summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2007-08-01 09:31:42 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2007-08-01 09:31:42 +0000
commit7c722291d4bda7e77a0fc17886ff389aec09dc40 (patch)
treeb36a0f1ad1b16a3dc53b12101cb09e45c2a75e71
parent036acacbc841e3464ab5e9224b6dacf1d514044f (diff)
allow ftp-proxy to add tag statements to teh rules it inserts
clever, nice and easy diff from bsd@openbsd.rutgers.edu, ok pyr reyk
-rw-r--r--usr.sbin/ftp-proxy/filter.c9
-rw-r--r--usr.sbin/ftp-proxy/filter.h4
-rw-r--r--usr.sbin/ftp-proxy/ftp-proxy.89
-rw-r--r--usr.sbin/ftp-proxy/ftp-proxy.c16
4 files changed, 26 insertions, 12 deletions
diff --git a/usr.sbin/ftp-proxy/filter.c b/usr.sbin/ftp-proxy/filter.c
index f86429db51d..b33c541457a 100644
--- a/usr.sbin/ftp-proxy/filter.c
+++ b/usr.sbin/ftp-proxy/filter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: filter.c,v 1.5 2006/12/01 07:31:21 camield Exp $ */
+/* $OpenBSD: filter.c,v 1.6 2007/08/01 09:31:41 henning Exp $ */
/*
* Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
@@ -53,7 +53,7 @@ static struct pfioc_rule pfr;
static struct pfioc_trans pft;
static struct pfioc_trans_e pfte[TRANS_SIZE];
static int dev, rule_log;
-static char *qname;
+static char *qname, *tagname;
int
add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src,
@@ -159,11 +159,12 @@ do_rollback(void)
}
void
-init_filter(char *opt_qname, int opt_verbose)
+init_filter(char *opt_qname, char *opt_tagname, int opt_verbose)
{
struct pf_status status;
qname = opt_qname;
+ tagname = opt_tagname;
if (opt_verbose == 1)
rule_log = PF_LOG;
@@ -276,6 +277,8 @@ prepare_rule(u_int32_t id, int rs_num, struct sockaddr *src,
}
pfr.rule.dst.port_op = PF_OP_EQ;
pfr.rule.dst.port[0] = htons(d_port);
+ if (tagname != NULL)
+ strlcpy(pfr.rule.tagname, tagname, sizeof pfr.rule.tagname);
switch (rs_num) {
case PF_RULESET_FILTER:
diff --git a/usr.sbin/ftp-proxy/filter.h b/usr.sbin/ftp-proxy/filter.h
index 6779c597446..150bc49d3ce 100644
--- a/usr.sbin/ftp-proxy/filter.h
+++ b/usr.sbin/ftp-proxy/filter.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: filter.h,v 1.3 2005/06/07 14:12:07 camield Exp $ */
+/* $OpenBSD: filter.h,v 1.4 2007/08/01 09:31:41 henning Exp $ */
/*
* Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
@@ -26,6 +26,6 @@ int add_rdr(u_int32_t, struct sockaddr *, struct sockaddr *, u_int16_t,
struct sockaddr *, u_int16_t);
int do_commit(void);
int do_rollback(void);
-void init_filter(char *, int);
+void init_filter(char *, char *, int);
int prepare_commit(u_int32_t);
int server_lookup(struct sockaddr *, struct sockaddr *, struct sockaddr *);
diff --git a/usr.sbin/ftp-proxy/ftp-proxy.8 b/usr.sbin/ftp-proxy/ftp-proxy.8
index d0f26d99a08..d88ab514552 100644
--- a/usr.sbin/ftp-proxy/ftp-proxy.8
+++ b/usr.sbin/ftp-proxy/ftp-proxy.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ftp-proxy.8,v 1.8 2007/05/31 19:20:23 jmc Exp $
+.\" $OpenBSD: ftp-proxy.8,v 1.9 2007/08/01 09:31:41 henning Exp $
.\"
.\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: August 1 2007 $
.Dt FTP-PROXY 8
.Os
.Sh NAME
@@ -32,6 +32,7 @@
.Op Fl q Ar queue
.Op Fl R Ar address
.Op Fl t Ar timeout
+.Op Fl T Ar tag
.Sh DESCRIPTION
.Nm
is a proxy for the Internet File Transfer Protocol.
@@ -134,6 +135,10 @@ proxy will disconnect.
The maximum is 86400 seconds, which is also the default.
Do not set this too low, because the control connection is usually
idle when large data transfers are taking place.
+.It Fl T Ar tag
+Automatically tag packets passing through the
+.Xr pf 4
+rule with the name supplied.
.It Fl v
Set the 'log' flag on pf rules committed by
.Nm .
diff --git a/usr.sbin/ftp-proxy/ftp-proxy.c b/usr.sbin/ftp-proxy/ftp-proxy.c
index 99e417472fb..a5e585ecbe1 100644
--- a/usr.sbin/ftp-proxy/ftp-proxy.c
+++ b/usr.sbin/ftp-proxy/ftp-proxy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ftp-proxy.c,v 1.13 2006/12/30 13:24:00 camield Exp $ */
+/* $OpenBSD: ftp-proxy.c,v 1.14 2007/08/01 09:31:41 henning Exp $ */
/*
* Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
@@ -113,7 +113,7 @@ char ntop_buf[NTOP_BUFS][INET6_ADDRSTRLEN];
struct sockaddr_storage fixed_server_ss, fixed_proxy_ss;
char *fixed_server, *fixed_server_port, *fixed_proxy, *listen_ip, *listen_port,
- *qname;
+ *qname, *tagname;
int anonymous_only, daemonize, id_count, ipv6_mode, loglevel, max_sessions,
rfc_mode, session_count, timeout, verbose;
extern char *__progname;
@@ -588,6 +588,7 @@ main(int argc, char *argv[])
max_sessions = 100;
qname = NULL;
rfc_mode = 0;
+ tagname = NULL;
timeout = 24 * 3600;
verbose = 0;
@@ -595,7 +596,7 @@ main(int argc, char *argv[])
id_count = 1;
session_count = 0;
- while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rt:v")) != -1) {
+ while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rT:t:v")) != -1) {
switch (ch) {
case '6':
ipv6_mode = 1;
@@ -640,6 +641,11 @@ main(int argc, char *argv[])
case 'r':
rfc_mode = 1;
break;
+ case 'T':
+ if (strlen(optarg) >= PF_TAG_NAME_SIZE)
+ errx(1, "tagname too long");
+ tagname = optarg;
+ break;
case 't':
timeout = strtonum(optarg, 0, 86400, &errstr);
if (errstr)
@@ -720,7 +726,7 @@ main(int argc, char *argv[])
freeaddrinfo(res);
/* Initialize pf. */
- init_filter(qname, verbose);
+ init_filter(qname, tagname, verbose);
if (daemonize) {
if (daemon(0, 0) == -1)
@@ -1088,6 +1094,6 @@ usage(void)
{
fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]"
" [-D level] [-m maxsessions]\n [-P port]"
- " [-p port] [-q queue] [-R address] [-t timeout]\n", __progname);
+ " [-p port] [-q queue] [-R address] [-T tag] [-t timeout]\n", __progname);
exit(1);
}