Sync ACPICA with Intel's version 20170831.
[dragonfly.git] / usr.sbin / ppp / nat_cmd.c
blobb3a5b456e57d0192e85d98759da2c092487ff714
1 /*-
2 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
3 * Brian Somers <brian@Awfulhak.org>
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
27 * $FreeBSD: src/usr.sbin/ppp/nat_cmd.c,v 1.35.2.13 2002/09/01 02:12:29 brian Exp $
30 #include <sys/param.h>
31 #include <netinet/in.h>
32 #include <arpa/inet.h>
33 #include <netdb.h>
34 #include <netinet/in_systm.h>
35 #include <netinet/ip.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
39 #include <stdarg.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <termios.h>
45 #ifdef LOCALNAT
46 #include "alias.h"
47 #else
48 #include <alias.h>
49 #endif
51 #include "layer.h"
52 #include "proto.h"
53 #include "defs.h"
54 #include "command.h"
55 #include "log.h"
56 #include "nat_cmd.h"
57 #include "descriptor.h"
58 #include "prompt.h"
59 #include "timer.h"
60 #include "fsm.h"
61 #include "slcompress.h"
62 #include "throughput.h"
63 #include "iplist.h"
64 #include "mbuf.h"
65 #include "lqr.h"
66 #include "hdlc.h"
67 #include "ncpaddr.h"
68 #include "ip.h"
69 #include "ipcp.h"
70 #include "ipv6cp.h"
71 #include "lcp.h"
72 #include "ccp.h"
73 #include "link.h"
74 #include "mp.h"
75 #include "filter.h"
76 #ifndef NORADIUS
77 #include "radius.h"
78 #endif
79 #include "ncp.h"
80 #include "bundle.h"
83 #define NAT_EXTRABUF (13)
85 static int StrToAddr(const char *, struct in_addr *);
86 static int StrToPortRange(const char *, u_short *, u_short *, const char *);
87 static int StrToAddrAndPort(const char *, struct in_addr *, u_short *,
88 u_short *, const char *);
90 static void
91 lowhigh(u_short *a, u_short *b)
93 if (a > b) {
94 u_short c;
96 c = *b;
97 *b = *a;
98 *a = c;
103 nat_RedirectPort(struct cmdargs const *arg)
105 if (!arg->bundle->NatEnabled) {
106 prompt_Printf(arg->prompt, "Alias not enabled\n");
107 return 1;
108 } else if (arg->argc == arg->argn + 3 || arg->argc == arg->argn + 4) {
109 char proto_constant;
110 const char *proto;
111 struct in_addr localaddr;
112 u_short hlocalport, llocalport;
113 struct in_addr aliasaddr;
114 u_short haliasport, laliasport;
115 struct in_addr remoteaddr;
116 u_short hremoteport, lremoteport;
117 struct alias_link *link;
118 int error;
120 proto = arg->argv[arg->argn];
121 if (strcmp(proto, "tcp") == 0) {
122 proto_constant = IPPROTO_TCP;
123 } else if (strcmp(proto, "udp") == 0) {
124 proto_constant = IPPROTO_UDP;
125 } else {
126 prompt_Printf(arg->prompt, "port redirect: protocol must be"
127 " tcp or udp\n");
128 return -1;
131 error = StrToAddrAndPort(arg->argv[arg->argn+1], &localaddr, &llocalport,
132 &hlocalport, proto);
133 if (error) {
134 prompt_Printf(arg->prompt, "nat port: error reading localaddr:port\n");
135 return -1;
138 error = StrToPortRange(arg->argv[arg->argn+2], &laliasport, &haliasport,
139 proto);
140 if (error) {
141 prompt_Printf(arg->prompt, "nat port: error reading alias port\n");
142 return -1;
144 aliasaddr.s_addr = INADDR_ANY;
146 if (arg->argc == arg->argn + 4) {
147 error = StrToAddrAndPort(arg->argv[arg->argn+3], &remoteaddr,
148 &lremoteport, &hremoteport, proto);
149 if (error) {
150 prompt_Printf(arg->prompt, "nat port: error reading "
151 "remoteaddr:port\n");
152 return -1;
154 } else {
155 remoteaddr.s_addr = INADDR_ANY;
