int StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto, port_range *portRange)
{
char* ptr;
ptr = strchr (str, ':');
if (!ptr)
errx (1, "%s is missing port number", str);
*ptr = '\0';
++ptr;
StrToAddr (str, addr);
return StrToPortRange (ptr, proto, portRange);
}
static int
StrToAddrAndPort(const char *str, struct in_addr *addr, u_short *low,
u_short *high, const char *proto)
{
char *colon;
int res;
colon = strchr(str, ':');
if (!colon) {
log_Printf(LogWARN, "StrToAddrAndPort: %s is missing port number.\n", str);
return -1;
}
*colon = '\0'; /* Cheat the const-ness ! */
res = StrToAddr(str, addr);
*colon = ':'; /* Cheat the const-ness ! */
if (res != 0)
return -1;
return StrToPortRange(colon + 1, low, high, proto);
}
void SetupPortRedirect (const char* parms)
{
char buf[128];
char* ptr;
char* serverPool;
struct in_addr localAddr;
struct in_addr publicAddr;
struct in_addr remoteAddr;
port_range portRange;
u_short localPort = 0;
u_short publicPort = 0;
u_short remotePort = 0;
u_short numLocalPorts = 0;
u_short numPublicPorts = 0;
u_short numRemotePorts = 0;
int proto;
char* protoName;
char* separator;
int i;
struct alias_link *link = NULL;
strcpy (buf, parms);
/*
* Extract protocol.
*/
protoName = strtok (buf, " \t");
if (!protoName)
errx (1, "redirect_port: missing protocol");
proto = StrToProto (protoName);
/*
* Extract local address.
*/
ptr = strtok (NULL, " \t");
if (!ptr)
errx (1, "redirect_port: missing local address");
separator = strchr(ptr, ',');
if (separator) { /* LSNAT redirection syntax. */
localAddr.s_addr = INADDR_NONE;
localPort = ~0;
numLocalPorts = 1;
serverPool = ptr;
} else {
if ( StrToAddrAndPortRange (ptr, &localAddr, protoName, &portRange) != 0 )
errx (1, "redirect_port: invalid local port range");
localPort = GETLOPORT(portRange);
numLocalPorts = GETNUMPORTS(portRange);
serverPool = NULL;
}
/*
* Extract public port and optionally address.
*/
ptr = strtok (NULL, " \t");
if (!ptr)
errx (1, "redirect_port: missing public port");
separator = strchr (ptr, ':');
if (separator) {
if (StrToAddrAndPortRange (ptr, &publicAddr, protoName, &portRange) != 0 )
errx (1, "redirect_port: invalid public port range");
}
else {
publicAddr.s_addr = INADDR_ANY;
if (StrToPortRange (ptr, protoName, &portRange) != 0)
errx (1, "redirect_port: invalid public port range");
}
publicPort = GETLOPORT(portRange);
numPublicPorts = GETNUMPORTS(portRange);
/*
* Extract remote address and optionally port.
*/
ptr = strtok (NULL, " \t");
if (ptr) {
separator = strchr (ptr, ':');
if (separator) {
if (StrToAddrAndPortRange (ptr, &remoteAddr, protoName, &portRange) != 0)
errx (1, "redirect_port: invalid remote port range");
} else {
SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
StrToAddr (ptr, &remoteAddr);
}
}
else {
SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
remoteAddr.s_addr = INADDR_ANY;
}
remotePort = GETLOPORT(portRange);
numRemotePorts = GETNUMPORTS(portRange);
/*
* Make sure port ranges match up, then add the redirect ports.
*/
if (numLocalPorts != numPublicPorts)
errx (1, "redirect_port: port ranges must be equal in size");
/* Remote port range is allowed to be '0' which means all ports. */
if (numRemotePorts != numLocalPorts && (numRemotePorts != 1 || remotePort != 0))
errx (1, "redirect_port: remote port must be 0 or equal to local port range in size");
for (i = 0 ; i < numPublicPorts ; ++i) {
/* If remotePort is all ports, set it to 0. */
u_short remotePortCopy = remotePort + i;
if (numRemotePorts == 1 && remotePort == 0)
remotePortCopy = 0;
link = PacketAliasRedirectPort (localAddr,
htons(localPort + i),
remoteAddr,
htons(remotePortCopy),
publicAddr,
htons(publicPort + i),
proto);
}
/*
* Setup LSNAT server pool.
