search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
NFE - Change default RX ring size from 128 -> 256, Adjust moderation timer.
[dragonfly.git] / contrib / ipfilter / samples / proxy.c
blobef9a69c356e8354c108bcdc4970591748b4a76af
1 /*
2 * Sample transparent proxy program.
3 *
4 * Sample implementation of a program which intercepts a TCP connectiona and
5 * just echos all data back to the origin. Written to work via inetd as a
6 * "nonwait" program running as root; ie.
7 * tcpmux stream tcp nowait root /usr/local/bin/proxy proxy
8 * with a NAT rue like this:
9 * rdr smc0 0/0 port 80 -> 127.0.0.1/32 port 1
10 */
11 #include <stdio.h>
12 #include <string.h>
13 #include <fcntl.h>
14 #include <syslog.h>
15 #if !defined(__SVR4) && !defined(__svr4__)
16 #include <strings.h>
17 #else
18 #include <sys/byteorder.h>
19 #endif
20 #include <sys/types.h>
21 #include <sys/time.h>
22 #include <sys/param.h>
23 #include <stdlib.h>
24 #include <unistd.h>
25 #include <stddef.h>
26 #include <sys/socket.h>
27 #include <sys/ioctl.h>
28 #if defined(sun) && (defined(__svr4__) || defined(__SVR4))
29 # include <sys/ioccom.h>
30 # include <sys/sysmacros.h>
31 #endif
32 #include <netinet/in.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/ip.h>
35 #include <netinet/tcp.h>
36 #include <net/if.h>
37 #include <netdb.h>
38 #include <arpa/nameser.h>
39 #include <arpa/inet.h>
40 #include <resolv.h>
41 #include <ctype.h>
42 #include "netinet/ip_compat.h"
43 #include "netinet/ip_fil.h"
44 #include "netinet/ip_nat.h"
45 #include "netinet/ip_state.h"
46 #include "netinet/ip_proxy.h"
47 #include "netinet/ip_nat.h"
48
49
50 main(argc, argv)
51 int argc;
52 char *argv[];
53 {
54 struct sockaddr_in sin, sloc, sout;
55 natlookup_t natlook;
56 natlookup_t *natlookp = &natlook;
57 char buffer[512];
58 int namelen, fd, n;
59
60 /*
61 * get IP# and port # of the remote end of the connection (at the
62 * origin).
63 */
64 namelen = sizeof(sin);
65 if (getpeername(0, (struct sockaddr *)&sin, &namelen) == -1) {
66 perror("getpeername");
67 exit(-1);
68 }
69
70 /*
71 * get IP# and port # of the local end of the connection (at the
72 * man-in-the-middle).
73 */
74 namelen = sizeof(sin);
75 if (getsockname(0, (struct sockaddr *)&sloc, &namelen) == -1) {
76 perror("getsockname");
77 exit(-1);
78 }
79
80 /*
81 * Build up the NAT natlookup structure.
82 */
83 bzero((char *)&natlook, sizeof(natlook));
84 natlook.nl_outip = sin.sin_addr;
85 natlook.nl_inip = sloc.sin_addr;
86 natlook.nl_flags = IPN_TCPUDP;
87 natlook.nl_outport = ntohs(sin.sin_port);
88 natlook.nl_inport = ntohs(sloc.sin_port);
89
90 /*
91 * Open the NAT device and lookup the mapping pair.
92 */
93 fd = open(IPL_NAT, O_RDONLY);
94 if (ioctl(fd, SIOCGNATL, &natlookp) == -1) {
95 perror("ioctl(SIOCGNATL)");
96 exit(-1);
97 }
98
99 #define DO_NAT_OUT
100 #ifdef DO_NAT_OUT
101 if (argc > 1)
102 do_nat_out(0, 1, fd, &natlook, argv[1]);
103 #else
104
105 /*
106 * Log it
107 */
108 syslog(LOG_DAEMON|LOG_INFO, "connect to %s,%d",
109 inet_ntoa(natlook.nl_realip), ntohs(natlook.nl_realport));
110 printf("connect to %s,%d\n",
111 inet_ntoa(natlook.nl_realip), ntohs(natlook.nl_realport));
112
113 /*
114 * Just echo data read in from stdin to stdout
115 */
116 while ((n = read(0, buffer, sizeof(buffer))) > 0)
117 if (write(1, buffer, n) != n)
118 break;
119 close(0);
120 #endif
121 }
122
123
124 #ifdef DO_NAT_OUT
125 do_nat_out(in, out, fd, nlp, extif)
126 int fd;
127 natlookup_t *nlp;
128 char *extif;
129 {
130 nat_save_t ns, *nsp = &ns;
131 struct sockaddr_in usin;
132 u_32_t sum1, sum2, sumd;
133 int onoff, ofd, slen;
134 ipnat_t *ipn;
135 nat_t *nat;
136
137 bzero((char *)&ns, sizeof(ns));
138
139 nat = &ns.ipn_nat;
140 nat->nat_p = IPPROTO_TCP;
141 nat->nat_dir = NAT_OUTBOUND;
142 if ((extif != NULL) && (*extif != '\0')) {
143 strncpy(nat->nat_ifname, extif, sizeof(nat->nat_ifname));
