diff options
author | pattonme <pattonme@cvs.openbsd.org> | 1998-09-15 09:57:30 +0000 |
---|---|---|
committer | pattonme <pattonme@cvs.openbsd.org> | 1998-09-15 09:57:30 +0000 |
commit | d9d8ce366401519cd4b75ad150279eee6fc080b1 (patch) | |
tree | 6d65329fabdd7ef97478813710114fa2643ed2bc | |
parent | 3cd9ba287f3c67bf9402a9ed3c86974e71a32d7e (diff) |
Updated to v3.2.9 of Darren's codebase. His code reimplements variable
locking, replaces u_long's with u_32_t to properly handle 64bit archs.
Wrapped OpenBSD specific preprocessor logic.
-rw-r--r-- | sbin/ipnat/Makefile | 4 | ||||
-rw-r--r-- | sbin/ipnat/ipnat.1 | 115 | ||||
-rw-r--r-- | sbin/ipnat/ipnat.4 | 20 | ||||
-rw-r--r-- | sbin/ipnat/ipnat.5 | 20 | ||||
-rw-r--r-- | sbin/ipnat/ipnat.c | 88 |
5 files changed, 138 insertions, 109 deletions
diff --git a/sbin/ipnat/Makefile b/sbin/ipnat/Makefile index 07fdcf86220..2b00fc105da 100644 --- a/sbin/ipnat/Makefile +++ b/sbin/ipnat/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.3 1998/01/26 04:13:45 dgregor Exp $ +# $OpenBSD: Makefile,v 1.4 1998/09/15 09:57:29 pattonme Exp $ PROG= ipnat MAN= ipnat.1 ipnat.4 ipnat.5 SRCS= ipnat.c kmem.c .PATH: ${.CURDIR}/../ipfstat -CFLAGS+=-DIPL_NAME=\"/dev/ipl\" -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../sbin/ipfstat +CFLAGS+=-I${.CURDIR}/../../sbin/ipfstat .include <bsd.prog.mk> diff --git a/sbin/ipnat/ipnat.1 b/sbin/ipnat/ipnat.1 index 14f3c38d584..34169917328 100644 --- a/sbin/ipnat/ipnat.1 +++ b/sbin/ipnat/ipnat.1 @@ -1,74 +1,61 @@ -.\" $OpenBSD: ipnat.1,v 1.12 1998/03/22 05:31:08 johns Exp $ -.\" -.\" Manual page, using -mandoc macros -.\" -.Dd -.Dt IPNAT 1 -.Os -.Sh NAME -.Nm ipnat -.Nd user interface to the NAT -.Sh SYNOPSIS -.Nm ipnat -.Op Fl lnrsvCF -.Fl f Ar filename -.Sh DESCRIPTION -.Nm ipnat -opens the filename given (treating "-" as stdin) and parses the -file for a set of rules which are to be added or remove from the IP NAT. -.Pp -Each rule processed by -.Nm ipnat +.TH IPNAT 1 +.SH NAME +ipnat \- user interface to the NAT +.SH SYNOPSIS +.B ipnat +[ +.B \-lnrsvCF +] +.B \-f +<filename> +.SH DESCRIPTION +.PP +\fBipnat\fP opens the filename given (treating "\-" as stdin) and parses the +file for a set of rules which are to be added or removed from the IP NAT. +.PP +Each rule processed by \fBipnat\fP is added to the kernels internal lists if there are no parsing problems. Rules are added to the end of the internal lists, matching the order in -which they appear when given to -.Nm ipnat . -.Sh OPTIONS -.Bl -tag -width -Cs -.It Fl C +which they appear when given to \fBipnat\fP. +.SH OPTIONS +.TP +.B \-C delete all entries in the current NAT listing (NAT rules) -.It Fl F +.TP +.B \-F delete all active entries in the current NAT table (currently active NAT mappings) -.It Fl l +.TP +.B \-l Show the list of current NAT table entry mappings. -.It Fl n -This flag (no-change) prevents -.Nm ipf -from actually making any ioctl +.TP +.B \-n +This flag (no-change) prevents \fBipf\fP from actually making any ioctl calls or doing anything which would alter the currently running kernel. -.It Fl s +.TP +.B \-s Retrieve and display NAT statistics -.It Fl r +.TP +.B \-r Remove matching NAT rules rather