*/
if (serverPool != NULL && link != NULL) {
ptr = strtok(serverPool, ",");
while (ptr != NULL) {
if (StrToAddrAndPortRange(ptr, &localAddr, protoName, &portRange) != 0)
errx(1, "redirect_port: invalid local port range");
localPort = GETLOPORT(portRange);
if (GETNUMPORTS(portRange) != 1)
errx(1, "redirect_port: local port must be single in this context");
PacketAliasAddServer(link, localAddr, htons(localPort));
ptr = strtok(NULL, ",");
}
}
}
int
nat_RedirectPort(struct cmdargs const *arg)
{
if (!arg->bundle->NatEnabled) {
prompt_Printf(arg->prompt, "Alias not enabled\n");
return 1;
} else if (arg->argc == arg->argn + 3 || arg->argc == arg->argn + 4) {
char proto_constant;
const char *proto;
struct in_addr localaddr;
u_short hlocalport, llocalport;
struct in_addr aliasaddr;
u_short haliasport, laliasport;
struct in_addr remoteaddr;
u_short hremoteport, lremoteport;
struct alias_link *link;
int error;
proto = arg->argv[arg->argn];
if (strcmp(proto, "tcp") == 0) {
proto_constant = IPPROTO_TCP;
} else if (strcmp(proto, "udp") == 0) {
proto_constant = IPPROTO_UDP;
} else {
prompt_Printf(arg->prompt, "port redirect: protocol must be"
" tcp or udp\n");
return -1;
}
error = StrToAddrAndPort(arg->argv[arg->argn+1], &localaddr, &llocalport,
&hlocalport, proto);
if (error) {
prompt_Printf(arg->prompt, "nat port: error reading localaddr:port\n");
return -1;
}
error = StrToPortRange(arg->argv[arg->argn+2], &laliasport, &haliasport,
proto);
if (error) {
prompt_Printf(arg->prompt, "nat port: error reading alias port\n");
return -1;
}
aliasaddr.s_addr = INADDR_ANY;
if (arg->argc == arg->argn + 4) {
error = StrToAddrAndPort(arg->argv[arg->argn+3], &remoteaddr,
&lremoteport, &hremoteport, proto);
if (error) {
prompt_Printf(arg->prompt, "nat port: error reading "
"remoteaddr:port\n");
return -1;
}
} else {
remoteaddr.s_addr = INADDR_ANY;
lremoteport = hremoteport = 0;
}
lowhigh(&llocalport, &hlocalport);
lowhigh(&laliasport, &haliasport);
lowhigh(&lremoteport, &hremoteport);
if (haliasport - laliasport != hlocalport - llocalport) {
prompt_Printf(arg->prompt, "nat port: local & alias port ranges "
"are not equal\n");
return -1;
}
if (hremoteport && hremoteport - lremoteport != hlocalport - llocalport) {
prompt_Printf(arg->prompt, "nat port: local & remote port ranges "
"are not equal\n");
return -1;
}
do {
link = LibAliasRedirectPort(la, localaddr, htons(llocalport),
remoteaddr, htons(lremoteport),
aliasaddr, htons(laliasport),
proto_constant);
if (link == NULL) {
prompt_Printf(arg->prompt, "nat port: %d: error %d\n", laliasport,
error);
return 1;
}
llocalport++;
if (hremoteport)
lremoteport++;
} while (laliasport++ < haliasport);
return 0;
}
return -1;
}
static int
setup_redir_port(char *buf, int *ac, char ***av)
{
struct cfg_redir *r;
char *sep, *protoName, *lsnat = NULL;
size_t space;
u_short numLocalPorts;
port_range portRange;
numLocalPorts = 0;
r = (struct cfg_redir *)buf;
r->mode = REDIR_PORT;
/* Skip cfg_redir at beginning of buf. */
buf = &buf[sizeof(struct cfg_redir)];
space = sizeof(struct cfg_redir);
/*
* Extract protocol.
*/
r->proto = StrToProto(**av);
protoName = **av;
(*av)++; (*ac)--;
/*
* Extract local address.
