CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src
Committed By: rmind
Date: Mon Dec 24 01:14:41 UTC 2012
Modified Files:
src/dist/pf/usr.sbin/ftp-proxy: npf.c
Log Message:
ftp-proxy: disable NPF bits for now; it will be re-done.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/dist/pf/usr.sbin/ftp-proxy/npf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/usr.sbin/ftp-proxy/npf.c
diff -u src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.1 src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.2
--- src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.1 Wed Feb 2 02:20:26 2011
+++ src/dist/pf/usr.sbin/ftp-proxy/npf.c Mon Dec 24 01:14:40 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.1 2011/02/02 02:20:26 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.2 2012/12/24 01:14:40 rmind Exp $ */
/*
* Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -311,6 +311,7 @@ npf_server_lookup(struct sockaddr *c, st
static int
npf_do_commit(void)
{
+#if 0
nl_rule_t *group;
fp_ent_t *fpe;
pri_t pri;
@@ -327,6 +328,10 @@ npf_do_commit(void)
npf_update_rule(npf_fd, NPF_FP_RULE_TAG, group);
npf_rule_destroy(group);
return 0;
+#else
+ errno = ENOTSUP;
+ return -1;
+#endif
}
static int
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src
Committed By: plunky
Date: Sat Sep 15 17:42:43 UTC 2012
Modified Files:
src/dist/pf/usr.sbin/ftp-proxy: ipf.c
Log Message:
reinstate "Update ftp-proxy for changes to ipnat_t" from Darren Reed
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/dist/pf/usr.sbin/ftp-proxy/ipf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/usr.sbin/ftp-proxy/ipf.c
diff -u src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.5 src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.6
--- src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.5 Wed Feb 15 17:55:14 2012
+++ src/dist/pf/usr.sbin/ftp-proxy/ipf.c Sat Sep 15 17:42:43 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf.c,v 1.5 2012/02/15 17:55:14 riz Exp $ */
+/* $NetBSD: ipf.c,v 1.6 2012/09/15 17:42:43 plunky Exp $ */
/*
* Copyright (c) 2004, 2008 The NetBSD Foundation, Inc.
@@ -151,7 +151,7 @@ ftp_proxy_entry_find(u_int32_t id)
}
static int
-ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t ipn)
+ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t *ipn)
{
struct ftp_proxy_nat *fpn;
@@ -159,22 +159,22 @@ ftp_proxy_entry_add_nat(struct ftp_proxy
if (fpn == NULL)
return (-1);
- memcpy(&fpn->ipn, &ipn, sizeof(fpn->ipn));
+ memcpy(&fpn->ipn, ipn, sizeof(fpn->ipn));
LIST_INSERT_HEAD(&fpe->nat_entries, fpn, link);
return (0);
}
static int
-ipfilter_add_nat(ipnat_t ipn)
+ipfilter_add_nat(ipnat_t *ipn)
{
ipfobj_t obj;
memset(&obj, 0, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
- obj.ipfo_size = sizeof(ipn);
+ obj.ipfo_size = ipn->in_size;
obj.ipfo_type = IPFOBJ_IPNAT;
- obj.ipfo_ptr = &ipn;
+ obj.ipfo_ptr = ipn;
return ioctl(natfd, SIOCADNAT, &obj);
}
@@ -224,7 +224,7 @@ ipf_add_rdr(u_int32_t id, struct sockadd
u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
{
struct ftp_proxy_entry *fpe = ftp_proxy_entry_find(id);
- ipnat_t ipn;
+ ipnat_t *ipn;
if (fpe == NULL) {
errno = ENOENT;
@@ -237,98 +237,48 @@ ipf_add_rdr(u_int32_t id, struct sockadd
return (-1);
}
- memset(&ipn, 0, sizeof(ipn));
- ipn.in_redir = NAT_REDIRECT;
- ipn.in_v = 4;
- ipn.in_outip = satosin(dst)->sin_addr.s_addr;
- ipn.in_outmsk = 0x;
- strlcpy(ipn.in_ifnames[0], netif, sizeof(ipn.in_ifnames[0]));
