int
add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port, u_int8_t proto)
{
if (!src || !dst || !d_port || !rdr || !rdr_port || !proto ||
(src->sa_family != rdr->sa_family)) {
errno = EINVAL;
return (-1);
}
if (prepare_rule(id, PF_RULESET_RDR, src, dst, d_port, proto) == -1)
return (-1);
if (rdr->sa_family == AF_INET) {
memcpy(&pfp.addr.addr.v.a.addr.v4,
&satosin(rdr)->sin_addr.s_addr, 4);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4);
} else {
memcpy(&pfp.addr.addr.v.a.addr.v6,
&satosin6(rdr)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
}
if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
return (-1);
pfr.rule.rpool.proxy_port[0] = rdr_port;
if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
return (-1);
return (0);
}
int
add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
u_int16_t d_port, struct sockaddr *nat, u_int16_t nat_range_low,
u_int16_t nat_range_high, u_int8_t proto)
{
if (!src || !dst || !d_port || !nat || !nat_range_low || !proto ||
(src->sa_family != nat->sa_family)) {
errno = EINVAL;
return (-1);
}
if (prepare_rule(id, PF_RULESET_NAT, src, dst, d_port, proto) == -1)
return (-1);
if (nat->sa_family == AF_INET) {
memcpy(&pfp.addr.addr.v.a.addr.v4,
&satosin(nat)->sin_addr.s_addr, 4);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4);
} else {
memcpy(&pfp.addr.addr.v.a.addr.v6,
&satosin6(nat)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
}
if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
return (-1);
pfr.rule.rpool.proxy_port[0] = nat_range_low;
pfr.rule.rpool.proxy_port[1] = nat_range_high;
if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
return (-1);
return (0);
}
int
add_rdr(u_int32_t id, struct sockaddr *src, int s_rd, struct sockaddr *dst,
u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port, int d_rd)
{
if (!src || !dst || !d_port || !rdr || !rdr_port ||
(src->sa_family != rdr->sa_family)) {
errno = EINVAL;
return (-1);
}
if (prepare_rule(id, src, dst, d_port) == -1)
return (-1);
if (add_addr(rdr, &pfr.rule.rdr) == -1)
return (-1);
pfr.rule.direction = PF_IN;
pfr.rule.onrdomain = s_rd;
pfr.rule.rtableid = d_rd;
pfr.rule.rdr.proxy_port[0] = rdr_port;
if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
return (-1);
return (0);
}
int
add_nat(u_int32_t id, struct sockaddr *src, int s_rd, struct sockaddr *dst,
u_int16_t d_port, struct sockaddr *nat, u_int16_t nat_range_low,
u_int16_t nat_range_high)
{
if (!src || !dst || !d_port || !nat || !nat_range_low ||
!nat_range_high || (src->sa_family != nat->sa_family)) {
errno = EINVAL;
return (-1);
}
if (prepare_rule(id, src, dst, d_port) == -1)
return (-1);
if (add_addr(nat, &pfr.rule.nat) == -1)
return (-1);
pfr.rule.direction = PF_OUT;
pfr.rule.onrdomain = s_rd;
pfr.rule.rtableid = -1;
pfr.rule.nat.proxy_port[0] = nat_range_low;
pfr.rule.nat.proxy_port[1] = nat_range_high;
if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
return (-1);
return (0);
}
int
add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src,
struct sockaddr *dst, u_int16_t d_port, u_int8_t proto)
{
if (!src || !dst || !d_port || !proto) {
errno = EINVAL;
return (-1);
}
if (prepare_rule(id, PF_RULESET_FILTER, src, dst, d_port, proto) == -1)
return (-1);
pfr.rule.direction = dir;
if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
return (-1);
return (0);
}
void fill_out_line(std::string line)
{
if (line.size() <= 0) // empty line
return;
if (line[0] == ';') // comment
return;
std::vector<std::string> vec;
bool is_fact = line.find("=") != std::string::npos;
bool is_rule = line.find("->") != std::string::npos;
if (!is_fact && !is_rule)
{
g_wishes.push_back(line);
return;
}
try
{
boost::iter_split(vec, line, boost::first_finder(is_fact ? "=" : "->"));
}
catch (...)
{
throw std::runtime_error(std::string("line:" + line));
}
std::string& expression = vec[0];
std::string& conclusion = vec[1];
if (is_fact)
prepare_fact(expression, conclusion);
else if (is_rule)
prepare_rule(expression, conclusion);
else
throw std::runtime_error("bad delimitor");
}
static void prepare_rules ()
{ int ix;
for (ix = 0; ix < nr_of_rules; ix++)
prepare_rule (all_rules[ix]);
};
