summaryrefslogtreecommitdiffstats
path: root/contrib/ipfilter/tools/ipnat_y.y
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ipfilter/tools/ipnat_y.y')
-rw-r--r--contrib/ipfilter/tools/ipnat_y.y63
1 files changed, 50 insertions, 13 deletions
diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y
index ddd4311..095b294 100644
--- a/contrib/ipfilter/tools/ipnat_y.y
+++ b/contrib/ipfilter/tools/ipnat_y.y
@@ -52,6 +52,7 @@ static ipnat_t *nat = NULL;
static int natfd = -1;
static ioctlfunc_t natioctlfunc = NULL;
static addfunc_t nataddfunc = NULL;
+static int suggest_port = 0;
static void newnatrule __P((void));
static void setnatproto __P((int));
@@ -170,6 +171,9 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions
strncpy(nat->in_ifnames[1],
nat->in_ifnames[0],
sizeof(nat->in_ifnames[0]));
+ if ((suggest_port == 1) &&
+ (nat->in_flags & IPN_TCPUDP) == 0)
+ nat->in_flags |= IPN_TCPUDP;
if ((nat->in_flags & IPN_TCPUDP) == 0)
setnatproto(nat->in_p);
if (((nat->in_redir & NAT_MAPBLK) != 0) ||
@@ -184,6 +188,9 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions
strncpy(nat->in_ifnames[1],
nat->in_ifnames[0],
sizeof(nat->in_ifnames[0]));
+ if ((suggest_port == 1) &&
+ (nat->in_flags & IPN_TCPUDP) == 0)
+ nat->in_flags |= IPN_TCPUDP;
if (((nat->in_redir & NAT_MAPBLK) != 0) ||
((nat->in_flags & IPN_AUTOPORTMAP) != 0))
nat_setgroupmap(nat);
@@ -222,7 +229,7 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions
(nat->in_pmin != 0 ||
nat->in_pmax != 0 ||
nat->in_pnext != 0))
- setnatproto(IPPROTO_TCP);
+ setnatproto(IPPROTO_TCP);
}
| rdrit ifnames rdrfrom IPNY_TLATE dip nport setproto rdroptions
{ nat->in_v = 4;
@@ -232,6 +239,9 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions
nat->in_pmax != 0 ||
nat->in_pnext != 0))
setnatproto(IPPROTO_TCP);
+ if ((suggest_port == 1) &&
+ (nat->in_flags & IPN_TCPUDP) == 0)
+ nat->in_flags |= IPN_TCPUDP;
if (nat->in_ifnames[1][0] == '\0')
strncpy(nat->in_ifnames[1],
nat->in_ifnames[0],
@@ -246,9 +256,19 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions
nat->in_ifnames[0],
sizeof(nat->in_ifnames[0]));
}
+ | rdrit ifnames rdrfrom IPNY_TLATE dip setproto rdroptions
+ { nat->in_v = 4;
+ if ((suggest_port == 1) &&
+ (nat->in_flags & IPN_TCPUDP) == 0)
+ nat->in_flags |= IPN_TCPUDP;
+ if (nat->in_ifnames[1][0] == '\0')
+ strncpy(nat->in_ifnames[1],
+ nat->in_ifnames[0],
+ sizeof(nat->in_ifnames[0]));
+ }
;
-proxy: | IPNY_PROXY IPNY_PORT portspec YY_STR '/' proto
+proxy: | IPNY_PROXY port portspec YY_STR '/' proto
{ strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel));
if (nat->in_dcmp == 0) {
nat->in_dport = htons($3);
@@ -258,7 +278,7 @@ proxy: | IPNY_PROXY IPNY_PORT portspec YY_STR '/' proto
setnatproto($6);
