minor compile fixes for FreeBSD
authorMichael Rash <mbr@cipherdyne.org>
Sat, 3 Dec 2011 18:10:35 +0000 (13:10 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 3 Dec 2011 18:10:35 +0000 (13:10 -0500)
server/access.c
server/fw_util_ipfw.c
server/incoming_spa.c

index 3633e88..889d2f7 100644 (file)
@@ -132,6 +132,7 @@ add_acc_expire_time_epoch(fko_srv_options_t *opts, time_t *access_expire_time, c
     return;
 }
 
+#if FIREWALL_IPTABLES
 static void
 add_acc_force_nat(fko_srv_options_t *opts, acc_stanza_t *curr_acc, const char *val)
 {
@@ -159,6 +160,7 @@ add_acc_force_nat(fko_srv_options_t *opts, acc_stanza_t *curr_acc, const char *v
 
     return;
 }
+#endif
 
 /* Take an IP or Subnet/Mask and convert it to mask for later
  * comparisons of incoming source IPs against this mask.
@@ -950,6 +952,7 @@ parse_access_file(fko_srv_options_t *opts)
         }
         else if(CONF_VAR_IS(var, "FORCE_NAT"))
         {
+#if FIREWALL_IPTABLES
             if(strncasecmp(opts->config[CONF_ENABLE_IPT_FORWARDING], "Y", 1) !=0 )
             {
                 fprintf(stderr,
@@ -957,6 +960,11 @@ parse_access_file(fko_srv_options_t *opts)
                 clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
             }
             add_acc_force_nat(opts, curr_acc, val);
+#else
+            fprintf(stderr,
+                "[*] FORCE_NAT not supported.\n");
+            clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
+#endif
         }
         else
         {
index 6e2370e..2134d46 100644 (file)
@@ -217,7 +217,7 @@ fw_initialize(const fko_srv_options_t *opts)
     if(res != 0)
     {
         fprintf(stderr, "Fatal: Errors detected during ipfw rules initialization.\n");
-        clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
+        exit(EXIT_FAILURE);
     }
 
     /* Allocate our rule_map array for tracking active (and expired) rules.
@@ -227,7 +227,7 @@ fw_initialize(const fko_srv_options_t *opts)
     if(fwc.rule_map == NULL)
     {
         fprintf(stderr, "Fatal: Memory allocation error in fw_initialize.\n");
-        clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
+        exit(EXIT_FAILURE);
     }
 
     /* Create a check-state rule if necessary.
index c625e4d..27e17f0 100644 (file)
@@ -515,6 +515,7 @@ incoming_spa(fko_srv_options_t *opts)
               || spadat.message_type == FKO_NAT_ACCESS_MSG
               || spadat.message_type == FKO_CLIENT_TIMEOUT_NAT_ACCESS_MSG)
         {
+#if FIREWALL_IPTABLES
             if(strncasecmp(opts->config[CONF_ENABLE_IPT_FORWARDING], "Y", 1)!=0)
             {
                 log_msg(LOG_WARNING,
@@ -527,6 +528,17 @@ incoming_spa(fko_srv_options_t *opts)
                 acc = acc->next;
                 continue;
             }
+#else
+            log_msg(LOG_WARNING,
+                "(stanza #%d) SPA packet from %s requested unsupported NAT access",
+                stanza_num, spadat.pkt_source_ip
+            );
+
+            if(ctx != NULL)
+                fko_destroy(ctx);
+            acc = acc->next;
+            continue;
+#endif
         }
 
         /* Command messages.