int main(int argc, char * * argv) {
openlog("testipfwrdrd", LOG_CONS | LOG_PERROR, LOG_USER);
init_redirect();
delete_redirect_rule("lo", 2222, IPPROTO_TCP);
add_redirect_rule2("lo", 2222, "10.1.1.16", 4444, IPPROTO_TCP, "miniupnpd");
get_redirect_rule("lo", 2222, IPPROTO_TCP, NULL, 0, NULL, NULL, 0, NULL, NULL);
shutdown_redirect();
return 0;
}
int
main(int arc, char * * argv)
{
char buf[32];
char desc[64];
/*char rhost[32];*/
unsigned short iport;
unsigned int timestamp;
u_int64_t packets = 0;
u_int64_t bytes = 0;
openlog("testobsdrdr", LOG_PERROR, LOG_USER);
if(init_redirect() < 0)
{
fprintf(stderr, "init_redirect() failed\n");
return 1;
}
//add_redirect_rule("ep0", 12123, "192.168.1.23", 1234);
//add_redirect_rule2("ep0", 12155, "192.168.1.155", 1255, IPPROTO_TCP);
add_redirect_rule2("ep0", "8.8.8.8", 12123, "192.168.1.125", 1234,
IPPROTO_UDP, "test description", 0);
//add_redirect_rule2("em0", 12123, "127.1.2.3", 1234,
// IPPROTO_TCP, "test description tcp");
list_rules();
list_eports_tcp();
if(get_redirect_rule("xl1", 4662, IPPROTO_TCP,
buf, sizeof(buf), &iport, desc, sizeof(desc),
×tamp,
&packets, &bytes) < 0)
printf("get_redirect_rule() failed\n");
else
{
printf("\n%s:%d '%s' packets=%llu bytes=%llu\n", buf, (int)iport, desc,
packets, bytes);
}
#if 0
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
printf("delete_redirect_rule() failed\n");
else
printf("delete_redirect_rule() succeded\n");
if(delete_redirect_rule("ep0", 12123, IPPROTO_UDP) < 0)
printf("delete_redirect_rule() failed\n");
else
printf("delete_redirect_rule() succeded\n");
#endif
//test_index();
//clear_redirect_rules();
//list_rules();
return 0;
}
/* init phase :
* 1) read configuration file
* 2) read command line arguments
* 3) daemonize
* 4) open syslog
* 5) check and write pid file
* 6) set startup time stamp
* 7) compute presentation URL
* 8) set signal handlers */
static int
init(int argc, char * * argv, struct runtime_vars * v)
{
int i;
int pid;
int debug_flag = 0;
int openlog_option;
struct sigaction sa;
/*const char * logfilename = 0;*/
const char * presurl = 0;
#ifndef DISABLE_CONFIG_FILE
int options_flag = 0;
const char * optionsfile = DEFAULT_CONFIG;
#endif /* DISABLE_CONFIG_FILE */
struct lan_addr_s * lan_addr;
struct lan_addr_s * lan_addr2;
/* only print usage if -h is used */
for(i=1; i<argc; i++)
{
if(0 == strcmp(argv[i], "-h"))
goto print_usage;
}
#ifndef DISABLE_CONFIG_FILE
/* first check if "-f" option is used */
for(i=2; i<argc; i++)
{
if(0 == strcmp(argv[i-1], "-f"))
{
optionsfile = argv[i];
options_flag = 1;
break;
}
}
#endif /* DISABLE_CONFIG_FILE */
/* set initial values */
SETFLAG(ENABLEUPNPMASK); /* UPnP is enabled by default */
LIST_INIT(&lan_addrs);
v->port = -1;
v->notify_interval = 30; /* seconds between SSDP announces */
v->clean_ruleset_threshold = 20;
v->clean_ruleset_interval = 0; /* interval between ruleset check. 0=disabled */
#ifndef DISABLE_CONFIG_FILE
/* read options file first since
* command line arguments have final say */
if(readoptionsfile(optionsfile) < 0)
{
