diff options
author | Paolo Pisati <piso@FreeBSD.org> | 2009-02-07 18:49:42 +0000 |
---|---|---|
committer | Paolo Pisati <piso@FreeBSD.org> | 2009-02-07 18:49:42 +0000 |
commit | 37ce2656ecc485e9a38169c72d1a64a00f6beb6d (patch) | |
tree | b37eefe3826754719d7024fb68cb7d239167d799 /sbin/ipfw/nat.c | |
parent | 507fe729a1a562b554402a4715645baf0fda57e7 (diff) | |
download | src-37ce2656ecc485e9a38169c72d1a64a00f6beb6d.tar.gz src-37ce2656ecc485e9a38169c72d1a64a00f6beb6d.zip |
Add SCTP NAT support.
Submitted by: CAIA (http://caia.swin.edu.au)
Notes
Notes:
svn path=/head/; revision=188294
Diffstat (limited to 'sbin/ipfw/nat.c')
-rw-r--r-- | sbin/ipfw/nat.c | 67 |
1 files changed, 52 insertions, 15 deletions
diff --git a/sbin/ipfw/nat.c b/sbin/ipfw/nat.c index da8896c157c7..bfc325ab0ca8 100644 --- a/sbin/ipfw/nat.c +++ b/sbin/ipfw/nat.c @@ -257,7 +257,9 @@ StrToProto (const char* str) if (!strcmp (str, "udp")) return IPPROTO_UDP; - errx (EX_DATAERR, "unknown protocol %s. Expected tcp or udp", str); + if (!strcmp (str, "sctp")) + return IPPROTO_SCTP; + errx (EX_DATAERR, "unknown protocol %s. Expected sctp, tcp or udp", str); } static int @@ -433,13 +435,27 @@ setup_redir_port(char *spool_buf, int len, strncpy(tmp_spool_buf, *av, strlen(*av)+1); lsnat = 1; } else { - if (StrToAddrAndPortRange (*av, &r->laddr, protoName, - &portRange) != 0) - errx(EX_DATAERR, "redirect_port:" - "invalid local port range"); + /* + * The sctp nat does not allow the port numbers to be mapped to + * new port numbers. Therefore, no ports are to be specified + * in the target port field. + */ + if (r->proto == IPPROTO_SCTP) { + if (strchr (*av, ':')) + errx(EX_DATAERR, "redirect_port:" + "port numbers do not change in sctp, so do not " + "specify them as part of the target"); + else + StrToAddr(*av, &r->laddr); + } else { + if (StrToAddrAndPortRange (*av, &r->laddr, protoName, + &portRange) != 0) + errx(EX_DATAERR, "redirect_port:" + "invalid local port range"); - r->lport = GETLOPORT(portRange); - numLocalPorts = GETNUMPORTS(portRange); + r->lport = GETLOPORT(portRange); + numLocalPorts = GETNUMPORTS(portRange); + } } INC_ARGCV(); @@ -463,6 +479,10 @@ setup_redir_port(char *spool_buf, int len, } r->pport = GETLOPORT(portRange); + if (r->proto == IPPROTO_SCTP) { /* so the logic below still works */ + numLocalPorts = GETNUMPORTS(portRange); + r->lport = r->pport; + } r->pport_cnt = GETNUMPORTS(portRange); INC_ARGCV(); @@ -518,14 +538,31 @@ setup_redir_port(char *spool_buf, int len, goto nospace; len -= SOF_SPOOL; space += SOF_SPOOL; - if (StrToAddrAndPortRange(sep, &tmp->addr, protoName, - &portRange) != 0) - errx(EX_DATAERR, "redirect_port:" - "invalid local port range"); - if (GETNUMPORTS(portRange) != 1) - errx(EX_DATAERR, "redirect_port: local port" - "must be single in this context"); - tmp->port = GETLOPORT(portRange); + /* + * The sctp nat does not allow the port numbers to be mapped to new port numbers + * Therefore, no ports are to be specified in the target port field + */ + if (r->proto == IPPROTO_SCTP) { + if (strchr (sep, ':')) { + errx(EX_DATAERR, "redirect_port:" + "port numbers do not change in " + "sctp, so do not specify them as " + "part of the target"); + } else { + StrToAddr(sep, &tmp->addr); + tmp->port = r->pport; + } + } else { + if (StrToAddrAndPortRange(sep, &tmp->addr, + protoName, &portRange) != 0) + errx(EX_DATAERR, "redirect_port:" + "invalid local port range"); + if (GETNUMPORTS(portRange) != 1) + errx(EX_DATAERR, "redirect_port: " + "local port must be single in " + "this context"); + tmp->port = GETLOPORT(portRange); + } r->spool_cnt++; /* Point to the next possible cfg_spool. */ spool_buf = &spool_buf[SOF_SPOOL]; |