CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src Committed By: rmind Date: Mon Dec 24 01:14:41 UTC 2012 Modified Files: src/dist/pf/usr.sbin/ftp-proxy: npf.c Log Message: ftp-proxy: disable NPF bits for now; it will be re-done. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/dist/pf/usr.sbin/ftp-proxy/npf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/usr.sbin/ftp-proxy/npf.c diff -u src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.1 src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.2 --- src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.1 Wed Feb 2 02:20:26 2011 +++ src/dist/pf/usr.sbin/ftp-proxy/npf.c Mon Dec 24 01:14:40 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: npf.c,v 1.1 2011/02/02 02:20:26 rmind Exp $ */ +/* $NetBSD: npf.c,v 1.2 2012/12/24 01:14:40 rmind Exp $ */ /* * Copyright (c) 2011 The NetBSD Foundation, Inc. @@ -311,6 +311,7 @@ npf_server_lookup(struct sockaddr *c, st static int npf_do_commit(void) { +#if 0 nl_rule_t *group; fp_ent_t *fpe; pri_t pri; @@ -327,6 +328,10 @@ npf_do_commit(void) npf_update_rule(npf_fd, NPF_FP_RULE_TAG, group); npf_rule_destroy(group); return 0; +#else + errno = ENOTSUP; + return -1; +#endif } static int
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src Committed By: plunky Date: Sat Sep 15 17:42:43 UTC 2012 Modified Files: src/dist/pf/usr.sbin/ftp-proxy: ipf.c Log Message: reinstate "Update ftp-proxy for changes to ipnat_t" from Darren Reed To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/dist/pf/usr.sbin/ftp-proxy/ipf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/usr.sbin/ftp-proxy/ipf.c diff -u src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.5 src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.6 --- src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.5 Wed Feb 15 17:55:14 2012 +++ src/dist/pf/usr.sbin/ftp-proxy/ipf.c Sat Sep 15 17:42:43 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: ipf.c,v 1.5 2012/02/15 17:55:14 riz Exp $ */ +/* $NetBSD: ipf.c,v 1.6 2012/09/15 17:42:43 plunky Exp $ */ /* * Copyright (c) 2004, 2008 The NetBSD Foundation, Inc. @@ -151,7 +151,7 @@ ftp_proxy_entry_find(u_int32_t id) } static int -ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t ipn) +ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t *ipn) { struct ftp_proxy_nat *fpn; @@ -159,22 +159,22 @@ ftp_proxy_entry_add_nat(struct ftp_proxy if (fpn == NULL) return (-1); - memcpy(&fpn->ipn, &ipn, sizeof(fpn->ipn)); + memcpy(&fpn->ipn, ipn, sizeof(fpn->ipn)); LIST_INSERT_HEAD(&fpe->nat_entries, fpn, link); return (0); } static int -ipfilter_add_nat(ipnat_t ipn) +ipfilter_add_nat(ipnat_t *ipn) { ipfobj_t obj; memset(&obj, 0, sizeof(obj)); obj.ipfo_rev = IPFILTER_VERSION; - obj.ipfo_size = sizeof(ipn); + obj.ipfo_size = ipn->in_size; obj.ipfo_type = IPFOBJ_IPNAT; - obj.ipfo_ptr = &ipn; + obj.ipfo_ptr = ipn; return ioctl(natfd, SIOCADNAT, &obj); } @@ -224,7 +224,7 @@ ipf_add_rdr(u_int32_t id, struct sockadd u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port) { struct ftp_proxy_entry *fpe = ftp_proxy_entry_find(id); - ipnat_t ipn; + ipnat_t *ipn; if (fpe == NULL) { errno = ENOENT; @@ -237,98 +237,48 @@ ipf_add_rdr(u_int32_t