Start to code IPv6 "pinhole" for pf
Also update tests in miniupnpd/pf/
This commit is contained in:
parent
e982ebc9f5
commit
f934bf5d17
|
@ -1,7 +1,7 @@
|
||||||
# $Id: Makefile,v 1.2 2010/03/08 17:10:37 nanard Exp $
|
# $Id: Makefile,v 1.4 2012/04/18 20:45:33 nanard Exp $
|
||||||
# made for GNU Make (and BSD make)
|
# made for GNU Make (and BSD make)
|
||||||
CFLAGS = -Wall -g -DTEST
|
CFLAGS = -Wall -g -ansi -DTEST
|
||||||
EXECUTABLES = testobsdrdr
|
EXECUTABLES = testobsdrdr testpfpinhole
|
||||||
|
|
||||||
all: $(EXECUTABLES)
|
all: $(EXECUTABLES)
|
||||||
|
|
||||||
|
@ -11,7 +11,14 @@ clean:
|
||||||
testobsdrdr: testobsdrdr.o obsdrdr.o
|
testobsdrdr: testobsdrdr.o obsdrdr.o
|
||||||
$(CC) $(CFLAGS) -o $@ $>
|
$(CC) $(CFLAGS) -o $@ $>
|
||||||
|
|
||||||
|
testpfpinhole: testpfpinhole.o obsdrdr.o pfpinhole.o
|
||||||
|
$(CC) $(CFLAGS) -o $@ $>
|
||||||
|
|
||||||
obsdrdr.o: obsdrdr.c obsdrdr.h
|
obsdrdr.o: obsdrdr.c obsdrdr.h
|
||||||
|
|
||||||
|
pfpinhole.o: pfpinhole.c pfpinhole.h
|
||||||
|
|
||||||
testobsdrdr.o: testobsdrdr.c obsdrdr.h
|
testobsdrdr.o: testobsdrdr.c obsdrdr.h
|
||||||
|
|
||||||
|
testpfpinhole.o: testpfpinhole.c pfpinhole.h
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/* $Id: obsdrdr.c,v 1.71 2012/03/11 08:46:19 nanard Exp $ */
|
/* $Id: obsdrdr.c,v 1.73 2012/04/18 20:45:12 nanard Exp $ */
|
||||||
/* MiniUPnP project
|
/* MiniUPnP project
|
||||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||||
* (c) 2006-2010 Thomas Bernard
|
* (c) 2006-2012 Thomas Bernard
|
||||||
* This software is subject to the conditions detailed
|
* This software is subject to the conditions detailed
|
||||||
* in the LICENCE file provided within the distribution */
|
* in the LICENCE file provided within the distribution */
|
||||||
|
|
||||||
|
@ -102,7 +102,7 @@ remove_timestamp_entry(unsigned short eport, int proto)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* /dev/pf when opened */
|
/* /dev/pf when opened */
|
||||||
static int dev = -1;
|
int dev = -1;
|
||||||
|
|
||||||
/* shutdown_redirect() :
|
/* shutdown_redirect() :
|
||||||
* close the /dev/pf device */
|
* close the /dev/pf device */
|
||||||
|
@ -868,7 +868,7 @@ list_rules(void)
|
||||||
perror("DIOCGETRULE");
|
perror("DIOCGETRULE");
|
||||||
printf(" %s %s %d:%d -> %d:%d proto %d keep_state=%d action=%d\n",
|
printf(" %s %s %d:%d -> %d:%d proto %d keep_state=%d action=%d\n",
|
||||||
pr.rule.ifname,
|
pr.rule.ifname,
|
||||||
inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr, buf, 32);
|
inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr, buf, 32),
|
||||||
(int)ntohs(pr.rule.dst.port[0]),
|
(int)ntohs(pr.rule.dst.port[0]),
|
||||||
(int)ntohs(pr.rule.dst.port[1]),
|
(int)ntohs(pr.rule.dst.port[1]),
|
||||||
#ifndef PF_NEWSTYLE
|
#ifndef PF_NEWSTYLE
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: obsdrdr.h,v 1.19 2011/06/04 15:47:18 nanard Exp $ */
|
/* $Id: obsdrdr.h,v 1.20 2012/03/05 20:36:20 nanard Exp $ */
|
||||||
/* MiniUPnP project
|
/* MiniUPnP project
|
||||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||||
* (c) 2006 Thomas Bernard
|
* (c) 2006 Thomas Bernard
|
||||||
|
|
|
@ -0,0 +1,110 @@
