D23450.id67597.diff
No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

D23450.id67597.diff
View Options

	Index: sbin/ipfw/ipfw.8
	===================================================================
	--- sbin/ipfw/ipfw.8
	+++ sbin/ipfw/ipfw.8
	@@ -3257,6 +3257,9 @@
	If no entry was found in any of the instances, packet is passed unchanged,
	and no new entry will be created.
	See section
	+.It Cm port_alias lower upper
	+Set the aliasing ports between the ranges given. Upper port has to be
	+greater than lower.
	.Sx MULTIPLE INSTANCES
	in
	.Xr natd 8
	Index: sbin/ipfw/ipfw2.h
	===================================================================
	--- sbin/ipfw/ipfw2.h
	+++ sbin/ipfw/ipfw2.h
	@@ -284,7 +284,7 @@
	TOK_MAX_PORTS,
	TOK_STATES_CHUNKS,
	TOK_JMAXLEN,
	- TOK_PORT_RANGE,
	+ TOK_PORT_ALIAS,
	TOK_HOST_DEL_AGE,
	TOK_PG_DEL_AGE,
	TOK_TCP_SYN_AGE,
	Index: sbin/ipfw/main.c
	===================================================================
	--- sbin/ipfw/main.c
	+++ sbin/ipfw/main.c
	@@ -45,7 +45,8 @@
	"[pipe\|queue] {zero\|delete\|show} [N{,N}]\n"
	"nat N config {ip IPADDR\|if IFNAME\|log\|deny_in\|same_ports\|unreg_only\|unreg_cgn\|\n"
	" reset\|reverse\|proxy_only\|redirect_addr linkspec\|\n"
	-" redirect_port linkspec\|redirect_proto linkspec}\n"
	+" redirect_port linkspec\|redirect_proto linkspec\|\n"
	+" port_alias lower upper}\n"
	"set [disable N... enable N...] \| move [rule] X to Y \| swap X Y \| show\n"
	"set N {show\|list\|zero\|resetlog\|delete} [N{,N}] \| flush\n"
	"table N {add ip[/bits] [value] \| delete ip[/bits] \| flush \| list}\n"
	Index: sbin/ipfw/nat.c
	===================================================================
	--- sbin/ipfw/nat.c
	+++ sbin/ipfw/nat.c
	@@ -65,6 +65,7 @@
	{ "reset", TOK_RESET_ADDR },
	{ "reverse", TOK_ALIAS_REV },
	{ "proxy_only", TOK_PROXY_ONLY },
	+ { "port_alias", TOK_PORT_ALIAS },
	{ "redirect_addr", TOK_REDIR_ADDR },
	{ "redirect_port", TOK_REDIR_PORT },
	{ "redirect_proto", TOK_REDIR_PROTO },
	@@ -752,12 +753,23 @@
	printf("\n");
	}

	+static int
	+nat_port_alias_valid_port(char ptr, u_short out) {
	+ u_short port;
	+ port = (u_short) strtol(ptr, NULL, 10);
	+ if (port > 1024) {
	+ *out = port;
	+ }
	+ return 0;
	+}
	+
	void
	ipfw_config_nat(int ac, char **av)
	{
	ipfw_obj_header *oh;
	struct nat44_cfg_nat n; / Nat instance configuration. */
	int i, off, tok, ac1;
	+ u_short lp, hp;
	char id, buf, *av1, end;
	size_t len;

	@@ -837,6 +849,13 @@
	ac1--;
	}
	break;
	+ case TOK_PORT_ALIAS:
	+ if (ac1 < 2)
	+ errx(EX_DATAERR, "redirect_proto: "
	+ "not enough arguments");
	+ av1 += 2;
	+ ac1 -= 2;
	+ break;
	default:
	errx(EX_DATAERR, "unrecognised option ``%s''", av1[-1]);
	}
	@@ -919,6 +938,21 @@
	}
	n->redir_cnt++;
	off += i;
	+ break;
	+ case TOK_PORT_ALIAS:
	+ if (ac == 0)
	+ errx(EX_DATAERR, "missing option");
	+ if (!isdigit(av[0]) \|\| !isdigit(av[1]))
	+ errx(EX_DATAERR, "invalid or negative port number(s)");
	+ if (!nat_port_alias_valid_port(av[0], &lp) \|\|
	+ !nat_port_alias_valid_port(av[1], &hp))
	+ errx(EX_DATAERR, "port has to be greater than 1024");
	+ if (lp >= hp)
	+ errx(EX_DATAERR, "upper port has to be greater than lower port");
	+ n->alias_port_lo = lp;
	+ n->alias_port_hi = hp;
	+ ac -= 2;
	+ av += 2;
	break;
	}
	}
	Index: sys/netinet/ip_fw.h
	===================================================================
	--- sys/netinet/ip_fw.h
	+++ sys/netinet/ip_fw.h
	@@ -550,6 +550,8 @@
	struct in_addr ip; /* nat IPv4 address */
	uint32_t mode; /* aliasing mode */
	uint32_t redir_cnt; /* number of entry in spool chain */
	+ u_short alias_port_lo; /* low range for port aliasing */
	+ u_short alias_port_hi; /* high range for port aliasing */
	};

