From 6ff08df6ba1de1ebd95f569d96f62f7e6e5d68e0 Mon Sep 17 00:00:00 2001 From: Stefan Rinkes Date: Sun, 17 Apr 2011 00:53:28 +0200 Subject: [PATCH] pf plugin: add nat and rdr rules --- pfutils45.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++ pfutils45.h | 8 ++++++-- src/pf.c | 12 +++++------ 3 files changed, 69 insertions(+), 8 deletions(-) diff --git a/pfutils45.c b/pfutils45.c index c7efb396..f8ca6e25 100644 --- a/pfutils45.c +++ b/pfutils45.c @@ -992,4 +992,61 @@ found: return (buf); } +int +pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr, + u_int32_t ticket, int r_action, char *anchorname) +{ + struct pfioc_pooladdr pp; + struct pf_pooladdr *pa; + u_int32_t pnr, mpnr; + + memset(&pp, 0, sizeof(pp)); + memcpy(pp.anchor, anchorname, sizeof(pp.anchor)); + pp.r_action = r_action; + pp.r_num = nr; + pp.ticket = ticket; + if (ioctl(dev, DIOCGETADDRS, &pp)) { + warn("DIOCGETADDRS"); + return (-1); + } + mpnr = pp.nr; + TAILQ_INIT(&pool->list); + for (pnr = 0; pnr < mpnr; ++pnr) { + pp.nr = pnr; + if (ioctl(dev, DIOCGETADDR, &pp)) { + warn("DIOCGETADDR"); + return (-1); + } + pa = calloc(1, sizeof(struct pf_pooladdr)); + if (pa == NULL) + err(1, "calloc"); + bcopy(&pp.addr, pa, sizeof(struct pf_pooladdr)); + TAILQ_INSERT_TAIL(&pool->list, pa, entries); + } + + return (0); +} + +void +pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst) +{ + struct pf_pooladdr *pa; + + while ((pa = TAILQ_FIRST(&src->list)) != NULL) { + TAILQ_REMOVE(&src->list, pa, entries); + TAILQ_INSERT_TAIL(&dst->list, pa, entries); + } +} + +void +pfctl_clear_pool(struct pf_pool *pool) +{ + struct pf_pooladdr *pa; + + while ((pa = TAILQ_FIRST(&pool->list)) != NULL) { + TAILQ_REMOVE(&pool->list, pa, entries); + free(pa); + } +} + diff --git a/pfutils45.h b/pfutils45.h index 5294737c..411471d0 100644 --- a/pfutils45.h +++ b/pfutils45.h @@ -1,5 +1,9 @@ -void print_rule(struct pf_rule *, const char *, int); -void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int); +void print_rule(struct pf_rule *, const char *, int); +void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int); +int pfctl_get_pool(int, struct pf_pool *, u_int32_t, u_int32_t, int, + char *); +void pfctl_clear_pool(struct pf_pool *); + #define PF_NAT_PROXY_PORT_LOW 50001 #define PF_NAT_PROXY_PORT_HIGH 65535 diff --git a/src/pf.c b/src/pf.c index 9b69fecf..976b32f8 100644 --- a/src/pf.c +++ b/src/pf.c @@ -48,14 +48,14 @@ pf_init(void) { struct pf_status status; - if ((pfdev = open(PF_SOCKET, O_RDWR)) == -1) { + if ((dev = open(PF_SOCKET, O_RDWR)) == -1) { return (-1); } - if (ioctl(pfdev, DIOCGETSTATUS, &status) == -1) { + if (ioctl(dev, DIOCGETSTATUS, &status) == -1) { return (-1); } - close(pfdev); + close(dev); if (!status.running) return (-1); @@ -72,14 +72,14 @@ pf_read(void) char *lnames[] = LCNT_NAMES; char *names[] = { "searches", "inserts", "removals" }; - if ((pfdev = open(PF_SOCKET, O_RDWR)) == -1) { + if ((dev = open(PF_SOCKET, O_RDWR)) == -1) { return (-1); } - if (ioctl(pfdev, DIOCGETSTATUS, &status) == -1) { + if (ioctl(dev, DIOCGETSTATUS, &status) == -1) { return (-1); } - close(pfdev); + close(dev); for (i = 0; i < PFRES_MAX; i++) submit_counter("pf_counters", cnames[i], status.counters[i]); for (i = 0; i < LCNT_MAX; i++) -- 2.30.2