- strlcpy(ipn.in_ifnames[1], netif, sizeof(ipn.in_ifnames[1]));
- ipn.in_pmin = htons(d_port);
- ipn.in_pmax = htons(d_port);
- ipn.in_inip = satosin(rdr)->sin_addr.s_addr;
- ipn.in_inmsk = 0x;
- ipn.in_pnext = htons(rdr_port);
- ipn.in_flags = IPN_FIXEDDPORT | IPN_TCP;
- strlcpy(ipn.in_tag.ipt_tag, fpe->proxy_tag, sizeof(ipn.in_tag.ipt_tag));
-
- if (ipfilter_add_nat(ipn) == -1)
+ ipn = calloc(1, sizeof(*ipn) + 2 * IF_NAMESIZE + 2);
+ if (ipn == NULL) {
+ errno = ENOMEM;
return (-1);
+ }
+ ipn->in_redir = NAT_REDIRECT;
+ ipn->in_v[0] = 4;
+ ipn->in_v[1] = 4;
+ ipn->in_odstaddr = satosin(dst)->sin_addr.s_addr;
+ ipn->in_odstmsk = 0x;
+ ipn->in_odport = htons(d_port);
+ ipn->in_dtop = htons(d_port);
+ ipn->in_ndstaddr = satosin(rdr)->sin_addr.s_addr;
+ ipn->in_ndstmsk = 0x;
+ ipn->in_dpnext = htons(rdr_port);
+ ipn->in_flags = IPN_FIXEDDPORT | IPN_TCP;
+ strlcpy(ipn->in_tag.ipt_tag, fpe->proxy_tag,
+ sizeof(ipn->in_tag.ipt_tag));
+
+ ipn->in_ifnames[0] = 0;
+ (void) strlcpy(ipn->in_names, netif, IF_NAMESIZE);
+ ipn->in_namelen = strlen(ipn->in_names) + 1;
+ ipn->in_ifnames[1] = ipn->in_namelen;
+ (void) strlcpy(ipn->in_names + ipn->in_namelen, netif, IF_NAMESIZE);
+ ipn->in_namelen += strlen(ipn->in_names + ipn->in_ifnames[1]) + 1;
+ ipn->in_size = sizeof(*ipn) + ipn->in_namelen;
- if (ftp_proxy_entry_add_nat(fpe, ipn) == -1)
+ if (ipfilter_add_nat(ipn) == -1) {
+ free(ipn);
return (-1);
+ }
- fpe->status = 1;
-
- return (0);
-}
-
-#if 0
-int
-ipf_add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
-u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
-{
- u_32_t sum1, sum2, sumd;
- int onoff, error;
- nat_save_t ns;
- ipfobj_t obj;
- nat_t *nat;
-
- if (!src || !dst || !d_port || !rdr || !rdr_port ||
- (src->sa_family != rdr->sa_family)) {
- errno = EINVAL;
+ if (ftp_proxy_entry_add_nat(fpe, ipn) == -1) {
+ free(ipn);
return (-1);
}
- memset(&ns, 0, sizeof(ns));
-
- nat = &ns.ipn_nat;
- nat->nat_p = IPPROTO_TCP;
- nat->nat_dir = NAT_OUTBOUND;
- nat->nat_redir = NAT_REDIRECT;
- strlcpy(nat->nat_ifnames[0], netif, sizeof(nat->nat_ifnames[0]));
- strlcpy(nat->nat_ifnames[1], netif, sizeof(nat->nat_ifnames[1]));
-
- nat->nat_inip = satosin(rdr)->sin_addr;
- nat->nat_outip = satosin(dst)->sin_addr;
- nat->nat_oip = satosin(src)->sin_addr;
-
- sum1 = LONG_SUM(ntohl(nat->nat_inip.s_addr)) + rdr_port;
- sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)) + d_port;
- CALC_SUMD(sum1, sum2, sumd);
- nat->nat_sumd[0] = (sumd & 0x) + (sumd >> 16);
- nat->nat_sumd[1] = nat->nat_sumd[0];
-
- sum1 = LONG_SUM(ntohl(nat->nat_inip.s_addr));
- sum2
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src
Committed By: darrenr
Date: Mon Jan 30 16:14:27 UTC 2012
Modified Files:
src/dist/pf/usr.sbin/ftp-proxy: ipf.c
Log Message:
Update ftp-proxy for changes to ipnat_t
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/dist/pf/usr.sbin/ftp-proxy/ipf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/usr.sbin/ftp-proxy/ipf.c
diff -u src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.3 src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.4
--- src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.3 Wed Feb 2 02:20:26 2011
+++ src/dist/pf/usr.sbin/ftp-proxy/ipf.c Mon Jan 30 16:14:27 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf.c,v 1.3 2011/02/02 02:20:26 rmind Exp $ */
+/* $NetBSD: ipf.c,v 1.4 2012/01/30 16:14:27 darrenr Exp $ */
/*
* Copyright (c) 2004, 2008 The NetBSD Foundation, Inc.
