static int
StrToPortRange (const char* str, const char* proto, port_range *portRange)
{
char* sep;
struct servent* sp;
char* end;
u_short loPort;
u_short hiPort;
/* First see if this is a service, return corresponding port if so. */
sp = getservbyname (str,proto);
if (sp) {
SETLOPORT(*portRange, ntohs(sp->s_port));
SETNUMPORTS(*portRange, 1);
return 0;
}
/* Not a service, see if it's a single port or port range. */
sep = strchr (str, '-');
if (sep == NULL) {
SETLOPORT(*portRange, strtol(str, &end, 10));
if (end != str) {
/* Single port. */
SETNUMPORTS(*portRange, 1);
return 0;
}
/* Error in port range field. */
errx (EX_DATAERR, "%s/%s: unknown service", str, proto);
}
/* Port range, get the values and sanity check. */
sscanf (str, "%hu-%hu", &loPort, &hiPort);
SETLOPORT(*portRange, loPort);
SETNUMPORTS(*portRange, 0); /* Error by default */
if (loPort <= hiPort)
SETNUMPORTS(*portRange, hiPort - loPort + 1);
if (GETNUMPORTS(*portRange) == 0)
errx (EX_DATAERR, "invalid port range %s", str);
return 0;
}
void SetupPortRedirect (const char* parms)
{
char buf[128];
char* ptr;
char* serverPool;
struct in_addr localAddr;
struct in_addr publicAddr;
struct in_addr remoteAddr;
port_range portRange;
u_short localPort = 0;
u_short publicPort = 0;
u_short remotePort = 0;
u_short numLocalPorts = 0;
u_short numPublicPorts = 0;
u_short numRemotePorts = 0;
int proto;
char* protoName;
char* separator;
int i;
struct alias_link *link = NULL;
strcpy (buf, parms);
/*
* Extract protocol.
*/
protoName = strtok (buf, " \t");
if (!protoName)
errx (1, "redirect_port: missing protocol");
proto = StrToProto (protoName);
/*
* Extract local address.
*/
ptr = strtok (NULL, " \t");
if (!ptr)
errx (1, "redirect_port: missing local address");
separator = strchr(ptr, ',');
if (separator) { /* LSNAT redirection syntax. */
localAddr.s_addr = INADDR_NONE;
localPort = ~0;
numLocalPorts = 1;
serverPool = ptr;
} else {
if ( StrToAddrAndPortRange (ptr, &localAddr, protoName, &portRange) != 0 )
errx (1, "redirect_port: invalid local port range");
localPort = GETLOPORT(portRange);
numLocalPorts = GETNUMPORTS(portRange);
serverPool = NULL;
}
/*
* Extract public port and optionally address.
*/
ptr = strtok (NULL, " \t");
if (!ptr)
errx (1, "redirect_port: missing public port");
separator = strchr (ptr, ':');
if (separator) {
if (StrToAddrAndPortRange (ptr, &publicAddr, protoName, &portRange) != 0 )
errx (1, "redirect_port: invalid public port range");
}
else {
publicAddr.s_addr = INADDR_ANY;
if (StrToPortRange (ptr, protoName, &portRange) != 0)
errx (1, "redirect_port: invalid public port range");
}
publicPort = GETLOPORT(portRange);
numPublicPorts = GETNUMPORTS(portRange);
/*
* Extract remote address and optionally port.
*/
ptr = strtok (NULL, " \t");
if (ptr) {
separator = strchr (ptr, ':');
if (separator) {
if (StrToAddrAndPortRange (ptr, &remoteAddr, protoName, &portRange) != 0)
errx (1, "redirect_port: invalid remote port range");
} else {
SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
StrToAddr (ptr, &remoteAddr);
}
}
else {
SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
remoteAddr.s_addr = INADDR_ANY;
}
remotePort = GETLOPORT(portRange);
numRemotePorts = GETNUMPORTS(portRange);
/*
* Make sure port ranges match up, then add the redirect ports.
*/
if (numLocalPorts != numPublicPorts)
errx (1, "redirect_port: port ranges must be equal in size");
/* Remote port range is allowed to be '0' which means all ports. */
if (numRemotePorts != numLocalPorts && (numRemotePorts != 1 || remotePort != 0))
errx (1, "redirect_port: remote port must be 0 or equal to local port range in size");
for (i = 0 ; i < numPublicPorts ; ++i) {
/* If remotePort is all ports, set it to 0. */
u_short remotePortCopy = remotePort + i;
if (numRemotePorts == 1 && remotePort == 0)
remotePortCopy = 0;
link = PacketAliasRedirectPort (localAddr,
htons(localPort + i),
remoteAddr,
htons(remotePortCopy),
publicAddr,
htons(publicPort + i),
proto);
}
/*
* Setup LSNAT server pool.
