summaryrefslogtreecommitdiff
path: root/sbin/ipnat
diff options
context:
space:
mode:
authordm <dm@cvs.openbsd.org>1996-07-18 05:08:40 +0000
committerdm <dm@cvs.openbsd.org>1996-07-18 05:08:40 +0000
commitd863770dbf1c7b1d87285f2c65bde3fe93cd1b9d (patch)
treeafd06cb0f25ed0255313ed8a15dfe0f99cdb7215 /sbin/ipnat
parent1688332c300a04e1f04f1afcec7ff0a2a0a29e06 (diff)
ipfilter 3.1.0
Diffstat (limited to 'sbin/ipnat')
-rw-r--r--sbin/ipnat/ipnat.12
-rw-r--r--sbin/ipnat/ipnat.42
-rw-r--r--sbin/ipnat/ipnat.52
-rw-r--r--sbin/ipnat/ipnat.c121
4 files changed, 95 insertions, 32 deletions
diff --git a/sbin/ipnat/ipnat.1 b/sbin/ipnat/ipnat.1
index 9320d1fbf2b..b0ddc59a474 100644
--- a/sbin/ipnat/ipnat.1
+++ b/sbin/ipnat/ipnat.1
@@ -1,5 +1,3 @@
-.\" $OpenBSD: ipnat.1,v 1.2 1996/06/23 14:31:00 deraadt Exp $
-.\"
.TH IPFNAT 1
.SH NAME
ipnat - user interface to the NAT
diff --git a/sbin/ipnat/ipnat.4 b/sbin/ipnat/ipnat.4
index 224249f405b..4962cf3df28 100644
--- a/sbin/ipnat/ipnat.4
+++ b/sbin/ipnat/ipnat.4
@@ -1,5 +1,3 @@
-.\" $OpenBSD: ipnat.4,v 1.2 1996/06/23 14:31:00 deraadt Exp $
-.\"
.TH IPNAT 4
.SH NAME
ipnat - Network Address Translation kernel interface
diff --git a/sbin/ipnat/ipnat.5 b/sbin/ipnat/ipnat.5
index bc59e55c154..51fdbee0def 100644
--- a/sbin/ipnat/ipnat.5
+++ b/sbin/ipnat/ipnat.5
@@ -1,5 +1,3 @@
-.\" $OpenBSD: ipnat.5,v 1.2 1996/06/23 14:31:01 deraadt Exp $
-.\"
.LP
.TH IPNAT 5
.SH NAME
diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c
index c762ea84bfb..0a483b094d9 100644
--- a/sbin/ipnat/ipnat.c
+++ b/sbin/ipnat/ipnat.c
@@ -1,5 +1,3 @@
-/* $OpenBSD: ipnat.c,v 1.2 1996/06/23 14:31:01 deraadt Exp $ */
-
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
*
@@ -42,7 +40,7 @@
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
-#include "ip_fil.h"
+#include "ip_fil_compat.h"
#include <netdb.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
@@ -52,7 +50,8 @@
#ifndef lint
-static char sccsid[] ="@(#)ipnat.c 1.8 4/10/96 (C) 1993 Darren Reed";
+static char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
+static char rcsid[] = "$Id: ipnat.c,v 1.3 1996/07/18 05:08:39 dm Exp $";
#endif
#if SOLARIS
@@ -64,6 +63,15 @@ extern int kmemcpy();
void dostats(), printnat(), parsefile();
+
+void usage(name)
+char *name;
+{
+ fprintf(stderr, "%s: [-lnrsv] [-f filename]\n", name);
+ exit(1);
+}
+
+
int main(argc, argv)
int argc;
char *argv[];
@@ -93,11 +101,11 @@ char *argv[];
opts |= 16;
break;
default :
- fprintf(stderr, "unknown option \"%c\"\n", c);
- break;
+ usage(argv[0]);
}
- if ((fd = open(IPL_NAME, O_RDONLY)) == -1) {
+ if (((fd = open(IPL_NAME, O_RDWR)) == -1) &&
+ ((fd = open(IPL_NAME, O_RDONLY)) == -1)) {
perror("open");
exit(-1);
}
@@ -105,32 +113,93 @@ char *argv[];
if (file)
parsefile(fd, file, opts);
if (opts & 12)
- dostats(fd);
+ dostats(fd, opts);
return 0;
}
-void printnat(np)
+/*
+ * count consecutive 1's in bit mask. If the mask generated by counting
+ * consecutive 1's is different to that passed, return -1, else return #
+ * of bits.
