miniupnpd: attempt to compile for OS X/pf

This commit is contained in:
Thomas BERNARD 2013-12-16 13:03:54 +01:00
parent e2a1c4d4c9
commit fa87b3aff7
5 changed files with 68 additions and 5 deletions

View File

@ -1,5 +1,8 @@
$Id: Changelog.txt,v 1.346 2013/12/13 13:41:52 nanard Exp $
2013/12/16:
Attempt to compile with OS X/pf
2013/12/13:
Make all manufacturer info configurable thanks to Leo Moll
Merge PCP support (see https://github.com/miniupnp/miniupnp)

View File

@ -55,6 +55,16 @@ http://blogs.sun.com/avalon/category/IPFilter
Or edit config.h after it has been generated by genconfig.sh
- use 'bsdmake' or 'make -f Makefile.macosx' to build
============================== Mac OS X/pf ================================
Starting with Mac OS X 10.7 Lion, pf replaced ipfw as the OS X firewall.
also bsdmake is not available anymore.
Make sure you have installed the Xcode commande line tools (from the
Xcode Preferences menu or using 'xcode-select --install' command)
You'll need to download xnu sources : https://github.com/opensource-apple/xnu
> INCLUDES="-I.../xnu/bsd -I.../xnu/libkern" make -f Makefile.macosx
============================ Linux/netfilter ==============================
To Build and install :

View File

@ -3,6 +3,10 @@
# Author: Thomas Bernard
# This Makefile should work for MacOSX
#
# To compile with pf with OS X 10.7+, you need to specify
# path to XNU bsd sources :
# INCLUDES="-I.../xnu/bsd I.../xnu/libkern" make -f Makefile.macosx
#
# To install use :
# $ PREFIX=/dummyinstalldir make -f Makefile.macosx install
# or :
@ -10,16 +14,20 @@
#
CFLAGS = -Wall -O -g3 -DDEBUG
#CFLAGS = -Wall -Os
CC = gcc
#CC = gcc #better use clang !
RM = rm -f
MV = mv
INSTALL = install
STRIP = strip
CFLAGS += -DMACOSX
# OSNAME and FWNAME are used for building OS or FW dependent code.
OSNAME = $(shell uname)
ARCH = $(shell uname -p)
FWNAME = ipfw
# Firewall is ipfw up to OS X 10.6 Snow Leopard
# and pf since OS X 10.7 Lion (Darwin 11.0)
FWNAME = $(shell [ `uname -r | cut -d. -f1` -ge 11 ] && echo "pf" || echo "ipfw" )
STD_OBJS = miniupnpd.o upnphttp.o upnpdescgen.o upnpsoap.o \
upnpredirect.o getifaddr.o daemonize.o upnpglobalvars.o \
@ -27,9 +35,16 @@ STD_OBJS = miniupnpd.o upnphttp.o upnpdescgen.o upnpsoap.o \
upnpevents.o getconnstatus.o upnputils.o
MAC_OBJS = mac/getifstats.o bsd/ifacewatcher.o
IPFW_OBJS = ipfw/ipfwrdr.o ipfw/ipfwaux.o
PF_OBJS = pf/obsdrdr.o pf/pfpinhole.o
MISC_OBJS = upnpreplyparse.o minixml.o
ALL_OBJS = $(STD_OBJS) $(MISC_OBJS) $(MAC_OBJS) $(IPFW_OBJS)
ALL_OBJS = $(STD_OBJS) $(MISC_OBJS) $(MAC_OBJS)
ifeq ($(FWNAME), ipfw)
ALL_OBJS += $(IPFW_OBJS)
else
ALL_OBJS += $(PF_OBJS)
CFLAGS += -DPF
endif
TEST_UPNPDESCGEN_OBJS = testupnpdescgen.o upnpdescgen.o
TEST_GETIFSTATS_OBJS = testgetifstats.o mac/getifstats.o
@ -106,5 +121,5 @@ config.h: genconfig.sh
.SUFFIXES: .o .c
.c.o:
$(CC) $(CFLAGS) -c -o $@ $<
$(CC) $(CFLAGS) $(INCLUDES) -c -o $@ $<
# $(CC) $(CFLAGS) -c -o $(.TARGET) $(.IMPSRC)

