diff options
author | dm <dm@cvs.openbsd.org> | 1996-07-18 05:08:40 +0000 |
---|---|---|
committer | dm <dm@cvs.openbsd.org> | 1996-07-18 05:08:40 +0000 |
commit | d863770dbf1c7b1d87285f2c65bde3fe93cd1b9d (patch) | |
tree | afd06cb0f25ed0255313ed8a15dfe0f99cdb7215 /sbin/ipnat | |
parent | 1688332c300a04e1f04f1afcec7ff0a2a0a29e06 (diff) |
ipfilter 3.1.0
Diffstat (limited to 'sbin/ipnat')
-rw-r--r-- | sbin/ipnat/ipnat.1 | 2 | ||||
-rw-r--r-- | sbin/ipnat/ipnat.4 | 2 | ||||
-rw-r--r-- | sbin/ipnat/ipnat.5 | 2 | ||||
-rw-r--r-- | sbin/ipnat/ipnat.c | 121 |
4 files changed, 95 insertions, 32 deletions
diff --git a/sbin/ipnat/ipnat.1 b/sbin/ipnat/ipnat.1 index 9320d1fbf2b..b0ddc59a474 100644 --- a/sbin/ipnat/ipnat.1 +++ b/sbin/ipnat/ipnat.1 @@ -1,5 +1,3 @@ -.\" $OpenBSD: ipnat.1,v 1.2 1996/06/23 14:31:00 deraadt Exp $ -.\" .TH IPFNAT 1 .SH NAME ipnat - user interface to the NAT diff --git a/sbin/ipnat/ipnat.4 b/sbin/ipnat/ipnat.4 index 224249f405b..4962cf3df28 100644 --- a/sbin/ipnat/ipnat.4 +++ b/sbin/ipnat/ipnat.4 @@ -1,5 +1,3 @@ -.\" $OpenBSD: ipnat.4,v 1.2 1996/06/23 14:31:00 deraadt Exp $ -.\" .TH IPNAT 4 .SH NAME ipnat - Network Address Translation kernel interface diff --git a/sbin/ipnat/ipnat.5 b/sbin/ipnat/ipnat.5 index bc59e55c154..51fdbee0def 100644 --- a/sbin/ipnat/ipnat.5 +++ b/sbin/ipnat/ipnat.5 @@ -1,5 +1,3 @@ -.\" $OpenBSD: ipnat.5,v 1.2 1996/06/23 14:31:01 deraadt Exp $ -.\" .LP .TH IPNAT 5 .SH NAME diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c index c762ea84bfb..0a483b094d9 100644 --- a/sbin/ipnat/ipnat.c +++ b/sbin/ipnat/ipnat.c @@ -1,5 +1,3 @@ -/* $OpenBSD: ipnat.c,v 1.2 1996/06/23 14:31:01 deraadt Exp $ */ - /* * (C)opyright 1993,1994,1995 by Darren Reed. * @@ -42,7 +40,7 @@ #include <netinet/ip.h> #include <netinet/tcp.h> #include <net/if.h> -#include "ip_fil.h" +#include "ip_fil_compat.h" #include <netdb.h> #include <arpa/nameser.h> #include <arpa/inet.h> @@ -52,7 +50,8 @@ #ifndef lint -static char sccsid[] ="@(#)ipnat.c 1.8 4/10/96 (C) 1993 Darren Reed"; +static char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; +static char rcsid[] = "$Id: ipnat.c,v 1.3 1996/07/18 05:08:39 dm Exp $"; #endif #if SOLARIS @@ -64,6 +63,15 @@ extern int kmemcpy(); void dostats(), printnat(), parsefile(); + +void usage(name) +char *name; +{ + fprintf(stderr, "%s: [-lnrsv] [-f filename]\n", name); + exit(1); +} + + int main(argc, argv) int argc; char *argv[]; @@ -93,11 +101,11 @@ char *argv[]; opts |= 16; break; default : - fprintf(stderr, "unknown option \"%c\"\n", c); - break; + usage(argv[0]); } - if ((fd = open(IPL_NAME, O_RDONLY)) == -1) { + if (((fd = open(IPL_NAME, O_RDWR)) == -1) && + ((fd = open(IPL_NAME, O_RDONLY)) == -1)) { perror("open"); exit(-1); } @@ -105,32 +113,93 @@ char *argv[]; if (file) parsefile(fd, file, opts); if (opts & 12) - dostats(fd); + dostats(fd, opts); return 0; } -void printnat(np) +/* + * count consecutive 1's in bit mask. If the mask generated by counting + * consecutive 1's is different to that passed, return -1, else return # + * of bits. + */ +int countbits(ip) +u_long ip; +{ + u_long ipn; + int