@@ -151,7 +151,7 @@ ftp_proxy_entry_find(u_int32_t id)
}
static int
-ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t ipn)
+ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t *ipn)
{
struct ftp_proxy_nat *fpn;
@@ -159,22 +159,22 @@ ftp_proxy_entry_add_nat(struct ftp_proxy
if (fpn == NULL)
return (-1);
- memcpy(&fpn->ipn, &ipn, sizeof(fpn->ipn));
+ memcpy(&fpn->ipn, ipn, sizeof(fpn->ipn));
LIST_INSERT_HEAD(&fpe->nat_entries, fpn, link);
return (0);
}
static int
-ipfilter_add_nat(ipnat_t ipn)
+ipfilter_add_nat(ipnat_t *ipn)
{
ipfobj_t obj;
memset(&obj, 0, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
- obj.ipfo_size = sizeof(ipn);
+ obj.ipfo_size = ipn->in_size;
obj.ipfo_type = IPFOBJ_IPNAT;
- obj.ipfo_ptr = &ipn;
+ obj.ipfo_ptr = ipn;
return ioctl(natfd, SIOCADNAT, &obj);
}
@@ -224,7 +224,7 @@ ipf_add_rdr(u_int32_t id, struct sockadd
u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
{
struct ftp_proxy_entry *fpe = ftp_proxy_entry_find(id);
- ipnat_t ipn;
+ ipnat_t *ipn;
if (fpe == NULL) {
errno = ENOENT;
@@ -237,98 +237,48 @@ ipf_add_rdr(u_int32_t id, struct sockadd
return (-1);
}
- memset(&ipn, 0, sizeof(ipn));
- ipn.in_redir = NAT_REDIRECT;
- ipn.in_v = 4;
- ipn.in_outip = satosin(dst)->sin_addr.s_addr;
- ipn.in_outmsk = 0x;
- strlcpy(ipn.in_ifnames[0], netif, sizeof(ipn.in_ifnames[0]));
- strlcpy(ipn.in_ifnames[1], netif, sizeof(ipn.in_ifnames[1]));
- ipn.in_pmin = htons(d_port);
- ipn.in_pmax = htons(d_port);
- ipn.in_inip = satosin(rdr)->sin_addr.s_addr;
- ipn.in_inmsk = 0x;
- ipn.in_pnext = htons(rdr_port);
- ipn.in_flags = IPN_FIXEDDPORT | IPN_TCP;
- strlcpy(ipn.in_tag.ipt_tag, fpe->proxy_tag, sizeof(ipn.in_tag.ipt_tag));
-
- if (ipfilter_add_nat(ipn) == -1)
+ ipn = calloc(1, sizeof(*ipn) + 2 * IF_NAMESIZE + 2);
+ if (ipn == NULL) {
+ errno = ENOMEM;
return (-1);
+ }
+ ipn->in_redir = NAT_REDIRECT;
+ ipn->in_v[0] = 4;
+ ipn->in_v[1] = 4;
+ ipn->in_odstaddr = satosin(dst)->sin_addr.s_addr;
+ ipn->in_odstmsk = 0x;
+ ipn->in_odport = htons(d_port);
+ ipn->in_dtop = htons(d_port);
+ ipn->in_ndstaddr = satosin(rdr)->sin_addr.s_addr;
+ ipn->in_ndstmsk = 0x;
+ ipn->in_dpnext = htons(rdr_port);
+ ipn->in_flags = IPN_FIXEDDPORT | IPN_TCP;
+ strlcpy(ipn->in_tag.ipt_tag, fpe->proxy_tag,
+ sizeof(ipn->in_tag.ipt_tag));
+
+ ipn->in_ifnames[0] = 0;
+ (void) strlcpy(ipn->in_names, netif, IF_NAMESIZE);
+ ipn->in_namelen = strlen(ipn->in_names) + 1;
+ ipn->in_ifnames[1] = ipn->in_namelen;
+ (void) strlcpy(ipn->in_names + ipn->in_namelen, netif, IF_NAMESIZE);
+ ipn->in_namelen += strlen(ipn->in_names + ipn->in_ifnames[1]) + 1;
+ ipn->in_size = sizeof(*ipn) + ipn->in_namelen;
- if (ftp_proxy_entry_add_nat(fpe, ipn) == -1)
+ if (ipfilter_add_nat(ipn) == -1) {
+ free(ipn);
return (-1);
+ }
- fpe->status = 1;
-
- return (0);
-}
-
-#if 0
-int
-ipf_add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
-u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
-{
- u_32_t sum1, sum2, sumd;
