pf.c revision 1.1
1 1.1 peter /* $NetBSD: pf.c,v 1.1 2005/04/03 22:15:32 peter Exp $ */ 2 1.1 peter 3 1.1 peter /* 4 1.1 peter * pf.c - NAT lookup code for pf. 5 1.1 peter * 6 1.1 peter * This software is in the public domain. 7 1.1 peter * Written by Peter Postma <peter (at) NetBSD.org> 8 1.1 peter */ 9 1.1 peter 10 1.1 peter #include <sys/types.h> 11 1.1 peter #include <sys/socket.h> 12 1.1 peter #include <sys/ioctl.h> 13 1.1 peter #include <sys/fcntl.h> 14 1.1 peter 15 1.1 peter #include <net/if.h> 16 1.1 peter #include <netinet/in.h> 17 1.1 peter #include <net/pfvar.h> 18 1.1 peter 19 1.1 peter #include <stdlib.h> 20 1.1 peter #include <string.h> 21 1.1 peter #include <syslog.h> 22 1.1 peter #include <unistd.h> 23 1.1 peter 24 1.1 peter #include "identd.h" 25 1.1 peter 26 1.1 peter int 27 1.1 peter pf_natlookup(struct sockaddr_storage *ss, struct sockaddr *nat_addr, 28 1.1 peter int *nat_lport) 29 1.1 peter { 30 1.1 peter struct pfioc_natlook nl; 31 1.1 peter int dev; 32 1.1 peter 33 1.1 peter (void)memset(&nl, 0, sizeof(nl)); 34 1.1 peter 35 1.1 peter /* Build the pf natlook structure. */ 36 1.1 peter switch (ss[0].ss_family) { 37 1.1 peter case AF_INET: 38 1.1 peter (void)memcpy(&nl.daddr.v4, &satosin(&ss[0])->sin_addr, 39 1.1 peter sizeof(struct in_addr)); 40 1.1 peter (void)memcpy(&nl.saddr.v4, &satosin(&ss[1])->sin_addr, 41 1.1 peter sizeof(struct in_addr)); 42 1.1 peter nl.dport = satosin(&ss[0])->sin_port; 43 1.1 peter nl.sport = satosin(&ss[1])->sin_port; 44 1.1 peter nl.af = AF_INET; 45 1.1 peter nl.proto = IPPROTO_TCP; 46 1.1 peter nl.direction = PF_IN; 47 1.1 peter break; 48 1.1 peter case AF_INET6: 49 1.1 peter (void)memcpy(&nl.daddr.v6, &satosin6(&ss[0])->sin6_addr, 50 1.1 peter sizeof(struct in6_addr)); 51 1.1 peter (void)memcpy(&nl.saddr.v6, &satosin6(&ss[1])->sin6_addr, 52 1.1 peter sizeof(struct in6_addr)); 53 1.1 peter nl.dport = satosin6(&ss[0])->sin6_port; 54 1.1 peter nl.sport = satosin6(&ss[1])->sin6_port; 55 1.1 peter nl.af = AF_INET6; 56 1.1 peter nl.proto = IPPROTO_TCP; 57 1.1 peter nl.direction = PF_IN; 58 1.1 peter break; 59 1.1 peter default: 60 1.1 peter maybe_syslog(LOG_ERR, "Unsupported protocol for NAT lookup " 61 1.1 peter "(no. %d)", ss[0].ss_family); 62 1.1 peter return 0; 63 1.1 peter } 64 1.1 peter 65 1.1 peter /* Open the /dev/pf device and do the lookup. */ 66 1.1 peter if ((dev = open("/dev/pf", O_RDWR)) == -1) { 67 1.1 peter maybe_syslog(LOG_ERR, "Cannot open /dev/pf: %m"); 68 1.1 peter return 0; 69 1.1 peter } 70 1.1 peter if (ioctl(dev, DIOCNATLOOK, &nl) == -1) { 71 1.1 peter maybe_syslog(LOG_ERR, "NAT lookup failure: %m"); 72 1.1 peter (void)close(dev); 73 1.1 peter return 0; 74 1.1 peter } 75 1.1 peter (void)close(dev); 76 1.1 peter 77 1.1 peter /* 78 1.1 peter * Put the originating address into nat_addr and fill 79 1.1 peter * the port with the ident port, 113. 80 1.1 peter */ 81 1.1 peter switch (ss[0].ss_family) { 82 1.1 peter case AF_INET: 83 1.1 peter (void)memcpy(&satosin(nat_addr)->sin_addr, &nl.rsaddr.v4, 84 1.1 peter sizeof(struct in_addr)); 85 1.1 peter satosin(nat_addr)->sin_port = htons(113); 86 1.1 peter satosin(nat_addr)->sin_len = sizeof(struct sockaddr_in); 87 1.1 peter satosin(nat_addr)->sin_family = AF_INET; 88 1.1 peter break; 89 1.1 peter case AF_INET6: 90 1.1 peter (void)memcpy(&satosin6(nat_addr)->sin6_addr, &nl.rsaddr.v6, 91 1.1 peter sizeof(struct in6_addr)); 92 1.1 peter satosin6(nat_addr)->sin6_port = htons(113); 93 1.1 peter satosin6(nat_addr)->sin6_len = sizeof(struct sockaddr_in6); 94 1.1 peter satosin6(nat_addr)->sin6_family = AF_INET6; 95 1.1 peter break; 96 1.1 peter } 97 1.1 peter /* Put the originating port into nat_lport. */ 98 1.1 peter *nat_lport = nl.rsport; 99 1.1 peter 100 1.1 peter return 1; 101 1.1 peter } 102
Indexes created Wed Sep 24 14:09:57 GMT 2025