summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorpattonme <pattonme@cvs.openbsd.org>1998-09-15 09:57:30 +0000
committerpattonme <pattonme@cvs.openbsd.org>1998-09-15 09:57:30 +0000
commitd9d8ce366401519cd4b75ad150279eee6fc080b1 (patch)
tree6d65329fabdd7ef97478813710114fa2643ed2bc
parent3cd9ba287f3c67bf9402a9ed3c86974e71a32d7e (diff)
Updated to v3.2.9 of Darren's codebase. His code reimplements variable
locking, replaces u_long's with u_32_t to properly handle 64bit archs. Wrapped OpenBSD specific preprocessor logic.
-rw-r--r--sbin/ipnat/Makefile4
-rw-r--r--sbin/ipnat/ipnat.1115
-rw-r--r--sbin/ipnat/ipnat.420
-rw-r--r--sbin/ipnat/ipnat.520
-rw-r--r--sbin/ipnat/ipnat.c88
5 files changed, 138 insertions, 109 deletions
diff --git a/sbin/ipnat/Makefile b/sbin/ipnat/Makefile
index 07fdcf86220..2b00fc105da 100644
--- a/sbin/ipnat/Makefile
+++ b/sbin/ipnat/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.3 1998/01/26 04:13:45 dgregor Exp $
+# $OpenBSD: Makefile,v 1.4 1998/09/15 09:57:29 pattonme Exp $
PROG= ipnat
MAN= ipnat.1 ipnat.4 ipnat.5
SRCS= ipnat.c kmem.c
.PATH: ${.CURDIR}/../ipfstat
-CFLAGS+=-DIPL_NAME=\"/dev/ipl\" -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../sbin/ipfstat
+CFLAGS+=-I${.CURDIR}/../../sbin/ipfstat
.include <bsd.prog.mk>
diff --git a/sbin/ipnat/ipnat.1 b/sbin/ipnat/ipnat.1
index 14f3c38d584..34169917328 100644
--- a/sbin/ipnat/ipnat.1
+++ b/sbin/ipnat/ipnat.1
@@ -1,74 +1,61 @@
-.\" $OpenBSD: ipnat.1,v 1.12 1998/03/22 05:31:08 johns Exp $
-.\"
-.\" Manual page, using -mandoc macros
-.\"
-.Dd
-.Dt IPNAT 1
-.Os
-.Sh NAME
-.Nm ipnat
-.Nd user interface to the NAT
-.Sh SYNOPSIS
-.Nm ipnat
-.Op Fl lnrsvCF
-.Fl f Ar filename
-.Sh DESCRIPTION
-.Nm ipnat
-opens the filename given (treating "-" as stdin) and parses the
-file for a set of rules which are to be added or remove from the IP NAT.
-.Pp
-Each rule processed by
-.Nm ipnat
+.TH IPNAT 1
+.SH NAME
+ipnat \- user interface to the NAT
+.SH SYNOPSIS
+.B ipnat
+[
+.B \-lnrsvCF
+]
+.B \-f
+<filename>
+.SH DESCRIPTION
+.PP
+\fBipnat\fP opens the filename given (treating "\-" as stdin) and parses the
+file for a set of rules which are to be added or removed from the IP NAT.
+.PP
+Each rule processed by \fBipnat\fP
is added to the kernels internal lists if there are no parsing problems.
Rules are added to the end of the internal lists, matching the order in
-which they appear when given to
-.Nm ipnat .
-.Sh OPTIONS
-.Bl -tag -width -Cs
-.It Fl C
+which they appear when given to \fBipnat\fP.
+.SH OPTIONS
+.TP
+.B \-C
delete all entries in the current NAT listing (NAT rules)
-.It Fl F
+.TP
+.B \-F
delete all active entries in the current NAT table (currently active
NAT mappings)
-.It Fl l
+.TP
+.B \-l
Show the list of current NAT table entry mappings.
-.It Fl n
-This flag (no-change) prevents
-.Nm ipf
-from actually making any ioctl
+.TP
+.B \-n
+This flag (no-change) prevents \fBipf\fP from actually making any ioctl
calls or doing anything which would alter the currently running kernel.
