diff options
Diffstat (limited to 'sbin/ipnat/ipnat.c')
| -rw-r--r-- | sbin/ipnat/ipnat.c | 191 |
1 files changed, 66 insertions, 125 deletions
diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c index 3cfc24a5892..9a3b9db453b 100644 --- a/sbin/ipnat/ipnat.c +++ b/sbin/ipnat/ipnat.c @@ -1,7 +1,7 @@ -/* $OpenBSD: ipnat.c,v 1.38 2000/08/10 05:50:27 kjell Exp $ */ +/* $OpenBSD: ipnat.c,v 1.39 2001/01/17 05:01:01 fgsch Exp $ */ /* - * Copyright (C) 1993-1998 by Darren Reed. + * Copyright (C) 1993-2000 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given @@ -43,10 +43,11 @@ #include <arpa/inet.h> #include <resolv.h> #include <ctype.h> -#include <netinet/ip_fil_compat.h> +#include <netinet/ip_compat.h> #include <netinet/ip_fil.h> #include <netinet/ip_proxy.h> #include <netinet/ip_nat.h> +#include "ipf.h" #include "kmem.h" #if defined(sun) && !SOLARIS2 @@ -58,26 +59,25 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipnat.c,v 2.1.2.3 2000/07/27 13:07:07 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ipnat.c,v 2.16.2.5 2000/12/02 00:15:04 darrenr Exp $"; #endif #if SOLARIS #define bzero(a,b) memset(a,0,b) #endif +#ifdef USE_INET6 +int use_inet6 = 0; +#endif + +static char thishost[MAXHOSTNAMELEN]; + extern char *optarg; -char *nlistf = NULL, *memf = NULL; extern ipnat_t *natparse __P((char *, int)); extern void natparsefile __P((int, char *, int)); extern void printnat __P((ipnat_t *, int, void *)); -#if defined(__OpenBSD__) -extern int if_addr __P((char *, struct in_addr *)); -#endif - -u_32_t hostnum __P((char *, int *, int)); -u_32_t hostmask __P((char *)); void dostats __P((int, int)), flushtable __P((int, int)); void usage __P((char *)); int countbits __P((u_32_t)); @@ -86,15 +86,6 @@ int main __P((int, char*[])); void printaps __P((ap_session_t *, int)); char *getsumd __P((u_32_t)); -#define OPT_REM 1 -#define OPT_NODO 2 -#define OPT_STAT 4 -#define OPT_LIST 8 -#define OPT_VERBOSE 16 -#define OPT_FLUSH 32 -#define OPT_CLEAR 64 -#define OPT_HITS 128 - void usage(name) char *name; @@ -124,12 +115,15 @@ char *argv[]; char *file = NULL; int fd = -1, opts = 0, c, mode = O_RDWR; - while ((c = getopt(argc, argv, "CFf:hlnrsv")) != -1) + while ((c = getopt(argc, argv, "CdFf:hlnrsv")) != -1) switch (c) { case 'C' : opts |= OPT_CLEAR; break; + case 'd' : + opts |= OPT_DEBUG; + break; case 'f' : file = optarg; break; @@ -148,7 +142,7 @@ char *argv[]; mode = O_RDONLY; break; case 'r' : - opts |= OPT_REM; + opts |= OPT_REMOVE; break; case 's' : opts |= OPT_STAT; @@ -161,6 +155,9 @@ char *argv[]; usage(argv[0]); } + gethostname(thishost, sizeof(thishost)); + thishost[sizeof(thishost) - 1] = '\0'; + if (!