View File

@ -273,8 +273,15 @@ case $OS_NAME in
FW=netfilter
;;
Darwin)
MAJORVER=`echo $OS_VERSION | cut -d. -f1`
echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
FW=ipfw
# OS X switched to pf since 10.7 Lion (Darwin 11.0)
if [ $MAJORVER -ge 11 ] ; then
FW=pf
echo "#define PFRULE_INOUT_COUNTS" >> ${CONFIGFILE}
else
FW=ipfw
fi
OS_URL=http://developer.apple.com/macosx
;;
*)

View File

@ -45,6 +45,9 @@
#ifdef __DragonFly__
#include <net/pf/pfvar.h>
#else
#ifdef MACOSX
#define PRIVATE 1
#endif
#include <net/pfvar.h>
#endif
#include <fcntl.h>
@ -219,9 +222,15 @@ add_redirect_rule2(const char * ifname,
pcr.rule.rdr.addr.type = PF_ADDR_ADDRMASK;
#endif
#ifdef MACOSX
pcr.rule.dst.xport.range.op = PF_OP_EQ;
pcr.rule.dst.xport.range.port[0] = htons(eport);
pcr.rule.dst.xport.range.port[1] = htons(eport);
#else
pcr.rule.dst.port_op = PF_OP_EQ;
pcr.rule.dst.port[0] = htons(eport);
pcr.rule.dst.port[1] = htons(eport);
#endif
#ifndef PF_NEWSTYLE
pcr.rule.action = PF_RDR;
#ifndef PF_ENABLE_FILTER_RULES
@ -490,8 +499,13 @@ get_redirect_rule(const char * ifname, unsigned short eport, int proto,
syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
goto error;
}
#ifdef MACOSX
if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))
&& (eport == ntohs(pr.rule.dst.xport.range.port[1]))
#else
if( (eport == ntohs(pr.rule.dst.port[0]))
&& (eport == ntohs(pr.rule.dst.port[1]))
#endif
&& (pr.rule.proto == proto) )
{
#ifndef PF_NEWSTYLE
@ -591,8 +605,13 @@ delete_redirect_rule(const char * ifname, unsigned short eport, int proto)
syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
goto error;
}
#ifdef MACOSX
if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))
&& (eport == ntohs(pr.rule.dst.xport.range.port[1]))
#else
if( (eport == ntohs(pr.rule.dst.port[0]))
&& (eport == ntohs(pr.rule.dst.port[1]))
#endif
&& (pr.rule.proto == proto) )
{
pr.action = PF_CHANGE_GET_TICKET;
@ -710,7 +729,11 @@ get_redirect_rule_by_index(int index,
goto error;
}
*proto = pr.rule.proto;
#ifdef MACOSX
*eport = ntohs(pr.rule.dst.xport.range.port[0]);
#else
*eport = ntohs(pr.rule.dst.port[0]);
#endif
#ifndef PF_NEWSTYLE
*iport = pr.rule.rpool.proxy_port[0];
#else
@ -822,8 +845,13 @@ get_portmappings_in_range(unsigned short startport, unsigned short endport,
syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
continue;
}
#ifdef MACOSX
eport = ntohs(pr.rule.dst.xport.range.port[0]);
if( (eport == ntohs(pr.rule.dst.xport.range.port[1]))
#else
eport = ntohs(pr.rule.dst.port[0]);
if( (eport == ntohs(pr.rule.dst.port[1]))
#endif
&& (pr.rule.proto == proto)
&& (startport <= eport) && (eport <= endport) )
{