Page MenuHomeFreeBSD
Differential D29641 Diff 87028 contrib/pf/ftp-proxy/filter.c

Changeset View

Standalone View

View Options

contrib/pf/ftp-proxy/filter.c

Show All 22 Lines
#include <net/if.h> #include <net/if.h>
#include <net/pfvar.h> #include <net/pfvar.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <err.h> #include <err.h>
#include <errno.h> #include <errno.h>
#include <libpfctl.h>
#include <fcntl.h> #include <fcntl.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
#include "filter.h" #include "filter.h"
/* From netinet/in.h, but only _KERNEL_ gets them. */ /* From netinet/in.h, but only _KERNEL_ gets them. */
Show All 24 Lines if (!src || !dst || !d_port) {
errno = EINVAL; errno = EINVAL;
return (-1); return (-1);
} }
if (prepare_rule(id, PF_RULESET_FILTER, src, dst, d_port) == -1) if (prepare_rule(id, PF_RULESET_FILTER, src, dst, d_port) == -1)
return (-1); return (-1);
pfr.rule.direction = dir; pfr.rule.direction = dir;
if (ioctl(dev, DIOCADDRULE, &pfr) == -1) if (libpfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
pfr.ticket, pfr.pool_ticket))
return (-1); return (-1);
return (0); return (0);
} }
int int
add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst, add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
u_int16_t d_port, struct sockaddr *nat, u_int16_t nat_range_low, u_int16_t d_port, struct sockaddr *nat, u_int16_t nat_range_low,
Show All 12 Lines if (nat->sa_family == AF_INET) {
memcpy(&pfp.addr.addr.v.a.addr.v4, memcpy(&pfp.addr.addr.v.a.addr.v4,
&satosin(nat)->sin_addr.s_addr, 4); &satosin(nat)->sin_addr.s_addr, 4);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4); memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4);
} else { } else {
memcpy(&pfp.addr.addr.v.a.addr.v6, memcpy(&pfp.addr.addr.v.a.addr.v6,
&satosin6(nat)->sin6_addr.s6_addr, 16); &satosin6(nat)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16); memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
} }
if (ioctl(dev, DIOCADDADDR, &pfp) == -1) if (libpfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
pfr.ticket, pfr.pool_ticket))
return (-1); return (-1);
pfr.rule.rpool.proxy_port[0] = nat_range_low; pfr.rule.rpool.proxy_port[0] = nat_range_low;
pfr.rule.rpool.proxy_port[1] = nat_range_high; pfr.rule.rpool.proxy_port[1] = nat_range_high;
if (ioctl(dev, DIOCADDRULE, &pfr) == -1) if (libpfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
pfr.ticket, pfr.pool_ticket))
return (-1); return (-1);
return (0); return (0);
} }
int int
add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst, add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port) u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
Show All 11 Lines if (rdr->sa_family == AF_INET) {
memcpy(&pfp.addr.addr.v.a.addr.v4, memcpy(&pfp.addr.addr.v.a.addr.v4,
&satosin(rdr)->sin_addr.s_addr, 4); &satosin(rdr)->sin_addr.s_addr, 4);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4); memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4);
} else { } else {
memcpy(&pfp.addr.addr.v.a.addr.v6, memcpy(&pfp.addr.addr.v.a.addr.v6,
&satosin6(rdr)->sin6_addr.s6_addr, 16); &satosin6(rdr)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16); memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
} }
if (ioctl(dev, DIOCADDADDR, &pfp) == -1) if (libpfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
pfr.ticket, pfr.pool_ticket))
return (-1); return (-1);
pfr.rule.rpool.proxy_port[0] = rdr_port; pfr.rule.rpool.proxy_port[0] = rdr_port;
if (ioctl(dev, DIOCADDRULE, &pfr) == -1) if (libpfctl_add_rule(dev, &pfr.rule, pfr.anchor, pfr.anchor_call,
pfr.ticket, pfr.pool_ticket))
return (-1); return (-1);
return (0); return (0);
} }
int int
do_commit(void) do_commit(void)
{ {
▲ Show 20 LinesShow All 248 LinesShow Last 20 Lines