From be124b6508461ebf57e158eac830886bd094776a Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Mon, 18 Jan 2016 22:46:30 +0100
Subject: [PATCH] add find_pinhole() to pf/ code also

see #188
---
 miniupnpd/pf/Makefile        |  3 +-
 miniupnpd/pf/pfpinhole.c     | 69 ++++++++++++++++++++++++++++++++++--
 miniupnpd/pf/pfpinhole.h     |  8 ++++-
 miniupnpd/pf/testpfpinhole.c | 15 ++++++--
 4 files changed, 88 insertions(+), 7 deletions(-)

diff --git a/miniupnpd/pf/Makefile b/miniupnpd/pf/Makefile
index d0d28c9..f94c074 100644
--- a/miniupnpd/pf/Makefile
+++ b/miniupnpd/pf/Makefile
@@ -1,6 +1,7 @@
 # $Id: Makefile,v 1.4 2012/04/18 20:45:33 nanard Exp $
 # made for GNU Make (and BSD make)
-CFLAGS = -Wall -g -ansi -DTEST
+CFLAGS = -Wall -g -DTEST
+CFLAGS += -Wextra
 EXECUTABLES = testobsdrdr testpfpinhole
 
 all:	$(EXECUTABLES)
diff --git a/miniupnpd/pf/pfpinhole.c b/miniupnpd/pf/pfpinhole.c
index b05b75d..449a700 100644
--- a/miniupnpd/pf/pfpinhole.c
+++ b/miniupnpd/pf/pfpinhole.c
@@ -1,7 +1,8 @@
 /* $Id: pfpinhole.c,v 1.24 2014/12/05 09:54:55 nanard Exp $ */
-/* MiniUPnP project
+/* vim: tabstop=4 shiftwidth=4 noexpandtab
+ * MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2012 Thomas Bernard
+ * (c) 2012-2016 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -40,7 +41,7 @@
  *   flags S/SA keep state
  *   label "pinhole-2 ts-4321000"
  *
- * with the label "pinhole-$uid ts-$timestamp"
+ * with the label "pinhole-$uid ts-$timestamp: $description"
  */
 
 #ifdef ENABLE_UPNPPINHOLE
@@ -158,6 +159,68 @@ int add_pinhole(const char * ifname,
 	return uid;
 }
 
+int find_pinhole(const char * ifname,
+                 const char * rem_host, unsigned short rem_port,
+                 const char * int_client, unsigned short int_port,
+                 int proto,
+                 char *desc, int desc_len, unsigned int * timestamp)
+{
+	int uid;
+	unsigned int ts;
+	int i, n;
+	struct pfioc_rule pr;
+	struct in6_addr saddr;
+	struct in6_addr daddr;
+	UNUSED(ifname);
+
+	if(dev<0) {
+		syslog(LOG_ERR, "pf device is not open");
+		return -1;
+	}
+	if(rem_host && (rem_host[0] != '\0')) {
+		inet_pton(AF_INET6, rem_host, &saddr);
+	} else {
+		memset(&saddr, 0, sizeof(struct in6_addr));
+	}
+	inet_pton(AF_INET6, int_client, &daddr);
+	memset(&pr, 0, sizeof(pr));
+	strlcpy(pr.anchor, anchor_name, MAXPATHLEN);
+#ifndef PF_NEWSTYLE
+	pr.rule.action = PF_PASS;
+#endif
+	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
+		return -1;
+	}
+	n = pr.nr;
+	for(i=0; i<n; i++) {
+		pr.nr = i;
+		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
+			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+			return -1;
+		}
+		if((proto == pr.rule.proto) && (rem_port == ntohs(pr.rule.src.port[0]))
+		   && (0 == memcmp(&saddr, &pr.rule.src.addr.v.a.addr.v6, sizeof(struct in6_addr)))
+		   && (int_port == ntohs(pr.rule.dst.port[0])) &&
+		   (0 == memcmp(&daddr, &pr.rule.dst.addr.v.a.addr.v6, sizeof(struct in6_addr)))) {
+			if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) {
+				syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", pr.rule.label);
+				continue;
+			}
+			if(timestamp) *timestamp = ts;
+			if(desc) {
+				char * p = strchr(pr.rule.label, ':');
+				if(p) {
+					p += 2;
+					strlcpy(desc, p, desc_len);
+				}
+			}
+			return uid;
+		}
+	}
+	return -2;
+}
+
 int delete_pinhole(unsigned short uid)
 {
 	int i, n;
diff --git a/miniupnpd/pf/pfpinhole.h b/miniupnpd/pf/pfpinhole.h
index 3860305..5d695df 100644
--- a/miniupnpd/pf/pfpinhole.h
+++ b/miniupnpd/pf/pfpinhole.h
@@ -1,7 +1,7 @@
 /* $Id: pfpinhole.h,v 1.9 2012/05/01 22:37:53 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2012 Thomas Bernard
+ * (c) 2012-2016 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -10,6 +10,12 @@
 
 #ifdef ENABLE_UPNPPINHOLE
 
+int find_pinhole(const char * ifname,
+                 const char * rem_host, unsigned short rem_port,
+                 const char * int_client, unsigned short int_port,
+                 int proto,
+                 char *desc, int desc_len, unsigned int * timestamp);
+
 int add_pinhole(const char * ifname,
                 const char * rem_host, unsigned short rem_port,
                 const char * int_client, unsigned short int_port,
diff --git a/miniupnpd/pf/testpfpinhole.c b/miniupnpd/pf/testpfpinhole.c
index bb0e0e6..8b68553 100644
--- a/miniupnpd/pf/testpfpinhole.c
+++ b/miniupnpd/pf/testpfpinhole.c
@@ -1,7 +1,8 @@
 /* $Id: testpfpinhole.c,v 1.12 2014/05/15 21:23:43 nanard Exp $ */
-/* MiniUPnP project
+/* vim: tabstop=4 shiftwidth=4 noexpandtab
+ * MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2012-2014 Thomas Bernard
+ * (c) 2012-2016 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -61,7 +62,10 @@ int main(int argc, char * *argv)
 	return 1;
 #else
 	int uid;
+	int uid2;
 	int ret;
+	unsigned int timestamp;
+	(void)argc; (void)argv;
 
 	openlog("testpfpinhole", LOG_PERROR, LOG_USER);
 	if(init_redirect() < 0) {
@@ -80,6 +84,13 @@ int main(int argc, char * *argv)
 	}
 	printf("add_pinhole() returned %d\n", uid);
 
+	uid2 = find_pinhole("ep0", NULL, 0, "dead:beef::42:42", 8080, IPPROTO_UDP, NULL, 0, &timestamp);
+	if(uid2 < 0) {
+		fprintf(stderr, "find_pinhole() failed\n");
+	} else {
+		printf("find_pinhole() uid=%d timestamp=%u\n", uid2, timestamp);
+	}
+
 	print_pinhole(1);
 	print_pinhole(2);
 	clean_pinhole_list(NULL);