-.It Fl s
+.TP
+.B \-s
Retrieve and display NAT statistics
-.It Fl r
+.TP
+.B \-r
Remove matching NAT rules rather than add them to the internal lists
-.It Fl v
+.TP
+.B \-v
Turn verbose mode on. Displays information relating to rule processing.
-.El
-.Sh EXAMPLES
-To use
-.Nm ipnat
-with a dynamic ppp connection one can enable the address translation
-in the
-.Pa /etc/ppp/ip-up
-script:
-.Bd -literal
-/sbin/ipnat -CF -f /etc/ipnat.rules
-/sbin/ipf -E
-.Ed
-.Pp
-To translate addresses from the internal 192.168.1.0/8 network
-.Pa /etc/ipnat.rules
-should look like this:
-.Bd -literal
-map ppp0 192.168.1.0/8 -> 0/32 portmap tcp/udp 10000:20000
-map ppp0 192.168.1.0/8 -> 0/32
-.Ed
-.Sh FILES
-.Pa /usr/share/ipf
--- sample configuration files.
-.Sh SEE ALSO
-.Xr ipfstat 1 ,
-.Xr ipftest 1 ,
-.Xr ipf 1 ,
-.Xr ipnat 4 ,
-.Xr ipnat 5 .
+.DT
+.SH FILES
+\fI/usr/share/ipf\fP -- sample configuration files.
+.br
+/dev/ipnat
+.SH SEE ALSO
+ipf(1), ipftest(1), ipf(4), ipl(4), ipnat(4), ipf(5), ipnat(5), ipfstat(8), ip
+mon(8)
+.br
+http://coombs.anu.edu.au/ipfilter/
+.SH DIAGNOSTICS
+.PP
+Needs to be run as root for the address translation list to actually
+be affected inside the kernel.
+.SH BUGS
+.PP
+If you find any, please send email to me at darrenr@pobox.com
+
diff --git a/sbin/ipnat/ipnat.4 b/sbin/ipnat/ipnat.4
index 551dfe4641b..eae8e06bc96 100644
--- a/sbin/ipnat/ipnat.4
+++ b/sbin/ipnat/ipnat.4
@@ -1,13 +1,13 @@
-.\" $OpenBSD: ipnat.4,v 1.7 1998/01/26 04:13:47 dgregor Exp $
+.\" $OpenBSD: ipnat.4,v 1.8 1998/09/15 09:57:29 pattonme Exp $
.TH IPNAT 4
.SH NAME
ipnat \- Network Address Translation kernel interface
.SH SYNOPSIS
.nf
-#include <sys/ip_fil_compat.h>
-#include <sys/ip_fil.h>
-#include <sys/ip_proxy.h>
-#include <sys/ip_nat.h>
+#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_fil.h>
+#include <netinets/ip_proxy.h>
+#include <netinet/ip_nat.h>
.fi
.SH IOCTLS
.PP
@@ -87,8 +87,14 @@ typedef struct natstat {
ipnat_t *ns_list;
} natstat_t;
.fi
+.SH FILES
+\fI/usr/share/ipf\fP -- sample configuration files.
+.br
+/dev/ipnat
+.SH SEE ALSO
+ipf(1), ipftest(1), ipnat(1), ipf(4), ipl(4), ipf(5), ipnat(5), ipfstat(8), ipmon(8)
+.br
+http://coombs.anu.edu.au/ipfilter/
.SH BUGS
It would be nice if there were more flexibility when adding and deleting
filter rules.
-.SH SEE ALSO
-ipfstat(1), ipf(1), ipnat(1), ipf(4), ipnat(5)
diff --git a/sbin/ipnat/ipnat.5 b/sbin/ipnat/ipnat.5
index 04c3bae2c1b..c4d671bebc0 100644
--- a/sbin/ipnat/ipnat.5
+++ b/sbin/ipnat/ipnat.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ipnat.5,v 1.5 1998/01/26 04:13:48 dgregor Exp $
+.\" $OpenBSD: ipnat.5,v 1.6 1998/09/15 09:57:29 pattonme Exp $
.TH IPNAT 5
.SH NAME
ipnat \- IP NAT file format
@@ -37,11 +37,11 @@ port number. Either TCP or UDP or both can be selected by each rule, with a
range of port numbers to remap into given as \fBport-number:port-number\fP.
