| ipnat_y.y (87c3980e) | ipnat_y.y (ab25eeb5) |
|---|---|
| 1%{ 2/* 3 * Copyright (C) 2003 by Darren Reed. 4 * 5 * See the IPFILTER.LICENCE file for details on licencing. 6 * | 1%{ 2/* 3 * Copyright (C) 2003 by Darren Reed. 4 * 5 * See the IPFILTER.LICENCE file for details on licencing. 6 * |
| 7 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. | 7 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. |
| 8 * Use is subject to license terms. 9 */ 10#pragma ident "%Z%%M% %I% %E% SMI" 11 12#ifdef __FreeBSD__ 13# ifndef __FreeBSD_cc_version 14# include <osreldate.h> 15# else --- 12 unchanged lines hidden (view full) --- 28#endif 29#include <sys/types.h> 30#include <sys/param.h> 31#include <sys/file.h> 32#include <stdlib.h> 33#include <stddef.h> 34#include <sys/socket.h> 35#include <sys/ioctl.h> | 8 * Use is subject to license terms. 9 */ 10#pragma ident "%Z%%M% %I% %E% SMI" 11 12#ifdef __FreeBSD__ 13# ifndef __FreeBSD_cc_version 14# include <osreldate.h> 15# else --- 12 unchanged lines hidden (view full) --- 28#endif 29#include <sys/types.h> 30#include <sys/param.h> 31#include <sys/file.h> 32#include <stdlib.h> 33#include <stddef.h> 34#include <sys/socket.h> 35#include <sys/ioctl.h> |
| 36#ifdef IPFILTER_BPF 37# include <net/bpf.h> 38# include <pcap-int.h> 39# include <pcap.h> 40#endif | |
| 41#include <netinet/in.h> 42#include <netinet/in_systm.h> 43#include <sys/time.h> 44#include <syslog.h> 45#include <net/if.h> 46#if __FreeBSD_version >= 300000 47# include <net/if_var.h> 48#endif | 36#include <netinet/in.h> 37#include <netinet/in_systm.h> 38#include <sys/time.h> 39#include <syslog.h> 40#include <net/if.h> 41#if __FreeBSD_version >= 300000 42# include <net/if_var.h> 43#endif |
| 49#include <netinet/ip.h> 50#include <netinet/ip_icmp.h> | |
| 51#include <netdb.h> 52#include <arpa/nameser.h> 53#include <resolv.h> 54#include "ipf.h" | 44#include <netdb.h> 45#include <arpa/nameser.h> 46#include <resolv.h> 47#include "ipf.h" |
| 55#if SOLARIS2 >= 10 56#include "ipl.h" 57#else | |
| 58#include "netinet/ipl.h" | 48#include "netinet/ipl.h" |
| 59#endif | |
| 60#include "ipnat_l.h" 61 62#define YYDEBUG 1 63 64extern void yyerror __P((char *)); 65extern int yyparse __P((void)); 66extern int yylex __P((void)); 67extern int yydebug; --- 11 unchanged lines hidden (view full) --- 79 80%} 81%union { 82 char *str; 83 u_32_t num; 84 struct in_addr ipa; 85 frentry_t fr; 86 frtuc_t *frt; | 49#include "ipnat_l.h" 50 51#define YYDEBUG 1 52 53extern void yyerror __P((char *)); 54extern int yyparse __P((void)); 55extern int yylex __P((void)); 56extern int yydebug; --- 11 unchanged lines hidden (view full) --- 68 69%} 70%union { 71 char *str; 72 u_32_t num; 73 struct in_addr ipa; 74 frentry_t fr; 75 frtuc_t *frt; |
| 76 u_short port; |
|