156 lremoteport = hremoteport = 0;
159 lowhigh(&llocalport, &hlocalport);
160 lowhigh(&laliasport, &haliasport);
161 lowhigh(&lremoteport, &hremoteport);
163 if (haliasport - laliasport != hlocalport - llocalport) {
164 prompt_Printf(arg->prompt, "nat port: local & alias port ranges "
165 "are not equal\n");
166 return -1;
169 if (hremoteport && hremoteport - lremoteport != hlocalport - llocalport) {
170 prompt_Printf(arg->prompt, "nat port: local & remote port ranges "
171 "are not equal\n");
172 return -1;
175 while (laliasport <= haliasport) {
176 link = PacketAliasRedirectPort(localaddr, htons(llocalport),
177 remoteaddr, htons(lremoteport),
178 aliasaddr, htons(laliasport),
179 proto_constant);
181 if (link == NULL) {
182 prompt_Printf(arg->prompt, "nat port: %d: error %d\n", laliasport,
183 error);
184 return 1;
186 llocalport++;
187 laliasport++;
188 if (hremoteport)
189 lremoteport++;
192 return 0;
195 return -1;
200 nat_RedirectAddr(struct cmdargs const *arg)
202 if (!arg->bundle->NatEnabled) {
203 prompt_Printf(arg->prompt, "nat not enabled\n");
204 return 1;
205 } else if (arg->argc == arg->argn+2) {
206 int error;
207 struct in_addr localaddr, aliasaddr;
208 struct alias_link *link;
210 error = StrToAddr(arg->argv[arg->argn], &localaddr);
211 if (error) {
212 prompt_Printf(arg->prompt, "address redirect: invalid local address\n");
213 return 1;
215 error = StrToAddr(arg->argv[arg->argn+1], &aliasaddr);
216 if (error) {
217 prompt_Printf(arg->prompt, "address redirect: invalid alias address\n");
218 prompt_Printf(arg->prompt, "usage: nat %s %s\n", arg->cmd->name,
219 arg->cmd->syntax);
220 return 1;
222 link = PacketAliasRedirectAddr(localaddr, aliasaddr);
223 if (link == NULL) {
224 prompt_Printf(arg->prompt, "address redirect: packet aliasing"
225 " engine error\n");
226 prompt_Printf(arg->prompt, "usage: nat %s %s\n", arg->cmd->name,
227 arg->cmd->syntax);
229 } else
230 return -1;
232 return 0;
237 nat_RedirectProto(struct cmdargs const *arg)
239 if (!arg->bundle->NatEnabled) {
240 prompt_Printf(arg->prompt, "nat not enabled\n");
241 return 1;
242 } else if (arg->argc >= arg->argn + 2 && arg->argc <= arg->argn + 4) {
243 struct in_addr localIP, publicIP, remoteIP;
244 struct alias_link *link;
245 struct protoent *pe;
246 int error;
247 unsigned len;
249 len = strlen(arg->argv[arg->argn]);
250 if (len == 0) {
251 prompt_Printf(arg->prompt, "proto redirect: invalid protocol\n");
252 return 1;
254 if (strspn(arg->argv[arg->argn], "01234567") == len)
255 pe = getprotobynumber(atoi(arg->argv[arg->argn]));
256 else
257 pe = getprotobyname(arg->argv[arg->argn]);
258 if (pe == NULL) {
259 prompt_Printf(arg->prompt, "proto redirect: invalid protocol\n");
260 return 1;
263 error = StrToAddr(arg->argv[arg->argn + 1], &localIP);
264 if (error) {
265 prompt_Printf(arg->prompt, "proto redirect: invalid src address\n");
266 return 1;
269 if (arg->argc >= arg->argn + 3) {
270 error = StrToAddr(arg->argv[arg->argn + 2], &publicIP);
271 if (error) {
272 prompt_Printf(arg->prompt, "proto redirect: invalid alias address\n");
273 prompt_Printf(arg->prompt, "usage: nat %s %s\n", arg->cmd->name,
274 arg->cmd->syntax);
275 return 1;
277 } else
278 publicIP.s_addr = INADDR_ANY;
280 if (arg->argc == arg->argn + 4) {
281 error = StrToAddr(arg->argv[arg->argn + 2], &remoteIP);
282 if (error) {
