parent
e3395f12fc
commit
f97367c87d
|
@ -1,4 +1,4 @@
|
|||
/* $Id: obsdrdr.c,v 1.96 2020/05/21 00:18:04 nanard Exp $ */
|
||||
/* $Id: obsdrdr.c,v 1.98 2020/05/29 22:29:11 nanard Exp $ */
|
||||
/* vim: tabstop=4 shiftwidth=4 noexpandtab
|
||||
* MiniUPnP project
|
||||
* http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
|
||||
|
@ -245,6 +245,41 @@ error:
|
|||
return -1;
|
||||
#endif
|
||||
}
|
||||
|
||||
int
|
||||
clear_nat_rules(void)
|
||||
{
|
||||
struct pfioc_trans io;
|
||||
struct pfioc_trans_e ioe;
|
||||
if(dev<0) {
|
||||
syslog(LOG_ERR, "pf device is not open");
|
||||
return -1;
|
||||
}
|
||||
memset(&ioe, 0, sizeof(ioe));
|
||||
io.size = 1;
|
||||
io.esize = sizeof(ioe);
|
||||
io.array = &ioe;
|
||||
#ifndef PF_NEWSTYLE
|
||||
ioe.rs_num = PF_RULESET_NAT;
|
||||
#else
|
||||
/* ? */
|
||||
ioe.type = PF_TRANS_RULESET;
|
||||
#endif
|
||||
strlcpy(ioe.anchor, anchor_name, MAXPATHLEN);
|
||||
if(ioctl(dev, DIOCXBEGIN, &io) < 0)
|
||||
{
|
||||
syslog(LOG_ERR, "ioctl(dev, DIOCXBEGIN, ...): %m");
|
||||
goto error;
|
||||
}
|
||||
if(ioctl(dev, DIOCXCOMMIT, &io) < 0)
|
||||
{
|
||||
syslog(LOG_ERR, "ioctl(dev, DIOCXCOMMIT, ...): %m");
|
||||
goto error;
|
||||
}
|
||||
return 0;
|
||||
error:
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef ENABLE_PORT_TRIGGERING
|
||||
|
@ -407,6 +442,63 @@ int add_nat_rule(const char * ifname,
|
|||
}
|
||||
return r;
|
||||
}
|
||||
|
||||
static int
|
||||
delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t iaddr)
|
||||
{
|
||||
int i, n;
|
||||
struct pfioc_rule pr;
|
||||
UNUSED(ifname);
|
||||
if(dev<0) {
|
||||
syslog(LOG_ERR, "pf device is not open");
|
||||
return -1;
|
||||
}
|
||||
memset(&pr, 0, sizeof(pr));
|
||||
strlcpy(pr.anchor, anchor_name, MAXPATHLEN);
|
||||
pr.rule.action = PF_NAT;
|
||||
if(ioctl(dev, DIOCGETRULES, &pr) < 0)
|
||||
{
|
||||
syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
|
||||
goto error;
|
||||
}
|
||||
n = pr.nr;
|
||||
for(i=0; i<n; i++)
|
||||
{
|
||||
pr.nr = i;
|
||||
if(ioctl(dev, DIOCGETRULE, &pr) < 0)
|
||||
{
|
||||
syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
|
||||
goto error;
|
||||
}
|
||||
#ifdef TEST
|
||||
syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x %8x",
|
||||
i, ntohs(pr.rule.src.port[0]), pr.rule.proto,
|
||||
pr.rule.src.addr.v.a.addr.v4.s_addr, iaddr);
|
||||
#endif /* TEST */
|
||||
if(iport == ntohs(pr.rule.src.port[0])
|
||||
&& pr.rule.proto == proto
|
||||
&& iaddr == pr.rule.src.addr.v.a.addr.v4.s_addr)
|
||||
{
|
||||
pr.action = PF_CHANGE_GET_TICKET;
|
||||
if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
|
||||
{
|
||||
syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
|
||||
goto error;
|
||||
}
|
||||
pr.action = PF_CHANGE_REMOVE;
|
||||
pr.nr = i;
|
||||
if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
|
||||
{
|
||||
syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
|
||||
goto error;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
syslog(LOG_NOTICE, "could not find nat rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
|
||||
error:
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* add_redirect_rule2() :
|
||||
|
@ -956,6 +1048,7 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
syslog(LOG_NOTICE, "could not find redirect rule to delete eport=%hu", eport);
