2 * Copyright (c) 2014 - 2018 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Bill Yuan <bycn82@dragonflybsd.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <sys/sockio.h>
39 #include <sys/sysctl.h>
43 #include <arpa/inet.h>
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/ip.h>
64 #include <netinet/ip_icmp.h>
65 #include <netinet/tcp.h>
67 #include <net/if_dl.h>
68 #include <net/route.h>
69 #include <net/ethernet.h>
71 #include <net/ipfw3/ip_fw3.h>
72 #include <net/ipfw3_basic/ip_fw3_table.h>
73 #include <net/ipfw3_basic/ip_fw3_sync.h>
74 #include <net/ipfw3_basic/ip_fw3_basic.h>
75 #include <net/ipfw3_nat/ip_fw3_nat.h>
76 #include <net/dummynet3/ip_dummynet3.h>
88 nat_config_add(int ac
, char **av
)
93 char *id
, buf
[LEN_NAT_CMD_BUF
];
95 memset(buf
, 0, LEN_NAT_CMD_BUF
);
96 ioc
= (struct ioc_nat
*)buf
;
99 if (ac
&& isdigit(**av
)) {
102 if (ioc
->id
<= 0 || ioc
->id
> NAT_ID_MAX
) {
103 errx(EX_DATAERR
, "invalid nat id");
106 errx(EX_DATAERR
, "missing nat id");
111 if (strncmp(*av
, "ip", strlen(*av
))) {
112 errx(EX_DATAERR
, "missing `ip'");
117 if (!inet_aton(*av
, ip
)) {
118 errx(EX_DATAERR
, "bad ip addr `%s'", *av
);
126 error
= do_set_x(IP_FW_NAT_ADD
, ioc
, len
);
128 err(1, "do_set_x(%s)", "IP_FW_NAT_ADD");
131 /* show the rule after configured */
133 char *_av
[] = {"config", id
};
134 nat_config_get(_ac
, _av
);
138 nat_config_show(char *buf
, int nbytes
, int nat_id
)
144 while (len
< nbytes
) {
145 ioc
= (struct ioc_nat
*)(buf
+ len
);
146 if (nat_id
== 0 || ioc
->id
== nat_id
) {
147 printf("ipfw3 nat %u config ip", ioc
->id
);
151 for (n
= 0; n
< ioc
->count
; n
++) {
152 if (nat_id
== 0 || ioc
->id
== nat_id
) {
153 printf(" %s", inet_ntoa(*ip
));
158 if (nat_id
== 0 || ioc
->id
== nat_id
) {
165 nat_config_get(int ac
, char **av
)
177 nat_id
= strtoul(*av
, NULL
, 10);
181 while (nbytes
>= nalloc
) {
184 if ((data
= realloc(data
, nbytes
)) == NULL
) {
185 err(EX_OSERR
, "realloc");
187 if (do_get_x(IP_FW_NAT_GET
, data
, &nbytes
) < 0) {
188 err(EX_OSERR
, "do_get_x(IP_FW_NAT_GET)");
194 nat_config_show(data
, nbytes
, nat_id
);
198 nat_config_delete(int ac
, char *av
[])
205 if (do_set_x(IP_FW_NAT_DEL
, &i
, sizeof(i
)) == -1)
206 errx(EX_USAGE
, "NAT %d in use or not exists", i
);
210 nat_state_show(int ac
, char **av
)
223 nat_id
= strtoul(*av
, NULL
, 10);
226 while (nbytes
>= nalloc
) {
229 if ((data
= realloc(data
, nbytes
)) == NULL
) {
230 err(EX_OSERR
, "realloc");
232 memcpy(data
, &nat_id
, sizeof(int));
233 if (do_get_x(IP_FW_NAT_GET_RECORD
, data
, &nbytes
) < 0) {
234 err(EX_OSERR
, "do_get_x(IP_FW_NAT_GET_RECORD)");
240 struct ioc_nat_state
*ioc
;
241 ioc
=(struct ioc_nat_state
*)data
;
242 int count
= nbytes
/ LEN_IOC_NAT_STATE
;
244 for (i
= 0; i
< count
; i
++) {
245 printf("%d %d", ioc
->nat_id
, ioc
->cpu_id
);
246 if (ioc
->proto
== IPPROTO_ICMP
) {
248 } else if (ioc
->proto
== IPPROTO_TCP
) {
250 } else if (ioc
->proto
== IPPROTO_UDP
) {
253 printf(" %s:%hu",inet_ntoa(ioc
->src_addr
),
254 htons(ioc
->src_port
));
255 printf(" %s:%hu",inet_ntoa(ioc
->alias_addr
),
256 htons(ioc
->alias_port
));
257 printf(" %s:%hu",inet_ntoa(ioc
->dst_addr
),
258 htons(ioc
->dst_port
));
259 printf(" %c", ioc
->direction
? 'o' : 'i');
260 printf(" %lld", (long long)ioc
->life
);
267 nat_config_flush(void)
269 int cmd
= IP_FW_NAT_FLUSH
;
273 printf("Are you sure? [yn] ");
276 c
= toupper(getc(stdin
));
277 while (c
!= '\n' && getc(stdin
) != '\n')
279 return; /* and do not flush */
280 } while (c
!= 'Y' && c
!= 'N');
281 if (c
== 'N') /* user said no */
284 if (do_set_x(cmd
, NULL
, 0) < 0 ) {
285 errx(EX_USAGE
, "NAT configuration in use");
288 printf("Flushed all nat configurations");
293 nat_main(int ac
, char **av
)
295 if (!strncmp(*av
, "config", strlen(*av
))) {
296 nat_config_add(ac
, av
);
297 } else if (!strncmp(*av
, "flush", strlen(*av
))) {
299 } else if (!strncmp(*av
, "show", strlen(*av
))) {
300 if (ac
> 2 && isdigit(*(av
[1]))) {
306 if (!strncmp(*av
, "config", strlen(*av
))) {
307 nat_config_get(ac
, av
);
308 } else if (!strncmp(*av
, "state", strlen(*av
))) {
309 nat_state_show(ac
,av
);
311 errx(EX_USAGE
, "bad nat show command `%s'", *av
);
313 } else if (!strncmp(*av
, "delete", strlen(*av
))) {
314 nat_config_delete(ac
, av
);
316 errx(EX_USAGE
, "bad ipfw nat command `%s'", *av
);