summaryrefslogtreecommitdiffstats
path: root/contrib/ipfilter/samples/proxy.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ipfilter/samples/proxy.c')
-rw-r--r--contrib/ipfilter/samples/proxy.c315
1 files changed, 0 insertions, 315 deletions
diff --git a/contrib/ipfilter/samples/proxy.c b/contrib/ipfilter/samples/proxy.c
deleted file mode 100644
index f2063ec..0000000
--- a/contrib/ipfilter/samples/proxy.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
- * Sample transparent proxy program.
- *
- * Sample implementation of a program which intercepts a TCP connectiona and
- * just echos all data back to the origin. Written to work via inetd as a
- * "nonwait" program running as root; ie.
- * tcpmux stream tcp nowait root /usr/local/bin/proxy proxy
- * with a NAT rue like this:
- * rdr smc0 0/0 port 80 -> 127.0.0.1/32 port 1
- */
-#include <stdio.h>
-#include <string.h>
-#include <fcntl.h>
-#include <syslog.h>
-#if !defined(__SVR4) && !defined(__svr4__)
-#include <strings.h>
-#else
-#include <sys/byteorder.h>
-#endif
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/param.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <stddef.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#if defined(sun) && (defined(__svr4__) || defined(__SVR4))
-# include <sys/ioccom.h>
-# include <sys/sysmacros.h>
-#endif
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
-#include <net/if.h>
-#include <netdb.h>
-#include <arpa/nameser.h>
-#include <arpa/inet.h>
-#include <resolv.h>
-#include <ctype.h>
-#include "netinet/ip_compat.h"
-#include "netinet/ip_fil.h"
-#include "netinet/ip_nat.h"
-#include "netinet/ip_state.h"
-#include "netinet/ip_proxy.h"
-#include "netinet/ip_nat.h"
-#include "netinet/ipl.h"
-
-
-main(argc, argv)
-int argc;
-char *argv[];
-{
- struct sockaddr_in sin, sloc, sout;
- ipfobj_t obj;
- natlookup_t natlook;
- char buffer[512];
- int namelen, fd, n;
-
- /*
- * get IP# and port # of the remote end of the connection (at the
- * origin).
- */
- namelen = sizeof(sin);
- if (getpeername(0, (struct sockaddr *)&sin, &namelen) == -1) {
- perror("getpeername");
- exit(-1);
- }
-
- /*
- * get IP# and port # of the local end of the connection (at the
- * man-in-the-middle).
- */
- namelen = sizeof(sin);
- if (getsockname(0, (struct sockaddr *)&sloc, &namelen) == -1) {
- perror("getsockname");
- exit(-1);
- }
-
- bzero((char *)&obj, sizeof(obj));
- obj.ipfo_rev = IPFILTER_VERSION;
- obj.ipfo_size = sizeof(natlook);
- obj.ipfo_ptr = &natlook;
- obj.ipfo_type = IPFOBJ_NATLOOKUP;
-
- /*
- * Build up the NAT natlookup structure.
- */
- bzero((char *)&natlook, sizeof(natlook));
- natlook.nl_outip = sin.sin_addr;
- natlook.nl_inip = sloc.sin_addr;
- natlook.nl_flags = IPN_TCP;
- natlook.nl_outport = sin.sin_port;
- natlook.nl_inport = sloc.sin_port;
-
- /*
- * Open the NAT device and lookup the mapping pair.
- */
- fd = open(IPNAT_NAME, O_RDONLY);
- if (ioctl(fd, SIOCGNATL, &obj) == -1) {
- perror("ioctl(SIOCGNATL)");
- exit(-1);
- }
-
-#define DO_NAT_OUT
-#ifdef DO_NAT_OUT
- if (argc > 1)
- do_nat_out(0, 1, fd, &natlook, argv[1]);
-#else
-
- /*
- * Log it
- */
- syslog(LOG_DAEMON|LOG_INFO, "connect to %s,%d",
- inet_ntoa(natlook.nl_realip), ntohs(natlook.nl_realport));
- printf("connect to %s,%d\n",
- inet_ntoa(natlook.nl_realip), ntohs(natlook.nl_realport));
-
- /*
- * Just echo data read in from stdin to stdout
- */
- while ((n = read(0, buffer, sizeof(buffer))) > 0)
- if (write(1, buffer, n) != n)
- break;
- close(0);
-#endif
-}
-
-
-#ifdef DO_NAT_OUT
-do_nat_out(in, out, fd, nlp, extif)
-int fd;
-natlookup_t *nlp;
-char *extif;
-{
- nat_save_t ns, *nsp = &ns;
- struct sockaddr_in usin;
- u_32_t sum1, sum2, sumd;
- int onoff, ofd, slen;
- ipfobj_t obj;
- ipnat_t *ipn;
- nat_t *nat;
-
- bzero((char *)&ns, sizeof(ns));
-
- nat = &ns.ipn_nat;
- nat->nat_p = IPPROTO_TCP;
- nat->nat_dir = NAT_OUTBOUND;
- if ((extif != NULL) && (*extif != '\0')) {
- strncpy(nat->nat_ifnames[0], extif,
