version 1.1.1.2, 2012/05/29 12:55:57
|
version 1.1.1.3, 2013/07/22 00:32:35
|
Line 13
|
Line 13
|
#include <netinet/in.h> |
#include <netinet/in.h> |
#include <arpa/inet.h> |
#include <arpa/inet.h> |
#include <dlfcn.h> |
#include <dlfcn.h> |
|
#include <xtables.h> |
#include <libiptc/libiptc.h> |
#include <libiptc/libiptc.h> |
#include <iptables.h> |
|
|
|
#include <linux/version.h> |
#include <linux/version.h> |
|
|
Line 29
|
Line 29
|
#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) |
#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) |
#define LIST_POISON2 ((void *) 0x00200200 ) |
#define LIST_POISON2 ((void *) 0x00200200 ) |
|
|
#include <net/netfilter/nf_nat.h> | #if 0 |
| #include <linux/netfilter/nf_nat.h> |
| #else |
| #include "tiny_nf_nat.h" |
| #endif |
#define ip_nat_multi_range nf_nat_multi_range |
#define ip_nat_multi_range nf_nat_multi_range |
#define ip_nat_range nf_nat_range |
#define ip_nat_range nf_nat_range |
#define IPTC_HANDLE struct iptc_handle * |
#define IPTC_HANDLE struct iptc_handle * |
Line 38
|
Line 42
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) |
#include <linux/netfilter_ipv4/ip_nat.h> |
#include <linux/netfilter_ipv4/ip_nat.h> |
#else |
#else |
|
#if 0 |
#include <linux/netfilter/nf_nat.h> |
#include <linux/netfilter/nf_nat.h> |
|
#else |
|
#include "tiny_nf_nat.h" |
#endif |
#endif |
|
#endif |
#define IPTC_HANDLE iptc_handle_t |
#define IPTC_HANDLE iptc_handle_t |
#endif |
#endif |
|
|
Line 48
|
Line 56
|
#define IPT_ALIGN XT_ALIGN |
#define IPT_ALIGN XT_ALIGN |
#endif |
#endif |
|
|
|
#include "../macros.h" |
|
#include "../config.h" |
#include "iptcrdr.h" |
#include "iptcrdr.h" |
#include "../upnpglobalvars.h" |
#include "../upnpglobalvars.h" |
|
|
Line 196 add_redirect_rule2(const char * ifname,
|
Line 206 add_redirect_rule2(const char * ifname,
|
const char * iaddr, unsigned short iport, int proto, |
const char * iaddr, unsigned short iport, int proto, |
const char * desc, unsigned int timestamp) |
const char * desc, unsigned int timestamp) |
{ |
{ |
int r = addnatrule(proto, eport, iaddr, iport, rhost); | int r; |
| UNUSED(ifname); |
| |
| r = addnatrule(proto, eport, iaddr, iport, rhost); |
if(r >= 0) |
if(r >= 0) |
add_redirect_desc(eport, proto, desc, timestamp); |
add_redirect_desc(eport, proto, desc, timestamp); |
return r; |
return r; |
Line 208 add_filter_rule2(const char * ifname,
|
Line 221 add_filter_rule2(const char * ifname,
|
unsigned short eport, unsigned short iport, |
unsigned short eport, unsigned short iport, |
int proto, const char * desc) |
int proto, const char * desc) |
{ |
{ |
|
UNUSED(ifname); |
|
UNUSED(eport); |
|
UNUSED(desc); |
|
|
return add_filter_rule(proto, rhost, iaddr, iport); |
return add_filter_rule(proto, rhost, iaddr, iport); |
} |
} |
|
|
/* get_redirect_rule() | /* get_redirect_rule() |
* returns -1 if the rule is not found */ |
* returns -1 if the rule is not found */ |
int |
int |
get_redirect_rule(const char * ifname, unsigned short eport, int proto, |
get_redirect_rule(const char * ifname, unsigned short eport, int proto, |
Line 227 get_redirect_rule(const char * ifname, unsigned short
|
Line 244 get_redirect_rule(const char * ifname, unsigned short
|
const struct ipt_entry_target * target; |
const struct ipt_entry_target * target; |
const struct ip_nat_multi_range * mr; |
const struct ip_nat_multi_range * mr; |
const struct ipt_entry_match *match; |
const struct ipt_entry_match *match; |
|
UNUSED(ifname); |
|
|
h = iptc_init("nat"); |
h = iptc_init("nat"); |
if(!h) |
if(!h) |
Line 270 get_redirect_rule(const char * ifname, unsigned short
|
Line 288 get_redirect_rule(const char * ifname, unsigned short
|
continue; |
