diff options
author | darrenr <darrenr@FreeBSD.org> | 2002-03-19 11:45:20 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2002-03-19 11:45:20 +0000 |
commit | 5df96985515dd8f51d4209b69c12cbab7c289fd0 (patch) | |
tree | e420b9c485fbd878875892eef69b8b6121924075 /contrib/ipfilter/samples | |
parent | c51cd1facc817411a340278e6e0b901d53f11cc5 (diff) | |
download | FreeBSD-src-5df96985515dd8f51d4209b69c12cbab7c289fd0.zip FreeBSD-src-5df96985515dd8f51d4209b69c12cbab7c289fd0.tar.gz |
Import IPFilter 3.4.25
Diffstat (limited to 'contrib/ipfilter/samples')
-rw-r--r-- | contrib/ipfilter/samples/Makefile | 18 | ||||
-rw-r--r-- | contrib/ipfilter/samples/proxy.c | 195 |
2 files changed, 205 insertions, 8 deletions
diff --git a/contrib/ipfilter/samples/Makefile b/contrib/ipfilter/samples/Makefile index 5bd03b31..1dad079 100644 --- a/contrib/ipfilter/samples/Makefile +++ b/contrib/ipfilter/samples/Makefile @@ -1,10 +1,22 @@ CC=gcc +all: + @echo "Please do one of the following:" + @echo "make bsd" + @echo "make bsdi" + @echo "make freebsd" + @echo "make freebsd22" + @echo "make netbsd" + @echo "make openbsd" + @echo "make sunos4" + @echo "make sunos5" sunos5: - $(CC) -I.. userauth.c -o userauth -lsocket -lnsl - $(CC) -I.. proxy.c -o proxy -lsocket -lnsl + $(CC) -DSOLARIS2=`uname -r | sh -c 'IFS=. read j n x; echo $$n'` \ + -I.. userauth.c -o userauth -lsocket -lnsl + $(CC) -DSOLARIS2=`uname -r | sh -c 'IFS=. read j n x; echo $$n'` \ + -I.. proxy.c -o proxy -lsocket -lnsl -freebsd freebsd22 netbsd bsd bsdi sunos4: +freebsd freebsd22 netbsd bsd bsdi sunos4 openbsd: $(CC) -I.. userauth.c -o userauth $(CC) -I.. proxy.c -o proxy diff --git a/contrib/ipfilter/samples/proxy.c b/contrib/ipfilter/samples/proxy.c index 7ac6ec9..ef9a69c 100644 --- a/contrib/ipfilter/samples/proxy.c +++ b/contrib/ipfilter/samples/proxy.c @@ -41,6 +41,8 @@ #include <ctype.h> #include "netinet/ip_compat.h" #include "netinet/ip_fil.h" +#include "netinet/ip_nat.h" +#include "netinet/ip_state.h" #include "netinet/ip_proxy.h" #include "netinet/ip_nat.h" @@ -81,19 +83,25 @@ char *argv[]; bzero((char *)&natlook, sizeof(natlook)); natlook.nl_outip = sin.sin_addr; natlook.nl_inip = sloc.sin_addr; - natlook.nl_flags = IPN_TCP; - natlook.nl_outport = sin.sin_port; - natlook.nl_inport = sloc.sin_port; + natlook.nl_flags = IPN_TCPUDP; + natlook.nl_outport = ntohs(sin.sin_port); + natlook.nl_inport = ntohs(sloc.sin_port); /* * Open the NAT device and lookup the mapping pair. */ fd = open(IPL_NAT, O_RDONLY); if (ioctl(fd, SIOCGNATL, &natlookp) == -1) { - perror("ioctl"); + perror("ioctl(SIOCGNATL)"); exit(-1); } - close(fd); + +#define DO_NAT_OUT +#ifdef DO_NAT_OUT + if (argc > 1) + do_nat_out(0, 1, fd, &natlook, argv[1]); +#else + /* * Log it */ @@ -109,4 +117,181 @@ char *argv[]; if (write(1, buffer, n) != n) break; close(0); +#endif } + + +#ifdef DO_NAT_OUT +do_nat_out(in, out, fd, nlp, extif) +int fd; +natlookup_t *nlp; +char *extif; +{ + nat_save_t ns, *nsp = &ns; + struct sockaddr_in usin; + u_32_t sum1, sum2, sumd; + int onoff, ofd, slen; + ipnat_t *ipn; + nat_t *nat; + + bzero((char *)&ns, sizeof(ns)); + + nat = &ns.ipn_nat; + nat->nat_p = IPPROTO_TCP; + nat->nat_dir = NAT_OUTBOUND; + if ((extif != NULL) && (*extif != '\0')) { + strncpy(nat->nat_ifname, extif, sizeof(nat->nat_ifname)); + nat->nat_ifname[sizeof(nat->nat_ifname) - 1] = '\0'; + } + + ofd = socket(AF_INET, SOCK_DGRAM, 0); + bzero((char *)&usin, sizeof(usin)); + usin.sin_family = AF_INET; + usin.sin_addr = nlp->nl_realip; + usin.sin_port = nlp->nl_realport; + (void) connect(ofd, (struct sockaddr *)&usin, sizeof(usin)); + slen = sizeof(usin); + (void) getsockname(ofd, (struct sockaddr *)&usin, &slen); + close(ofd); +printf("local IP# to use: %s\n", inet_ntoa(usin.sin_addr)); + + if ((ofd = socket(AF_INET, SOCK_STREAM, 0)) == -1) + perror("socket"); + usin.sin_port = 0; + if (bind(ofd, (struct sockaddr *)&usin, sizeof(usin))) + perror("bind"); + slen = sizeof(usin); + if (getsockname(ofd, (struct sockaddr *)&usin, &slen)) + perror("getsockname"); +printf("local port# to use: %d\n", ntohs(usin.sin_port)); + + nat->nat_inip = usin.sin_addr; + nat->nat_outip = nlp->nl_outip; + nat->nat_oip = nlp->nl_realip; + + sum1 = LONG_SUM(ntohl(usin.sin_addr.s_addr)) + ntohs(usin.sin_port); + sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)) + ntohs(nlp->nl_outport); + CALC_SUMD(sum1, sum2, sumd); + nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16); + nat->nat_sumd[1] = nat->nat_sumd[0]; + + sum1 = LONG_SUM(ntohl(usin.sin_addr.s_addr)); + sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)); + CALC_SUMD(sum1, sum2, sumd); + nat->nat_ipsumd = (sumd & 0xffff) + (sumd >> 16); + + nat->nat_inport = usin.sin_port; + nat->nat_outport = nlp->nl_outport; + nat->nat_oport = nlp->nl_realport; + + nat->nat_flags = IPN_TCPUDP; + + onoff = 1; + if (ioctl(fd, SIOCSTLCK, &onoff) == 0) { + if (ioctl(fd, SIOCSTPUT, &nsp) != 0) + perror("SIOCSTPUT"); + onoff = 0; + if (ioctl(fd, SIOCSTLCK, &onoff) != 0) + perror("SIOCSTLCK"); + } + + usin.sin_addr = nlp->nl_realip; + usin.sin_port = nlp->nl_realport; +printf("remote end for connection: %s,%d\n", inet_ntoa(usin.sin_addr), +ntohs(usin.sin_port)); +fflush(stdout); + if (connect(ofd, (struct sockaddr *)&usin, sizeof(usin))) + perror("connect"); + + relay(in, out, ofd); +} + + +relay(in, out, net) +int in, out, net; +{ + char netbuf[1024], outbuf[1024]; + char *nwptr, *nrptr, *owptr, *orptr; + size_t nsz, osz; + fd_set rd, wr; + int i, n, maxfd; + + n = 0; + maxfd = in; + if (out > maxfd) + maxfd = out; + if (net > maxfd) + maxfd = net; + + nrptr = netbuf; + nwptr = netbuf; + nsz = sizeof(netbuf); + orptr = outbuf; + owptr = outbuf; + osz = sizeof(outbuf); + + while (n >= 0) { + FD_ZERO(&rd); + FD_ZERO(&wr); + + if (nrptr - netbuf < sizeof(netbuf)) + FD_SET(in, &rd); + if (orptr - outbuf < sizeof(outbuf)) + FD_SET(net, &rd); + + if (nsz < sizeof(netbuf)) + FD_SET(net, &wr); + if (osz < sizeof(outbuf)) + FD_SET(out, &wr); + + n = select(maxfd + 1, &rd, &wr, NULL, NULL); + + if ((n > 0) && FD_ISSET(in, &rd)) { + i = read(in, nrptr, sizeof(netbuf) - (nrptr - netbuf)); + if (i <= 0) + break; + nsz -= i; + nrptr += i; + n--; + } + + if ((n > 0) && FD_ISSET(net, &rd)) { + i = read(net, orptr, sizeof(outbuf) - (orptr - outbuf)); + if (i <= 0) + break; + osz -= i; + orptr += i; + n--; + } + + if ((n > 0) && FD_ISSET(out, &wr)) { + i = write(out, owptr, orptr - owptr); + if (i <= 0) + break; + osz += i; + if (osz == sizeof(outbuf) || owptr == orptr) { + orptr = outbuf; + owptr = outbuf; + } else + owptr += i; + n--; + } + + if ((n > 0) && FD_ISSET(net, &wr)) { + i = write(net, nwptr, nrptr - nwptr); + if (i <= 0) + break; + nsz += i; + if (nsz == sizeof(netbuf) || nwptr == nrptr) { + nrptr = netbuf; + nwptr = netbuf; + } else + nwptr += i; + } + } + + close(net); + close(out); + close(in); +} +#endif |