{"id":2461,"date":"2014-06-05T08:47:59","date_gmt":"2014-06-05T08:47:59","guid":{"rendered":"http:\/\/blog.bachi.net\/?p=2461"},"modified":"2014-08-20T14:55:47","modified_gmt":"2014-08-20T14:55:47","slug":"bind9-reject-dns-root-queries","status":"publish","type":"post","link":"https:\/\/blog.bachi.net\/?p=2461","title":{"rendered":"BIND9 Reject DNS Root Queries"},"content":{"rendered":"

bind: blackhole for invalid recursive queries?<\/a>
\nDisabling Root DNS Server queries on Redhat linux<\/a>
\nUbuntu server 12.04 bind9 dns query rejected<\/a><\/p>\n

Using FreeBSD’s BPF device with C\/C++<\/a><\/p>\n

Socket Compiler Error<\/h4>\n

Compile Error in using \/usr\/include\/net\/if.h<\/a>
\ncompile problems on freebsd<\/a><\/p>\n

SVNWEB<\/h4>\n

sys\/pf<\/a>
\nsbin\/pfctl<\/a><\/p>\n

\r\n[root@gateway ~]# pfctl -t hacker -T add 192.168.0.2 192.168.0.3 192.168.0.4\r\n1 table created.\r\n3\/3 addresses added.\r\n\r\n[root@gateway ~]# pfctl -f \/etc\/pf.conf\r\n\r\n[root@gateway ~]# pfctl -t hacker -T show\r\n   192.168.1.1\r\n\r\n[root@gateway ~]# pfctl -t hacker -T add 192.168.0.2 192.168.0.3 192.168.0.4\r\n3\/3 addresses added.\r\n\r\n[root@gateway ~]# pfctl -t hacker -T show\r\n   192.168.0.2\r\n   192.168.0.3\r\n   192.168.0.4\r\n   192.168.1.1\r\n<\/pre>\n
\r\n     DIOCRADDADDRS struct pfioc_table *io\r\n\t     Add one or\tmore addresses to a table.  On entry, pfrio_table con-\r\n\t     tains the table ID\tand pfrio_buffer must point to an array\tof\r\n\t     struct pfr_addr containing\tat least pfrio_size elements to\tadd to\r\n\t     the table.\t pfrio_esize must be the size of struct\tpfr_addr.  On\r\n\t     exit, pfrio_nadd contains the number of addresses effectively\r\n\t     added.\r\n\r\n\t     struct pfr_addr {\r\n\t\t     union {\r\n\t\t\t     struct in_addr   _pfra_ip4addr;\r\n\t\t\t     struct in6_addr  _pfra_ip6addr;\r\n\t\t     }\t\t      pfra_u;\r\n\t\t     u_int8_t\t      pfra_af;\r\n\t\t     u_int8_t\t      pfra_net;\r\n\t\t     u_int8_t\t      pfra_not;\r\n\t\t     u_int8_t\t      pfra_fback;\r\n\t     };\r\n\t     #define pfra_ip4addr    pfra_u._pfra_ip4addr\r\n\t     #define pfra_ip6addr    pfra_u._pfra_ip6addr\r\n<\/pre>\n
\r\n\/usr\/include\/sys\/ioctl.h: ioctl                (dev, DIOCRADDADDRS, &io)\r\nsbin\/pfctl\/pfctl_radix.c: pfr_add_addrs        (tbl=0xbfbfd198, addr=0x28826100, size=3, nadd=0xbfbfd16c, flags=0)\r\nsbin\/pfctl\/pfctl_table.c: pfctl_table          (argc=3, argv=0xbfbfdc90, tname=0xbfbfddd3 "hacker", command=0x808831c "add", file=0x0, anchor=0xbfbfd808 "", opts=0)\r\nsbin\/pfctl\/pfctl_table.c: pfctl_command_tables (argc=3, argv=0xbfbfdc90, tname=0xbfbfddd3 "hacker", command=0x808831c "add", file=0x0, anchor=0xbfbfd808 "", opts=0)\r\nsbin\/pfctl\/pfctl.c:       main                 (argc=3, argv=0xbfbfdc90)\r\n\r\n\r\ntbl:\r\n$1 = (struct pfr_table *) 0xbfbfd198\r\n$2 = { pfrt_anchor = '\0' \r\n       pfrt_name   = "hacker", \r\n       pfrt_flags  = 0,\r\n       pfrt_fback  = 0 '\0'}\r\n\r\naddr:\r\n$3 = (struct pfr_addr *) 0x28826100\r\n$4 = { pfra_u = { _pfra_ip4addr = { s_addr = 33597632 },\r\n                  _pfra_ip6addr = { [...] }\r\n                },\r\n       