free($4);
}
- | IPNY_PROXY IPNY_PORT YY_STR YY_STR '/' proto
+ | IPNY_PROXY port YY_STR YY_STR '/' proto
{ int pnum;
strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel));
pnum = getportproto($3, $6);
@@ -310,6 +330,9 @@ dip:
nat->in_inmsk = $3.s_addr; }
;
+port: IPNY_PORT { suggest_port = 1; }
+ ;
+
portspec:
YY_NUMBER { if ($1 > 65535) /* Unsigned */
yyerror("invalid port number");
@@ -322,16 +345,16 @@ portspec:
}
;
-dport: | IPNY_PORT portspec { nat->in_pmin = htons($2);
+dport: | port portspec { nat->in_pmin = htons($2);
nat->in_pmax = htons($2); }
- | IPNY_PORT portspec '-' portspec { nat->in_pmin = htons($2);
+ | port portspec '-' portspec { nat->in_pmin = htons($2);
nat->in_pmax = htons($4); }
- | IPNY_PORT portspec ':' portspec { nat->in_pmin = htons($2);
+ | port portspec ':' portspec { nat->in_pmin = htons($2);
nat->in_pmax = htons($4); }
;
-nport: IPNY_PORT portspec { nat->in_pnext = htons($2); }
- | IPNY_PORT '=' portspec { nat->in_pnext = htons($3);
+nport: port portspec { nat->in_pnext = htons($2); }
+ | port '=' portspec { nat->in_pnext = htons($3);
nat->in_flags |= IPN_FIXEDDPORT;
}
;
@@ -355,12 +378,16 @@ mapfrom:
from sobject IPNY_TO dobject
| from sobject '!' IPNY_TO dobject
{ nat->in_flags |= IPN_NOTDST; }
+ | from sobject IPNY_TO '!' dobject
+ { nat->in_flags |= IPN_NOTDST; }
;
rdrfrom:
from sobject IPNY_TO dobject
| '!' from sobject IPNY_TO dobject
{ nat->in_flags |= IPN_NOTSRC; }
+ | from '!' sobject IPNY_TO dobject
+ { nat->in_flags |= IPN_NOTSRC; }
;
from: IPNY_FROM { nat->in_flags |= IPN_FILTER; }
@@ -413,7 +440,7 @@ mapport:
sobject:
saddr
- | saddr IPNY_PORT portstuff { nat->in_sport = $3.p1;
+ | saddr port portstuff { nat->in_sport = $3.p1;
nat->in_stop = $3.p2;
nat->in_scmp = $3.pc; }
;
@@ -430,7 +457,7 @@ saddr: addr { if (nat->in_redir == NAT_REDIRECT) {
dobject:
daddr
- | daddr IPNY_PORT portstuff { nat->in_dport = $3.p1;
+ | daddr port portstuff { nat->in_dport = $3.p1;
nat->in_dtop = $3.p2;
nat->in_dcmp = $3.pc;
if (nat->in_redir == NAT_REDIRECT)
@@ -535,10 +562,18 @@ rdrproxy:
}
;
-proto: YY_NUMBER { $$ = $1; }
+proto: YY_NUMBER { $$ = $1;
+ if ($$ != IPPROTO_TCP &&
+ $$ != IPPROTO_UDP)
+ suggest_port = 0;
+ }
| IPNY_TCP { $$ = IPPROTO_TCP; }
| IPNY_UDP { $$ = IPPROTO_UDP; }
- | YY_STR { $$ = getproto($1); free($1); }
+ | YY_STR { $$ = getproto($1); free($1);
+ if ($$ != IPPROTO_TCP &&
+ $$ != IPPROTO_UDP)
+ suggest_port = 0;
+ }
;
hexnumber:
@@ -706,6 +741,8 @@ static void newnatrule()
nat->in_next = n;
nat = n;
}
+
+ suggest_port = 0;
}
@@ -782,7 +819,7 @@ void *ptr;
del = SIOCRMNAT;
}
- if (ipn && (opts & OPT_VERBOSE))
+ if ((opts & OPT_VERBOSE) != 0)
printnat(ipn, opts);
if (opts & OPT_DEBUG)
OpenPOWER on IntegriCloud