| 87 struct { 88 u_short p1; 89 u_short p2; 90 int pc; 91 } pc; 92 struct { 93 struct in_addr a; 94 struct in_addr m; --- 8 unchanged lines hidden (view full) --- 103%token YY_RANGE_OUT YY_RANGE_IN 104%token <ip6> YY_IPV6 105 106%token IPNY_MAPBLOCK IPNY_RDR IPNY_PORT IPNY_PORTS IPNY_AUTO IPNY_RANGE 107%token IPNY_MAP IPNY_BIMAP IPNY_FROM IPNY_TO IPNY_MASK IPNY_PORTMAP IPNY_ANY 108%token IPNY_ROUNDROBIN IPNY_FRAG IPNY_AGE IPNY_ICMPIDMAP IPNY_PROXY 109%token IPNY_TCP IPNY_UDP IPNY_TCPUDP IPNY_STICKY IPNY_MSSCLAMP IPNY_TAG 110%token IPNY_TLATE | 77 struct { 78 u_short p1; 79 u_short p2; 80 int pc; 81 } pc; 82 struct { 83 struct in_addr a; 84 struct in_addr m; --- 8 unchanged lines hidden (view full) --- 93%token YY_RANGE_OUT YY_RANGE_IN 94%token <ip6> YY_IPV6 95 96%token IPNY_MAPBLOCK IPNY_RDR IPNY_PORT IPNY_PORTS IPNY_AUTO IPNY_RANGE 97%token IPNY_MAP IPNY_BIMAP IPNY_FROM IPNY_TO IPNY_MASK IPNY_PORTMAP IPNY_ANY 98%token IPNY_ROUNDROBIN IPNY_FRAG IPNY_AGE IPNY_ICMPIDMAP IPNY_PROXY 99%token IPNY_TCP IPNY_UDP IPNY_TCPUDP IPNY_STICKY IPNY_MSSCLAMP IPNY_TAG 100%token IPNY_TLATE |
| 111%type <num> hexnumber numports compare range proto | 101%type <port> portspec 102%type <num> hexnumber compare range proto |
| 112%type <ipa> hostname ipv4 113%type <ipp> addr nummask rhaddr 114%type <pc> portstuff 115%% 116file: line 117 | assign 118 | file line 119 | file assign --- 18 unchanged lines hidden (view full) --- 138 139assigning: 140 '=' { yyvarnext = 1; } 141 ; 142 143xx: { newnatrule(); } 144 ; 145 | 103%type <ipa> hostname ipv4 104%type <ipp> addr nummask rhaddr 105%type <pc> portstuff 106%% 107file: line 108 | assign 109 | file line 110 | file assign --- 18 unchanged lines hidden (view full) --- 129 130assigning: 131 '=' { yyvarnext = 1; } 132 ; 133 134xx: { newnatrule(); } 135 ; 136 |
| 146rule: map 147 | mapblock 148 | redir | 137rule: map eol 138 | mapblock eol 139 | redir eol |
| 149 ; 150 | 140 ; 141 |
| 142eol: | ';' 143 ; 144 |
|
| 151map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions | 145map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions |
| 152 { nat->in_inip = $3.a.s_addr; | 146 { nat->in_v = 4; 147 nat->in_inip = $3.a.s_addr; |
| 153 nat->in_inmsk = $3.m.s_addr; 154 nat->in_outip = $5.a.s_addr; 155 nat->in_outmsk = $5.m.s_addr; 156 if (nat->in_ifnames[1][0] == '\0') 157 strncpy(nat->in_ifnames[1], 158 nat->in_ifnames[0], 159 sizeof(nat->in_ifnames[0])); 160 if ((nat->in_flags & IPN_TCPUDP) == 0) 161 setnatproto(nat->in_p); 162 if (((nat->in_redir & NAT_MAPBLK) != 0) || 163 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 164 nat_setgroupmap(nat); 165 } 166 | mapit ifnames addr IPNY_TLATE rhaddr mapport mapoptions | 148 nat->in_inmsk = $3.m.s_addr; 149 nat->in_outip = $5.a.s_addr; 150 nat->in_outmsk = $5.m.s_addr; 151 if (nat->in_ifnames[1][0] == '\0') 152 strncpy(nat->in_ifnames[1], 153 nat->in_ifnames[0], 154 sizeof(nat->in_ifnames[0])); 155 if ((nat->in_flags & IPN_TCPUDP) == 0) 156 setnatproto(nat->in_p); 157 if (((nat->in_redir & NAT_MAPBLK) != 0) || 158 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 159 nat_setgroupmap(nat); 160 } 161 | mapit ifnames addr IPNY_TLATE rhaddr mapport mapoptions |
| 167 { nat->in_inip = $3.a.s_addr; | 162 { nat->in_v = 4; 163 nat->in_inip = $3.a.s_addr; |
| 168 nat->in_inmsk = $3.m.s_addr; 169 nat->in_outip = $5.a.s_addr; 170 nat->in_outmsk = $5.m.s_addr; 171 if (nat->in_ifnames[1][0] == '\0') 172 strncpy(nat->in_ifnames[1], 173 nat->in_ifnames[0], 174 sizeof(nat->in_ifnames[0])); | 164 nat->in_inmsk = $3.m.s_addr; 165 nat->in_outip = $5.a.s_addr; 166 nat->in_outmsk = $5.m.s_addr; 167 if (nat->in_ifnames[1][0] == '\0') 168 strncpy(nat->in_ifnames[1], 169 nat->in_ifnames[0], 170 sizeof(nat->in_ifnames[0])); |