than add them to the internal lists -.It Fl v +.TP +.B \-v Turn verbose mode on. Displays information relating to rule processing. -.El -.Sh EXAMPLES -To use -.Nm ipnat -with a dynamic ppp connection one can enable the address translation -in the -.Pa /etc/ppp/ip-up -script: -.Bd -literal -/sbin/ipnat -CF -f /etc/ipnat.rules -/sbin/ipf -E -.Ed -.Pp -To translate addresses from the internal 192.168.1.0/8 network -.Pa /etc/ipnat.rules -should look like this: -.Bd -literal -map ppp0 192.168.1.0/8 -> 0/32 portmap tcp/udp 10000:20000 -map ppp0 192.168.1.0/8 -> 0/32 -.Ed -.Sh FILES -.Pa /usr/share/ipf --- sample configuration files. -.Sh SEE ALSO -.Xr ipfstat 1 , -.Xr ipftest 1 , -.Xr ipf 1 , -.Xr ipnat 4 , -.Xr ipnat 5 . +.DT +.SH FILES +\fI/usr/share/ipf\fP -- sample configuration files. +.br +/dev/ipnat +.SH SEE ALSO +ipf(1), ipftest(1), ipf(4), ipl(4), ipnat(4), ipf(5), ipnat(5), ipfstat(8), ip +mon(8) +.br +http://coombs.anu.edu.au/ipfilter/ +.SH DIAGNOSTICS +.PP +Needs to be run as root for the address translation list to actually +be affected inside the kernel. +.SH BUGS +.PP +If you find any, please send email to me at darrenr@pobox.com + diff --git a/sbin/ipnat/ipnat.4 b/sbin/ipnat/ipnat.4 index 551dfe4641b..eae8e06bc96 100644 --- a/sbin/ipnat/ipnat.4 +++ b/sbin/ipnat/ipnat.4 @@ -1,13 +1,13 @@ -.\" $OpenBSD: ipnat.4,v 1.7 1998/01/26 04:13:47 dgregor Exp $ +.\" $OpenBSD: ipnat.4,v 1.8 1998/09/15 09:57:29 pattonme Exp $ .TH IPNAT 4 .SH NAME ipnat \- Network Address Translation kernel interface .SH SYNOPSIS .nf -#include <sys/ip_fil_compat.h> -#include <sys/ip_fil.h> -#include <sys/ip_proxy.h> -#include <sys/ip_nat.h> +#include <netinet/ip_fil_compat.h> +#include <netinet/ip_fil.h> +#include <netinets/ip_proxy.h> +#include <netinet/ip_nat.h> .fi .SH IOCTLS .PP @@ -87,8 +87,14 @@ typedef struct natstat { ipnat_t *ns_list; } natstat_t; .fi +.SH FILES +\fI/usr/share/ipf\fP -- sample configuration files. +.br +/dev/ipnat +.SH SEE ALSO +ipf(1), ipftest(1), ipnat(1), ipf(4), ipl(4), ipf(5), ipnat(5), ipfstat(8), ipmon(8) +.br +http://coombs.anu.edu.au/ipfilter/ .SH BUGS It would be nice if there were more flexibility when adding and deleting filter rules. -.SH SEE ALSO -ipfstat(1), ipf(1), ipnat(1), ipf(4), ipnat(5) diff --git a/sbin/ipnat/ipnat.5 b/sbin/ipnat/ipnat.5 index 04c3bae2c1b..c4d671bebc0 100644 --- a/sbin/ipnat/ipnat.5 +++ b/sbin/ipnat/ipnat.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipnat.5,v 1.5 1998/01/26 04:13:48 dgregor Exp $ +.\" $OpenBSD: ipnat.5,v 1.6 1998/09/15 09:57:29 pattonme Exp $ .TH IPNAT 5 .SH NAME ipnat \- IP NAT file format @@ -37,11 +37,11 @@ port number. Either TCP or UDP or both can be selected by each rule, with a range of port numbers to remap into given as \fBport-number:port-number\fP. .SH Examples .PP -To change IP#'s used internally from network 10 into an ISP provided 8 bit -subnet at 209.1.2.0, the following would be used: +To change IP numbers used internally from network 10 into an ISP provided 8 bit +subnet at 209.1.2.0 through the ppp0 interface, the following would be used: .LP .nf -map 10.0.0.0/8 -> 209.1.2.0/24 +map ppp0 10.0.0.0/8 -> 209.1.2.0/24 .fi .PP The obvious problem here is we're