embedaddon/miniupnpd/ipfw/ipfwrdr.c - diff

Return to ipfwrdr.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / miniupnpd / ipfw

Diff for /embedaddon/miniupnpd/ipfw/ipfwrdr.c between versions 1.1.1.2 and 1.1.1.3

version 1.1.1.2, 2012/05/29 12:55:57	version 1.1.1.3, 2013/07/22 00:32:35
Line 3	Line 3
* MiniUPnP project	* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/	* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2009 Jardel Weyrich	* (c) 2009 Jardel Weyrich
* (c) 2011 Thomas Bernard	* (c) 2011-2012 Thomas Bernard
* This software is subject to the conditions detailed	* This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution	* in the LICENCE file provided within the distribution
*/	*/
Line 14	Line 14
#include <sys/types.h>	#include <sys/types.h>
#include <sys/file.h>	#include <sys/file.h>

//	/*
// This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD.	This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD.
// Needed here because on some systems <sys/uio.h> gets included by things	Needed here because on some systems <sys/uio.h> gets included by things
// like <sys/socket.h>	like <sys/socket.h>
//	*/
#ifndef _KERNEL	#ifndef _KERNEL
# define ADD_KERNEL	# define ADD_KERNEL
# define _KERNEL	# define _KERNEL
Line 170 int add_redirect_rule2(	Line 170 int add_redirect_rule2(
return -1;	return -1;
if (ipfw_validate_ifname(ifname) < 0)	if (ipfw_validate_ifname(ifname) < 0)
return -1;	return -1;

memset(&rule, 0, sizeof(struct ip_fw));	memset(&rule, 0, sizeof(struct ip_fw));
rule.version = IP_FW_CURRENT_API_VERSION;	rule.version = IP_FW_CURRENT_API_VERSION;
//rule.fw_number = 1000; // rule number	#if 0
//rule.context = (void *)desc; // The description is kept in a separate list	rule.fw_number = 1000; /* rule number */
rule.fw_prot = proto; // protocol	rule.context = (void )desc; / The description is kept in a separate list */
rule.fw_flg \|= IP_FW_F_IIFACE; // interfaces to check	#endif
rule.fw_flg \|= IP_FW_F_IIFNAME; // interfaces to check by name	rule.fw_prot = proto; /* protocol */
rule.fw_flg \|= (IP_FW_F_IN \| IP_FW_F_OUT); // packet direction	rule.fw_flg \|= IP_FW_F_IIFACE; /* interfaces to check */
rule.fw_flg \|= IP_FW_F_FWD; // forward action	rule.fw_flg \|= IP_FW_F_IIFNAME; /* interfaces to check by name */
	rule.fw_flg \|= (IP_FW_F_IN \| IP_FW_F_OUT); /* packet direction */
	rule.fw_flg \|= IP_FW_F_FWD; /* forward action */
#ifdef USE_IFNAME_IN_RULES	#ifdef USE_IFNAME_IN_RULES
if (ifname != NULL) {	if (ifname != NULL) {
strlcpy(rule.fw_in_if.fu_via_if.name, ifname, IFNAMSIZ); // src interface	strlcpy(rule.fw_in_if.fu_via_if.name, ifname, IFNAMSIZ); /* src interface */
rule.fw_in_if.fu_via_if.unit = -1;	rule.fw_in_if.fu_via_if.unit = -1;
}	}
#endif	#endif
if (inet_aton(iaddr, &rule.fw_out_if.fu_via_ip) == 0) {	if (inet_aton(iaddr, &rule.fw_out_if.fu_via_ip) == 0) {
syslog(LOG_ERR, "inet_aton(): %m");	syslog(LOG_ERR, "inet_aton(): %m");
return -1;	return -1;
}	}
memcpy(&rule.fw_dst, &rule.fw_out_if.fu_via_ip, sizeof(struct in_addr));	memcpy(&rule.fw_dst, &rule.fw_out_if.fu_via_ip, sizeof(struct in_addr));
memcpy(&rule.fw_fwd_ip.sin_addr, &rule.fw_out_if.fu_via_ip, sizeof(struct in_addr));	memcpy(&rule.fw_fwd_ip.sin_addr, &rule.fw_out_if.fu_via_ip, sizeof(struct in_addr));
rule.fw_dmsk.s_addr = INADDR_BROADCAST; //TODO check this	rule.fw_dmsk.s_addr = INADDR_BROADCAST; /* TODO check this */
IP_FW_SETNDSTP(&rule, 1); // number of external ports	IP_FW_SETNDSTP(&rule, 1); /* number of external ports */
rule.fw_uar.fw_pts[0] = eport; // external port	rule.fw_uar.fw_pts[0] = eport; /* external port */
rule.fw_fwd_ip.sin_port = iport; // internal port	rule.fw_fwd_ip.sin_port = iport; /* internal port */
if (rhost && rhost[0] != '\0') {	if (rhost && rhost[0] != '\0') {
inet_aton(rhost, &rule.fw_src);	inet_aton(rhost, &rule.fw_src);
rule.fw_smsk.s_addr = htonl(INADDR_NONE);	rule.fw_smsk.s_addr = htonl(INADDR_NONE);
Line 214 int get_redirect_rule(	Line 216 int get_redirect_rule(
const char * ifname,	const char * ifname,
unsigned short eport,	unsigned short eport,
int proto,	int proto,
char * iaddr,	char * iaddr,
int iaddrlen,	int iaddrlen,
unsigned short * iport,	unsigned short * iport,
char * desc,	char * desc,
int desclen,	int desclen,
char * rhost,	char * rhost,
int rhostlen,	int rhostlen,
Line 227 int get_redirect_rule(	Line 229 int get_redirect_rule(
{	{
int i, count_rules, total_rules = 0;	int i, count_rules, total_rules = 0;
struct ip_fw * rules = NULL;	struct ip_fw * rules = NULL;