/* only error if file exists or using -f */
if(access(optionsfile, F_OK) == 0 || options_flag)
fprintf(stderr, "Error reading configuration file %s\n", optionsfile);
}
else
{
for(i=0; i<(int)num_options; i++)
{
switch(ary_options[i].id)
{
case UPNPEXT_IFNAME:
ext_if_name = ary_options[i].value;
break;
case UPNPEXT_IP:
use_ext_ip_addr = ary_options[i].value;
break;
case UPNPLISTENING_IP:
lan_addr = (struct lan_addr_s *) malloc(sizeof(struct lan_addr_s));
if (lan_addr == NULL)
{
fprintf(stderr, "malloc(sizeof(struct lan_addr_s)): %m");
break;
}
if(parselanaddr(lan_addr, ary_options[i].value) != 0)
{
fprintf(stderr, "can't parse \"%s\" as valid lan address\n", ary_options[i].value);
free(lan_addr);
break;
}
LIST_INSERT_HEAD(&lan_addrs, lan_addr, list);
break;
case UPNPPORT:
v->port = atoi(ary_options[i].value);
break;
case UPNPBITRATE_UP:
upstream_bitrate = strtoul(ary_options[i].value, 0, 0);
break;
case UPNPBITRATE_DOWN:
downstream_bitrate = strtoul(ary_options[i].value, 0, 0);
break;
case UPNPPRESENTATIONURL:
presurl = ary_options[i].value;
break;
case UPNPFRIENDLY_NAME:
strncpy(friendly_name, ary_options[i].value, FRIENDLY_NAME_MAX_LEN);
friendly_name[FRIENDLY_NAME_MAX_LEN-1] = '\0';
break;
#ifdef USE_NETFILTER
case UPNPFORWARDCHAIN:
miniupnpd_forward_chain = ary_options[i].value;
break;
case UPNPNATCHAIN:
miniupnpd_nat_chain = ary_options[i].value;
break;
#endif
case UPNPNOTIFY_INTERVAL:
v->notify_interval = atoi(ary_options[i].value);
break;
case UPNPSYSTEM_UPTIME:
if(strcmp(ary_options[i].value, "yes") == 0)
SETFLAG(SYSUPTIMEMASK); /*sysuptime = 1;*/
break;
#if defined(USE_PF) || defined(USE_IPF)
case UPNPPACKET_LOG:
if(strcmp(ary_options[i].value, "yes") == 0)
SETFLAG(LOGPACKETSMASK); /*logpackets = 1;*/
break;
#endif
case UPNPUUID:
strncpy(uuidvalue+5, ary_options[i].value,
strlen(uuidvalue+5) + 1);
break;
case UPNPSERIAL:
strncpy(serialnumber, ary_options[i].value, SERIALNUMBER_MAX_LEN);
serialnumber[SERIALNUMBER_MAX_LEN-1] = '\0';
break;
case UPNPMODEL_NUMBER:
strncpy(modelnumber, ary_options[i].value, MODELNUMBER_MAX_LEN);
modelnumber[MODELNUMBER_MAX_LEN-1] = '\0';
break;
case UPNPCLEANTHRESHOLD:
v->clean_ruleset_threshold = atoi(ary_options[i].value);
break;
case UPNPCLEANINTERVAL:
v->clean_ruleset_interval = atoi(ary_options[i].value);
break;
#ifdef USE_PF
case UPNPANCHOR:
anchor_name = ary_options[i].value;
break;
case UPNPQUEUE:
queue = ary_options[i].value;
break;
case UPNPTAG:
tag = ary_options[i].value;
break;
#endif
#ifdef ENABLE_NATPMP
case UPNPENABLENATPMP:
if(strcmp(ary_options[i].value, "yes") == 0)
SETFLAG(ENABLENATPMPMASK); /*enablenatpmp = 1;*/
else
if(atoi(ary_options[i].value))
SETFLAG(ENABLENATPMPMASK);
/*enablenatpmp = atoi(ary_options[i].value);*/
break;
#endif
#ifdef PF_ENABLE_FILTER_RULES
case UPNPQUICKRULES:
if(strcmp(ary_options[i].value, "no") == 0)
SETFLAG(PFNOQUICKRULESMASK);
break;
#endif
case UPNPENABLE:
if(strcmp(ary_options[i].value, "yes") != 0)
CLEARFLAG(ENABLEUPNPMASK);
break;
case UPNPSECUREMODE:
if(strcmp(ary_options[i].value, "yes") == 0)
SETFLAG(SECUREMODEMASK);
break;
