status-im
/
miniupnp
mirror of https://github.com/status-im/miniupnp.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

miniupnpd/pf: fix add_filter_rule2() by adding internal address

This commit is contained in:
Thomas Bernard 2014-03-06 14:23:13 +01:00
parent 65b776f1ed
commit acc149ee99
1 changed files with 7 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
miniupnpd/pf/obsdrdr.c
View File

@ -1,4 +1,4 @@
/* $Id: obsdrdr.c,v 1.78 2014/02/28 20:18:41 nanard Exp $ */ /* $Id: obsdrdr.c,v 1.80 2014/03/06 13:02:46 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard * (c) 2006-2014 Thomas Bernard
@ -13,7 +13,7 @@
* or a rdr rule + a pass rule : * or a rdr rule + a pass rule :
* rdr quick on xl1 inet proto udp from any to any port = 54321 \ * rdr quick on xl1 inet proto udp from any to any port = 54321 \
* keep state label "test label" -> 192.168.0.42 port 12345 * keep state label "test label" -> 192.168.0.42 port 12345
* pass in quick on xl1 inet proto udp from any to any port = 12345 \ * pass in quick on xl1 inet proto udp from any to 192.168.0.42 port = 12345 \
* flags S/SA keep state label "test label" * flags S/SA keep state label "test label"
* *
* - OpenBSD starting from version 4.7 * - OpenBSD starting from version 4.7
@ -390,7 +390,6 @@ add_filter_rule2(const char * ifname,
struct pfioc_rule pcr; struct pfioc_rule pcr;
#ifndef PF_NEWSTYLE #ifndef PF_NEWSTYLE
struct pfioc_pooladdr pp; struct pfioc_pooladdr pp;
struct pf_pooladdr *a;
#endif #endif
#ifndef USE_IFNAME_IN_RULES #ifndef USE_IFNAME_IN_RULES
UNUSED(ifname); UNUSED(ifname);
@ -419,7 +418,6 @@ add_filter_rule2(const char * ifname,
if(1) if(1)
{ {
#endif #endif
pcr.rule.dst.port_op = PF_OP_EQ; pcr.rule.dst.port_op = PF_OP_EQ;
pcr.rule.dst.port[0] = htons(iport); pcr.rule.dst.port[0] = htons(iport);
pcr.rule.direction = PF_IN; pcr.rule.direction = PF_IN;
@ -454,33 +452,16 @@ add_filter_rule2(const char * ifname,
inet_pton(AF_INET, rhost, &pcr.rule.src.addr.v.a.addr.v4.s_addr); inet_pton(AF_INET, rhost, &pcr.rule.src.addr.v.a.addr.v4.s_addr);
pcr.rule.src.addr.v.a.mask.v4.s_addr = htonl(INADDR_NONE); pcr.rule.src.addr.v.a.mask.v4.s_addr = htonl(INADDR_NONE);
} }
/* we want any - iaddr port = # keep state label */
inet_pton(AF_INET, iaddr, &pcr.rule.dst.addr.v.a.addr.v4.s_addr);
pcr.rule.dst.addr.v.a.mask.v4.s_addr = htonl(INADDR_NONE);
#ifndef PF_NEWSTYLE #ifndef PF_NEWSTYLE
pcr.rule.rpool.proxy_port[0] = iport; pcr.rule.rpool.proxy_port[0] = iport;
a = calloc(1, sizeof(struct pf_pooladdr)); pcr.rule.rpool.proxy_port[1] = iport;
inet_pton(AF_INET, iaddr, &a->addr.v.a.addr.v4.s_addr);
a->addr.v.a.mask.v4.s_addr = htonl(INADDR_NONE);
memcpy(&pp.addr, a, sizeof(struct pf_pooladdr));
TAILQ_INIT(&pcr.rule.rpool.list); TAILQ_INIT(&pcr.rule.rpool.list);
inet_pton(AF_INET, iaddr, &a->addr.v.a.addr.v4.s_addr); #endif
TAILQ_INSERT_TAIL(&pcr.rule.rpool.list, a, entries);
/* we have any - any port = # keep state label */
/* we want any - iaddr port = # keep state label */
/* memcpy(&pcr.rule.dst, a, sizeof(struct pf_pooladdr)); */
memcpy(&pp.addr, a, sizeof(struct pf_pooladdr));
strlcpy(pcr.rule.label, desc, PF_RULE_LABEL_SIZE);
if(ioctl(dev, DIOCADDADDR, &pp) < 0)
{
syslog(LOG_ERR, "ioctl(dev, DIOCADDADDR, ...): %m");
r = -1;
}
else
{
#else
if(1) if(1)
{ {
#endif
pcr.action = PF_CHANGE_GET_TICKET; pcr.action = PF_CHANGE_GET_TICKET;
if(ioctl(dev, DIOCCHANGERULE, &pcr) < 0) if(ioctl(dev, DIOCCHANGERULE, &pcr) < 0)
{ {
@ -497,9 +478,6 @@ add_filter_rule2(const char * ifname,
} }
} }
} }
#ifndef PF_NEWSTYLE
free(a);
#endif
} }
return r; return r;
#endif #endif