if (ipfw_validate_protocol(proto) < 0)	if (ipfw_validate_protocol(proto) < 0)
return -1;	return -1;
if (ipfw_validate_ifname(ifname) < 0)	if (ipfw_validate_ifname(ifname) < 0)
Line 240 int get_redirect_rule(	Line 242 int get_redirect_rule(
if (count_rules < 0)	if (count_rules < 0)
goto error;	goto error;
} while (count_rules == 10);	} while (count_rules == 10);

for (i=0; i<total_rules-1; i++) {	for (i=0; i<total_rules-1; i++) {
const struct ip_fw const * ptr = &rules[i];	const struct ip_fw const * ptr = &rules[i];
if (proto == ptr->fw_prot && eport == ptr->fw_uar.fw_pts[0]) {	if (proto == ptr->fw_prot && eport == ptr->fw_uar.fw_pts[0]) {
Line 252 int get_redirect_rule(	Line 254 int get_redirect_rule(
*iport = ptr->fw_fwd_ip.sin_port;	*iport = ptr->fw_fwd_ip.sin_port;
if (iaddr != NULL && iaddrlen > 0) {	if (iaddr != NULL && iaddrlen > 0) {
/* looks like fw_out_if.fu_via_ip is zero */	/* looks like fw_out_if.fu_via_ip is zero */
//if (inet_ntop(AF_INET, &ptr->fw_out_if.fu_via_ip, iaddr, iaddrlen) == NULL) {	/if (inet_ntop(AF_INET, &ptr->fw_out_if.fu_via_ip, iaddr, iaddrlen) == NULL) {/
if (inet_ntop(AF_INET, &ptr->fw_fwd_ip.sin_addr, iaddr, iaddrlen) == NULL) {	if (inet_ntop(AF_INET, &ptr->fw_fwd_ip.sin_addr, iaddr, iaddrlen) == NULL) {
syslog(LOG_ERR, "inet_ntop(): %m");	syslog(LOG_ERR, "inet_ntop(): %m");
goto error;	goto error;
}	}
}	}
if (rhost != NULL && rhostlen > 0) {	if (rhost != NULL && rhostlen > 0) {
if (ptr->fw_src.s_addr == 0)	if (ptr->fw_src.s_addr == 0)
Line 264 int get_redirect_rule(	Line 266 int get_redirect_rule(
else if (inet_ntop(AF_INET, &ptr->fw_src.s_addr, rhost, rhostlen) == NULL) {	else if (inet_ntop(AF_INET, &ptr->fw_src.s_addr, rhost, rhostlen) == NULL) {
syslog(LOG_ERR, "inet_ntop(): %m");	syslog(LOG_ERR, "inet_ntop(): %m");
goto error;	goto error;
}	}
}	}
// And what if we found more than 1 matching rule?	/* And what if we found more than 1 matching rule? */
ipfw_free_ruleset(&rules);	ipfw_free_ruleset(&rules);
get_desc_time(eport, proto, desc, desclen, timestamp);	get_desc_time(eport, proto, desc, desclen, timestamp);
return 0;	return 0;
Line 275 int get_redirect_rule(	Line 277 int get_redirect_rule(