pfra_af = 2 '\002',\r\n       pfra_net = 32 ' ', \r\n       pfra_not = 0 '\0',\r\n       pfra_fback = 0 '\0'}\r\n\r\npfctl_radix.c:418    pfr_buf_add          (b=0xbfbfd188, e=0xbfbfcfb0)\r\npfctl_parser.c:1704  append_addr_host     (b=0xbfbfd188, n=0x28814460, test=0, not=0)\r\npfctl_parser.c:1659  append_addr          (b=0xbfbfd188, s=0xbfbfddf9 "192.168.0.4", test=0)\r\npfctl_table.c:418    load_addr            (b=0xbfbfd188, argc=0, argv=0xbfbfdc9c, file=0x0, nonetwork=0)\r\npfctl_table.c:201    pfctl_table          (argc=3, argv=0xbfbfdc90, tname=0xbfbfddd3 "hacker", command=0x808831c "add", file=0x0, anchor=0xbfbfd808 "", opts=0)\r\npfctl_table.c:124    pfctl_command_tables (argc=3, argv=0xbfbfdc90, tname=0xbfbfddd3 "hacker", command=0x808831c "add", file=0x0, anchor=0xbfbfd808 "", opts=0)\r\npfctl.c:2328         main                 (argc=3, argv=0xbfbfdc90)\r\n<\/pre>\n
\r\ntypedef char *          caddr_t;        \/* core address *\/\r\ntypedef const char *    c_caddr_t;      \/* core address, pointer to const *\/\r\n<\/pre>\n
\r\n\/*\r\n * Internet address (a structure for historical reasons)\r\n *\/\r\nstruct in_addr {\r\n\tin_addr_t s_addr;\r\n};\r\n<\/pre>\n
Essential Socket Functions<\/a><\/p>\n
\r\nint\r\nmain(int argc, char *argv[])\r\n{\r\n    [...]\r\n    while ((ch = getopt(argc, argv,\r\n        "a:AdD:eqf:F:ghi:k:K:mnNOo::Pp:rRs:t:T:vx:z")) != -1) {\r\n        switch (ch) {\r\n        [...]\r\n        case 't':\r\n            tableopt = optarg;\r\n            break;\r\n        case 'T':\r\n            tblcmdopt = pfctl_lookup_option(optarg, tblcmdopt_list);\r\n            if (tblcmdopt == NULL) {\r\n                warnx("Unknown table command '%s'", optarg);\r\n                usage();\r\n            }\r\n            break;\r\n        [...]\r\n        }\r\n    }\r\n    [...]\r\n    if (tblcmdopt != NULL) {\r\n        error = pfctl_command_tables(argc, argv, tableopt,\r\n            tblcmdopt, rulesopt, anchorname, opts);\r\n        rulesopt = NULL;\r\n    }\r\n    [...]\r\n}\r\n<\/pre>\n
\r\nenum {\r\n    PFRB_TABLES = 1,\r\n    PFRB_TSTATS,\r\n    PFRB_ADDRS,\r\n    PFRB_ASTATS,\r\n    PFRB_IFACES,\r\n    PFRB_TRANS,\r\n    PFRB_MAX\r\n};\r\n\r\nstruct pfr_buffer {\r\n    int                 pfrb_type;      \/* type of content, see enum above *\/\r\n    int                 pfrb_size;      \/* number of objects in buffer *\/\r\n    int                 pfrb_msize;     \/* maximum number of objects in buffer *\/\r\n    void               *pfrb_caddr;     \/* malloc'ated memory area *\/\r\n};\r\n\r\n\/*  int            int            int              void *                *\/\r\n   {pfrb_type = 3, pfrb_size = 0, pfrb_msize = 0,  pfrb_caddr = 0x0}\r\n   {pfrb_type = 3, pfrb_size = 1, pfrb_msize = 64, pfrb_caddr = 0x28826100}\r\n   {pfrb_type = 3, pfrb_size = 2, pfrb_msize = 64, pfrb_caddr = 0x28826100}\r\n\r\n<\/pre>\n