trying to squeeze over 16,000,000 IP @@ -49,7 +49,7 @@ addresses into a 254 address space. To increase the scope, remapping for TCP and/or UDP, port remapping can be used; .LP .nf -map 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 +map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 .fi .PP which falls only 527,566 `addresses' short of the space available in network @@ -57,8 +57,8 @@ which falls only 527,566 `addresses' short of the space available in network follows: .LP .nf -map 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 -map 10.0.0.0/8 -> 209.1.2.0/24 +map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 +map ppp0 10.0.0.0/8 -> 209.1.2.0/24 .fi .PP so that all TCP/UDP packets were port mapped and only other protocols, such as @@ -67,5 +67,9 @@ ICMP, only have their IP# changed. /etc/services .br /etc/hosts +.br +/dev/ipnat .SH SEE ALSO -ipnat(1), ipf(5), ipnat(4), ipnat(5) +ipf(1), ipftest(1), ipnat(1), ipf(4), ipl(4), ipnat(4), ipf(5), ipfstat(8), ipmon(8) +.br +http://coombs.anu.edu.au/ipfilter/ diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c index bf23505d4f4..4434ef64581 100644 --- a/sbin/ipnat/ipnat.c +++ b/sbin/ipnat/ipnat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipnat.c,v 1.22 1998/03/21 22:42:13 millert Exp $ */ +/* $OpenBSD: ipnat.c,v 1.23 1998/09/15 09:57:29 pattonme Exp $ */ /* * Copyright (C) 1993-1997 by Darren Reed. * @@ -20,6 +20,7 @@ #include <stdio.h> #include <string.h> #include <fcntl.h> +#include <errno.h> #include <sys/types.h> #if !defined(__SVR4) && !defined(__svr4__) #include <strings.h> @@ -47,15 +48,26 @@ #include <arpa/inet.h> #include <resolv.h> #include <ctype.h> -#include "ip_fil_compat.h" -#include "ip_fil.h" -#include "ip_proxy.h" -#include "ip_nat.h" +#if defined(__OpenBSD__) +# include <netinet/ip_fil_compat.h> +#else +# include <netinet/ip_compat.h> +#endif +#include <netinet/ip_fil.h> +#include <netinet/ip_proxy.h> +#include <netinet/ip_nat.h> #include "kmem.h" +#if defined(sun) && !SOLARIS2 +# define STRERROR(x) sys_errlist[x] +extern char *sys_errlist[]; +#else +# define STRERROR(x) strerror(x) +#endif + #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.22 1998/03/21 22:42:13 millert Exp $"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.23 1998/09/15 09:57:29 pattonme Exp $"; #endif @@ -66,14 +78,14 @@ static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.22 1998/03/21 22:42:13 millert extern char *optarg; ipnat_t *parse __P((char *)); -u_int hostnum __P((char *, int *)); -u_int hostmask __P((char *)); +u_32_t hostnum __P((char *, int *)); +u_32_t hostmask __P((char *)); u_short portnum __P((char *, char *)); void dostats __P((int, int)), flushtable __P((int, int)); void printnat __P((ipnat_t *, int, void *)); void parsefile __P((int, char *, int)); void usage __P((char *)); -int countbits __P((u_int)); +int countbits __P((u_32_t)); char *getnattype __P((ipnat_t *)); int main __P((int, char*[])); @@ -134,7 +146,8 @@ char *argv[]; if (!