id, struct sockadd return (-1); } - memset(&ipn, 0, sizeof(ipn)); - ipn.in_redir = NAT_REDIRECT; - ipn.in_v = 4; - ipn.in_outip = satosin(dst)->sin_addr.s_addr; - ipn.in_outmsk = 0x; - strlcpy(ipn.in_ifnames[0], netif, sizeof(ipn.in_ifnames[0])); - strlcpy(ipn.in_ifnames[1], netif, sizeof(ipn.in_ifnames[1])); - ipn.in_pmin = htons(d_port); - ipn.in_pmax = htons(d_port); - ipn.in_inip = satosin(rdr)->sin_addr.s_addr; - ipn.in_inmsk = 0x; - ipn.in_pnext = htons(rdr_port); - ipn.in_flags = IPN_FIXEDDPORT | IPN_TCP; - strlcpy(ipn.in_tag.ipt_tag, fpe->proxy_tag, sizeof(ipn.in_tag.ipt_tag)); - - if (ipfilter_add_nat(ipn) == -1) + ipn = calloc(1, sizeof(*ipn) + 2 * IF_NAMESIZE + 2); + if (ipn == NULL) { + errno = ENOMEM; return (-1); + } + ipn->in_redir = NAT_REDIRECT; + ipn->in_v[0] = 4; + ipn->in_v[1] = 4; + ipn->in_odstaddr = satosin(dst)->sin_addr.s_addr; + ipn->in_odstmsk = 0x; + ipn->in_odport = htons(d_port); + ipn->in_dtop = htons(d_port); + ipn->in_ndstaddr = satosin(rdr)->sin_addr.s_addr; + ipn->in_ndstmsk = 0x; + ipn->in_dpnext = htons(rdr_port); + ipn->in_flags = IPN_FIXEDDPORT | IPN_TCP; + strlcpy(ipn->in_tag.ipt_tag, fpe->proxy_tag, + sizeof(ipn->in_tag.ipt_tag)); + + ipn->in_ifnames[0] = 0; + (void) strlcpy(ipn->in_names, netif, IF_NAMESIZE); + ipn->in_namelen = strlen(ipn->in_names) + 1; + ipn->in_ifnames[1] = ipn->in_namelen; + (void) strlcpy(ipn->in_names + ipn->in_namelen, netif, IF_NAMESIZE); + ipn->in_namelen += strlen(ipn->in_names + ipn->in_ifnames[1]) + 1; + ipn->in_size = sizeof(*ipn) + ipn->in_namelen; - if (ftp_proxy_entry_add_nat(fpe, ipn) == -1) + if (ipfilter_add_nat(ipn) == -1) { + free(ipn); return (-1); + } - fpe->status = 1; - - return (0); -} - -#if 0 -int -ipf_add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst, -u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port) -{ - u_32_t sum1, sum2, sumd; - int onoff, error; - nat_save_t ns; - ipfobj_t obj; - nat_t *nat; - - if (!src || !dst || !d_port || !rdr || !rdr_port || - (src->sa_family != rdr->sa_family)) { - errno = EINVAL; + if (ftp_proxy_entry_add_nat(fpe, ipn) == -1) { + free(ipn); return (-1); } - memset(&ns, 0, sizeof(ns)); - - nat = &ns.ipn_nat; - nat->nat_p = IPPROTO_TCP; - nat->nat_dir = NAT_OUTBOUND; - nat->nat_redir = NAT_REDIRECT; - strlcpy(nat->nat_ifnames[0], netif, sizeof(nat->nat_ifnames[0])); - strlcpy(nat->nat_ifnames[1], netif, sizeof(nat->nat_ifnames[1])); - - nat->nat_inip = satosin(rdr)->sin_addr; - nat->nat_outip = satosin(dst)->sin_addr; - nat->nat_oip = satosin(src)->sin_addr; - - sum1 = LONG_SUM(ntohl(nat->nat_inip.s_addr)) + rdr_port; - sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)) + d_port; - CALC_SUMD(sum1, sum2, sumd); - nat->nat_sumd[0] = (sumd & 0x) + (sumd >> 16); - nat->nat_sumd[1] = nat->nat_sumd[0]; - - sum1 = LONG_SUM(ntohl(nat->nat_inip.s_addr)); - sum2