.SH Examples
.PP
-To change IP#'s used internally from network 10 into an ISP provided 8 bit
-subnet at 209.1.2.0, the following would be used:
+To change IP numbers used internally from network 10 into an ISP provided 8 bit
+subnet at 209.1.2.0 through the ppp0 interface, the following would be used:
.LP
.nf
-map 10.0.0.0/8 -> 209.1.2.0/24
+map ppp0 10.0.0.0/8 -> 209.1.2.0/24
.fi
.PP
The obvious problem here is we're trying to squeeze over 16,000,000 IP
@@ -49,7 +49,7 @@ addresses into a 254 address space. To increase the scope, remapping for TCP
and/or UDP, port remapping can be used;
.LP
.nf
-map 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
+map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
.fi
.PP
which falls only 527,566 `addresses' short of the space available in network
@@ -57,8 +57,8 @@ which falls only 527,566 `addresses' short of the space available in network
follows:
.LP
.nf
-map 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
-map 10.0.0.0/8 -> 209.1.2.0/24
+map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
+map ppp0 10.0.0.0/8 -> 209.1.2.0/24
.fi
.PP
so that all TCP/UDP packets were port mapped and only other protocols, such as
@@ -67,5 +67,9 @@ ICMP, only have their IP# changed.
/etc/services
.br
/etc/hosts
+.br
+/dev/ipnat
.SH SEE ALSO
-ipnat(1), ipf(5), ipnat(4), ipnat(5)
+ipf(1), ipftest(1), ipnat(1), ipf(4), ipl(4), ipnat(4), ipf(5), ipfstat(8), ipmon(8)
+.br
+http://coombs.anu.edu.au/ipfilter/
diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c
index bf23505d4f4..4434ef64581 100644
--- a/sbin/ipnat/ipnat.c
+++ b/sbin/ipnat/ipnat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipnat.c,v 1.22 1998/03/21 22:42:13 millert Exp $ */
+/* $OpenBSD: ipnat.c,v 1.23 1998/09/15 09:57:29 pattonme Exp $ */
/*
* Copyright (C) 1993-1997 by Darren Reed.
*
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
+#include <errno.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
@@ -47,15 +48,26 @@
#include <arpa/inet.h>
#include <resolv.h>
#include <ctype.h>
-#include "ip_fil_compat.h"
-#include "ip_fil.h"
-#include "ip_proxy.h"
-#include "ip_nat.h"
+#if defined(__OpenBSD__)
+# include <netinet/ip_fil_compat.h>
+#else
+# include <netinet/ip_compat.h>
+#endif
+#include <netinet/ip_fil.h>
+#include <netinet/ip_proxy.h>
+#include <netinet/ip_nat.h>
#include "kmem.h"
+#if defined(sun) && !SOLARIS2
+# define STRERROR(x) sys_errlist[x]
+extern char *sys_errlist[];
+#else
+# define STRERROR(x) strerror(x)
+#endif
+
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.22 1998/03/21 22:42:13 millert Exp $";
+static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.23 1998/09/15 09:57:29 pattonme Exp $";
#endif
@@ -66,14 +78,14 @@ static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.22 1998/03/21 22:42:13 millert
extern char *optarg;
ipnat_t *parse __P((char *));
-u_int hostnum __P((char *, int *));
-u_int hostmask __P((char *));
+u_32_t hostnum __P((char *, int *));
+u_32_t hostmask __P((char *));
u_short portnum __P((char *, char *));
void dostats __P((int, int)), flushtable __P((int, int));
void printnat __P((ipnat_t *, int, void *));
void parsefile __P((int, char *, int));
void usage __P((char *));
-int countbits __P((u_int));
+int countbits __P((u_32_t));
char *getnattype __P((ipnat_t *));
int main __P((int, char*[]));
@@ -134,7 +146,8 @@ char *argv[];
if (!(opts & OPT_NODO) && ((fd = open(IPL_NAT, O_RDWR)) == -1) &&
((fd = open(IPL_NAT, O_RDONLY)) == -1)) {
- perror("open "IPL_NAT);
+ (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT,
+ STRERROR(errno));
exit(-1);
}
@@ -154,9 +167,9 @@ char *argv[];
* of bits.