| 175 if ((nat->in_flags & IPN_TCPUDP) == 0) | 171 if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) |
| 176 setnatproto(nat->in_p); 177 if (((nat->in_redir & NAT_MAPBLK) != 0) || 178 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 179 nat_setgroupmap(nat); 180 } 181 | mapit ifnames mapfrom IPNY_TLATE rhaddr proxy mapoptions | 172 setnatproto(nat->in_p); 173 if (((nat->in_redir & NAT_MAPBLK) != 0) || 174 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 175 nat_setgroupmap(nat); 176 } 177 | mapit ifnames mapfrom IPNY_TLATE rhaddr proxy mapoptions |
| 182 { nat->in_outip = $5.a.s_addr; | 178 { nat->in_v = 4; 179 nat->in_outip = $5.a.s_addr; |
| 183 nat->in_outmsk = $5.m.s_addr; 184 if (nat->in_ifnames[1][0] == '\0') 185 strncpy(nat->in_ifnames[1], 186 nat->in_ifnames[0], 187 sizeof(nat->in_ifnames[0])); 188 if ((nat->in_flags & IPN_TCPUDP) == 0) 189 setnatproto(nat->in_p); 190 if (((nat->in_redir & NAT_MAPBLK) != 0) || 191 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 192 nat_setgroupmap(nat); 193 } 194 | mapit ifnames mapfrom IPNY_TLATE rhaddr mapport mapoptions | 180 nat->in_outmsk = $5.m.s_addr; 181 if (nat->in_ifnames[1][0] == '\0') 182 strncpy(nat->in_ifnames[1], 183 nat->in_ifnames[0], 184 sizeof(nat->in_ifnames[0])); 185 if ((nat->in_flags & IPN_TCPUDP) == 0) 186 setnatproto(nat->in_p); 187 if (((nat->in_redir & NAT_MAPBLK) != 0) || 188 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 189 nat_setgroupmap(nat); 190 } 191 | mapit ifnames mapfrom IPNY_TLATE rhaddr mapport mapoptions |
| 195 { nat->in_outip = $5.a.s_addr; | 192 { nat->in_v = 4; 193 nat->in_outip = $5.a.s_addr; |
| 196 nat->in_outmsk = $5.m.s_addr; 197 if (nat->in_ifnames[1][0] == '\0') 198 strncpy(nat->in_ifnames[1], 199 nat->in_ifnames[0], 200 sizeof(nat->in_ifnames[0])); | 194 nat->in_outmsk = $5.m.s_addr; 195 if (nat->in_ifnames[1][0] == '\0') 196 strncpy(nat->in_ifnames[1], 197 nat->in_ifnames[0], 198 sizeof(nat->in_ifnames[0])); |
| 201 if ((nat->in_flags & IPN_TCPUDP) == 0) | 199 if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) |
| 202 setnatproto(nat->in_p); 203 if (((nat->in_redir & NAT_MAPBLK) != 0) || 204 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 205 nat_setgroupmap(nat); 206 } 207 ; 208 209mapblock: 210 mapblockit ifnames addr IPNY_TLATE addr ports mapoptions | 200 setnatproto(nat->in_p); 201 if (((nat->in_redir & NAT_MAPBLK) != 0) || 202 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 203 nat_setgroupmap(nat); 204 } 205 ; 206 207mapblock: 208 mapblockit ifnames addr IPNY_TLATE addr ports mapoptions |
| 211 { nat->in_inip = $3.a.s_addr; | 209 { nat->in_v = 4; 210 nat->in_inip = $3.a.s_addr; |
| 212 nat->in_inmsk = $3.m.s_addr; 213 nat->in_outip = $5.a.s_addr; 214 nat->in_outmsk = $5.m.s_addr; 215 if (nat->in_ifnames[1][0] == '\0') 216 strncpy(nat->in_ifnames[1], 217 nat->in_ifnames[0], 218 sizeof(nat->in_ifnames[0])); 219 if ((nat->in_flags & IPN_TCPUDP) == 0) 220 setnatproto(nat->in_p); 221 if (((nat->in_redir & NAT_MAPBLK) != 0) || 222 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 223 nat_setgroupmap(nat); 224 } 225 ; 226 | 211 nat->in_inmsk = $3.m.s_addr; 212 nat->in_outip = $5.a.s_addr; 213 nat->in_outmsk = $5.m.s_addr; 214 if (nat->in_ifnames[1][0] == '\0') 215 strncpy(nat->in_ifnames[1], 216 nat->in_ifnames[0], 217 sizeof(nat->in_ifnames[0])); 218 if ((nat->in_flags & IPN_TCPUDP) == 0) 219 setnatproto(nat->in_p); 220 if (((nat->in_redir & NAT_MAPBLK) != 0) || 221 ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) 222 nat_setgroupmap(nat); 223 } 224 ; 225 |