|
||||
error:
|
||||
return -1;
|
||||
}
|
||||
|
@ -1026,6 +1119,7 @@ syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x",
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
syslog(LOG_NOTICE, "could not find filter rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
|
||||
error:
|
||||
return -1;
|
||||
#endif
|
||||
|
@ -1047,6 +1141,11 @@ delete_redirect_and_filter_rules(const char * ifname, unsigned short eport,
|
|||
r = priv_delete_redirect_rule(ifname, eport, proto, &iport, &iaddr, NULL, 0);
|
||||
if(r == 0)
|
||||
{
|
||||
#ifdef ENABLE_PORT_TRIGGERING
|
||||
if (proto == IPPROTO_UDP) {
|
||||
delete_nat_rule(ifname, iport, proto, iaddr);
|
||||
}
|
||||
#endif
|
||||
r = priv_delete_filter_rule(ifname, iport, proto, iaddr);
|
||||
}
|
||||
return r;
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/* $Id: obsdrdr.h,v 1.24 2018/07/06 12:00:10 nanard Exp $ */
|
||||
/* $Id: obsdrdr.h,v 1.25 2020/05/29 21:48:57 nanard Exp $ */
|
||||
/* vim: tabstop=4 shiftwidth=4 noexpandtab
|
||||
* MiniUPnP project
|
||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||
* (c) 2006-2018 Thomas Bernard
|
||||
* http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
|
||||
* (c) 2006-2020 Thomas Bernard
|
||||
* This software is subject to the conditions detailed
|
||||
* in the LICENCE file provided within the distribution */
|
||||
|
||||
|
@ -67,6 +67,8 @@ int
|
|||
clear_redirect_rules(void);
|
||||
int
|
||||
clear_filter_rules(void);
|
||||
int
|
||||
clear_nat_rules(void);
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* $Id: testobsdrdr.c,v 1.30 2018/04/12 09:27:54 nanard Exp $ */
|
||||
/* $Id: testobsdrdr.c,v 1.31 2020/05/29 22:29:13 nanard Exp $ */
|
||||
/* MiniUPnP project
|
||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||
* (c) 2006-2018 Thomas Bernard
|
||||
* http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
|
||||
* (c) 2006-2020 Thomas Bernard
|
||||
* This software is subject to the conditions detailed
|
||||
* in the LICENCE file provided within the distribution */
|
||||
|
||||
|
@ -97,7 +97,7 @@ main(int argc, char * * argv)
|
|||
add_redirect_rule("ep0", 12123, "192.168.1.23", 1234);
|
||||
add_redirect_rule2("ep0", 12155, "192.168.1.155", 1255, IPPROTO_TCP);
|
||||
#endif
|
||||
if(add_redirect_rule2("ep0", "8.8.8.8", 12123, "192.168.1.125", 1234,
|
||||
if(add_redirect_rule2("ep0", NULL/*"8.8.8.8"*/, 12123, "192.168.1.125", 1234,
|
||||
IPPROTO_UDP, "test description", 0) < 0)
|
||||
printf("add_redirect_rule2() #3 failed\n");
|
||||
use_ext_ip_addr = NULL;
|
||||
|
@ -124,8 +124,12 @@ main(int argc, char * * argv)
|
|||
packets, bytes);
|
||||
}
|
||||
|
||||
/*
|
||||
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
|
||||
printf("delete_redirect_rule() failed\n");
|
||||
*/
|
||||
if(delete_redirect_and_filter_rules("ep0", 12123, IPPROTO_UDP) < 0)
|
||||
printf("delete_redirect_rule() failed\n");
|
||||
|
||||
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
|
||||
printf("delete_redirect_rule() failed\n");
|
||||
|
@ -138,6 +142,7 @@ main(int argc, char * * argv)
|
|||
if(clear) {
|
||||
clear_redirect_rules();
|
||||
clear_filter_rules();
|
||||
clear_nat_rules();
|
||||
}
|
||||
/*list_rules();*/
|
||||
|
||||
|
|
Loading…
Reference in New Issue