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src Committed By: darrenr Date: Mon Jan 30 16:14:27 UTC 2012 Modified Files: src/dist/pf/usr.sbin/ftp-proxy: ipf.c Log Message: Update ftp-proxy for changes to ipnat_t To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/dist/pf/usr.sbin/ftp-proxy/ipf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/usr.sbin/ftp-proxy/ipf.c diff -u src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.3 src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.4 --- src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.3 Wed Feb 2 02:20:26 2011 +++ src/dist/pf/usr.sbin/ftp-proxy/ipf.c Mon Jan 30 16:14:27 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: ipf.c,v 1.3 2011/02/02 02:20:26 rmind Exp $ */ +/* $NetBSD: ipf.c,v 1.4 2012/01/30 16:14:27 darrenr Exp $ */ /* * Copyright (c) 2004, 2008 The NetBSD Foundation, Inc. @@ -151,7 +151,7 @@ ftp_proxy_entry_find(u_int32_t id) } static int -ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t ipn) +ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t *ipn) { struct ftp_proxy_nat *fpn; @@ -159,22 +159,22 @@ ftp_proxy_entry_add_nat(struct ftp_proxy if (fpn == NULL) return (-1); - memcpy(&fpn->ipn, &ipn, sizeof(fpn->ipn)); + memcpy(&fpn->ipn, ipn, sizeof(fpn->ipn)); LIST_INSERT_HEAD(&fpe->nat_entries, fpn, link); return (0); } static int -ipfilter_add_nat(ipnat_t ipn) +ipfilter_add_nat(ipnat_t *ipn) { ipfobj_t obj; memset(&obj, 0, sizeof(obj)); obj.ipfo_rev = IPFILTER_VERSION; - obj.ipfo_size = sizeof(ipn); + obj.ipfo_size = ipn->in_size; obj.ipfo_type = IPFOBJ_IPNAT; - obj.ipfo_ptr = &ipn; + obj.ipfo_ptr = ipn; return ioctl(natfd, SIOCADNAT, &obj); } @@ -224,7 +224,7 @@ ipf_add_rdr(u_int32_t id, struct sockadd u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port) { struct ftp_proxy_entry *fpe = ftp_proxy_entry_find(id); - ipnat_t ipn; + ipnat_t *ipn; if (fpe == NULL) { errno = ENOENT; @@ -237,98 +237,48 @@ ipf_add_rdr(u_int32_t id, struct sockadd return (-1); } - memset(&ipn, 0, sizeof(ipn)); - ipn.in_redir = NAT_REDIRECT; - ipn.in_v = 4; - ipn.in_outip = satosin(dst)->sin_addr.s_addr; - ipn.in_outmsk = 0x; - strlcpy(ipn.in_ifnames[0], netif, sizeof(ipn.in_ifnames[0])); - strlcpy(ipn.in_ifnames[1], netif, sizeof(ipn.in_ifnames[1])); - ipn.in_pmin = htons(d_port); - ipn.in_pmax = htons(d_port); - ipn.in_inip = satosin(rdr)->sin_addr.s_addr; - ipn.in_inmsk = 0x; - ipn.in_pnext = htons(rdr_port); - ipn.in_flags = IPN_FIXEDDPORT | IPN_TCP; - strlcpy(ipn.in_tag.ipt_tag, fpe->proxy_tag, sizeof(ipn.in_tag.ipt_tag)); - - if (ipfilter_add_nat(ipn) == -1) + ipn = calloc(1, sizeof(*ipn) + 2 * IF_NAMESIZE + 2); + if (ipn == NULL) { + errno = ENOMEM; return (-1); + } + ipn->in_redir = NAT_REDIRECT; + ipn->in_v[0] = 4; + ipn->in_v[1] = 4; + ipn->in_odstaddr = satosin(dst)->sin_addr.s_addr; + ipn->in_odstmsk = 0x; + ipn->in_odport = htons(d_port); + ipn->in_dtop = htons(d_port); + ipn->in_ndstaddr = satosin(rdr)->sin_addr.s_addr; + ipn->in_ndstmsk = 0x; + ipn->in_dpnext = htons(rdr_port); + ipn->in_flags = IPN_FIXEDDPORT | IPN_TCP; + strlcpy(ipn->in_tag.ipt_tag, fpe->proxy_tag, + sizeof(ipn->in_tag.ipt_tag)); + + ipn->in_ifnames[0] = 0; + (void) strlcpy(ipn->in_names, netif, IF_NAMESIZE); + ipn->in_namelen = strlen(ipn->in_names) + 1; + ipn->in_ifnames[1] = ipn->in_namelen; + (void) strlcpy(ipn->in_names + ipn->in_namelen, netif, IF_NAMESIZE); + ipn->in_namelen += strlen(ipn->in_names + ipn->in_ifnames[1]) + 1; + ipn->in_size = sizeof(*ipn) + ipn->in_namelen; - if (ftp_proxy_entry_add_nat(fpe, ipn) == -1) + if (ipfilter_add_nat(ipn) == -1) { + free(ipn); return (-1); + } - fpe->status = 1; - - return (0); -} - -#if 0 -int -ipf_add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst, -u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port) -{ - u_32_t sum1, sum2, sumd; - int onoff, error; - nat_save_t ns; - ipfobj_t obj; - nat_t *nat; - - if (!src || !dst || !d_port || !rdr || !rdr_port || - (src->sa_family != rdr->sa_family)) { - errno = EINVAL; + if (ftp_proxy_entry_add_nat(fpe, ipn) == -1) { + free(ipn); return (-1); } - memset(&ns, 0, sizeof(ns)); - - nat = &ns.ipn_nat; - nat->nat_p = IPPROTO_TCP; - nat->nat_dir = NAT_OUTBOUND; - nat->nat_redir = NAT_REDIRECT; - strlcpy(nat->nat_ifnames[0], netif, sizeof(nat->nat_ifnames[0])); - strlcpy(nat->nat_ifnames[1], netif, sizeof(nat->nat_ifnames[1])); - - nat->nat_inip = satosin(rdr)->sin_addr; - nat->nat_outip = satosin(dst)->sin_addr; - nat->nat_oip = satosin(src)->sin_addr; - - sum1 = LONG_SUM(ntohl(nat->nat_inip.s_addr)) + rdr_port; - sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)) + d_port; - CALC_SUMD(sum1, sum2, sumd); - nat->nat_sumd[0] = (sumd & 0x) + (sumd >> 16); - nat->nat_sumd[1] = nat->nat_sumd[0]; - - sum1 = LONG_SUM(ntohl(nat->nat_inip.s_addr)); - sum2 = LONG_SUM(ntohl(nat->nat
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src Committed By: reed Date: Fri Apr 24 16:48:58 UTC 2009 Modified Files: src/dist/pf/usr.sbin/ftp-proxy: ftp-proxy.8 Log Message: Fix roff formatting for -> by adding an \ such as document in mdoc.7 This was reported in 41276 To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 diff -u src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.4 src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.5 --- src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.4 Sun Mar 22 14:29:35 2009 +++ src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 Fri Apr 24 16:48:58 2009 @@ -1,4 +1,4 @@ -.\" $NetBSD: ftp-proxy.8,v 1.4 2009/03/22 14:29:35 perry Exp $ +.\" $NetBSD: ftp-proxy.8,v 1.5 2009/04/24 16:48:58 reed Exp $ .\" $OpenBSD: ftp-proxy.8,v 1.10 2007/08/01 15:45:41 jmc Exp $ .\" .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -73,14 +73,14 @@ .Pp In case of active mode (PORT or EPRT): .Bd -literal -offset 2n -rdr from $server to $proxy port $port -*[Gt] $client +rdr from $server to $proxy port $port -\*[Gt] $client pass quick inet proto tcp \e from $server to $client port $port .Ed .Pp In case of passive mode (PASV or EPSV): .Bd -literal -offset 2n -nat from $client to $server port $port -*[Gt] $proxy +nat from $client to $server port $port -\*[Gt] $proxy pass in quick inet proto tcp \e from $client to $server port $port pass out quick inet proto tcp \e @@ -174,7 +174,7 @@ .Bd -literal -offset 2n nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" -rdr pass on $int_if proto tcp from $lan to any port 21 -*[Gt] \e +rdr pass on $int_if proto tcp from $lan to any port 21 -\*[Gt] \e 127.0.0.1 port 8021 .Ed .Pp @@ -189,7 +189,7 @@ .Xr ipnat.conf 5 need the following rule: .Bd -literal -offset 2n -rdr $int_if any port 21 -*[Gt] 127.0.0.1 port 8021 tcp +rdr $int_if any port 21 -\*[Gt] 127.0.0.1 port 8021 tcp .Ed .Sh SEE ALSO .Xr ftp 1 ,