#ifdef ENABLE_LEASEFILE
case UPNPLEASEFILE:
lease_file = ary_options[i].value;
break;
#endif
case UPNPMINISSDPDSOCKET:
minissdpdsocketpath = ary_options[i].value;
break;
default:
fprintf(stderr, "Unknown option in file %s\n",
optionsfile);
}
}
}
#endif /* DISABLE_CONFIG_FILE */
/* command line arguments processing */
for(i=1; i<argc; i++)
{
if(argv[i][0]!='-')
{
fprintf(stderr, "Unknown option: %s\n", argv[i]);
}
else switch(argv[i][1])
{
case 'o':
if(i+1 < argc)
use_ext_ip_addr = argv[++i];
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 't':
if(i+1 < argc)
v->notify_interval = atoi(argv[++i]);
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'r':
if(i+1 < argc)
v->clean_ruleset_interval = atoi(argv[++i]);
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'u':
if(i+1 < argc)
strncpy(uuidvalue+5, argv[++i], strlen(uuidvalue+5) + 1);
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'z':
if(i+1 < argc)
strncpy(friendly_name, argv[++i], FRIENDLY_NAME_MAX_LEN);
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
friendly_name[FRIENDLY_NAME_MAX_LEN-1] = '\0';
break;
case 's':
if(i+1 < argc)
strncpy(serialnumber, argv[++i], SERIALNUMBER_MAX_LEN);
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
serialnumber[SERIALNUMBER_MAX_LEN-1] = '\0';
break;
case 'm':
if(i+1 < argc)
strncpy(modelnumber, argv[++i], MODELNUMBER_MAX_LEN);
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
modelnumber[MODELNUMBER_MAX_LEN-1] = '\0';
break;
#ifdef ENABLE_NATPMP
case 'N':
/*enablenatpmp = 1;*/
SETFLAG(ENABLENATPMPMASK);
break;
#endif
case 'U':
/*sysuptime = 1;*/
SETFLAG(SYSUPTIMEMASK);
break;
/*case 'l':
logfilename = argv[++i];
break;*/
#if defined(USE_PF) || defined(USE_IPF)
case 'L':
/*logpackets = 1;*/
SETFLAG(LOGPACKETSMASK);
break;
#endif
case 'S':
SETFLAG(SECUREMODEMASK);
break;
case 'i':
if(i+1 < argc)
ext_if_name = argv[++i];
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
#ifdef USE_PF
case 'q':
if(i+1 < argc)
queue = argv[++i];
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'T':
if(i+1 < argc)
tag = argv[++i];
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
#endif
case 'p':
if(i+1 < argc)
v->port = atoi(argv[++i]);
else
#ifdef ENABLE_NFQUEUE
case 'Q':
if(i+1<argc)
{
nfqueue = atoi(argv[++i]);
}
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'n':
if (i+1 < argc) {
i++;
if(n_nfqix < MAX_LAN_ADDR) {
nfqix[n_nfqix++] = if_nametoindex(argv[i]);
} else {
fprintf(stderr,"Too many nfq interfaces. Ignoring %s\n", argv[i]);
}
} else {
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
}
break;
#endif
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'P':
if(i+1 < argc)
pidfilename = argv[++i];
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'd':
debug_flag = 1;
break;
case 'w':
if(i+1 < argc)
presurl = argv[++i];
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'B':
if(i+2<argc)
{
downstream_bitrate = strtoul(argv[++i], 0, 0);
upstream_bitrate = strtoul(argv[++i], 0, 0);
}
else
fprintf(stderr, "Option -%c takes two arguments.\n", argv[i][1]);
break;