error:	error:
if (rules != NULL)	if (rules != NULL)
ipfw_free_ruleset(&rules);	ipfw_free_ruleset(&rules);
return -1;	return -1;
}	}

int delete_redirect_rule(	int delete_redirect_rule(
const char * ifname,	const char * ifname,
unsigned short eport,	unsigned short eport,
int proto)	int proto)
{	{
int i, count_rules, total_rules = 0;	int i, count_rules, total_rules = 0;
struct ip_fw * rules = NULL;	struct ip_fw * rules = NULL;

if (ipfw_validate_protocol(proto) < 0)	if (ipfw_validate_protocol(proto) < 0)
return -1;	return -1;
if (ipfw_validate_ifname(ifname) < 0)	if (ipfw_validate_ifname(ifname) < 0)
return -1;	return -1;

do {	do {
count_rules = ipfw_fetch_ruleset(&rules, &total_rules, 10);	count_rules = ipfw_fetch_ruleset(&rules, &total_rules, 10);
if (count_rules < 0)	if (count_rules < 0)
goto error;	goto error;
} while (count_rules == 10);	} while (count_rules == 10);

for (i=0; i<total_rules-1; i++) {	for (i=0; i<total_rules-1; i++) {
const struct ip_fw const * ptr = &rules[i];	const struct ip_fw const * ptr = &rules[i];
if (proto == ptr->fw_prot && eport == ptr->fw_uar.fw_pts[0]) {	if (proto == ptr->fw_prot && eport == ptr->fw_uar.fw_pts[0]) {
if (ipfw_exec(IP_FW_DEL, (struct ip_fw )ptr, sizeof(ptr)) < 0)	if (ipfw_exec(IP_FW_DEL, (struct ip_fw )ptr, sizeof(ptr)) < 0)
goto error;	goto error;
// And what if we found more than 1 matching rule?	/* And what if we found more than 1 matching rule? */
ipfw_free_ruleset(&rules);	ipfw_free_ruleset(&rules);
del_desc_time(eport, proto);	del_desc_time(eport, proto);
return 0;	return 0;
}	}
}	}

error:	error:
if (rules != NULL)	if (rules != NULL)
ipfw_free_ruleset(&rules);	ipfw_free_ruleset(&rules);
return -1;	return -1;
}	}

int add_filter_rule2(	int add_filter_rule2(
const char * ifname,	const char * ifname,
const char * rhost,	const char * rhost,
const char * iaddr,	const char * iaddr,
unsigned short eport,	unsigned short eport,
unsigned short iport,	unsigned short iport,
int proto,	int proto,
const char * desc)	const char * desc)
{	{
//return -1;
return 0; /* nothing to do, always success */	return 0; /* nothing to do, always success */
}	}

int delete_filter_rule(	int delete_filter_rule(
const char * ifname,	const char * ifname,
unsigned short eport,	unsigned short eport,
int proto)	int proto)
{	{
//return -1;
return 0; /* nothing to do, always success */	return 0; /* nothing to do, always success */
}	}

int get_redirect_rule_by_index(	int get_redirect_rule_by_index(
int index,	int index,
char * ifname,	char * ifname,
unsigned short * eport,	unsigned short * eport,
char * iaddr,	char * iaddr,
int iaddrlen,	int iaddrlen,
unsigned short * iport,	unsigned short * iport,
int * proto,	int * proto,
char * desc,	char * desc,
int desclen,	int desclen,
char * rhost,	char * rhost,
int rhostlen,	int rhostlen,
unsigned int * timestamp,	unsigned int * timestamp,
u_int64_t * packets,	u_int64_t * packets,
u_int64_t * bytes)	u_int64_t * bytes)
{	{
int total_rules = 0;	int total_rules = 0;
struct ip_fw * rules = NULL;	struct ip_fw * rules = NULL;

if (index < 0) // TODO shouldn't we also validate the maximum?	if (index < 0) /* TODO shouldn't we also validate the maximum? */
return -1;	return -1;

if(timestamp)	if(timestamp)
Line 367 int get_redirect_rule_by_index(	Line 367 int get_redirect_rule_by_index(