\r\n\r\nstruct pfioc_table {\r\n    struct pfr_table    pfrio_table;\r\n    void               *pfrio_buffer;\r\n    int                 pfrio_esize;\r\n    int                 pfrio_size;\r\n    int                 pfrio_size2;\r\n    int                 pfrio_nadd;\r\n    int                 pfrio_ndel;\r\n    int                 pfrio_nchange;\r\n    int                 pfrio_flags;\r\n    u_int32_t           pfrio_ticket;\r\n};\r\n\r\nstruct pfr_table {\r\n    char                pfrt_anchor[MAXPATHLEN];\r\n    char                pfrt_name[PF_TABLE_NAME_SIZE];\r\n    u_int32_t           pfrt_flags;\r\n    u_int8_t            pfrt_fback;\r\n};\r\n\r\n\/*  char *              char *                       u_int32_t       u_int8_t          *\/\r\n   {pfrt_anchor = '\0', pfrt_name = "hacker", '\0' , pfrt_flags = 0, pfrt_fback = 0 '\0'}\r\n\r\npfrt_flags:\r\n#define PFR_TFLAG_PERSIST       0x00000001\r\n#define PFR_TFLAG_CONST         0x00000002\r\n#define PFR_TFLAG_ACTIVE        0x00000004\r\n#define PFR_TFLAG_INACTIVE      0x00000008\r\n#define PFR_TFLAG_REFERENCED    0x00000010\r\n#define PFR_TFLAG_REFDANCHOR    0x00000020\r\n#define PFR_TFLAG_USRMASK       0x00000003\r\n#define PFR_TFLAG_SETMASK       0x0000003C\r\n#define PFR_TFLAG_ALLMASK       0x0000003F\r\n\r\nstruct pfr_table.pfrt_fback:\r\nstruct pfr_addr.pfra_fback:\r\nenum {\r\n    PFR_FB_NONE,\r\n    PFR_FB_MATCH,\r\n    PFR_FB_ADDED,\r\n    PFR_FB_DELETED,\r\n    PFR_FB_CHANGED,\r\n    PFR_FB_CLEARED,\r\n    PFR_FB_DUPLICATE,\r\n    PFR_FB_NOTMATCH,\r\n    PFR_FB_CONFLICT,\r\n    PFR_FB_MAX\r\n};\r\n\r\nstruct pfr_addr {\r\n    union {\r\n        struct in_addr   _pfra_ip4addr;\r\n        struct in6_addr  _pfra_ip6addr;\r\n    }                pfra_u;\r\n    u_int8_t         pfra_af;        \/**< AF_INET or AF_INET6 *\/\r\n    u_int8_t         pfra_net;\r\n    u_int8_t         pfra_not;\r\n    u_int8_t         pfra_fback;\r\n};\r\n#define pfra_ip4addr    pfra_u._pfra_ip4addr\r\n#define pfra_ip6addr    pfra_u._pfra_ip6addr\r\n\r\n\/* union                                                           *\/\r\n   { pfra_u = { _pfra_ip4addr = { s_addr = 33597632 },\r\n                _pfra_ip6addr = {__u6_addr = { __u6_addr8  = { ... },\r\n                                               __u6_addr16 = { ... },\r\n                                               __u6_addr32 = { ... }\r\n                                             }\r\n                                }\r\n              },\r\n\/*   u_int8_t      u_int8_t        u_int8_t       u_int8_t         *\/\r\n     pfra_af = 2 , pfra_net = 32 , pfra_not = 0 , pfra_fback = 0   }\r\n\r\n\/***************************************************************\/\r\n\r\n#define v4      pfa.v4\r\n#define v6      pfa.v6\r\n#define addr8   pfa.addr8\r\n#define addr16  pfa.addr16\r\n#define addr32  pfa.addr32\r\n\r\nstruct pf_addr {\r\n    union {\r\n        struct in_addr          v4;\r\n        struct in6_addr         v6;\r\n        u_int8_t                addr8[16];\r\n        u_int16_t               addr16[8];\r\n        u_int32_t               addr32[4];\r\n    }                           pfa;           \/* 128-bit address *\/\r\n};\r\n\r\nstruct pf_addr_wrap {\r\n    union {\r\n        struct {\r\n            struct pf_addr      addr;\r\n            struct pf_addr      mask;\r\n        }                       a;\r\n        char                    ifname[IFNAMSIZ];\r\n        char                    tblname[PF_TABLE_NAME_SIZE];\r\n    }                           v;\r\n    union {\r\n        struct pfi_dynaddr     *dyn;\r\n        struct pfr_ktable      *tbl;\r\n        int                     dyncnt;\r\n        int                     tblcnt;\r\n    }                           p;\r\n    u_int8_t                    type;          \/* PF_ADDR_* *\/\r\n    u_int8_t                    iflags;        \/* PFI_AFLAG_* *\/\r\n};\r\n<\/pre>\n