(opts & OPT_NODO) && ((fd = open(IPL_NAT, O_RDWR)) == -1) && ((fd = open(IPL_NAT, O_RDONLY)) == -1)) { - perror("open "IPL_NAT); + (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT, + STRERROR(errno)); exit(-1); } @@ -154,9 +167,9 @@ char *argv[]; * of bits. */ int countbits(ip) -u_int ip; +u_32_t ip; { - u_int ipn; + u_32_t ipn; int cnt = 0, i, j; ip = ipn = ntohl(ip); @@ -361,7 +374,7 @@ int fd, opts; ntohs(nat.nat_outport)); printf(" [%s %hu]", inet_ntoa(nat.nat_oip), ntohs(nat.nat_oport)); - printf(" %ld %hu %lx", nat.nat_age, + printf(" %ld %hu %x", nat.nat_age, nat.nat_use, nat.nat_sumd); #if SOLARIS printf(" %lx", nat.nat_ipsumd); @@ -409,18 +422,18 @@ char *name, *proto; } -u_int hostmask(msk) +u_32_t hostmask(msk) char *msk; { int bits = -1; - u_int mask; + u_32_t mask; if (!isdigit(*msk)) - return (u_int)-1; + return (u_32_t)-1; if (strchr(msk, '.')) return inet_addr(msk); if (strchr(msk, 'x')) - return (u_int)strtol(msk, NULL, 0); + return (u_32_t)strtol(msk, NULL, 0); /* * set x most significant bits */ @@ -432,12 +445,19 @@ char *msk; return mask; } -/* - * get_if_addr(): given a string containing an interface name (e.g. "ppp0") - * return the IP address it represents as an unsigned int + +#if defined(__OpenBSD__) +/* + * get_if_addr(): + * given a string containing an interface name (e.g. "ppp0") + * return the IP address it represents as an unsigned int + * + * The OpenBSD community considers this feature to be quite useful and + * suggests inclusion into other platforms. The closest alternative is + * to define /etc/networks with suitable values. */ -u_int if_addr(name) -char *name; +u_32_t if_addr(name) +char *name; { struct ifconf ifc; struct ifreq ifreq, *ifr; @@ -448,7 +468,7 @@ char *name; warn("socket"); return INADDR_NONE; } - + while (1) { ifc.ifc_len = len; ifc.ifc_buf = inbuf = realloc(inbuf, len); @@ -471,7 +491,7 @@ char *name; ? ifr->ifr_addr.sa_len : sizeof(struct sockaddr)); if (!strncmp(ifreq.ifr_name, ifr->ifr_name, - sizeof(ifr->ifr_name))) + sizeof(ifr->ifr_name))) continue; ifreq = *ifr; if (ioctl(s, SIOCGIFADDR, (caddr_t)ifr) < 0) { @@ -488,22 +508,28 @@ char *name; return (sin->sin_addr.s_addr); } } + if_addr_lose: close(s); free(inbuf); return INADDR_NONE; } +#endif + /* - * returns an ip address as an int var as a result of either a DNS lookup or + * returns an ip address as a long var as a result of either a DNS lookup or * straight inet_addr() call */ -u_int hostnum(host, resolved) +u_32_t hostnum(host, resolved) char *host; int *resolved; { struct hostent *hp; struct netent *np; +#if defined(__OpenBSD__) + u_32_t addr; +#endif *resolved = 0; if (!strcasecmp("any", host)) @@ -513,9 +539,11 @@ int *resolved; if (!(hp = gethostbyname(host))) { if (!(np = getnetbyname(host))) { - u_int addr; +#if defined(__OpenBSD__) + /* attempt a map from interface name to address */ if ((addr = if_addr(host)) != INADDR_NONE) return addr; +#endif *resolved = -1; fprintf(stderr, "can't resolve hostname: %s\n", host); return 0; @@ -756,6 +784,9 @@ char *line; "missing parameter for \"proxy\"\n"); return NULL; } + } else { + fprintf(stderr, "missing keyword \"port\"\n"); + return NULL; } if ((proto = index(s, '/'))) { *proto++ = '\0'; @@ -825,7 +856,8 @@ int opts; if (strcmp(file, "-")) { if (!(fp = fopen(file, "r"))) { - perror(file); + (void) fprintf(stderr, "%s: open: %s\n", file, + STRERROR(errno)); exit(1); } } else |