*/
if (serverPool != NULL && link != NULL) {
ptr = strtok(serverPool, ",");
while (ptr != NULL) {
if (StrToAddrAndPortRange(ptr, &localAddr, protoName, &portRange) != 0)
errx(1, "redirect_port: invalid local port range");
localPort = GETLOPORT(portRange);
if (GETNUMPORTS(portRange) != 1)
errx(1, "redirect_port: local port must be single in this context");
PacketAliasAddServer(link, localAddr, htons(localPort));
ptr = strtok(NULL, ",");
}
}
}
static int
setup_redir_port(char *buf, int *ac, char ***av)
{
struct cfg_redir *r;
char *sep, *protoName, *lsnat = NULL;
size_t space;
u_short numLocalPorts;
port_range portRange;
numLocalPorts = 0;
r = (struct cfg_redir *)buf;
r->mode = REDIR_PORT;
/* Skip cfg_redir at beginning of buf. */
buf = &buf[sizeof(struct cfg_redir)];
space = sizeof(struct cfg_redir);
/*
* Extract protocol.
*/
r->proto = StrToProto(**av);
protoName = **av;
(*av)++; (*ac)--;
/*
* Extract local address.
*/
if (strchr(**av, ',') != NULL) {
r->laddr.s_addr = INADDR_NONE;
r->lport = ~0;
numLocalPorts = 1;
lsnat = **av;
} else {
/*
* The sctp nat does not allow the port numbers to be mapped to
* new port numbers. Therefore, no ports are to be specified
* in the target port field.
*/
if (r->proto == IPPROTO_SCTP) {
if (strchr(**av, ':'))
errx(EX_DATAERR, "redirect_port:"
"port numbers do not change in sctp, so do "
"not specify them as part of the target");
else
StrToAddr(**av, &r->laddr);
} else {
if (StrToAddrAndPortRange(**av, &r->laddr, protoName,
&portRange) != 0)
errx(EX_DATAERR, "redirect_port: "
"invalid local port range");
r->lport = GETLOPORT(portRange);
numLocalPorts = GETNUMPORTS(portRange);
}
}
(*av)++; (*ac)--;
/*
* Extract public port and optionally address.
*/
if (strchr(**av, ':') != NULL) {
if (StrToAddrAndPortRange(**av, &r->paddr, protoName,
&portRange) != 0)
errx(EX_DATAERR, "redirect_port: "
"invalid public port range");
} else {
r->paddr.s_addr = INADDR_ANY;
if (StrToPortRange(**av, protoName, &portRange) != 0)
errx(EX_DATAERR, "redirect_port: "
"invalid public port range");
}
r->pport = GETLOPORT(portRange);
if (r->proto == IPPROTO_SCTP) { /* so the logic below still works */
numLocalPorts = GETNUMPORTS(portRange);
r->lport = r->pport;
}
r->pport_cnt = GETNUMPORTS(portRange);
(*av)++; (*ac)--;
/*
* Extract remote address and optionally port.
*/
/*
* NB: isdigit(**av) => we've to check that next parameter is really an
* option for this redirect entry, else stop here processing arg[cv].
*/
if (*ac != 0 && isdigit(***av)) {
if (strchr(**av, ':') != NULL) {
if (StrToAddrAndPortRange(**av, &r->raddr, protoName,
&portRange) != 0)
errx(EX_DATAERR, "redirect_port: "
"invalid remote port range");
} else {
SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
StrToAddr(**av, &r->raddr);
}
(*av)++; (*ac)--;
} else {
SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
r->raddr.s_addr = INADDR_ANY;
}
r->rport = GETLOPORT(portRange);
r->rport_cnt = GETNUMPORTS(portRange);
/*
* Make sure port ranges match up, then add the redirect ports.
*/
if (numLocalPorts != r->pport_cnt)
errx(EX_DATAERR, "redirect_port: "
"port ranges must be equal in size");
/* Remote port range is allowed to be '0' which means all ports. */
if (r->rport_cnt != numLocalPorts &&
(r->rport_cnt != 1 || r->rport != 0))
errx(EX_DATAERR, "redirect_port: remote port must"
"be 0 or equal to local port range in size");
/* Setup LSNAT server pool. */
if (lsnat != NULL) {
struct cfg_spool *spool;
sep = strtok(lsnat, ",");
while (sep != NULL) {
spool = (struct cfg_spool *)buf;
space += sizeof(struct cfg_spool);
/*
* The sctp nat does not allow the port numbers to
* be mapped to new port numbers. Therefore, no ports
* are to be specified in the target port field.
*/
if (r->proto == IPPROTO_SCTP) {
if (strchr (sep, ':')) {
errx(EX_DATAERR, "redirect_port:"
"port numbers do not change in "
"sctp, so do not specify them as "
"part of the target");
} else {
StrToAddr(sep, &spool->addr);
spool->port = r->pport;
}
} else {
if (StrToAddrAndPortRange(sep, &spool->addr,
protoName, &portRange) != 0)
errx(EX_DATAERR, "redirect_port:"
"invalid local port range");
if (GETNUMPORTS(portRange) != 1)
errx(EX_DATAERR, "redirect_port: "
"local port must be single in "
"this context");
spool->port = GETLOPORT(portRange);
}
r->spool_cnt++;
/* Point to the next possible cfg_spool. */
buf = &buf[sizeof(struct cfg_spool)];
sep = strtok(NULL, ",");
}
}
return (space);
}