- int onoff, error;
- nat_save_t ns;
- ipfobj_t obj;
- nat_t *nat;
-
- if (!src || !dst || !d_port || !rdr || !rdr_port ||
- (src->sa_family != rdr->sa_family)) {
- errno = EINVAL;
+ if (ftp_proxy_entry_add_nat(fpe, ipn) == -1) {
+ free(ipn);
return (-1);
}
- memset(&ns, 0, sizeof(ns));
-
- nat = &ns.ipn_nat;
- nat->nat_p = IPPROTO_TCP;
- nat->nat_dir = NAT_OUTBOUND;
- nat->nat_redir = NAT_REDIRECT;
- strlcpy(nat->nat_ifnames[0], netif, sizeof(nat->nat_ifnames[0]));
- strlcpy(nat->nat_ifnames[1], netif, sizeof(nat->nat_ifnames[1]));
-
- nat->nat_inip = satosin(rdr)->sin_addr;
- nat->nat_outip = satosin(dst)->sin_addr;
- nat->nat_oip = satosin(src)->sin_addr;
-
- sum1 = LONG_SUM(ntohl(nat->nat_inip.s_addr)) + rdr_port;
- sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)) + d_port;
- CALC_SUMD(sum1, sum2, sumd);
- nat->nat_sumd[0] = (sumd & 0x) + (sumd >> 16);
- nat->nat_sumd[1] = nat->nat_sumd[0];
-
- sum1 = LONG_SUM(ntohl(nat->nat_inip.s_addr));
- sum2 = LONG_SUM(ntohl(nat->nat
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src Committed By: reed Date: Fri Apr 24 16:48:58 UTC 2009 Modified Files: src/dist/pf/usr.sbin/ftp-proxy: ftp-proxy.8 Log Message: Fix roff formatting for -> by adding an \ such as document in mdoc.7 This was reported in 41276 To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 diff -u src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.4 src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.5 --- src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.4 Sun Mar 22 14:29:35 2009 +++ src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 Fri Apr 24 16:48:58 2009 @@ -1,4 +1,4 @@ -.\" $NetBSD: ftp-proxy.8,v 1.4 2009/03/22 14:29:35 perry Exp $ +.\" $NetBSD: ftp-proxy.8,v 1.5 2009/04/24 16:48:58 reed Exp $ .\" $OpenBSD: ftp-proxy.8,v 1.10 2007/08/01 15:45:41 jmc Exp $ .\" .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -73,14 +73,14 @@ .Pp In case of active mode (PORT or EPRT): .Bd -literal -offset 2n -rdr from $server to $proxy port $port -*[Gt] $client +rdr from $server to $proxy port $port -\*[Gt] $client pass quick inet proto tcp \e from $server to $client port $port .Ed .Pp In case of passive mode (PASV or EPSV): .Bd -literal -offset 2n -nat from $client to $server port $port -*[Gt] $proxy +nat from $client to $server port $port -\*[Gt] $proxy pass in quick inet proto tcp \e from $client to $server port $port pass out quick inet proto tcp \e @@ -174,7 +174,7 @@ .Bd -literal -offset 2n nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" -rdr pass on $int_if proto tcp from $lan to any port 21 -*[Gt] \e +rdr pass on $int_if proto tcp from $lan to any port 21 -\*[Gt] \e 127.0.0.1 port 8021 .Ed .Pp @@ -189,7 +189,7 @@ .Xr ipnat.conf 5 need the following rule: .Bd -literal -offset 2n -rdr $int_if any port 21 -*[Gt] 127.0.0.1 port 8021 tcp +rdr $int_if any port 21 -\*[Gt] 127.0.0.1 port 8021 tcp .Ed .Sh SEE ALSO .Xr ftp 1 ,
