2dd913692e
large amount of data amongst other things). Add an rc.d(8) script. Add a _tproxy user/group and make tproxy runs as this user by default. Remove jakob@ from maintainer per his request. While here, do some cleanings: * clean-up indent * don't overwrite CC, CFLAGS and PREFIX * fix patch naming * fix a wording in DESCR * comment tproxyrun and tproxywatch, they are useless under OpenBSD
103 lines
2.5 KiB
Plaintext
103 lines
2.5 KiB
Plaintext
$OpenBSD: patch-tproxy_c,v 1.1 2011/03/07 07:25:40 ajacoutot Exp $
|
|
--- tproxy.c.orig Mon Mar 7 07:35:22 2011
|
|
+++ tproxy.c Mon Mar 7 07:38:04 2011
|
|
@@ -49,10 +49,26 @@
|
|
# include <netinet/ip_nat.h>
|
|
#endif
|
|
|
|
+#ifdef OPENBSD_PF
|
|
+# include <sys/ioctl.h>
|
|
+# include <netinet/in_systm.h>
|
|
+# include <netinet/ip.h>
|
|
+# include <netinet/tcp.h>
|
|
+# include <net/if.h>
|
|
+# include <net/pfvar.h>
|
|
+#endif /* OPENBSD_PF */
|
|
+
|
|
#if defined(IPTABLES) && defined(__linux__)
|
|
# include <linux/netfilter_ipv4.h>
|
|
#endif
|
|
|
|
+#ifdef OPENBSD_PF
|
|
+/*
|
|
+ * The /dev/pf device node.
|
|
+ */
|
|
+static int pfdev = -1;
|
|
+#endif /* OPENBSD_PF */
|
|
+
|
|
#ifdef TCP_WRAPPERS
|
|
# include <tcpd.h>
|
|
#endif
|
|
@@ -372,6 +388,17 @@ int main(int argc, char **argv)
|
|
}
|
|
#endif
|
|
|
|
+#ifdef OPENBSD_PF
|
|
+ /*
|
|
+ * Open /dev/pf before giving up our uid/gif.
|
|
+ */
|
|
+ if ((pfdev = open("/dev/pf", O_RDWR)) < 0)
|
|
+ {
|
|
+ perror("open(\"/dev/pf\")");
|
|
+ exit(1);
|
|
+ }
|
|
+#endif /* OPENBSD_PF */
|
|
+
|
|
#ifdef LOG_TO_FILE
|
|
/*
|
|
* Open the log file for the first time.
|
|
@@ -1025,6 +1052,9 @@ static void trans_proxy(int sock, struct sockaddr_in *
|
|
#ifdef IPFILTER
|
|
natlookup_t natlook;
|
|
#endif
|
|
+#ifdef OPENBSD_PF
|
|
+ struct pfioc_natlook natlook;
|
|
+#endif /* OPENBSD_PF */
|
|
|
|
/*
|
|
* Initialise the connection structure.
|
|
@@ -1099,6 +1129,34 @@ static void trans_proxy(int sock, struct sockaddr_in *
|
|
conn.dest_addr.sin_port = natlook.nl_realport;
|
|
#endif
|
|
|
|
+#ifdef OPENBSD_PF
|
|
+ /*
|
|
+ * Build up the PF natlookup structure.
|
|
+ */
|
|
+ memset((void *)&natlook, 0, sizeof(natlook));
|
|
+ natlook.af = AF_INET;
|
|
+ natlook.saddr.addr32[0] = conn.client_addr.sin_addr.s_addr;
|
|
+ natlook.daddr.addr32[0] = conn.dest_addr.sin_addr.s_addr;
|
|
+ natlook.proto = IPPROTO_TCP;
|
|
+ natlook.sport = conn.client_addr.sin_port;
|
|
+ natlook.dport = conn.dest_addr.sin_port;
|
|
+ natlook.direction = PF_OUT;
|
|
+
|
|
+ /*
|
|
+ * Use the PF device to lookup the mapping pair.
|
|
+ */
|
|
+ if (ioctl(pfdev, DIOCNATLOOK, &natlook) == -1)
|
|
+ {
|
|
+# if defined(LOG_TO_SYSLOG) || defined(LOG_FAULTS_TO_SYSLOG)
|
|
+ syslog(LOG_ERR, "ioctl(DIOCNATLOOK): %m");
|
|
+# endif
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ conn.dest_addr.sin_addr.s_addr = natlook.rdaddr.addr32[0];
|
|
+ conn.dest_addr.sin_port = natlook.rdport;
|
|
+#endif /* OPENBSD_PF */
|
|
+
|
|
#endif/*!IPTABLES*/
|
|
|
|
/*
|
|
@@ -2061,7 +2119,7 @@ static void write_pid(char *prog)
|
|
static void alarm_signal(int sig)
|
|
{
|
|
#if defined(LOG_TO_SYSLOG) || defined(LOG_FAULTS_TO_SYSLOG)
|
|
- syslog(LOG_NOTICE, "Alarm signal caught - connection timeout");
|
|
+ syslog(LOG_DEBUG, "Alarm signal caught - connection timeout");
|
|
#endif
|
|
if (!ignore_alarm)
|
|
exit(1);
|