump_rule_exists_no_chk_support(opts, chain_num, ipv6);
 
     return exists;
 }
@@ -1583,8 +1583,11 @@ process_spa_request(const fko_srv_options_t * const opts,
     time_t          now;
     unsigned int    exp_ts;
 
-    /* XXX set adequately per SPA message */
-    int             ipv6 = (opts->family == AF_INET6) ? 1 : 0;
+    int ipv6 = 0;
+    if(is_valid_ip_addr(spadat->use_src_ip, strlen(spadat->use_src_ip), AF_INET6))
+    {
+        ipv6 = 1;
+    }
 
     /* Parse and expand our access message.
     */