(opts & OPT_NODO) && ((fd = open(IPL_NAT, mode)) == -1) && ((fd = open(IPL_NAT, O_RDONLY)) == -1)) { (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT, @@ -178,40 +175,12 @@ char *argv[]; } -/* - * count consecutive 1's in bit mask. If the mask generated by counting - * consecutive 1's is different to that passed, return -1, else return # - * of bits. - */ -int countbits(ip) -u_32_t ip; -{ - u_32_t ipn; - int cnt = 0, i, j; - - ip = ipn = ntohl(ip); - for (i = 32; i; i--, ipn *= 2) - if (ipn & 0x80000000) - cnt++; - else - break; - ipn = 0; - for (i = 32, j = cnt; i; i--, j--) { - ipn *= 2; - if (j > 0) - ipn++; - } - if (ipn == ip) - return cnt; - return -1; -} - - void printaps(aps, opts) ap_session_t *aps; int opts; { ap_session_t ap; + ftpinfo_t ftp; aproxy_t apr; raudio_t ra; @@ -223,7 +192,8 @@ int opts; apr.apr_p, apr.apr_ref, apr.apr_flags); printf("\t\tproto %d flags %#x bytes ", ap.aps_p, ap.aps_flags); #ifdef USE_QUAD_T - printf("%qu pkts %qu", ap.aps_bytes, ap.aps_pkts); + printf("%qu pkts %qu", (unsigned long long)ap.aps_bytes, + (unsigned long long)ap.aps_pkts); #else printf("%lu pkts %lu", ap.aps_bytes, ap.aps_pkts); #endif @@ -259,6 +229,29 @@ int opts; printf("\t\tMode: %#x\tSBF: %#x\n", ra.rap_mode, ra.rap_sbf); printf("\t\tPorts:pl %hu, pr %hu, sr %hu\n", ra.rap_plport, ra.rap_prport, ra.rap_srport); + } else if (!strcmp(apr.apr_label, "ftp") && + (ap.aps_psiz == sizeof(ftp))) { + if (kmemcpy((char *)&ftp, (long)ap.aps_data, sizeof(ftp))) + return; + printf("\tFTP Proxy:\n"); + printf("\t\tpassok: %d\n", ftp.ftp_passok); + ftp.ftp_side[0].ftps_buf[FTP_BUFSZ - 1] = '\0'; + ftp.ftp_side[1].ftps_buf[FTP_BUFSZ - 1] = '\0'; + printf("\tClient:\n"); + printf("\t\trptr %p wptr %p seq %x len %d junk %d\n", + ftp.ftp_side[0].ftps_rptr, ftp.ftp_side[0].ftps_wptr, + ftp.ftp_side[0].ftps_seq, ftp.ftp_side[0].ftps_len, + ftp.ftp_side[0].ftps_junk); + printf("\t\tbuf ["); + printbuf(ftp.ftp_side[0].ftps_buf, FTP_BUFSZ, 1); + printf("]\n\tServer:\n"); + printf("\t\trptr %p wptr %p seq %x len %d junk %d\n", + ftp.ftp_side[1].ftps_rptr, ftp.ftp_side[1].ftps_wptr, + ftp.ftp_side[1].ftps_seq, ftp.ftp_side[1].ftps_len, + ftp.ftp_side[1].ftps_junk); + printf("\t\tbuf ["); + printbuf(ftp.ftp_side[1].ftps_buf, FTP_BUFSZ, 1); + printf("]\n"); } } @@ -301,14 +294,13 @@ ipnat_t *ipnat; void dostats(fd, opts) int fd, opts; { - natstat_t ns; + natstat_t ns, *nsp = &ns; + nat_t **nt[2], *np, nat; ipnat_t ipn; - nat_t **nt[2], *np, nat; - int i = 0; bzero((char *)&ns, sizeof(ns)); - if (!(opts & OPT_NODO) && ioctl(fd, SIOCGNATS, &ns) == -1) { + if (!