|
||||||
|
/* $Id: pfpinhole.c,v 1.2 2012/04/18 20:45:33 nanard Exp $ */
|
||||||
|
/* MiniUPnP project
|
||||||
|
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||||
|
* (c) 2006-2012 Thomas Bernard
|
||||||
|
* This software is subject to the conditions detailed
|
||||||
|
* in the LICENCE file provided within the distribution */
|
||||||
|
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <sys/param.h>
|
||||||
|
#include <net/if.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <netinet/tcp.h>
|
||||||
|
#include <arpa/inet.h>
|
||||||
|
#ifdef __DragonFly__
|
||||||
|
#include <net/pf/pfvar.h>
|
||||||
|
#else
|
||||||
|
#include <net/pfvar.h>
|
||||||
|
#endif
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <sys/ioctl.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
#include "../config.h"
|
||||||
|
#include "../upnpglobalvars.h"
|
||||||
|
|
||||||
|
/* /dev/pf when opened */
|
||||||
|
extern int dev;
|
||||||
|
|
||||||
|
int add_pinhole (const char * ifname,
|
||||||
|
const char * rem_host, unsigned short rem_port,
|
||||||
|
const char * int_client, unsigned short int_port,
|
||||||
|
int proto)
|
||||||
|
{
|
||||||
|
int r;
|
||||||
|
struct pfioc_rule pcr;
|
||||||
|
|
||||||
|
if(dev<0) {
|
||||||
|
syslog(LOG_ERR, "pf device is not open");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
r = 0;
|
||||||
|
memset(&pcr, 0, sizeof(pcr));
|
||||||
|
{
|
||||||
|
pcr.rule.direction = PF_IN;
|
||||||
|
pcr.rule.action = PF_PASS;
|
||||||
|
pcr.rule.af = AF_INET6;
|
||||||
|
#ifdef USE_IFNAME_IN_RULES
|
||||||
|
if(ifname)
|
||||||
|
strlcpy(pcr.rule.ifname, ifname, IFNAMSIZ);
|
||||||
|
#endif
|
||||||
|
pcr.rule.proto = proto;
|
||||||
|
|
||||||
|
pcr.rule.quick = 1;/*(GETFLAG(PFNOQUICKRULESMASK))?0:1;*/
|
||||||
|
pcr.rule.log = (GETFLAG(LOGPACKETSMASK))?1:0; /*logpackets;*/
|
||||||
|
/* see the discussion on the forum :
|
||||||
|
* http://miniupnp.tuxfamily.org/forum/viewtopic.php?p=638 */
|
||||||
|
pcr.rule.flags = TH_SYN;
|
||||||
|
pcr.rule.flagset = (TH_SYN|TH_ACK);
|
||||||
|
#ifdef PFRULE_HAS_RTABLEID
|
||||||
|
pcr.rule.rtableid = -1; /* first appeared in OpenBSD 4.0 */
|
||||||
|
#endif
|
||||||
|
#ifdef PFRULE_HAS_ONRDOMAIN
|
||||||
|
pcr.rule.onrdomain = -1; /* first appeared in OpenBSD 5.0 */
|
||||||
|
#endif
|
||||||
|
pcr.rule.keep_state = 1;
|
||||||
|
/*strlcpy(pcr.rule.label, desc, PF_RULE_LABEL_SIZE);*/
|
||||||
|
if(queue)
|
||||||
|
strlcpy(pcr.rule.qname, queue, PF_QNAME_SIZE);
|
||||||
|
if(tag)
|
||||||
|
strlcpy(pcr.rule.tagname, tag, PF_TAG_NAME_SIZE);
|
||||||
|
|
||||||
|
pcr.rule.src.port_op = PF_OP_EQ;
|
||||||
|
pcr.rule.src.port[0] = htons(rem_port);
|
||||||
|
if(rem_host && rem_host[0] != '\0' && rem_host[0] != '*')
|
||||||
|
{
|
||||||
|
inet_pton(AF_INET6, rem_host, &pcr.rule.src.addr.v.a.addr.v6);
|
||||||
|
memset(&pcr.rule.src.addr.v.a.mask.addr8, 255, 16);
|
||||||
|
}
|
||||||
|
|
||||||
|
pcr.rule.dst.port_op = PF_OP_EQ;
|
||||||
|
pcr.rule.dst.port[0] = htons(int_port);
|
||||||
|
if(inet_pton(AF_INET6, int_client, &pcr.rule.dst.addr.v.a.addr.v6) != 1) {
|
||||||
|
syslog(LOG_ERR, "inet_pton(%s) failed", int_client);
|
||||||
|
}
|
||||||
|