case 'a':
#ifndef MULTIPLE_EXTERNAL_IP
if(i+1 < argc)
{
i++;
lan_addr = (struct lan_addr_s *) malloc(sizeof(struct lan_addr_s));
if (lan_addr == NULL)
{
fprintf(stderr, "malloc(sizeof(struct lan_addr_s)): %m");
break;
}
if(parselanaddr(lan_addr, argv[i]) != 0)
{
fprintf(stderr, "can't parse \"%s\" as valid lan address\n", argv[i]);
free(lan_addr);
break;
}
/* check if we already have this address */
for(lan_addr2 = lan_addrs.lh_first; lan_addr2 != NULL; lan_addr2 = lan_addr2->list.le_next)
{
if (0 == strncmp(lan_addr2->str, lan_addr->str, 15))
break;
}
if (lan_addr2 == NULL)
LIST_INSERT_HEAD(&lan_addrs, lan_addr, list);
}
else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
#else
if(i+2 < argc)
{
char *val=calloc((strlen(argv[i+1]) + strlen(argv[i+2]) + 1), sizeof(char));
if (val == NULL)
{
fprintf(stderr, "memory allocation error for listen address storage\n");
break;
}
sprintf(val, "%s %s", argv[i+1], argv[i+2]);
lan_addr = (struct lan_addr_s *) malloc(sizeof(struct lan_addr_s));
if (lan_addr == NULL)
{
fprintf(stderr, "malloc(sizeof(struct lan_addr_s)): %m");
free(val);
break;
}
if(parselanaddr(lan_addr, val) != 0)
{
fprintf(stderr, "can't parse \"%s\" as valid lan address\n", val);
free(lan_addr);
free(val);
break;
}
/* check if we already have this address */
for(lan_addr2 = lan_addrs.lh_first; lan_addr2 != NULL; lan_addr2 = lan_addr2->list.le_next)
{
if (0 == strncmp(lan_addr2->str, lan_addr->str, 15))
break;
}
if (lan_addr2 == NULL)
LIST_INSERT_HEAD(&lan_addrs, lan_addr, list);
free(val);
i+=2;
}
else
fprintf(stderr, "Option -%c takes two arguments.\n", argv[i][1]);
#endif
break;
case 'A':
if(i+1 < argc) {
void * tmp;
tmp = realloc(upnppermlist, sizeof(struct upnpperm) * (num_upnpperm+1));
if(tmp == NULL) {
fprintf(stderr, "memory allocation error for permission\n");
} else {
upnppermlist = tmp;
if(read_permission_line(upnppermlist + num_upnpperm, argv[++i]) >= 0) {
num_upnpperm++;
} else {
fprintf(stderr, "Permission rule parsing error :\n%s\n", argv[i]);
}
}
} else
fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]);
break;
case 'f':
i++; /* discarding, the config file is already read */
break;
default:
fprintf(stderr, "Unknown option: %s\n", argv[i]);
}
}
if(!ext_if_name || !lan_addrs.lh_first)
{
/* bad configuration */
goto print_usage;
}
if(debug_flag)
{
pid = getpid();
}
else
{
#ifdef USE_DAEMON
if(daemon(0, 0)<0) {
perror("daemon()");
}
pid = getpid();
#else
pid = daemonize();
#endif
}
openlog_option = LOG_PID|LOG_CONS;
if(debug_flag)
{
openlog_option |= LOG_PERROR; /* also log on stderr */
}
openlog("miniupnpd", openlog_option, LOG_MINIUPNPD);
if(!debug_flag)
{
/* speed things up and ignore LOG_INFO and LOG_DEBUG */
setlogmask(LOG_UPTO(LOG_NOTICE));
}
if(checkforrunning(pidfilename) < 0)
{
syslog(LOG_ERR, "MiniUPnPd is already running. EXITING");
return 1;
}
set_startup_time(GETFLAG(SYSUPTIMEMASK));
/* presentation url */
if(presurl)
{
strncpy(presentationurl, presurl, PRESENTATIONURL_MAX_LEN);
presentationurl[PRESENTATIONURL_MAX_LEN-1] = '\0';
}
else
{