+ */
+int countbits(ip)
+u_long ip;
+{
+ u_long ipn;
+ int cnt = 0, i, j;
+
+ ip = ipn = ntohl(ip);
+ for (i = 32; i; i--, ipn *= 2)
+ if (ipn & 0x80000000)
+ cnt++;
+ else
+ break;
+ ipn = 0;
+ for (i = 32, j = cnt; i; i--, j--) {
+ ipn *= 2;
+ if (j > 0)
+ ipn++;
+ }
+ if (ipn == ip)
+ return cnt;
+ return -1;
+}
+
+
+void printnat(np, verbose)
ipnat_t *np;
+int verbose;
{
+ int bits;
+
if (np->in_redir == NAT_REDIRECT) {
printf("rdr %s %s", np->in_ifname, inet_ntoa(np->in_out[0]));
- printf("/%s (%d) -> ", inet_ntoa(np->in_out[1]),
- ntohs(np->in_pmin));
- printf("%s (%d)\n", inet_ntoa(np->in_in[0]),
+ bits = countbits(np->in_out[1].s_addr);
+ if (bits != -1)
+ printf("/%d ", bits);
+ else
+ printf("/%s ", inet_ntoa(np->in_out[1]));
+ if (np->in_pmin)
+ printf("port %d ", ntohs(np->in_pmin));
+ printf("-> %s", inet_ntoa(np->in_in[0]),
ntohs(np->in_pnext));
- printf("\t%x %u %x %u\n", (u_int)np->in_ifp, np->in_space,
- np->in_flags, np->in_pnext);
+ if (np->in_pmax)
+ printf(" port %d", ntohs(np->in_pmax));
+ printf("\n");
+ if (verbose)
+ printf("\t%x %u %x %u", (u_int)np->in_ifp,
+ np->in_space, np->in_flags, np->in_pnext);
} else {
np->in_nextip.s_addr = htonl(np->in_nextip.s_addr);
printf("map %s %s/", np->in_ifname, inet_ntoa(np->in_in[0]));
- printf("%s -> ", inet_ntoa(np->in_in[1]));
- printf("%s/", inet_ntoa(np->in_out[0]));
- printf("%s\n", inet_ntoa(np->in_out[1]));
- printf("\t%x %u %s %x %u %d:%d\n", (u_int)np->in_ifp,
- np->in_space, inet_ntoa(np->in_nextip), np->in_flags,
- np->in_pnext, ntohs(np->in_port[0]),
- ntohs(np->in_port[1]));
+ bits = countbits(np->in_in[1].s_addr);
+ if (bits != -1)
+ printf("%d ", bits);
+ else
+ printf("%s", inet_ntoa(np->in_in[1]));
+ printf(" -> %s/", inet_ntoa(np->in_out[0]));
+ bits = countbits(ntohl(np->in_out[1].s_addr));
+ if (bits != -1)
+ printf("%d ", bits);
+ else
+ printf("%s", inet_ntoa(np->in_out[1]));
+ if (np->in_port[0] || np->in_port[1]) {
+ printf(" portmap");
+ if (np->in_flags & IPN_TCP)
+ printf(" tcp");
+ else if (np->in_flags & IPN_UDP)
+ printf(" udp");
+ else if (np->in_flags & IPN_TCPUDP)
+ printf(" tcpudp");
+ printf(" %d:%d", ntohs(np->in_port[0]),
+ ntohs(np->in_port[1]));
+ }
+ printf("\n");
+ if (verbose)
+ printf("\t%x %u %s %d %x\n", (u_int)np->in_ifp,
+ np->in_space, inet_ntoa(np->in_nextip),
+ np->in_pnext, np->in_flags);
}
}
@@ -153,8 +222,9 @@ int fd, opts;
printf("added\t%lu\texpired\t%lu\n",
ns.ns_added, ns.ns_expire);
printf("inuse\t%lu\n", ns.ns_inuse);
- printf("table %#x list %#x\n",
- (u_int)ns.ns_table, (u_int)ns.ns_list);
+ if (opts & 16)
+ printf("table %#x list %#x\n",
+ (u_int)ns.ns_table, (u_int)ns.ns_list);
}
if (opts & 8) {
while (ns.ns_list) {
@@ -162,7 +232,7 @@ int fd, opts;
perror("kmemcpy");
break;
}
- printnat(&ipn);
+ printnat(&ipn, opts & 16);
ns.ns_list = ipn.in_next;
}
@@ -417,7 +487,6 @@ char *line;
fprintf(stderr, "missing fields (destination port)\n");
return NULL;
}
-
tport = s;
}
@@ -516,7 +585,7 @@ int opts;
linenum, line);
} else if (!(opts & 2)) {
if ((opts &16) && np)
- printnat(np);
+ printnat(np, opts & 16);
if (opts & 1) {
if (ioctl(fd, SIOCADNAT, np) == -1)
perror("ioctl(SIOCADNAT)");