- add support for the new packet filter
- mark unbroken - md5 -> distinfo ok jakob@
This commit is contained in:
parent
217845dead
commit
7c9fa29eaa
@ -1,9 +1,7 @@
|
||||
# $OpenBSD: Makefile,v 1.11 2001/08/21 20:44:00 jakob Exp $
|
||||
# $OpenBSD: Makefile,v 1.12 2001/12/06 07:28:11 jasoni Exp $
|
||||
|
||||
COMMENT= "transparent www proxy driver for IPFILTER"
|
||||
|
||||
BROKEN= "requires ipf"
|
||||
|
||||
DISTNAME= transproxy-1.4
|
||||
CATEGORIES= www net
|
||||
NEED_VERSION= 1.402
|
||||
|
@ -1,15 +1,16 @@
|
||||
--- Makefile.orig Fri Aug 18 08:35:46 2000
|
||||
+++ Makefile Tue Oct 3 09:37:23 2000
|
||||
@@ -44,7 +44,7 @@
|
||||
OPTIONS += -DLOG_TO_FILE_LINEBUFF
|
||||
|
||||
--- Makefile.orig Thu Aug 17 23:35:46 2000
|
||||
+++ Makefile Fri Nov 30 13:24:09 2001
|
||||
@@ -46,6 +46,9 @@ OPTIONS += -DLOG_TO_FILE_LINEBUFF
|
||||
# BSD IPFILTER mechanism for fetching intended destination address.
|
||||
-#OPTIONS += -DIPFILTER
|
||||
+OPTIONS += -DIPFILTER
|
||||
#OPTIONS += -DIPFILTER
|
||||
|
||||
+# OpenBSD PF mechanism for fetching intended destination address.
|
||||
+OPTIONS += -DOPENBSD_PF
|
||||
+
|
||||
# linux-2.4 iptables mechanism for fetching intended destination address.
|
||||
#OPTIONS += -DIPTABLES
|
||||
@@ -53,8 +53,8 @@
|
||||
|
||||
@@ -53,8 +56,8 @@ OPTIONS += -DLOG_TO_FILE_LINEBUFF
|
||||
#OPTIONS += -DDO_DOUBLE_FORK
|
||||
|
||||
# Define these to enable tcp_wrappers. You can use the built-in ACLs instead though.
|
||||
|
@ -1,15 +1,95 @@
|
||||
--- tproxy.c.orig Sun Oct 1 03:59:31 2000
|
||||
+++ tproxy.c Tue Oct 3 09:38:54 2000
|
||||
@@ -44,7 +44,11 @@
|
||||
# include <netinet/ip.h>
|
||||
# include <netinet/tcp.h>
|
||||
# include <net/if.h>
|
||||
-# include <netinet/ip_compat.h>
|
||||
+#ifdef __OpenBSD__
|
||||
+# include <netinet/ip_fil_compat.h>
|
||||
+#else
|
||||
+# include <netinet/ip_compat.h>
|
||||
+#endif
|
||||
# include <netinet/ip_fil.h>
|
||||
--- tproxy.c.orig Sun Feb 4 05:13:48 2001
|
||||
+++ tproxy.c Fri Nov 30 13:39:20 2001
|
||||
@@ -49,6 +49,15 @@
|
||||
# include <netinet/ip_nat.h>
|
||||
#endif
|
||||
|
||||
+#ifdef OPENBSD_PF
|
||||
+# include <sys/ioctl.h>
|
||||
+# include <netinet/in_systm.h>
|
||||
+# include <netinet/ip.h>
|
||||
+# include <netinet/tcp.h>
|
||||
+# include <net/if.h>
|
||||
+# include <net/pfvar.h>
|
||||
+#endif /* OPENBSD_PF */
|
||||
+
|
||||
#ifdef IPTABLES
|
||||
# include <linux/netfilter_ipv4.h>
|
||||
#endif
|
||||
@@ -188,6 +197,13 @@ static FILE *log_file = NULL;
|
||||
static int natdev = -1;
|
||||
#endif
|
||||
|
||||
+#ifdef OPENBSD_PF
|
||||
+/*
|
||||
+ * The /dev/pf device node.
|
||||
+ */
|
||||
+static int pfdev = -1;
|
||||
+#endif /* OPENBSD_PF */
|
||||
+
|
||||
#ifdef TCP_WRAPPERS
|
||||
/*
|
||||
* The syslog levels for tcp_wrapper checking.
|
||||
@@ -370,6 +386,17 @@ int main(int argc, char **argv)
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifdef OPENBSD_PF
|
||||
+ /*
|
||||
+ * Open /dev/pf before giving up our uid/gif.
|
||||
+ */
|
||||
+ if ((pfdev = open("/dev/pf", O_RDWR)) < 0)
|
||||
+ {
|
||||
+ perror("open(\"/dev/pf\")");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+#endif /* OPENBSD_PF */
|
||||
+
|
||||
#ifdef LOG_TO_FILE
|
||||
/*
|
||||
* Open the log file for the first time.
|
||||
@@ -1002,6 +1029,9 @@ static void trans_proxy(int sock, struct
|
||||
#ifdef IPFILTER
|
||||
natlookup_t natlook;
|
||||
#endif
|
||||
+#ifdef OPENBSD_PF
|
||||
+ struct pfioc_natlook natlook;
|
||||
+#endif /* OPENBSD_PF */
|
||||
|
||||
/*
|
||||
* Initialise the connection structure.
|
||||
@@ -1078,6 +1108,34 @@ static void trans_proxy(int sock, struct
|
||||
conn.dest_addr.sin_addr = natlook.nl_realip;
|
||||
conn.dest_addr.sin_port = natlook.nl_realport;
|
||||
#endif
|
||||
+
|
||||
+#ifdef OPENBSD_PF
|
||||
+ /*
|
||||
+ * Build up the PF natlookup structure.
|
||||
+ */
|
||||
+ memset((void *)&natlook, 0, sizeof(natlook));
|
||||
+ natlook.af = AF_INET;
|
||||
+ natlook.saddr.addr32[0] = conn.client_addr.sin_addr.s_addr;
|
||||
+ natlook.daddr.addr32[0] = conn.dest_addr.sin_addr.s_addr;
|
||||
+ natlook.proto = IPPROTO_TCP;
|
||||
+ natlook.sport = conn.client_addr.sin_port;
|
||||
+ natlook.dport = conn.dest_addr.sin_port;
|
||||
+ natlook.direction = PF_OUT;
|
||||
+
|
||||
+ /*
|
||||
+ * Use the PF device to lookup the mapping pair.
|
||||
+ */
|
||||
+ if (ioctl(pfdev, DIOCNATLOOK, &natlook) == -1)
|
||||
+ {
|
||||
+# if defined(LOG_TO_SYSLOG) || defined(LOG_FAULTS_TO_SYSLOG)
|
||||
+ syslog(LOG_ERR, "ioctl(DIOCNATLOOK): %m");
|
||||
+# endif
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ conn.dest_addr.sin_addr.s_addr = natlook.rdaddr.addr32[0];
|
||||
+ conn.dest_addr.sin_port = natlook.rdport;
|
||||
+#endif /* OPENBSD_PF */
|
||||
|
||||
#endif/*!IPTABLES*/
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user