283 prompt_Printf(arg->prompt, "proto redirect: invalid dst address\n");
284 prompt_Printf(arg->prompt, "usage: nat %s %s\n", arg->cmd->name,
285 arg->cmd->syntax);
286 return 1;
288 } else
289 remoteIP.s_addr = INADDR_ANY;
291 link = PacketAliasRedirectProto(localIP, remoteIP, publicIP, pe->p_proto);
292 if (link == NULL) {
293 prompt_Printf(arg->prompt, "proto redirect: packet aliasing"
294 " engine error\n");
295 prompt_Printf(arg->prompt, "usage: nat %s %s\n", arg->cmd->name,
296 arg->cmd->syntax);
298 } else
299 return -1;
301 return 0;
305 static int
306 StrToAddr(const char *str, struct in_addr *addr)
308 struct hostent *hp;
310 if (inet_aton(str, addr))
311 return 0;
313 hp = gethostbyname(str);
314 if (!hp) {
315 log_Printf(LogWARN, "StrToAddr: Unknown host %s.\n", str);
316 return -1;
318 *addr = *((struct in_addr *) hp->h_addr);
319 return 0;
323 static int
324 StrToPort(const char *str, u_short *port, const char *proto)
326 struct servent *sp;
327 char *end;
329 *port = strtol(str, &end, 10);
330 if (*end != '\0') {
331 sp = getservbyname(str, proto);
332 if (sp == NULL) {
333 log_Printf(LogWARN, "StrToAddr: Unknown port or service %s/%s.\n",
334 str, proto);
335 return -1;
337 *port = ntohs(sp->s_port);
340 return 0;
343 static int
344 StrToPortRange(const char *str, u_short *low, u_short *high, const char *proto)
346 char *minus;
347 int res;
349 minus = strchr(str, '-');
350 if (minus)
351 *minus = '\0'; /* Cheat the const-ness ! */
353 res = StrToPort(str, low, proto);
355 if (minus)
356 *minus = '-'; /* Cheat the const-ness ! */
358 if (res == 0) {
359 if (minus)
360 res = StrToPort(minus + 1, high, proto);
361 else
362 *high = *low;
365 return res;
368 static int
369 StrToAddrAndPort(const char *str, struct in_addr *addr, u_short *low,
370 u_short *high, const char *proto)
372 char *colon;
373 int res;
375 colon = strchr(str, ':');
376 if (!colon) {
377 log_Printf(LogWARN, "StrToAddrAndPort: %s is missing port number.\n", str);
378 return -1;
381 *colon = '\0'; /* Cheat the const-ness ! */
382 res = StrToAddr(str, addr);
383 *colon = ':'; /* Cheat the const-ness ! */
384 if (res != 0)
385 return -1;
387 return StrToPortRange(colon + 1, low, high, proto);
391 nat_ProxyRule(struct cmdargs const *arg)
393 char cmd[LINE_LEN];
394 int f, pos;
395 size_t len;
397 if (arg->argn >= arg->argc)
398 return -1;
400 for (f = arg->argn, pos = 0; f < arg->argc; f++) {
401 len = strlen(arg->argv[f]);
402 if (sizeof cmd - pos < len + (len ? 1 : 0))
403 break;
404 if (len)
405 cmd[pos++] = ' ';
406 strcpy(cmd + pos, arg->argv[f]);
407 pos += len;
410 return PacketAliasProxyRule(cmd);
414 nat_SetTarget(struct cmdargs const *arg)
416 struct in_addr addr;
418 if (arg->argc == arg->argn) {
419 addr.s_addr = INADDR_ANY;
420 PacketAliasSetTarget(addr);
421 return 0;
424 if (arg->argc != arg->argn + 1)
425 return -1;
427 if (!strcasecmp(arg->argv[arg->argn], "MYADDR")) {
428 addr.s_addr = INADDR_ANY;
429 PacketAliasSetTarget(addr);
430 return 0;
433 addr = GetIpAddr(arg->argv[arg->argn]);
434 if (addr.s_addr == INADDR_NONE) {
435 log_Printf(LogWARN, "%s: invalid address\n", arg->argv[arg->argn]);
436 return 1;
439 PacketAliasSetTarget(addr);
440 return 0;
443 #ifndef NO_FW_PUNCH
445 nat_PunchFW(struct cmdargs const *arg)
447 char *end;
448 long base, count;
450 if (arg->argc == arg->argn) {
451 PacketAliasSetMode(0, PKT_ALIAS_PUNCH_FW);