| 227redir: rdrit ifnames addr dport IPNY_TLATE dip nport rdrproto rdroptions 228 { nat->in_outip = $3.a.s_addr; | 226redir: rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions 227 { nat->in_v = 4; 228 nat->in_outip = $3.a.s_addr; |
| 229 nat->in_outmsk = $3.m.s_addr; 230 if (nat->in_ifnames[1][0] == '\0') 231 strncpy(nat->in_ifnames[1], 232 nat->in_ifnames[0], 233 sizeof(nat->in_ifnames[0])); 234 if ((nat->in_p == 0) && 235 ((nat->in_flags & IPN_TCPUDP) == 0) && 236 (nat->in_pmin != 0 || 237 nat->in_pmax != 0 || 238 nat->in_pnext != 0)) 239 setnatproto(IPPROTO_TCP); 240 } | 229 nat->in_outmsk = $3.m.s_addr; 230 if (nat->in_ifnames[1][0] == '\0') 231 strncpy(nat->in_ifnames[1], 232 nat->in_ifnames[0], 233 sizeof(nat->in_ifnames[0])); 234 if ((nat->in_p == 0) && 235 ((nat->in_flags & IPN_TCPUDP) == 0) && 236 (nat->in_pmin != 0 || 237 nat->in_pmax != 0 || 238 nat->in_pnext != 0)) 239 setnatproto(IPPROTO_TCP); 240 } |
| 241 | rdrit ifnames rdrfrom IPNY_TLATE dip nport rdrproto rdroptions 242 { if ((nat->in_p == 0) && | 241 | rdrit ifnames rdrfrom IPNY_TLATE dip nport setproto rdroptions 242 { nat->in_v = 4; 243 if ((nat->in_p == 0) && |
| 243 ((nat->in_flags & IPN_TCPUDP) == 0) && 244 (nat->in_pmin != 0 || 245 nat->in_pmax != 0 || 246 nat->in_pnext != 0)) 247 setnatproto(IPPROTO_TCP); 248 if (nat->in_ifnames[1][0] == '\0') 249 strncpy(nat->in_ifnames[1], 250 nat->in_ifnames[0], 251 sizeof(nat->in_ifnames[0])); 252 } | 244 ((nat->in_flags & IPN_TCPUDP) == 0) && 245 (nat->in_pmin != 0 || 246 nat->in_pmax != 0 || 247 nat->in_pnext != 0)) 248 setnatproto(IPPROTO_TCP); 249 if (nat->in_ifnames[1][0] == '\0') 250 strncpy(nat->in_ifnames[1], 251 nat->in_ifnames[0], 252 sizeof(nat->in_ifnames[0])); 253 } |
| 253 | rdrit ifnames addr IPNY_TLATE dip rdrproto rdroptions 254 { nat->in_outip = $3.a.s_addr; | 254 | rdrit ifnames addr IPNY_TLATE dip setproto rdroptions 255 { nat->in_v = 4; 256 nat->in_outip = $3.a.s_addr; |
| 255 nat->in_outmsk = $3.m.s_addr; 256 if (nat->in_ifnames[1][0] == '\0') 257 strncpy(nat->in_ifnames[1], 258 nat->in_ifnames[0], 259 sizeof(nat->in_ifnames[0])); 260 } 261 ; 262 | 257 nat->in_outmsk = $3.m.s_addr; 258 if (nat->in_ifnames[1][0] == '\0') 259 strncpy(nat->in_ifnames[1], 260 nat->in_ifnames[0], 261 sizeof(nat->in_ifnames[0])); 262 } 263 ; 264 |
| 263proxy: | IPNY_PROXY IPNY_PORT YY_NUMBER YY_STR '/' proto | 265proxy: | IPNY_PROXY IPNY_PORT portspec YY_STR '/' proto |
| 264 { strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel)); 265 if (nat->in_dcmp == 0) { 266 nat->in_dport = htons($3); 267 } else if ($3 != nat->in_dport) { 268 yyerror("proxy port numbers not consistant"); 269 } 270 setnatproto($6); 271 free($4); 272 } 273 | IPNY_PROXY IPNY_PORT YY_STR YY_STR '/' proto | 266 { strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel)); 267 if (nat->in_dcmp == 0) { 268 nat->in_dport = htons($3); 269 } else if ($3 != nat->in_dport) { 270 yyerror("proxy port numbers not consistant"); 271 } 272 setnatproto($6); 273 free($4); 274 } 275 | IPNY_PROXY IPNY_PORT YY_STR YY_STR '/' proto |