cnt = 0, i, j; + + ip = ipn = ntohl(ip); + for (i = 32; i; i--, ipn *= 2) + if (ipn & 0x80000000) + cnt++; + else + break; + ipn = 0; + for (i = 32, j = cnt; i; i--, j--) { + ipn *= 2; + if (j > 0) + ipn++; + } + if (ipn == ip) + return cnt; + return -1; +} + + +void printnat(np, verbose) ipnat_t *np; +int verbose; { + int bits; + if (np->in_redir == NAT_REDIRECT) { printf("rdr %s %s", np->in_ifname, inet_ntoa(np->in_out[0])); - printf("/%s (%d) -> ", inet_ntoa(np->in_out[1]), - ntohs(np->in_pmin)); - printf("%s (%d)\n", inet_ntoa(np->in_in[0]), + bits = countbits(np->in_out[1].s_addr); + if (bits != -1) + printf("/%d ", bits); + else + printf("/%s ", inet_ntoa(np->in_out[1])); + if (np->in_pmin) + printf("port %d ", ntohs(np->in_pmin)); + printf("-> %s", inet_ntoa(np->in_in[0]), ntohs(np->in_pnext)); - printf("\t%x %u %x %u\n", (u_int)np->in_ifp, np->in_space, - np->in_flags, np->in_pnext); + if (np->in_pmax) + printf(" port %d", ntohs(np->in_pmax)); + printf("\n"); + if (verbose) + printf("\t%x %u %x %u", (u_int)np->in_ifp, + np->in_space, np->in_flags, np->in_pnext); } else { np->in_nextip.s_addr = htonl(np->in_nextip.s_addr); printf("map %s %s/", np->in_ifname, inet_ntoa(np->in_in[0])); - printf("%s -> ", inet_ntoa(np->in_in[1])); - printf("%s/", inet_ntoa(np->in_out[0])); - printf("%s\n", inet_ntoa(np->in_out[1])); - printf("\t%x %u %s %x %u %d:%d\n", (u_int)np->in_ifp, - np->in_space, inet_ntoa(np->in_nextip), np->in_flags, - np->in_pnext, ntohs(np->in_port[0]), - ntohs(np->in_port[1])); + bits = countbits(np->in_in[1].s_addr); + if (bits != -1) + printf("%d ", bits); + else + printf("%s", inet_ntoa(np->in_in[1])); + printf(" -> %s/", inet_ntoa(np->in_out[0])); + bits = countbits(ntohl(np->in_out[1].s_addr)); + if (bits != -1) + printf("%d ", bits); + else + printf("%s", inet_ntoa(np->in_out[1])); + if (np->in_port[0] || np->in_port[1]) { + printf(" portmap"); + if (np->in_flags & IPN_TCP) + printf(" tcp"); + else if (np->in_flags & IPN_UDP) + printf(" udp"); + else if (np->in_flags & IPN_TCPUDP) + printf(" tcpudp"); + printf(" %d:%d", ntohs(np->in_port[0]), + ntohs(np->in_port[1])); + } + printf("\n"); + if (verbose) + printf("\t%x %u %s %d %x\n", (u_int)np->in_ifp, + np->in_space, inet_ntoa(np->in_nextip), + np->in_pnext, np->in_flags); } } @@ -153,8 +222,9 @@ int fd, opts; printf("added\t%lu\texpired\t%lu\n", ns.ns_added, ns.ns_expire); printf("inuse\t%lu\n", ns.ns_inuse); - printf("table %#x list %#x\n", - (u_int)ns.ns_table, (u_int)ns.ns_list); + if (opts & 16) + printf("table %#x list %#x\n", + (u_int)ns.ns_table, (u_int)ns.ns_list); } if (opts & 8) { while (ns.ns_list) { @@ -162,7 +232,7 @@ int fd, opts; perror("kmemcpy"); break; } - printnat(&ipn); + printnat(&ipn, opts & 16); ns.ns_list = ipn.in_next; } @@ -417,7 +487,6 @@ char *line; fprintf(stderr, "missing fields (destination port)\n"); return NULL; } - tport = s; } @@ -516,7 +585,7 @@ int opts; linenum, line); } else if (!(opts & 2)) { if ((opts &16) && np) - printnat(np); + printnat(np, opts & 16); if (opts & 1) { if (ioctl(fd, SIOCADNAT, np) == -1) perror("ioctl(SIOCADNAT)"); |