memset(&pcr.rule.dst.addr.v.a.mask.addr8, 255, 16);
|
||||||
|
|
||||||
|
if(ifname)
|
||||||
|
strlcpy(pcr.rule.ifname, ifname, IFNAMSIZ);
|
||||||
|
|
||||||
|
pcr.action = PF_CHANGE_GET_TICKET;
|
||||||
|
if(ioctl(dev, DIOCCHANGERULE, &pcr) < 0) {
|
||||||
|
syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
|
||||||
|
return -1;
|
||||||
|
} else {
|
||||||
|
pcr.action = PF_CHANGE_ADD_TAIL;
|
||||||
|
if(ioctl(dev, DIOCCHANGERULE, &pcr) < 0) {
|
||||||
|
syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_ADD_TAIL: %m");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
/* $Id: pfpinhole.h,v 1.1 2012/04/18 20:45:33 nanard Exp $ */
|
||||||
|
/* MiniUPnP project
|
||||||
|
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||||
|
* (c) 2012 Thomas Bernard
|
||||||
|
* This software is subject to the conditions detailed
|
||||||
|
* in the LICENCE file provided within the distribution */
|
||||||
|
|
||||||
|
#ifndef __PFPINHOLE_H__
|
||||||
|
#define __PFPINHOLE_H__
|
||||||
|
|
||||||
|
int add_pinhole (const char * ifname,
|
||||||
|
const char * rem_host, unsigned short rem_port,
|
||||||
|
const char * int_client, unsigned short int_port,
|
||||||
|
int proto);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/* $Id: testobsdrdr.c,v 1.22 2011/06/04 16:45:22 nanard Exp $ */
|
/* $Id: testobsdrdr.c,v 1.24 2012/04/18 19:42:03 nanard Exp $ */
|
||||||
/* MiniUPnP project
|
/* MiniUPnP project
|
||||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||||
* (c) 2006-2011 Thomas Bernard
|
* (c) 2006-2012 Thomas Bernard
|
||||||
* This software is subject to the conditions detailed
|
* This software is subject to the conditions detailed
|
||||||
* in the LICENCE file provided within the distribution */
|
* in the LICENCE file provided within the distribution */
|
||||||
|
|
||||||
|
@ -16,6 +16,7 @@
|
||||||
/*int logpackets = 1;*/
|
/*int logpackets = 1;*/
|
||||||
int runtime_flags = 0;
|
int runtime_flags = 0;
|
||||||
const char * tag = 0;
|
const char * tag = 0;
|
||||||
|
const char * anchor_name = "miniupnpd";
|
||||||
|
|
||||||
void
|
void
|
||||||
list_rules(void);
|
list_rules(void);
|
||||||
|
@ -70,6 +71,7 @@ main(int arc, char * * argv)
|
||||||
{
|
{
|
||||||
char buf[32];
|
char buf[32];
|
||||||
char desc[64];
|
char desc[64];
|
||||||
|
char rhost[64];
|
||||||
/*char rhost[32];*/
|
/*char rhost[32];*/
|
||||||
unsigned short iport;
|
unsigned short iport;
|
||||||
unsigned int timestamp;
|
unsigned int timestamp;
|
||||||
|
@ -82,12 +84,16 @@ main(int arc, char * * argv)
|
||||||
fprintf(stderr, "init_redirect() failed\n");
|
fprintf(stderr, "init_redirect() failed\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
//add_redirect_rule("ep0", 12123, "192.168.1.23", 1234);
|
#if 0
|
||||||
//add_redirect_rule2("ep0", 12155, "192.168.1.155", 1255, IPPROTO_TCP);
|
add_redirect_rule("ep0", 12123, "192.168.1.23", 1234);
|
||||||
|
add_redirect_rule2("ep0", 12155, "192.168.1.155", 1255, IPPROTO_TCP);
|
||||||
|
#endif
|
||||||
add_redirect_rule2("ep0", "8.8.8.8", 12123, "192.168.1.125", 1234,
|
add_redirect_rule2("ep0", "8.8.8.8", 12123, "192.168.1.125", 1234,
|
||||||
IPPROTO_UDP, "test description", 0);