- sizeof(nat->nat_ifnames[0]));
- strncpy(nat->nat_ifnames[1], extif,
- sizeof(nat->nat_ifnames[1]));
- nat->nat_ifnames[0][sizeof(nat->nat_ifnames[0]) - 1] = '\0';
- nat->nat_ifnames[1][sizeof(nat->nat_ifnames[1]) - 1] = '\0';
- }
-
- ofd = socket(AF_INET, SOCK_DGRAM, 0);
- bzero((char *)&usin, sizeof(usin));
- usin.sin_family = AF_INET;
- usin.sin_addr = nlp->nl_realip;
- usin.sin_port = nlp->nl_realport;
- (void) connect(ofd, (struct sockaddr *)&usin, sizeof(usin));
- slen = sizeof(usin);
- (void) getsockname(ofd, (struct sockaddr *)&usin, &slen);
- close(ofd);
-printf("local IP# to use: %s\n", inet_ntoa(usin.sin_addr));
-
- if ((ofd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
- perror("socket");
- usin.sin_port = 0;
- if (bind(ofd, (struct sockaddr *)&usin, sizeof(usin)))
- perror("bind");
- slen = sizeof(usin);
- if (getsockname(ofd, (struct sockaddr *)&usin, &slen))
- perror("getsockname");
-printf("local port# to use: %d\n", ntohs(usin.sin_port));
-
- nat->nat_inip = usin.sin_addr;
- nat->nat_outip = nlp->nl_outip;
- nat->nat_oip = nlp->nl_realip;
-
- sum1 = LONG_SUM(ntohl(usin.sin_addr.s_addr)) + ntohs(usin.sin_port);
- sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)) + ntohs(nlp->nl_outport);
- CALC_SUMD(sum1, sum2, sumd);
- nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
- nat->nat_sumd[1] = nat->nat_sumd[0];
-
- sum1 = LONG_SUM(ntohl(usin.sin_addr.s_addr));
- sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr));
- CALC_SUMD(sum1, sum2, sumd);
- nat->nat_ipsumd = (sumd & 0xffff) + (sumd >> 16);
-
- nat->nat_inport = usin.sin_port;
- nat->nat_outport = nlp->nl_outport;
- nat->nat_oport = nlp->nl_realport;
-
- nat->nat_flags = IPN_TCPUDP;
-
- bzero((char *)&obj, sizeof(obj));
- obj.ipfo_rev = IPFILTER_VERSION;
- obj.ipfo_size = sizeof(*nsp);
- obj.ipfo_ptr = nsp;
- obj.ipfo_type = IPFOBJ_NATSAVE;
-
- onoff = 1;
- if (ioctl(fd, SIOCSTLCK, &onoff) == 0) {
- if (ioctl(fd, SIOCSTPUT, &obj) != 0)
- perror("SIOCSTPUT");
- onoff = 0;
- if (ioctl(fd, SIOCSTLCK, &onoff) != 0)
- perror("SIOCSTLCK");
- }
-
- usin.sin_addr = nlp->nl_realip;
- usin.sin_port = nlp->nl_realport;
-printf("remote end for connection: %s,%d\n", inet_ntoa(usin.sin_addr),
-ntohs(usin.sin_port));
-fflush(stdout);
- if (connect(ofd, (struct sockaddr *)&usin, sizeof(usin)))
- perror("connect");
-
- relay(in, out, ofd);
-}
-
-
-relay(in, out, net)
-int in, out, net;
-{
- char netbuf[1024], outbuf[1024];
- char *nwptr, *nrptr, *owptr, *orptr;
- size_t nsz, osz;
- fd_set rd, wr;
- int i, n, maxfd;
-
- n = 0;
- maxfd = in;
- if (out > maxfd)
- maxfd = out;
- if (net > maxfd)
- maxfd = net;
-
- nrptr = netbuf;
- nwptr = netbuf;
- nsz = sizeof(netbuf);
- orptr = outbuf;
- owptr = outbuf;
- osz = sizeof(outbuf);
-
- while (n >= 0) {
- FD_ZERO(&rd);
- FD_ZERO(&wr);
-
- if (nrptr - netbuf < sizeof(netbuf))
- FD_SET(in, &rd);
- if (orptr - outbuf < sizeof(outbuf))
- FD_SET(net, &rd);
-
- if (nsz < sizeof(netbuf))
- FD_SET(net, &wr);
- if (osz < sizeof(outbuf))
- FD_SET(out, &wr);
-
- n = select(maxfd + 1, &rd, &wr, NULL, NULL);
-
- if ((n > 0) && FD_ISSET(in, &rd)) {
- i = read(in, nrptr, sizeof(netbuf) - (nrptr - netbuf));
- if (i <= 0)
- break;
- nsz -= i;
- nrptr += i;
- n--;
- }
-
- if ((n > 0) && FD_ISSET(net, &rd)) {
- i = read(net, orptr, sizeof(outbuf) - (orptr - outbuf));
- if (i <= 0)
- break;
- osz -= i;
- orptr += i;
- n--;
- }
-
- if ((n > 0) && FD_ISSET(out, &wr)) {
- i = write(out, owptr, orptr - owptr);
- if (i <= 0)
- break;
- osz += i;
- if (osz == sizeof(outbuf) || owptr == orptr) {
- orptr = outbuf;
- owptr = outbuf;
- } else
- owptr += i;
- n--;
- }
-
- if ((n > 0) && FD_ISSET(net, &wr)) {
- i = write(net, nwptr, nrptr - nwptr);
- if (i <= 0)
- break;
- nsz += i;
- if (nsz == sizeof(netbuf) || nwptr == nrptr) {
- nrptr = netbuf;
- nwptr = netbuf;
- } else
- nwptr += i;
- }
- }
-
- close(net);
- close(out);
- close(in);
-}
-#endif
OpenPOWER on IntegriCloud