*/
if (strchr(**av, ',') != NULL) {
r->laddr.s_addr = INADDR_NONE;
r->lport = ~0;
numLocalPorts = 1;
lsnat = **av;
} else {
/*
* The sctp nat does not allow the port numbers to be mapped to
* new port numbers. Therefore, no ports are to be specified
* in the target port field.
*/
if (r->proto == IPPROTO_SCTP) {
if (strchr(**av, ':'))
errx(EX_DATAERR, "redirect_port:"
"port numbers do not change in sctp, so do "
"not specify them as part of the target");
else
StrToAddr(**av, &r->laddr);
} else {
if (StrToAddrAndPortRange(**av, &r->laddr, protoName,
&portRange) != 0)
errx(EX_DATAERR, "redirect_port: "
"invalid local port range");
r->lport = GETLOPORT(portRange);
numLocalPorts = GETNUMPORTS(portRange);
}
}
(*av)++; (*ac)--;
/*
* Extract public port and optionally address.
*/
if (strchr(**av, ':') != NULL) {
if (StrToAddrAndPortRange(**av, &r->paddr, protoName,
&portRange) != 0)
errx(EX_DATAERR, "redirect_port: "
"invalid public port range");
} else {
r->paddr.s_addr = INADDR_ANY;
if (StrToPortRange(**av, protoName, &portRange) != 0)
errx(EX_DATAERR, "redirect_port: "
"invalid public port range");
}
r->pport = GETLOPORT(portRange);
if (r->proto == IPPROTO_SCTP) { /* so the logic below still works */
numLocalPorts = GETNUMPORTS(portRange);
r->lport = r->pport;
}
r->pport_cnt = GETNUMPORTS(portRange);
(*av)++; (*ac)--;
/*
* Extract remote address and optionally port.
*/
/*
* NB: isdigit(**av) => we've to check that next parameter is really an
* option for this redirect entry, else stop here processing arg[cv].
*/
if (*ac != 0 && isdigit(***av)) {
if (strchr(**av, ':') != NULL) {
if (StrToAddrAndPortRange(**av, &r->raddr, protoName,
&portRange) != 0)
errx(EX_DATAERR, "redirect_port: "
"invalid remote port range");
} else {
SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
StrToAddr(**av, &r->raddr);
}
(*av)++; (*ac)--;
} else {
SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
r->raddr.s_addr = INADDR_ANY;
}
r->rport = GETLOPORT(portRange);
r->rport_cnt = GETNUMPORTS(portRange);
/*
* Make sure port ranges match up, then add the redirect ports.
*/
if (numLocalPorts != r->pport_cnt)
errx(EX_DATAERR, "redirect_port: "
"port ranges must be equal in size");
/* Remote port range is allowed to be '0' which means all ports. */
if (r->rport_cnt != numLocalPorts &&
(r->rport_cnt != 1 || r->rport != 0))
errx(EX_DATAERR, "redirect_port: remote port must"
"be 0 or equal to local port range in size");
/* Setup LSNAT server pool. */
if (lsnat != NULL) {
struct cfg_spool *spool;
sep = strtok(lsnat, ",");
while (sep != NULL) {
spool = (struct cfg_spool *)buf;
space += sizeof(struct cfg_spool);
/*
* The sctp nat does not allow the port numbers to
* be mapped to new port numbers. Therefore, no ports
* are to be specified in the target port field.
*/
if (r->proto == IPPROTO_SCTP) {
if (strchr (sep, ':')) {
errx(EX_DATAERR, "redirect_port:"
"port numbers do not change in "
"sctp, so do not specify them as "
"part of the target");
} else {
StrToAddr(sep, &spool->addr);
spool->port = r->pport;
}
} else {
if (StrToAddrAndPortRange(sep, &spool->addr,
protoName, &portRange) != 0)
errx(EX_DATAERR, "redirect_port:"
"invalid local port range");
if (GETNUMPORTS(portRange) != 1)
errx(EX_DATAERR, "redirect_port: "
"local port must be single in "
"this context");
spool->port = GETLOPORT(portRange);
}
r->spool_cnt++;
/* Point to the next possible cfg_spool. */
buf = &buf[sizeof(struct cfg_spool)];
sep = strtok(NULL, ",");
}
}
return (space);
}