continue; |
} |
} |
target = (void *)e + e->target_offset; |
target = (void *)e + e->target_offset; |
//target = ipt_get_target(e); | /* target = ipt_get_target(e); */ |
mr = (const struct ip_nat_multi_range *)&target->data[0]; |
mr = (const struct ip_nat_multi_range *)&target->data[0]; |
snprintip(iaddr, iaddrlen, ntohl(mr->range[0].min_ip)); |
snprintip(iaddr, iaddrlen, ntohl(mr->range[0].min_ip)); |
*iport = ntohs(mr->range[0].min.all); |
*iport = ntohs(mr->range[0].min.all); |
Line 297 get_redirect_rule(const char * ifname, unsigned short
|
Line 315 get_redirect_rule(const char * ifname, unsigned short
|
return r; |
return r; |
} |
} |
|
|
/* get_redirect_rule_by_index() | /* get_redirect_rule_by_index() |
* return -1 when the rule was not found */ |
* return -1 when the rule was not found */ |
int |
int |
get_redirect_rule_by_index(int index, |
get_redirect_rule_by_index(int index, |
Line 324 get_redirect_rule_by_index(int index,
|
Line 342 get_redirect_rule_by_index(int index,
|
const struct ipt_entry_target * target; |
const struct ipt_entry_target * target; |
const struct ip_nat_multi_range * mr; |
const struct ip_nat_multi_range * mr; |
const struct ipt_entry_match *match; |
const struct ipt_entry_match *match; |
|
UNUSED(ifname); |
|
|
h = iptc_init("nat"); |
h = iptc_init("nat"); |
if(!h) |
if(!h) |
Line 569 delete_redirect_and_filter_rules(unsigned short eport,
|
Line 588 delete_redirect_and_filter_rules(unsigned short eport,
|
} |
} |
|
|
/* ==================================== */ |
/* ==================================== */ |
/* TODO : add the -m state --state NEW,ESTABLISHED,RELATED | /* TODO : add the -m state --state NEW,ESTABLISHED,RELATED |
* only for the filter rule */ |
* only for the filter rule */ |
static struct ipt_entry_match * |
static struct ipt_entry_match * |
get_tcp_match(unsigned short dport) |
get_tcp_match(unsigned short dport) |
Line 703 iptc_init_verify_and_append(const char * table,
|
Line 722 iptc_init_verify_and_append(const char * table,
|
return 0; |
return 0; |
} |
} |
|
|
/* add nat rule | /* add nat rule |
* iptables -t nat -A MINIUPNPD -p proto --dport eport -j DNAT --to iaddr:iport |
* iptables -t nat -A MINIUPNPD -p proto --dport eport -j DNAT --to iaddr:iport |
* */ |
* */ |
static int |
static int |
Line 745 addnatrule(int proto, unsigned short eport,
|
Line 764 addnatrule(int proto, unsigned short eport,
|
e->ip.src.s_addr = inet_addr(rhost); |
e->ip.src.s_addr = inet_addr(rhost); |
e->ip.smsk.s_addr = INADDR_NONE; |
e->ip.smsk.s_addr = INADDR_NONE; |
} |
} |
| |
r = iptc_init_verify_and_append("nat", miniupnpd_nat_chain, e, "addnatrule()"); |
r = iptc_init_verify_and_append("nat", miniupnpd_nat_chain, e, "addnatrule()"); |
free(target); |
free(target); |
free(match); |
free(match); |
Line 808 add_filter_rule(int proto, const char * rhost,
|
Line 827 add_filter_rule(int proto, const char * rhost,
|
e->ip.src.s_addr = inet_addr(rhost); |
e->ip.src.s_addr = inet_addr(rhost); |
e->ip.smsk.s_addr = INADDR_NONE; |
e->ip.smsk.s_addr = INADDR_NONE; |
} |
} |
| |
r = iptc_init_verify_and_append("filter", miniupnpd_forward_chain, e, "add_filter_rule()"); |
r = iptc_init_verify_and_append("filter", miniupnpd_forward_chain, e, "add_filter_rule()"); |
free(target); |
free(target); |
free(match); |
free(match); |
Line 976 list_redirect_rule(const char * ifname)
|
Line 995 list_redirect_rule(const char * ifname)
|
const struct ip_nat_multi_range * mr; |
const struct ip_nat_multi_range * mr; |
const char * target_str; |
const char * target_str; |
char addr[16], mask[16]; |
char addr[16], mask[16]; |
|
(void)ifname; |
|
|
h = iptc_init("nat"); |
h = iptc_init("nat"); |
if(!h) |
if(!h) |