\r\n\r\n#define CREATE_TABLE do {                                   \\\r\n    table.pfrt_flags |= PFR_TFLAG_PERSIST;                  \\\r\n    if ((!(opts & PF_OPT_NOACTION) ||                       \\\r\n        (opts & PF_OPT_DUMMYACTION)) &&                     \\\r\n        (pfr_add_tables(&table, 1, &nadd, flags)) &&        \\\r\n        (errno != EPERM)) {                                 \\\r\n            radix_perror();                                 \\\r\n            goto _error;                                    \\\r\n    }                                                       \\\r\n    if (nadd) {                                             \\\r\n        warn_namespace_collision(table.pfrt_name);          \\\r\n        xprintf(opts, "%d table created", nadd);            \\\r\n        if (opts & PF_OPT_NOACTION)                         \\\r\n            return (0);                                     \\\r\n    }                                                       \\\r\n    table.pfrt_flags &= ~PFR_TFLAG_PERSIST;                 \\\r\n} while(0)                           \r\n\r\nint\r\npfctl_command_tables(int argc, char *argv[], char *tname,\r\n    const char *command, char *file, const char *anchor, int opts)\r\n{\r\n\tif (tname == NULL || command == NULL)\r\n\t\tusage();\r\n\treturn pfctl_table(argc, argv, tname, command, file, anchor, opts);\r\n}\r\n\r\nint\r\npfctl_table(int argc, char *argv[], char *tname, const char *command,\r\n    char *file, const char *anchor, int opts)\r\n{\r\n    struct pfr_table    table;\r\n    struct pfr_buffer   b, b2;\r\n    struct pfr_addr    *a, *a2;\r\n    int                 nadd = 0;\r\n\r\n    [...]\r\n\r\n    strlcpy(table.pfrt_name, tname, sizeof(table.pfrt_name);      \/**< copy table name *\/\r\n\r\n    [...]\r\n    } else if (!strcmp(command, "add")) {\r\n        b.pfrb_type = PFRB_ADDRS;                                 \/**< set type to ADDR *\/\r\n        if (load_addr(&b, argc, argv, file, 0))                   \/**< load_addr(): parse arguments and pass it to struct pfr_buffer *\/\r\n            goto _error;\r\n        CREATE_TABLE;\r\n        if (opts & PF_OPT_VERBOSE)\r\n            flags |= PFR_FLAG_FEEDBACK;\r\n        RVTEST(pfr_add_addrs(&table, b.pfrb_caddr, b.pfrb_size, &nadd, flags));    \/**< pfr_add_addrs(): \r\n        xprintf(opts, "%d\/%d addresses added", nadd, b.pfrb_size);\r\n        if (opts & PF_OPT_VERBOSE)\r\n            PFRB_FOREACH(a, &b)\r\n                if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)\r\n                    print_addrx(a, NULL, opts & PF_OPT_USEDNS);\r\n    }\r\n    [...]\r\n}\r\n\r\nint\r\nload_addr(struct pfr_buffer *b, int argc, char *argv[], char *file,\r\n    int nonetwork)\r\n{\r\n    while (argc--)\r\n        if (append_addr(b, *argv++, nonetwork)) {\r\n            if (errno)\r\n                warn("cannot decode %s", argv[-1]);\r\n            return (-1);\r\n        }\r\n    if (pfr_buf_load(b, file, nonetwork, append_addr)) {\r\n        warn("cannot load %s", file);\r\n        return (-1);\r\n    }\r\n    return (0);\r\n}\r\n<\/pre>\n