(opts & OPT_NODO) && ioctl(fd, SIOCGNATS, &nsp) == -1) { perror("ioctl(SIOCGNATS)"); return; } @@ -318,7 +310,10 @@ int fd, opts; ns.ns_mapped[0], ns.ns_mapped[1]); printf("added\t%lu\texpired\t%lu\n", ns.ns_added, ns.ns_expire); + printf("no memory\t%lu\tbad nat\t%lu\n", + ns.ns_memfail, ns.ns_badnat); printf("inuse\t%lu\nrules\t%lu\n", ns.ns_inuse, ns.ns_rules); + printf("wilds\t%u\n", ns.ns_wilds); if (opts & OPT_VERBOSE) printf("table %p list %p\n", ns.ns_table, ns.ns_list); } @@ -332,7 +327,8 @@ int fd, opts; } if (opts & OPT_HITS) printf("%d ", ipn.in_hits); - printnat(&ipn, opts & OPT_VERBOSE, (void *)ns.ns_list); + printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE), + (void *)ns.ns_list); ns.ns_list = ipn.in_next; } @@ -359,12 +355,19 @@ int fd, opts; printf("\n\tage %lu use %hu sumd %s/", nat.nat_age, nat.nat_use, getsumd(nat.nat_sumd[0])); - printf("%s pr %u bkt %d flags %x ", + printf("%s pr %u bkt %d/%d flags %x ", getsumd(nat.nat_sumd[1]), nat.nat_p, - i, nat.nat_flags); + (int)NAT_HASH_FN(nat.nat_inip.s_addr, + nat.nat_inport, + NAT_TABLE_SZ), + (int)NAT_HASH_FN(nat.nat_outip.s_addr, + nat.nat_outport, + NAT_TABLE_SZ), + nat.nat_flags); #ifdef USE_QUAD_T printf("bytes %qu pkts %qu", - nat.nat_bytes, nat.nat_pkts); + (unsigned long long)nat.nat_bytes, + (unsigned long long)nat.nat_pkts); #else printf("bytes %lu pkts %lu", nat.nat_bytes, nat.nat_pkts); @@ -383,68 +386,6 @@ int fd, opts; } -u_32_t hostmask(msk) -char *msk; -{ - int bits = -1; - u_32_t mask; - - if (!isdigit(*msk)) - return (u_32_t)-1; - if (strchr(msk, '.')) - return inet_addr(msk); - if (strchr(msk, 'x')) - return (u_32_t)strtol(msk, NULL, 0); - /* - * set x most significant bits - */ - for (mask = 0, bits = atoi(msk); bits; bits--) { - mask /= 2; - mask |= ntohl(inet_addr("128.0.0.0")); - } - mask = htonl(mask); - return mask; -} - - -/* - * returns an ip address as a long var as a result of either a DNS lookup or - * straight inet_addr() call - */ -u_32_t hostnum(host, resolved, linenum) -char *host; -int *resolved; -int linenum; -{ - struct hostent *hp; - struct netent *np; -#if defined(__OpenBSD__) - struct in_addr addr; -#endif - - *resolved = 0; - if (!strcasecmp("any", host)) - return 0L; - if (isdigit(*host)) - return inet_addr(host); - -#if defined(__OpenBSD__) - /* attempt a map from interface name to address */ - if (if_addr(host, &addr)) - return (u_32_t)addr.s_addr; -#endif - if (!(hp = gethostbyname(host))) { - if (!(np = getnetbyname(host))) { - *resolved = -1; - fprintf(stderr, "Line %d: can't resolve hostname: %s\n", linenum, host); - return 0; - } - return htonl(np->n_net); - } - return *(u_32_t *)hp->h_addr; -} - - void flushtable(fd, opts) int fd, opts; { @@ -452,15 +393,15 @@ int fd, opts; if (opts & OPT_FLUSH) { n = 0; - if (!(opts & OPT_NODO) && ioctl(fd, SIOCFLNAT, &n) == -1) + if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) perror("ioctl(SIOCFLNAT)"); else printf("%d entries flushed from NAT table\n", n); } if (opts & OPT_CLEAR) { - n = 0; - if (!(opts & OPT_NODO) && ioctl(fd, SIOCCNATL, &n) == -1) + n = 1; + if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) perror("ioctl(SIOCCNATL)"); else printf("%d entries flushed from NAT list\n", n); |