| 274 { strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel)); 275 nat->in_dport = getportproto($3, $6); | 276 { int pnum; 277 strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel)); 278 pnum = getportproto($3, $6); 279 if (pnum == -1) 280 yyerror("invalid port number"); 281 nat->in_dport = pnum; |
| 276 setnatproto($6); 277 free($3); 278 free($4); 279 } 280 ; 281 | 282 setnatproto($6); 283 free($3); 284 free($4); 285 } 286 ; 287 |
| 282rdrproto: 283 | IPNY_TCP { setnatproto(IPPROTO_TCP); } 284 | IPNY_UDP { setnatproto(IPPROTO_UDP); } 285 | IPNY_TCPUDP { nat->in_flags |= IPN_TCPUDP; 286 nat->in_p = 0; } 287 | IPNY_TCP '/' IPNY_UDP { nat->in_flags |= IPN_TCPUDP; 288 nat->in_p = 0; } 289 | YY_NUMBER { setnatproto($1); } 290 | YY_STR { setnatproto(getproto($1)); 291 free($1); | 288setproto: 289 | proto { if (nat->in_p != 0 || 290 nat->in_flags & IPN_TCPUDP) 291 yyerror("protocol set twice"); 292 setnatproto($1); |
| 292 } | 293 } |
| 294 | IPNY_TCPUDP { if (nat->in_p != 0 || 295 nat->in_flags & IPN_TCPUDP) 296 yyerror("protocol set twice"); 297 nat->in_flags |= IPN_TCPUDP; 298 nat->in_p = 0; 299 } 300 | IPNY_TCP '/' IPNY_UDP { if (nat->in_p != 0 || 301 nat->in_flags & IPN_TCPUDP) 302 yyerror("protocol set twice"); 303 nat->in_flags |= IPN_TCPUDP; 304 nat->in_p = 0; 305 } |
|
| 293 ; 294 295rhaddr: addr { $$.a = $1.a; $$.m = $1.m; } 296 | IPNY_RANGE ipv4 '-' ipv4 297 { $$.a = $2; $$.m = $4; 298 nat->in_flags |= IPN_IPRANGE; } | 306 ; 307 308rhaddr: addr { $$.a = $1.a; $$.m = $1.m; } 309 | IPNY_RANGE ipv4 '-' ipv4 310 { $$.a = $2; $$.m = $4; 311 nat->in_flags |= IPN_IPRANGE; } |
| 312 ; 313 |
|
| 299dip: | 314dip: |
| 300 ipv4 { nat->in_inip = $1.s_addr; | 315 hostname { nat->in_inip = $1.s_addr; |
| 301 nat->in_inmsk = 0xffffffff; } | 316 nat->in_inmsk = 0xffffffff; } |
| 302 | ipv4 '/' YY_NUMBER { nat->in_inip = $1.s_addr; 303 if (nat->in_inip != 0 || 304 ($3 != 0 && $3 != 32)) 305 yyerror("Invalid mask for dip"); 306 ntomask(4, $3, &nat->in_inmsk); } 307 | ipv4 ',' ipv4 { nat->in_flags |= IPN_SPLIT; | 317 | hostname ',' hostname { nat->in_flags |= IPN_SPLIT; |
| 308 nat->in_inip = $1.s_addr; 309 nat->in_inmsk = $3.s_addr; } 310 ; 311 | 318 nat->in_inip = $1.s_addr; 319 nat->in_inmsk = $3.s_addr; } 320 ; 321 |
| 312dport: | IPNY_PORT YY_NUMBER { nat->in_pmin = htons($2); | 322portspec: 323 YY_NUMBER { if ($1 > 65535) /* Unsigned */ 324 yyerror("invalid port number"); 325 else 326 $$ = $1; 327 } 328 | YY_STR { if (getport(NULL, $1, &($$)) == -1) 329 yyerror("invalid port number"); 330 $$ = ntohs($$); 331 } 332 ; 333 334dport: | IPNY_PORT portspec { nat->in_pmin = htons($2); |
| 313 nat->in_pmax = htons($2); } | 335 nat->in_pmax = htons($2); } |
| 314 | IPNY_PORT YY_NUMBER '-' YY_NUMBER { nat->in_pmin = htons($2); | 336 | IPNY_PORT portspec '-' portspec { nat->in_pmin = htons($2); |
| 315 nat->in_pmax = htons($4); } | 337 nat->in_pmax = htons($4); } |