|
IPPROTO_UDP, "test description", 0);
|
||||||
//add_redirect_rule2("em0", 12123, "127.1.2.3", 1234,
|
#if 0
|
||||||
// IPPROTO_TCP, "test description tcp");
|
add_redirect_rule2("em0", 12123, "127.1.2.3", 1234,
|
||||||
|
IPPROTO_TCP, "test description tcp");
|
||||||
|
#endif
|
||||||
|
|
||||||
list_rules();
|
list_rules();
|
||||||
list_eports_tcp();
|
list_eports_tcp();
|
||||||
|
@ -95,6 +101,7 @@ main(int arc, char * * argv)
|
||||||
|
|
||||||
if(get_redirect_rule("xl1", 4662, IPPROTO_TCP,
|
if(get_redirect_rule("xl1", 4662, IPPROTO_TCP,
|
||||||
buf, sizeof(buf), &iport, desc, sizeof(desc),
|
buf, sizeof(buf), &iport, desc, sizeof(desc),
|
||||||
|
rhost, sizeof(rhost),
|
||||||
×tamp,
|
×tamp,
|
||||||
&packets, &bytes) < 0)
|
&packets, &bytes) < 0)
|
||||||
printf("get_redirect_rule() failed\n");
|
printf("get_redirect_rule() failed\n");
|
||||||
|
@ -103,21 +110,23 @@ main(int arc, char * * argv)
|
||||||
printf("\n%s:%d '%s' packets=%llu bytes=%llu\n", buf, (int)iport, desc,
|
printf("\n%s:%d '%s' packets=%llu bytes=%llu\n", buf, (int)iport, desc,
|
||||||
packets, bytes);
|
packets, bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
|
||||||
|
printf("delete_redirect_rule() failed\n");
|
||||||
|
else
|
||||||
|
printf("delete_redirect_rule() succeded\n");
|
||||||
|
|
||||||
|
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
|
||||||
|
printf("delete_redirect_rule() failed\n");
|
||||||
|
else
|
||||||
|
printf("delete_redirect_rule() succeded\n");
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
|
test_index();
|
||||||
printf("delete_redirect_rule() failed\n");
|
|
||||||
else
|
|
||||||
printf("delete_redirect_rule() succeded\n");
|
|
||||||
|
|
||||||
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
|
clear_redirect_rules();
|
||||||
printf("delete_redirect_rule() failed\n");
|
list_rules();
|
||||||
else
|
|
||||||
printf("delete_redirect_rule() succeded\n");
|
|
||||||
#endif
|
#endif
|
||||||
//test_index();
|
|
||||||
|
|
||||||
//clear_redirect_rules();
|
|
||||||
//list_rules();
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
/* $Id: testpfpinhole.c,v 1.1 2012/04/18 20:45:33 nanard Exp $ */
|
||||||
|
/* MiniUPnP project
|
||||||
|
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||||
|
* (c) 2006-2012 Thomas Bernard
|
||||||
|
* This software is subject to the conditions detailed
|
||||||
|
* in the LICENCE file provided within the distribution */
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
|
||||||
|
#include "obsdrdr.h"
|
||||||
|
#include "pfpinhole.h"
|
||||||
|
|
||||||
|
int runtime_flags = 0;
|
||||||
|
const char * tag = NULL;
|
||||||
|
|
||||||
|
const char * anchor_name = "miniupnpd";
|
||||||
|
const char * queue = NULL;
|
||||||
|
|
||||||
|
int main(int argc, char * *argv)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
openlog("testpfpinhole", LOG_PERROR, LOG_USER);
|
||||||
|
if(init_redirect() < 0) {
|
||||||
|
fprintf(stderr, "init_redirect() failed\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = add_pinhole("ep0", "2001::1:2:3", 12345, "123::ff", 54321, IPPROTO_UDP);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue