miniupnpd/p: delete_nat_rule()

also clear_nat_rules()
This commit is contained in:
Thomas Bernard 2020-05-30 00:32:29 +02:00
parent e3395f12fc
commit f97367c87d
No known key found for this signature in database
GPG Key ID: 0FF11B67A5C0863C
3 changed files with 114 additions and 8 deletions

View File

@ -1,4 +1,4 @@
/* $Id: obsdrdr.c,v 1.96 2020/05/21 00:18:04 nanard Exp $ */
/* $Id: obsdrdr.c,v 1.98 2020/05/29 22:29:11 nanard Exp $ */
/* vim: tabstop=4 shiftwidth=4 noexpandtab
* MiniUPnP project
* http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
@ -245,6 +245,41 @@ error:
return -1;
#endif
}
int
clear_nat_rules(void)
{
struct pfioc_trans io;
struct pfioc_trans_e ioe;
if(dev<0) {
syslog(LOG_ERR, "pf device is not open");
return -1;
}
memset(&ioe, 0, sizeof(ioe));
io.size = 1;
io.esize = sizeof(ioe);
io.array = &ioe;
#ifndef PF_NEWSTYLE
ioe.rs_num = PF_RULESET_NAT;
#else
/* ? */
ioe.type = PF_TRANS_RULESET;
#endif
strlcpy(ioe.anchor, anchor_name, MAXPATHLEN);
if(ioctl(dev, DIOCXBEGIN, &io) < 0)
{
syslog(LOG_ERR, "ioctl(dev, DIOCXBEGIN, ...): %m");
goto error;
}
if(ioctl(dev, DIOCXCOMMIT, &io) < 0)
{
syslog(LOG_ERR, "ioctl(dev, DIOCXCOMMIT, ...): %m");
goto error;
}
return 0;
error:
return -1;
}
#endif
#ifdef ENABLE_PORT_TRIGGERING
@ -407,6 +442,63 @@ int add_nat_rule(const char * ifname,
}
return r;
}
static int
delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t iaddr)
{
int i, n;
struct pfioc_rule pr;
UNUSED(ifname);
if(dev<0) {
syslog(LOG_ERR, "pf device is not open");
return -1;
}
memset(&pr, 0, sizeof(pr));
strlcpy(pr.anchor, anchor_name, MAXPATHLEN);
pr.rule.action = PF_NAT;
if(ioctl(dev, DIOCGETRULES, &pr) < 0)
{
syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
goto error;
}
n = pr.nr;
for(i=0; i<n; i++)
{
pr.nr = i;
if(ioctl(dev, DIOCGETRULE, &pr) < 0)
{
syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
goto error;
}
#ifdef TEST
syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x %8x",
i, ntohs(pr.rule.src.port[0]), pr.rule.proto,
pr.rule.src.addr.v.a.addr.v4.s_addr, iaddr);
#endif /* TEST */
if(iport == ntohs(pr.rule.src.port[0])
&& pr.rule.proto == proto
&& iaddr == pr.rule.src.addr.v.a.addr.v4.s_addr)
{
pr.action = PF_CHANGE_GET_TICKET;
if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
{
syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
goto error;
}
pr.action = PF_CHANGE_REMOVE;
pr.nr = i;
if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
{
syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
goto error;
}
return 0;
}
}
syslog(LOG_NOTICE, "could not find nat rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
error:
return -1;
}
#endif
/* add_redirect_rule2() :
@ -956,6 +1048,7 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
return 0;
}
}
syslog(LOG_NOTICE, "could not find redirect rule to delete eport=%hu", eport);
error:
return -1;
}
@ -1026,6 +1119,7 @@ syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x",
return 0;
}
}
syslog(LOG_NOTICE, "could not find filter rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
error:
return -1;
#endif
@ -1047,6 +1141,11 @@ delete_redirect_and_filter_rules(const char * ifname, unsigned short eport,
r = priv_delete_redirect_rule(ifname, eport, proto, &iport, &iaddr, NULL, 0);
if(r == 0)
{
#ifdef ENABLE_PORT_TRIGGERING
if (proto == IPPROTO_UDP) {
delete_nat_rule(ifname, iport, proto, iaddr);
}
#endif
r = priv_delete_filter_rule(ifname, iport, proto, iaddr);
}
return r;

View File

@ -1,8 +1,8 @@
/* $Id: obsdrdr.h,v 1.24 2018/07/06 12:00:10 nanard Exp $ */
/* $Id: obsdrdr.h,v 1.25 2020/05/29 21:48:57 nanard Exp $ */
/* vim: tabstop=4 shiftwidth=4 noexpandtab
* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2018 Thomas Bernard
* http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
* (c) 2006-2020 Thomas Bernard
* This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */
@ -67,6 +67,8 @@ int
clear_redirect_rules(void);
int
clear_filter_rules(void);
int
clear_nat_rules(void);
#endif
#endif

View File

@ -1,7 +1,7 @@
/* $Id: testobsdrdr.c,v 1.30 2018/04/12 09:27:54 nanard Exp $ */
/* $Id: testobsdrdr.c,v 1.31 2020/05/29 22:29:13 nanard Exp $ */
/* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2018 Thomas Bernard
* http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
* (c) 2006-2020 Thomas Bernard
* This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */
@ -97,7 +97,7 @@ main(int argc, char * * argv)
add_redirect_rule("ep0", 12123, "192.168.1.23", 1234);
add_redirect_rule2("ep0", 12155, "192.168.1.155", 1255, IPPROTO_TCP);
#endif
if(add_redirect_rule2("ep0", "8.8.8.8", 12123, "192.168.1.125", 1234,
if(add_redirect_rule2("ep0", NULL/*"8.8.8.8"*/, 12123, "192.168.1.125", 1234,
IPPROTO_UDP, "test description", 0) < 0)
printf("add_redirect_rule2() #3 failed\n");
use_ext_ip_addr = NULL;
@ -124,8 +124,12 @@ main(int argc, char * * argv)
packets, bytes);
}
/*
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
printf("delete_redirect_rule() failed\n");
*/
if(delete_redirect_and_filter_rules("ep0", 12123, IPPROTO_UDP) < 0)
printf("delete_redirect_rule() failed\n");
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
printf("delete_redirect_rule() failed\n");
@ -138,6 +142,7 @@ main(int argc, char * * argv)
if(clear) {
clear_redirect_rules();
clear_filter_rules();
clear_nat_rules();
}
/*list_rules();*/