| 338 | IPNY_PORT portspec ':' portspec { nat->in_pmin = htons($2); 339 nat->in_pmax = htons($4); } |
|
| 316 ; 317 | 340 ; 341 |
| 318nport: IPNY_PORT YY_NUMBER { nat->in_pnext = htons($2); } | 342nport: IPNY_PORT portspec { nat->in_pnext = htons($2); } 343 | IPNY_PORT '=' portspec { nat->in_pnext = htons($3); 344 nat->in_flags |= IPN_FIXEDDPORT; 345 } |
| 319 ; 320 | 346 ; 347 |
| 321ports: | IPNY_PORTS numports { nat->in_pmin = $2; } | 348ports: | IPNY_PORTS YY_NUMBER { nat->in_pmin = $2; } |
| 322 | IPNY_PORTS IPNY_AUTO { nat->in_flags |= IPN_AUTOPORTMAP; } 323 ; 324 325mapit: IPNY_MAP { nat->in_redir = NAT_MAP; } 326 | IPNY_BIMAP { nat->in_redir = NAT_BIMAP; } 327 ; 328 329rdrit: IPNY_RDR { nat->in_redir = NAT_REDIRECT; } --- 18 unchanged lines hidden (view full) --- 348from: IPNY_FROM { nat->in_flags |= IPN_FILTER; } 349 ; 350 351ifnames: 352 ifname 353 | ifname ',' otherifname 354 ; 355 | 349 | IPNY_PORTS IPNY_AUTO { nat->in_flags |= IPN_AUTOPORTMAP; } 350 ; 351 352mapit: IPNY_MAP { nat->in_redir = NAT_MAP; } 353 | IPNY_BIMAP { nat->in_redir = NAT_BIMAP; } 354 ; 355 356rdrit: IPNY_RDR { nat->in_redir = NAT_REDIRECT; } --- 18 unchanged lines hidden (view full) --- 375from: IPNY_FROM { nat->in_flags |= IPN_FILTER; } 376 ; 377 378ifnames: 379 ifname 380 | ifname ',' otherifname 381 ; 382 |
| 356ifname: YY_STR { strncpy(nat->in_ifnames[0], $1, 357 sizeof(nat->in_ifnames[0])); 358 free($1); 359 } | 383ifname: YY_STR { strncpy(nat->in_ifnames[0], $1, 384 sizeof(nat->in_ifnames[0])); 385 nat->in_ifnames[0][LIFNAMSIZ - 1] = '\0'; 386 free($1); 387 } |
| 360 ; 361 362otherifname: | 388 ; 389 390otherifname: |
| 363 YY_STR { strncpy(nat->in_ifnames[1], $1, 364 sizeof(nat->in_ifnames[1])); 365 free($1); 366 } | 391 YY_STR { strncpy(nat->in_ifnames[1], $1, 392 sizeof(nat->in_ifnames[1])); 393 nat->in_ifnames[1][LIFNAMSIZ - 1] = '\0'; 394 free($1); 395 } |
| 367 ; 368 369mapport: | 396 ; 397 398mapport: |
| 370 IPNY_PORTMAP tcpudp YY_NUMBER ':' YY_NUMBER 371 { nat->in_pmin = htons($3); 372 nat->in_pmax = htons($5); } 373 | IPNY_PORTMAP tcpudp IPNY_AUTO { nat->in_flags |= IPN_AUTOPORTMAP; 374 nat->in_pmin = htons(1024); 375 nat->in_pmax = htons(65535); } | 399 IPNY_PORTMAP tcpudp portspec ':' portspec 400 { nat->in_pmin = htons($3); 401 nat->in_pmax = htons($5); 402 } 403 | IPNY_PORTMAP tcpudp IPNY_AUTO 404 { nat->in_flags |= IPN_AUTOPORTMAP; 405 nat->in_pmin = htons(1024); 406 nat->in_pmax = htons(65535); 407 } 408 | IPNY_ICMPIDMAP YY_STR YY_NUMBER ':' YY_NUMBER 409 { if (strcmp($2, "icmp") != 0) { 410 yyerror("icmpidmap not followed by icmp"); 411 } 412 free($2); 413 if ($3 < 0 || $3 > 65535) 414 yyerror("invalid ICMP Id number"); 415 if ($5 < 0 || $5 > 65535) 416 yyerror("invalid ICMP Id number"); 417 nat->in_flags = IPN_ICMPQUERY; 418 nat->in_pmin = htons($3); 419 nat->in_pmax = htons($5); 420 } |
| 376 ; 377 378sobject: 379 saddr 380 | saddr IPNY_PORT portstuff { nat->in_sport = $3.p1; 381 nat->in_stop = $3.p2; 382 nat->in_scmp = $3.pc; } 383 ; --- 44 unchanged lines hidden (view full) --- 428nummask: 429 hostname { $$.a = $1; 430 $$.m.s_addr = 0xffffffff; } 431 | hostname '/' YY_NUMBER { $$.a = $1; 432 ntomask(4, $3, &$$.m.s_addr); } 433 ; 434 435portstuff: | 421 ; 422 423sobject: 424 saddr 425 | saddr IPNY_PORT portstuff { nat->in_sport = $3.p1; 426 nat->in_stop = $3.p2; 427 nat->in_scmp = $3.pc; } 428 ; --- 44 unchanged lines hidden (view full) --- 473nummask: 474 hostname { $$.a = $1; 475 $$.m.s_addr = 0xffffffff; } 476 | hostname '/' YY_NUMBER { $$.a = $1; 477 ntomask(4, $3, &$$.m.s_addr); } 478 ; 479 480portstuff: |