*/
int countbits(ip)
-u_int ip;
+u_32_t ip;
{
- u_int ipn;
+ u_32_t ipn;
int cnt = 0, i, j;
ip = ipn = ntohl(ip);
@@ -361,7 +374,7 @@ int fd, opts;
ntohs(nat.nat_outport));
printf(" [%s %hu]", inet_ntoa(nat.nat_oip),
ntohs(nat.nat_oport));
- printf(" %ld %hu %lx", nat.nat_age,
+ printf(" %ld %hu %x", nat.nat_age,
nat.nat_use, nat.nat_sumd);
#if SOLARIS
printf(" %lx", nat.nat_ipsumd);
@@ -409,18 +422,18 @@ char *name, *proto;
}
-u_int hostmask(msk)
+u_32_t hostmask(msk)
char *msk;
{
int bits = -1;
- u_int mask;
+ u_32_t mask;
if (!isdigit(*msk))
- return (u_int)-1;
+ return (u_32_t)-1;
if (strchr(msk, '.'))
return inet_addr(msk);
if (strchr(msk, 'x'))
- return (u_int)strtol(msk, NULL, 0);
+ return (u_32_t)strtol(msk, NULL, 0);
/*
* set x most significant bits
*/
@@ -432,12 +445,19 @@ char *msk;
return mask;
}
-/*
- * get_if_addr(): given a string containing an interface name (e.g. "ppp0")
- * return the IP address it represents as an unsigned int
+
+#if defined(__OpenBSD__)
+/*
+ * get_if_addr():
+ * given a string containing an interface name (e.g. "ppp0")
+ * return the IP address it represents as an unsigned int
+ *
+ * The OpenBSD community considers this feature to be quite useful and
+ * suggests inclusion into other platforms. The closest alternative is
+ * to define /etc/networks with suitable values.
*/
-u_int if_addr(name)
-char *name;
+u_32_t if_addr(name)
+char *name;
{
struct ifconf ifc;
struct ifreq ifreq, *ifr;
@@ -448,7 +468,7 @@ char *name;
warn("socket");
return INADDR_NONE;
}
-
+
while (1) {
ifc.ifc_len = len;
ifc.ifc_buf = inbuf = realloc(inbuf, len);
@@ -471,7 +491,7 @@ char *name;
? ifr->ifr_addr.sa_len
: sizeof(struct sockaddr));
if (!strncmp(ifreq.ifr_name, ifr->ifr_name,
- sizeof(ifr->ifr_name)))
+ sizeof(ifr->ifr_name)))
continue;
ifreq = *ifr;
if (ioctl(s, SIOCGIFADDR, (caddr_t)ifr) < 0) {
@@ -488,22 +508,28 @@ char *name;
return (sin->sin_addr.s_addr);
}
}
+
if_addr_lose:
close(s);
free(inbuf);
return INADDR_NONE;
}
+#endif
+
/*
- * returns an ip address as an int var as a result of either a DNS lookup or
+ * returns an ip address as a long var as a result of either a DNS lookup or
* straight inet_addr() call
*/
-u_int hostnum(host, resolved)
+u_32_t hostnum(host, resolved)
char *host;
int *resolved;
{
struct hostent *hp;
struct netent *np;
+#if defined(__OpenBSD__)
+ u_32_t addr;
+#endif
*resolved = 0;
if (!strcasecmp("any", host))
@@ -513,9 +539,11 @@ int *resolved;
if (!(hp = gethostbyname(host))) {
if (!(np = getnetbyname(host))) {
- u_int addr;
+#if defined(__OpenBSD__)
+ /* attempt a map from interface name to address */
if ((addr = if_addr(host)) != INADDR_NONE)
return addr;
+#endif
*resolved = -1;
fprintf(stderr, "can't resolve hostname: %s\n", host);
return 0;
@@ -756,6 +784,9 @@ char *line;
"missing parameter for \"proxy\"\n");
return NULL;
}
+ } else {
+ fprintf(stderr, "missing keyword \"port\"\n");
+ return NULL;
}
if ((proto = index(s, '/'))) {
*proto++ = '\0';
@@ -825,7 +856,8 @@ int opts;
if (strcmp(file, "-")) {
if (!(fp = fopen(file, "r"))) {
- perror(file);
+ (void) fprintf(stderr, "%s: open: %s\n", file,
+ STRERROR(errno));
exit(1);
}
} else