452 return 0;
455 if (arg->argc != arg->argn + 2)
456 return -1;
458 base = strtol(arg->argv[arg->argn], &end, 10);
459 if (*end != '\0' || base < 0)
460 return -1;
462 count = strtol(arg->argv[arg->argn + 1], &end, 10);
463 if (*end != '\0' || count < 0)
464 return -1;
466 PacketAliasSetFWBase(base, count);
467 PacketAliasSetMode(PKT_ALIAS_PUNCH_FW, PKT_ALIAS_PUNCH_FW);
469 return 0;
471 #endif
473 static struct mbuf *
474 nat_LayerPush(struct bundle *bundle, struct link *l __unused, struct mbuf *bp,
475 int pri __unused, u_short *proto)
477 if (!bundle->NatEnabled || *proto != PROTO_IP)
478 return bp;
480 log_Printf(LogDEBUG, "nat_LayerPush: PROTO_IP -> PROTO_IP\n");
481 m_settype(bp, MB_NATOUT);
482 /* Ensure there's a bit of extra buffer for the NAT code... */
483 bp = m_pullup(m_append(bp, NULL, NAT_EXTRABUF));
484 PacketAliasOut(MBUF_CTOP(bp), bp->m_len);
485 bp->m_len = ntohs(((struct ip *)MBUF_CTOP(bp))->ip_len);
487 return bp;
490 static struct mbuf *
491 nat_LayerPull(struct bundle *bundle, struct link *l __unused, struct mbuf *bp,
492 u_short *proto)
494 static int gfrags;
495 int ret, len, nfrags;
496 struct mbuf **last;
497 char *fptr;
499 if (!bundle->NatEnabled || *proto != PROTO_IP)
500 return bp;
502 log_Printf(LogDEBUG, "nat_LayerPull: PROTO_IP -> PROTO_IP\n");
503 m_settype(bp, MB_NATIN);
504 /* Ensure there's a bit of extra buffer for the NAT code... */
505 bp = m_pullup(m_append(bp, NULL, NAT_EXTRABUF));
506 ret = PacketAliasIn(MBUF_CTOP(bp), bp->m_len);
508 bp->m_len = ntohs(((struct ip *)MBUF_CTOP(bp))->ip_len);
509 if (bp->m_len > MAX_MRU) {
510 log_Printf(LogWARN, "nat_LayerPull: Problem with IP header length (%lu)\n",
511 (unsigned long)bp->m_len);
512 m_freem(bp);
513 return NULL;
516 switch (ret) {
517 case PKT_ALIAS_OK:
518 break;
520 case PKT_ALIAS_UNRESOLVED_FRAGMENT:
521 /* Save the data for later */
522 fptr = malloc(bp->m_len);
523 bp = mbuf_Read(bp, fptr, bp->m_len);
524 PacketAliasSaveFragment(fptr);
525 log_Printf(LogDEBUG, "Store another frag (%lu) - now %d\n",
526 (unsigned long)((struct ip *)fptr)->ip_id, ++gfrags);
527 break;
529 case PKT_ALIAS_FOUND_HEADER_FRAGMENT:
530 /* Fetch all the saved fragments and chain them on the end of `bp' */
531 last = &bp->m_nextpkt;
532 nfrags = 0;
533 while ((fptr = PacketAliasGetFragment(MBUF_CTOP(bp))) != NULL) {
534 nfrags++;
535 PacketAliasFragmentIn(MBUF_CTOP(bp), fptr);
536 len = ntohs(((struct ip *)fptr)->ip_len);
537 *last = m_get(len, MB_NATIN);
538 memcpy(MBUF_CTOP(*last), fptr, len);
539 free(fptr);
540 last = &(*last)->m_nextpkt;
542 gfrags -= nfrags;
543 log_Printf(LogDEBUG, "Found a frag header (%lu) - plus %d more frags (no"
544 "w %d)\n", (unsigned long)((struct ip *)MBUF_CTOP(bp))->ip_id,
545 nfrags, gfrags);
546 break;
548 case PKT_ALIAS_IGNORED:
549 if (PacketAliasSetMode(0, 0) & PKT_ALIAS_DENY_INCOMING) {
550 log_Printf(LogTCPIP, "NAT engine denied data:\n");
551 m_freem(bp);
552 bp = NULL;
553 } else if (log_IsKept(LogTCPIP)) {
554 log_Printf(LogTCPIP, "NAT engine ignored data:\n");
555 PacketCheck(bundle, AF_INET, MBUF_CTOP(bp), bp->m_len, NULL,
556 NULL, NULL);
558 break;
560 default:
561 log_Printf(LogWARN, "nat_LayerPull: Dropped a packet (%d)....\n", ret);
562 m_freem(bp);
563 bp = NULL;
564 break;
567 return bp;
570 struct layer natlayer =
571 { LAYER_NAT, "nat", nat_LayerPush, nat_LayerPull };