snprintf(presentationurl, PRESENTATIONURL_MAX_LEN,
"http://%s/", lan_addrs.lh_first->str);
/*"http://%s:%d/", lan_addrs.lh_first->str, 80);*/
}
/* set signal handler */
memset(&sa, 0, sizeof(struct sigaction));
sa.sa_handler = sigterm;
if(sigaction(SIGTERM, &sa, NULL) < 0)
{
syslog(LOG_ERR, "Failed to set %s handler. EXITING", "SIGTERM");
return 1;
}
if(sigaction(SIGINT, &sa, NULL) < 0)
{
syslog(LOG_ERR, "Failed to set %s handler. EXITING", "SIGINT");
return 1;
}
sa.sa_handler = SIG_IGN;
if(sigaction(SIGPIPE, &sa, NULL) < 0)
{
syslog(LOG_ERR, "Failed to ignore SIGPIPE signals");
}
sa.sa_handler = sigusr1;
if(sigaction(SIGUSR1, &sa, NULL) < 0)
{
syslog(LOG_NOTICE, "Failed to set %s handler", "SIGUSR1");
}
if(init_redirect() < 0)
{
syslog(LOG_ERR, "Failed to init redirection engine. EXITING");
return 1;
}
#ifdef ENABLE_6FC_SERVICE
#ifdef USE_NETFILTER
init_iptpinhole();
#endif
#endif
if(writepidfile(pidfilename, pid) < 0)
pidfilename = NULL;
#ifdef ENABLE_LEASEFILE
/*remove(lease_file);*/
syslog(LOG_INFO, "Reloading rules from lease file");
reload_from_lease_file();
#endif
return 0;
print_usage:
fprintf(stderr, "Usage:\n\t"
"%s "
#ifndef DISABLE_CONFIG_FILE
"[-f config_file] "
#endif
"[-i ext_ifname] [-o ext_ip]\n"
#ifndef MULTIPLE_EXTERNAL_IP
"\t\t[-a listening_ip]"
#else
"\t\t[-a listening_ip ext_ip]"
#endif
" [-p port] [-d]"
#if defined(USE_PF) || defined(USE_IPF)
" [-L]"
#endif
" [-U] [-S]"
#ifdef ENABLE_NATPMP
" [-N]"
#endif
"\n"
/*"[-l logfile] " not functionnal */
"\t\t[-u uuid] [-s serial] [-m model_number] \n"
"\t\t[-t notify_interval] [-P pid_filename] [-z fiendly_name]\n"
"\t\t[-B down up] [-w url] [-r clean_ruleset_interval]\n"
#ifdef USE_PF
"\t\t[-q queue] [-T tag]\n"
#endif
#ifdef ENABLE_NFQUEUE
"\t\t[-Q queue] [-n name]\n"
#endif
"\t\t[-A \"permission rule\"]\n"
"\nNotes:\n\tThere can be one or several listening_ips.\n"
"\tNotify interval is in seconds. Default is 30 seconds.\n"
"\tDefault pid file is '%s'.\n"
"\tDefault config file is '%s'.\n"
"\tWith -d miniupnpd will run as a standard program.\n"
#if defined(USE_PF) || defined(USE_IPF)
"\t-L sets packet log in pf and ipf on.\n"
#endif
"\t-S sets \"secure\" mode : clients can only add mappings to their own ip\n"
"\t-U causes miniupnpd to report system uptime instead "
"of daemon uptime.\n"
#ifdef ENABLE_NATPMP
"\t-N enable NAT-PMP functionality.\n"
#endif
"\t-B sets bitrates reported by daemon in bits per second.\n"
"\t-w sets the presentation url. Default is http address on port 80\n"
#ifdef USE_PF
"\t-q sets the ALTQ queue in pf.\n"
"\t-T sets the tag name in pf.\n"
#endif
#ifdef ENABLE_NFQUEUE
"\t-Q sets the queue number that is used by NFQUEUE.\n"
"\t-n sets the name of the interface(s) that packets will arrive on.\n"
#endif
"\t-A use following syntax for permission rules :\n"
"\t (allow|deny) (external port range) ip/mask (internal port range)\n"
"\texamples :\n"
"\t \"allow 1024-65535 192.168.1.0/24 1024-65535\"\n"
"\t \"deny 0-65535 0.0.0.0/0 0-65535\"\n"
"\t-h prints this help and quits.\n"
"", argv[0], pidfilename, DEFAULT_CONFIG);
return 1;
}