\r\nstruct node_host {\r\n    struct pf_addr_wrap  addr;\r\n    struct pf_addr       bcast;\r\n    struct pf_addr       peer;\r\n    sa_family_t          af;\r\n    u_int8_t             not;\r\n    u_int32_t            ifindex;   \/* link-local IPv6 addrs *\/\r\n    char                *ifname;\r\n    u_int                ifa_flags;\r\n    struct node_host    *next;\r\n    struct node_host    *tail;\r\n};\r\n<\/pre>\n
\r\n\/*\r\n * convert a hostname to a list of addresses and put them in the given buffer.\r\n * test:\r\n *  if set to 1, only simple addresses are accepted (no netblock, no "!").\r\n *\/\r\nint\r\nappend_addr(struct pfr_buffer *b, char *s, int test)\r\n{\r\n    char             *r;\r\n    struct node_host    *h, *n;\r\n    int          rv, not = 0;\r\n\r\n    for (r = s; *r == '!'; r++)\r\n        not = !not;\r\n    if ((n = host(r)) == NULL) {\r\n        errno = 0;\r\n        return (-1);\r\n    }\r\n    rv = append_addr_host(b, n, test, not);\r\n    do {\r\n        h = n;\r\n        n = n->next;\r\n        free(h);\r\n    } while (n != NULL);\r\n    return (rv);\r\n}\r\n\r\n\/*\r\n * same as previous function, but with a pre-parsed input and the ability\r\n * to "negate" the result. Does not free the node_host list.\r\n * not:\r\n *      setting it to 1 is equivalent to adding "!" in front of parameter s.\r\n *\/\r\nint\r\nappend_addr_host(struct pfr_buffer *b, struct node_host *n, int test, int not)\r\n{\r\n    int          bits;\r\n    struct pfr_addr      addr;\r\n\r\n    do {\r\n        bzero(&addr, sizeof(addr));\r\n        addr.pfra_not = n->not ^ not;\r\n        addr.pfra_af = n->af;\r\n        addr.pfra_net = unmask(&n->addr.v.a.mask, n->af);            \/**< assign netmask, node_host -> pfr_addr *\/\r\n        switch (n->af) {\r\n        case AF_INET:\r\n            addr.pfra_ip4addr.s_addr = n->addr.v.a.addr.addr32[0];   \/**< assign address, node_host -> pfr_addr *\/\r\n            bits = 32;\r\n            break;\r\n        case AF_INET6:\r\n            memcpy(&addr.pfra_ip6addr, &n->addr.v.a.addr.v6,\r\n                sizeof(struct in6_addr));\r\n            bits = 128;\r\n            break;\r\n        default:\r\n            errno = EINVAL;\r\n            return (-1);\r\n        }\r\n        if ((test && (not || addr.pfra_net != bits)) ||              \/**< test = 0, not = 0 => bypass these lines *\/\r\n            addr.pfra_net > bits) {\r\n            errno = EINVAL;\r\n            return (-1);\r\n        }\r\n        if (pfr_buf_add(b, &addr))\r\n            return (-1);\r\n    } while ((n = n->next) != NULL);\r\n\r\n    return (0);\r\n}\r\n\r\nstruct node_host *\r\nhost(const char *s)\r\n{\r\n    struct node_host    *h = NULL;\r\n    int          mask, v4mask, v6mask, cont = 1;\r\n    char            *p, *q, *ps;\r\n\r\n    if ((p = strrchr(s, '\/')) != NULL) {\r\n        mask = strtol(p+1, &q, 0);\r\n        if (!q || *q || mask > 128 || q == (p+1)) {\r\n            fprintf(stderr, "invalid netmask '%s'\\n", p);\r\n            return (NULL);\r\n        }\r\n        if ((ps = malloc(strlen(s) - strlen(p) + 1)) == NULL)\r\n            err(1, "host: malloc");\r\n        strlcpy(ps, s, strlen(s) - strlen(p) + 1);\r\n        v4mask = v6mask = mask;\r\n    } else {\r\n        if ((ps = strdup(s)) == NULL)\r\n            err(1, "host: strdup");\r\n        v4mask = 32;\r\n        v6mask = 128;\r\n        mask = -1;\r\n    }\r\n\r\n    \/* interface with this name exists? *\/\r\n    if (cont && (h = host_if(ps, mask)) != NULL)\r\n        cont = 0;\r\n\r\n    \/* IPv4 address? *\/\r\n    if (cont && (h = host_v4(s, mask)) != NULL)\r\n        cont = 0;\r\n\r\n    \/* IPv6 address? *\/\r\n    if (cont && (h = host_v6(ps, v6mask)) != NULL)\r\n        cont = 0;\r\n\r\n    \/* dns lookup *\/\r\n    if (cont && (h = host_dns(ps, v4mask, v6mask)) != NULL)\r\n        cont = 0;\r\n    free(ps);\r\n\r\n    if (h == NULL || cont == 1) {\r\n        fprintf(stderr, "no IP address found for %s\\n", s);\r\n        return (NULL);\r\n    }\r\n    return (h);\r\n}\r\n\r\nstruct node_host *\r\nhost_v4(const char *s, int mask)\r\n{\r\n    struct node_host    *h = NULL;\r\n    struct in_addr       ina;\r\n    int          bits = 32;\r\n\r\n    memset(&ina, 0, sizeof(struct in_addr));\r\n    if (strrchr(s, '\/') != NULL) {\r\n        if ((bits = inet_net_pton(AF_INET, s, &ina, sizeof(ina))) == -1)     \/**< parse string, return netmask bits *\/\r\n            return (NULL);\r\n    } else {\r\n        if (inet_pton(AF_INET, s, &ina) != 1)\r\n            return (NULL);\r\n    }\r\n\r\n    h = calloc(1, sizeof(struct node_host));\r\n    if (h == NULL)\r\n        err(1, "address: calloc");\r\n    h->ifname = NULL;\r\n    h->af = AF_INET;\r\n    h->addr.v.a.addr.addr32[0] = ina.s_addr;\r\n    set_ipmask(h, bits);                                                     \/**< set IP mask *\/\r\n    h->next = NULL;\r\n    h->tail = h;\r\n\r\n    return (h);\r\n}\r\n\r\nvoid\r\nset_ipmask(struct node_host *h, u_int8_t b)\r\n{\r\n    struct pf_addr  *m, *n;\r\n    int      i, j = 0;\r\n\r\n    m = &h->addr.v.a.mask;\r\n    memset(m, 0, sizeof(*m));\r\n\r\n    while (b >= 32) {\r\n        m->addr32[j++] = 0xffffffff;\r\n        b -= 32;\r\n    }\r\n    for (i = 31; i > 31-b; --i)\r\n        m->addr32[j] |= (1 << i);\r\n    if (b)\r\n        m->addr32[j] = htonl(m->addr32[j]);\r\n\r\n    \/* Mask off bits of the address that will never be used. *\/\r\n    n = &h->addr.v.a.addr;\r\n    if (h->addr.type == PF_ADDR_ADDRMASK)\r\n        for (i = 0; i < 4; i++)\r\n            n->addr32[i] = n->addr32[i] & m->addr32[i];\r\n}\r\n<\/pre>\n