	/* Nat command. */
	Index: sys/netinet/libalias/alias.h
	===================================================================
	--- sys/netinet/libalias/alias.h
	+++ sys/netinet/libalias/alias.h
	@@ -86,6 +86,7 @@
	/* Initialization and control functions. */
	struct libalias LibAliasInit(struct libalias );
	void LibAliasSetAddress(struct libalias *, struct in_addr _addr);
	+void LibAliasSetAliasPortRange(struct libalias *la, u_short port_low, u_short port_hi);
	void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num);
	void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port);
	unsigned int
	Index: sys/netinet/libalias/alias_db.c
	===================================================================
	--- sys/netinet/libalias/alias_db.c
	+++ sys/netinet/libalias/alias_db.c
	@@ -605,6 +605,11 @@
	*/
	port_net = lnk->src_port;
	port_sys = ntohs(port_net);
	+ } else if (la->aliasPortLower && la->aliasPortUpper) {
	+ /* First trial is a random port in the aliasing range. */
	+ port_sys = la->aliasPortLower + (arc4random() %
	+ (la->aliasPortUpper - la->aliasPortLower));
	+ port_net = htons(port_sys);
	} else {
	/* First trial and all subsequent are random. */
	port_sys = arc4random() & ALIAS_PORT_MASK;
	@@ -658,9 +663,15 @@
	}
	#endif
	}
	- port_sys = arc4random() & ALIAS_PORT_MASK;
	- port_sys += ALIAS_PORT_BASE;
	- port_net = htons(port_sys);
	+ if (la->aliasPortLower && la->aliasPortUpper) {
	+ port_sys = la->aliasPortLower + (arc4random() %
	+ (la->aliasPortUpper - la->aliasPortLower));
	+ port_net = htons(port_sys);
	+ } else {
	+ port_sys = arc4random() & ALIAS_PORT_MASK;
	+ port_sys += ALIAS_PORT_BASE;
	+ port_net = htons(port_sys);
	+ }
	}

	#ifdef LIBALIAS_DEBUG
	@@ -2443,6 +2454,18 @@
	CleanupAliasData(la);

	la->aliasAddress = addr;
	+ LIBALIAS_UNLOCK(la);
	+}
	+
	+
	+void
	+LibAliasSetAliasPortRange(struct libalias *la, u_short port_low,
	+ u_short port_high)
	+{
	+
	+ LIBALIAS_LOCK(la);
	+ la->aliasPortLower = port_low;
	+ la->aliasPortUpper = port_high;
	LIBALIAS_UNLOCK(la);
	}

	Index: sys/netinet/libalias/alias_local.h
	===================================================================
	--- sys/netinet/libalias/alias_local.h
	+++ sys/netinet/libalias/alias_local.h
	@@ -163,6 +163,10 @@
	struct in_addr true_addr; /* in network byte order. */
	u_short true_port; /* in host byte order. */

	+ /* Port ranges for aliasing. */
	+ u_short aliasPortLower;
	+ u_short aliasPortUpper;
	+
	/*
	* sctp code support
	*/
	Index: sys/netpfil/ipfw/ip_fw_nat.c
	===================================================================
	--- sys/netpfil/ipfw/ip_fw_nat.c
	+++ sys/netpfil/ipfw/ip_fw_nat.c
	@@ -93,6 +93,8 @@
	/* chain of redir instances */
	LIST_HEAD(redir_chain, cfg_redir) redir_chain;
	char if_name[IF_NAMESIZE]; /* interface name */
	+ u_short alias_port_lo; /* low range for port aliasing */
	+ u_short alias_port_hi; /* high range for port aliasing */
	};

	static eventhandler_tag ifaddr_event_tag;
	@@ -529,9 +531,12 @@
	ptr->ip = ucfg->ip;
	ptr->redir_cnt = ucfg->redir_cnt;
	ptr->mode = ucfg->mode;
	+ ptr->alias_port_lo = ucfg->alias_port_lo;
	+ ptr->alias_port_hi = ucfg->alias_port_hi;
	strlcpy(ptr->if_name, ucfg->if_name, sizeof(ptr->if_name));
	LibAliasSetMode(ptr->lib, ptr->mode, ~0);
	LibAliasSetAddress(ptr->lib, ptr->ip);
	+ LibAliasSetAliasPortRange(ptr->lib, ptr->alias_port_lo, ptr->alias_port_hi);

	/*
	* Redir and LSNAT configuration.
	@@ -659,6 +664,8 @@
	ucfg->ip = ptr->ip;
	ucfg->redir_cnt = ptr->redir_cnt;
	ucfg->mode = ptr->mode;
	+ ucfg->alias_port_lo = ptr->alias_port_lo;
	+ ucfg->alias_port_hi = ptr->alias_port_hi;
	strlcpy(ucfg->if_name, ptr->if_name, sizeof(ucfg->if_name));
	}

File Metadata

Mime Type: text/plain
Expires: Thu, Nov 7, 11:26 PM (4 h, 4 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14523044
Default Alt Text: D23450.id67597.diff (7 KB)

D23450.id67597.diffNo OneTemporaryActions

D23450.id67597.diffView Options

File Metadata

Event Timeline

D23450.id67597.diff
No OneTemporary
Actions

D23450.id67597.diff
View Options