| 436 compare YY_NUMBER { $$.pc = $1; $$.p1 = $2; } 437 | YY_NUMBER range YY_NUMBER { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; } | 481 compare portspec { $$.pc = $1; $$.p1 = $2; } 482 | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p1 = $3; } |
| 438 ; 439 440mapoptions: | 483 ; 484 485mapoptions: |
| 441 rr frag age mssclamp nattag | 486 rr frag age mssclamp nattag setproto |
| 442 ; 443 444rdroptions: 445 rr frag age sticky mssclamp rdrproxy nattag 446 ; 447 448nattag: | IPNY_TAG YY_STR { strncpy(nat->in_tag.ipt_tag, $2, 449 sizeof(nat->in_tag.ipt_tag)); --- 29 unchanged lines hidden (view full) --- 479 nat->in_p = 0; 480 } 481 | IPNY_TCP '/' IPNY_UDP { nat->in_flags |= IPN_TCPUDP; 482 nat->in_p = 0; 483 } 484 ; 485 486rdrproxy: | 487 ; 488 489rdroptions: 490 rr frag age sticky mssclamp rdrproxy nattag 491 ; 492 493nattag: | IPNY_TAG YY_STR { strncpy(nat->in_tag.ipt_tag, $2, 494 sizeof(nat->in_tag.ipt_tag)); --- 29 unchanged lines hidden (view full) --- 524 nat->in_p = 0; 525 } 526 | IPNY_TCP '/' IPNY_UDP { nat->in_flags |= IPN_TCPUDP; 527 nat->in_p = 0; 528 } 529 ; 530 531rdrproxy: |
| 487 | IPNY_PROXY YY_STR | 532 IPNY_PROXY YY_STR |
| 488 { strncpy(nat->in_plabel, $2, 489 sizeof(nat->in_plabel)); 490 nat->in_dport = nat->in_pnext; | 533 { strncpy(nat->in_plabel, $2, 534 sizeof(nat->in_plabel)); 535 nat->in_dport = nat->in_pnext; |
| 536 nat->in_dport = htons(nat->in_dport); |
|
| 491 free($2); 492 } 493 | proxy { if (nat->in_plabel[0] != '\0') { 494 nat->in_pmin = nat->in_dport; 495 nat->in_pmax = nat->in_pmin; 496 nat->in_pnext = nat->in_pmin; 497 } 498 } 499 ; 500 | 537 free($2); 538 } 539 | proxy { if (nat->in_plabel[0] != '\0') { 540 nat->in_pmin = nat->in_dport; 541 nat->in_pmax = nat->in_pmin; 542 nat->in_pnext = nat->in_pmin; 543 } 544 } 545 ; 546 |
| 501numports: 502 YY_NUMBER { $$ = $1; } 503 ; 504 | |
| 505proto: YY_NUMBER { $$ = $1; } 506 | IPNY_TCP { $$ = IPPROTO_TCP; } 507 | IPNY_UDP { $$ = IPPROTO_UDP; } 508 | YY_STR { $$ = getproto($1); free($1); } 509 ; 510 511hexnumber: 512 YY_HEX { $$ = $1; } --- 44 unchanged lines hidden (view full) --- 557 { "bimap", IPNY_BIMAP }, 558 { "frag", IPNY_FRAG }, 559 { "from", IPNY_FROM }, 560 { "icmpidmap", IPNY_ICMPIDMAP }, 561 { "mask", IPNY_MASK }, 562 { "map", IPNY_MAP }, 563 { "map-block", IPNY_MAPBLOCK }, 564 { "mssclamp", IPNY_MSSCLAMP }, | 547proto: YY_NUMBER { $$ = $1; } 548 | IPNY_TCP { $$ = IPPROTO_TCP; } 549 | IPNY_UDP { $$ = IPPROTO_UDP; } 550 | YY_STR { $$ = getproto($1); free($1); } 551 ; 552 553hexnumber: 554 YY_HEX { $$ = $1; } --- 44 unchanged lines hidden (view full) --- 599 { "bimap", IPNY_BIMAP }, 600 { "frag", IPNY_FRAG }, 601 { "from", IPNY_FROM }, 602 { "icmpidmap", IPNY_ICMPIDMAP }, 603 { "mask", IPNY_MASK }, 604 { "map", IPNY_MAP }, 605 { "map-block", IPNY_MAPBLOCK }, 606 { "mssclamp", IPNY_MSSCLAMP }, |
| 607 { "netmask", IPNY_MASK }, |