\r\n\/* buffer management code *\/\r\n\r\nsize_t buf_esize[PFRB_MAX] = { 0,\r\n    sizeof(struct pfr_table), sizeof(struct pfr_tstats),\r\n    sizeof(struct pfr_addr), sizeof(struct pfr_astats),\r\n    sizeof(struct pfi_kif), sizeof(struct pfioc_trans_e)\r\n};\r\n\r\n\/*\r\n * add one element to the buffer\r\n *\/\r\nint\r\npfr_buf_add(struct pfr_buffer *b, const void *e)\r\n{\r\n    size_t bs;\r\n\r\n    if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX ||\r\n        e == NULL) {\r\n        errno = EINVAL;\r\n        return (-1);\r\n    }\r\n    bs = buf_esize[b->pfrb_type];           \/**< choose buffer size, ex. sizeof(struct pfr_addr) *\/\r\n    if (b->pfrb_size == b->pfrb_msize)      \/**< no space left *\/\r\n        if (pfr_buf_grow(b, 0))             \/**< increase buffer *\/\r\n            return (-1);\r\n    memcpy(((caddr_t)b->pfrb_caddr) + bs * b->pfrb_size, e, bs);\r\n    b->pfrb_size++;\r\n    return (0);\r\n}\r\n\r\nint\r\npfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,\r\n    int *nadd, int flags)\r\n{\r\n    struct pfioc_table io;\r\n\r\n    if (tbl == NULL || size < 0 || (size && addr == NULL)) {\r\n        errno = EINVAL;\r\n        return (-1);\r\n    }\r\n    bzero(&io, sizeof io);\r\n    io.pfrio_flags = flags;\r\n    io.pfrio_table = *tbl;\r\n    io.pfrio_buffer = addr;\r\n    io.pfrio_esize = sizeof(*addr);\r\n    io.pfrio_size = size;\r\n    if (ioctl(dev, DIOCRADDADDRS, &io))\r\n        return (-1);\r\n    if (nadd != NULL)\r\n        *nadd = io.pfrio_nadd;\r\n    return (0);\r\n}\r\n<\/pre>\n
Pointer Handling<\/h3>\n
Pointer Arithmetic<\/a><\/p>\n
\r\narr[ i ] == * ( arr + i )\r\n\r\nex.\r\nsizeof(unsigned long) = 64-bit = 8 byte\r\nunsigned long arr[2];\r\n&arr[0] = (arr + 0) = 0x608ea0\r\n&arr[1] = (arr + 1) = 0x608ea8\r\n<\/pre>\n
\r\n(gdb) p &entry.allocator[0]         (gdb) p &((ethernet_header_t *) entry.allocator)[0]  \r\n$19 = (header_t *) 0x608e90         $21 = (struct _ethernet_header_t *) 0x608e90\r\n\r\n\r\n(gdb) p &entry.allocator[1]         (gdb) p &((ethernet_header_t *) entry.allocator)[1]\r\n$20 = (header_t *) 0x608eb8         $22 = (struct _ethernet_header_t *) 0x608ed0\r\n   \r\n            \r\n(gdb) p sizeof(header_t)            (gdb) p sizeof(ethernet_header_t)\r\n$24 = 40 = 0x28                     $23 = 64 = 0x40\r\n\r\n  0x608e90                            0x608e90\r\n+ 0x000028                          + 0x000040\r\n----------                          ----------\r\n  0x608eb8                            0x608ed0\r\n===========                         ===========\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
bind: blackhole for invalid recursive queries? Disabling Root DNS Server queries on Redhat linux Ubuntu server 12.04 bind9 dns query rejected Using FreeBSD’s BPF device with C\/C++ Socket Compiler Error Compile Error in using \/usr\/include\/net\/if.h compile problems on freebsd SVNWEB sys\/pf sbin\/pfctl [root@gateway ~]# pfctl -t hacker -T add 192.168.0.2 192.168.0.3 192.168.0.4 1 table created. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2461","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/2461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2461"}],"version-history":[{"count":38,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/2461\/revisions"}],"predecessor-version":[{"id":2779,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/2461\/revisions\/2779"}],"wp:attachment":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}