144 nat->nat_ifname[sizeof(nat->nat_ifname) - 1] = '\0';
145 }
146
147 ofd = socket(AF_INET, SOCK_DGRAM, 0);
148 bzero((char *)&usin, sizeof(usin));
149 usin.sin_family = AF_INET;
150 usin.sin_addr = nlp->nl_realip;
151 usin.sin_port = nlp->nl_realport;
152 (void) connect(ofd, (struct sockaddr *)&usin, sizeof(usin));
153 slen = sizeof(usin);
154 (void) getsockname(ofd, (struct sockaddr *)&usin, &slen);
155 close(ofd);
156 printf("local IP# to use: %s\n", inet_ntoa(usin.sin_addr));
157
158 if ((ofd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
159 perror("socket");
160 usin.sin_port = 0;
161 if (bind(ofd, (struct sockaddr *)&usin, sizeof(usin)))
162 perror("bind");
163 slen = sizeof(usin);
164 if (getsockname(ofd, (struct sockaddr *)&usin, &slen))
165 perror("getsockname");
166 printf("local port# to use: %d\n", ntohs(usin.sin_port));
167
168 nat->nat_inip = usin.sin_addr;
169 nat->nat_outip = nlp->nl_outip;
170 nat->nat_oip = nlp->nl_realip;
171
172 sum1 = LONG_SUM(ntohl(usin.sin_addr.s_addr)) + ntohs(usin.sin_port);
173 sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)) + ntohs(nlp->nl_outport);
174 CALC_SUMD(sum1, sum2, sumd);
175 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
176 nat->nat_sumd[1] = nat->nat_sumd[0];
177
178 sum1 = LONG_SUM(ntohl(usin.sin_addr.s_addr));
179 sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr));
180 CALC_SUMD(sum1, sum2, sumd);
181 nat->nat_ipsumd = (sumd & 0xffff) + (sumd >> 16);
182
183 nat->nat_inport = usin.sin_port;
184 nat->nat_outport = nlp->nl_outport;
185 nat->nat_oport = nlp->nl_realport;
186
187 nat->nat_flags = IPN_TCPUDP;
188
189 onoff = 1;
190 if (ioctl(fd, SIOCSTLCK, &onoff) == 0) {
191 if (ioctl(fd, SIOCSTPUT, &nsp) != 0)
192 perror("SIOCSTPUT");
193 onoff = 0;
194 if (ioctl(fd, SIOCSTLCK, &onoff) != 0)
195 perror("SIOCSTLCK");
196 }
197
198 usin.sin_addr = nlp->nl_realip;
199 usin.sin_port = nlp->nl_realport;
200 printf("remote end for connection: %s,%d\n", inet_ntoa(usin.sin_addr),
201 ntohs(usin.sin_port));
202 fflush(stdout);
203 if (connect(ofd, (struct sockaddr *)&usin, sizeof(usin)))
204 perror("connect");
205
206 relay(in, out, ofd);
207 }
208
209
210 relay(in, out, net)
211 int in, out, net;
212 {
213 char netbuf[1024], outbuf[1024];
214 char *nwptr, *nrptr, *owptr, *orptr;
215 size_t nsz, osz;
216 fd_set rd, wr;
217 int i, n, maxfd;
218
219 n = 0;
220 maxfd = in;
221 if (out > maxfd)
222 maxfd = out;
223 if (net > maxfd)
224 maxfd = net;
225
226 nrptr = netbuf;
227 nwptr = netbuf;
228 nsz = sizeof(netbuf);
229 orptr = outbuf;
230 owptr = outbuf;
231 osz = sizeof(outbuf);
232
233 while (n >= 0) {
234 FD_ZERO(&rd);
235 FD_ZERO(&wr);
236
237 if (nrptr - netbuf < sizeof(netbuf))
238 FD_SET(in, &rd);
239 if (orptr - outbuf < sizeof(outbuf))
240 FD_SET(net, &rd);
241
242 if (nsz < sizeof(netbuf))
243 FD_SET(net, &wr);
244 if (osz < sizeof(outbuf))
245 FD_SET(out, &wr);
246
247 n = select(maxfd + 1, &rd, &wr, NULL, NULL);
248
249 if ((n > 0) && FD_ISSET(in, &rd)) {
250 i = read(in, nrptr, sizeof(netbuf) - (nrptr - netbuf));
251 if (i <= 0)
252 break;
253 nsz -= i;
254 nrptr += i;
255 n--;
256 }
257
258 if ((n > 0) && FD_ISSET(net, &rd)) {
259 i = read(net, orptr, sizeof(outbuf) - (orptr - outbuf));
260 if (i <= 0)
261 break;
262 osz -= i;
263 orptr += i;
264 n--;
265 }
266
267 if ((n > 0) && FD_ISSET(out, &wr)) {
268 i = write(out, owptr, orptr - owptr);
269 if (i <= 0)
270 break;
271 osz += i;
272 if (osz == sizeof(outbuf) || owptr == orptr) {
273 orptr = outbuf;
274 owptr = outbuf;
275 } else
276 owptr += i;
277 n--;
278 }
279
280 if ((n > 0) && FD_ISSET(net, &wr)) {
281 i = write(net, nwptr, nrptr - nwptr);
282 if (i <= 0)
283 break;
284 nsz += i;
285 if (nsz == sizeof(netbuf) || nwptr == nrptr) {
286 nrptr = netbuf;
287 nwptr = netbuf;
288 } else
289 nwptr += i;
290 }
291 }
292
293 close(net);
294 close(out);
295 close(in);
296 }
297 #endif
DragonFly BSD