if (total_rules > index) {	if (total_rules > index) {
const struct ip_fw const * ptr = &rules[index];	const struct ip_fw const * ptr = &rules[index];
if (ptr->fw_prot == 0) // invalid rule	if (ptr->fw_prot == 0) /* invalid rule */
goto error;	goto error;
if (proto != NULL)	if (proto != NULL)
*proto = ptr->fw_prot;	*proto = ptr->fw_prot;
Line 385 int get_redirect_rule_by_index(	Line 385 int get_redirect_rule_by_index(
*iport = ptr->fw_fwd_ip.sin_port;	*iport = ptr->fw_fwd_ip.sin_port;
if (iaddr != NULL && iaddrlen > 0) {	if (iaddr != NULL && iaddrlen > 0) {
/* looks like fw_out_if.fu_via_ip is zero */	/* looks like fw_out_if.fu_via_ip is zero */
//if (inet_ntop(AF_INET, &ptr->fw_out_if.fu_via_ip, iaddr, iaddrlen) == NULL) {	/if (inet_ntop(AF_INET, &ptr->fw_out_if.fu_via_ip, iaddr, iaddrlen) == NULL) {/
if (inet_ntop(AF_INET, &ptr->fw_fwd_ip.sin_addr, iaddr, iaddrlen) == NULL) {	if (inet_ntop(AF_INET, &ptr->fw_fwd_ip.sin_addr, iaddr, iaddrlen) == NULL) {
syslog(LOG_ERR, "inet_ntop(): %m");	syslog(LOG_ERR, "inet_ntop(): %m");
goto error;	goto error;
}	}
}	}
if (rhost != NULL && rhostlen > 0) {	if (rhost != NULL && rhostlen > 0) {
if (ptr->fw_src.s_addr == 0)	if (ptr->fw_src.s_addr == 0)
Line 397 int get_redirect_rule_by_index(	Line 397 int get_redirect_rule_by_index(
else if (inet_ntop(AF_INET, &ptr->fw_src.s_addr, rhost, rhostlen) == NULL) {	else if (inet_ntop(AF_INET, &ptr->fw_src.s_addr, rhost, rhostlen) == NULL) {
syslog(LOG_ERR, "inet_ntop(): %m");	syslog(LOG_ERR, "inet_ntop(): %m");
goto error;	goto error;
}	}
}	}
ipfw_free_ruleset(&rules);	ipfw_free_ruleset(&rules);
get_desc_time(eport, proto, desc, desclen, timestamp);	get_desc_time(eport, proto, desc, desclen, timestamp);
Line 406 int get_redirect_rule_by_index(	Line 406 int get_redirect_rule_by_index(

error:	error:
if (rules != NULL)	if (rules != NULL)
ipfw_free_ruleset(&rules);	ipfw_free_ruleset(&rules);
return -1;	return -1;
}	}

/* upnp_get_portmappings_in_range()	/* upnp_get_portmappings_in_range()
Line 423 get_portmappings_in_range(unsigned short startport,	Line 423 get_portmappings_in_range(unsigned short startport,
unsigned int capacity = 128;	unsigned int capacity = 128;
int i, count_rules, total_rules = 0;	int i, count_rules, total_rules = 0;
struct ip_fw * rules = NULL;	struct ip_fw * rules = NULL;

if (ipfw_validate_protocol(proto) < 0)	if (ipfw_validate_protocol(proto) < 0)
return NULL;	return NULL;

do {	do {
count_rules = ipfw_fetch_ruleset(&rules, &total_rules, 10);	count_rules = ipfw_fetch_ruleset(&rules, &total_rules, 10);
if (count_rules < 0)	if (count_rules < 0)
goto error;	goto error;
} while (count_rules == 10);	} while (count_rules == 10);

array = calloc(capacity, sizeof(unsigned short));	array = calloc(capacity, sizeof(unsigned short));
if(!array) {	if(!array) {
syslog(LOG_ERR, "get_portmappings_in_range() : calloc error");	syslog(LOG_ERR, "get_portmappings_in_range() : calloc error");
Line 461 get_portmappings_in_range(unsigned short startport,	Line 461 get_portmappings_in_range(unsigned short startport,
}	}
error:	error:
if (rules != NULL)	if (rules != NULL)
ipfw_free_ruleset(&rules);	ipfw_free_ruleset(&rules);
return array;	return array;
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.2
changed lines
	Added in v.1.1.1.3