|
| 565 { "port", IPNY_PORT }, 566 { "portmap", IPNY_PORTMAP }, 567 { "ports", IPNY_PORTS }, 568 { "proxy", IPNY_PROXY }, 569 { "range", IPNY_RANGE }, 570 { "rdr", IPNY_RDR }, 571 { "round-robin",IPNY_ROUNDROBIN }, 572 { "sticky", IPNY_STICKY }, 573 { "tag", IPNY_TAG }, 574 { "tcp", IPNY_TCP }, | 608 { "port", IPNY_PORT }, 609 { "portmap", IPNY_PORTMAP }, 610 { "ports", IPNY_PORTS }, 611 { "proxy", IPNY_PROXY }, 612 { "range", IPNY_RANGE }, 613 { "rdr", IPNY_RDR }, 614 { "round-robin",IPNY_ROUNDROBIN }, 615 { "sticky", IPNY_STICKY }, 616 { "tag", IPNY_TAG }, 617 { "tcp", IPNY_TCP }, |
| 618 { "tcpudp", IPNY_TCPUDP }, |
|
| 575 { "to", IPNY_TO }, 576 { "udp", IPNY_UDP }, 577 { "-", '-' }, 578 { "->", IPNY_TLATE }, 579 { "eq", YY_CMP_EQ }, 580 { "ne", YY_CMP_NE }, 581 { "lt", YY_CMP_LT }, 582 { "gt", YY_CMP_GT }, --- 101 unchanged lines hidden (view full) --- 684 case IPPROTO_TCP : 685 nat->in_flags |= IPN_TCP; 686 nat->in_flags &= ~IPN_UDP; 687 break; 688 case IPPROTO_UDP : 689 nat->in_flags |= IPN_UDP; 690 nat->in_flags &= ~IPN_TCP; 691 break; | 619 { "to", IPNY_TO }, 620 { "udp", IPNY_UDP }, 621 { "-", '-' }, 622 { "->", IPNY_TLATE }, 623 { "eq", YY_CMP_EQ }, 624 { "ne", YY_CMP_NE }, 625 { "lt", YY_CMP_LT }, 626 { "gt", YY_CMP_GT }, --- 101 unchanged lines hidden (view full) --- 728 case IPPROTO_TCP : 729 nat->in_flags |= IPN_TCP; 730 nat->in_flags &= ~IPN_UDP; 731 break; 732 case IPPROTO_UDP : 733 nat->in_flags |= IPN_UDP; 734 nat->in_flags &= ~IPN_TCP; 735 break; |
| 736 case IPPROTO_ICMP : 737 nat->in_flags &= ~IPN_TCPUDP; 738 if (!(nat->in_flags & IPN_ICMPQUERY)) { 739 nat->in_dcmp = 0; 740 nat->in_scmp = 0; 741 nat->in_pmin = 0; 742 nat->in_pmax = 0; 743 nat->in_pnext = 0; 744 } 745 break; |
|
| 692 default : 693 if ((nat->in_redir & NAT_MAPBLK) == 0) { | 746 default : 747 if ((nat->in_redir & NAT_MAPBLK) == 0) { |
| 748 /* Only reset dcmp/scmp in case dport/sport not set */ 749 if (0 == nat->in_tuc.ftu_dport) 750 nat->in_dcmp = 0; 751 if (0 == nat->in_tuc.ftu_sport) 752 nat->in_scmp = 0; |
|
| 694 nat->in_pmin = 0; 695 nat->in_pmax = 0; 696 nat->in_pnext = 0; 697 nat->in_flags &= ~IPN_TCPUDP; 698 } 699 break; 700 } | 753 nat->in_pmin = 0; 754 nat->in_pmax = 0; 755 nat->in_pnext = 0; 756 nat->in_flags &= ~IPN_TCPUDP; 757 } 758 break; 759 } |
| 760 761 if ((nat->in_flags & (IPN_TCPUDP|IPN_FIXEDDPORT)) == IPN_FIXEDDPORT) 762 nat->in_flags &= ~IPN_FIXEDDPORT; |
|
| 701} 702 703 704void ipnat_addrule(fd, ioctlfunc, ptr) 705int fd; 706ioctlfunc_t ioctlfunc; 707void *ptr; 708{ | 763} 764 765 766void ipnat_addrule(fd, ioctlfunc, ptr) 767int fd; 768ioctlfunc_t ioctlfunc; 769void *ptr; 770{ |
| 771 ioctlcmd_t add, del; |
|
| 709 ipfobj_t obj; | 772 ipfobj_t obj; |
| 710 int add, del; | |
| 711 ipnat_t *ipn; 712 713 ipn = ptr; 714 bzero((char *)&obj, sizeof(obj)); 715 obj.ipfo_rev = IPFILTER_VERSION; 716 obj.ipfo_size = sizeof(ipnat_t); 717 obj.ipfo_type = IPFOBJ_IPNAT; 718 obj.ipfo_ptr = ptr; --- 59 unchanged lines hidden --- | 773 ipnat_t *ipn; 774 775 ipn = ptr; 776 bzero((char *)&obj, sizeof(obj)); 777 obj.ipfo_rev = IPFILTER_VERSION; 778 obj.ipfo_size = sizeof(ipnat_t); 779 obj.ipfo_type = IPFOBJ_IPNAT; 780 obj.ipfo_ptr = ptr; --- 59 unchanged lines hidden --- |