2 * Copyright (c) 2014 - 2018 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Bill Yuan <bycn82@dragonflybsd.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <sys/sockio.h>
39 #include <sys/sysctl.h>
43 #include <arpa/inet.h>
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/ip.h>
64 #include <netinet/ip_icmp.h>
65 #include <netinet/tcp.h>
67 #include <net/if_dl.h>
68 #include <net/route.h>
69 #include <net/ethernet.h>
71 #include <net/ipfw3/ip_fw3.h>
72 #include <net/ipfw3_basic/ip_fw3_table.h>
73 #include <net/ipfw3_basic/ip_fw3_sync.h>
74 #include <net/ipfw3_basic/ip_fw3_basic.h>
75 #include <net/ipfw3_nat/ip_fw3_nat.h>
76 #include <net/dummynet3/ip_dummynet3.h>
88 nat_config_add(int ac, char **av)
93 char *id, buf[LEN_NAT_CMD_BUF];
95 memset(buf, 0, LEN_NAT_CMD_BUF);
96 ioc = (struct ioc_nat *)buf;
99 if (ac && isdigit(**av)) {
102 if (ioc->id <= 0 || ioc->id > NAT_ID_MAX) {
103 errx(EX_DATAERR, "invalid nat id");
106 errx(EX_DATAERR, "missing nat id");
111 if (strncmp(*av, "ip", strlen(*av))) {
112 errx(EX_DATAERR, "missing `ip'");
117 if (!inet_aton(*av, ip)) {
118 errx(EX_DATAERR, "bad ip addr `%s'", *av);
126 error = do_set_x(IP_FW_NAT_ADD, ioc, len);
128 err(1, "do_set_x(%s)", "IP_FW_NAT_ADD");
131 /* show the rule after configured */
133 char *_av[] = {"config", id};
134 nat_config_get(_ac, _av);
138 nat_config_show(char *buf, int nbytes, int nat_id)
144 while (len < nbytes) {
145 ioc = (struct ioc_nat *)(buf + len);
146 if (nat_id == 0 || ioc->id == nat_id) {
147 printf("ipfw3 nat %u config ip", ioc->id);
151 for (n = 0; n < ioc->count; n++) {
152 if (nat_id == 0 || ioc->id == nat_id) {
153 printf(" %s", inet_ntoa(*ip));
158 if (nat_id == 0 || ioc->id == nat_id) {
165 nat_config_get(int ac, char **av)
177 nat_id = strtoul(*av, NULL, 10);
181 while (nbytes >= nalloc) {
184 if ((data = realloc(data, nbytes)) == NULL) {
185 err(EX_OSERR, "realloc");
187 if (do_get_x(IP_FW_NAT_GET, data, &nbytes) < 0) {
188 err(EX_OSERR, "do_get_x(IP_FW_NAT_GET)");
194 nat_config_show(data, nbytes, nat_id);
198 nat_config_delete(int ac, char *av[])
205 if (do_set_x(IP_FW_NAT_DEL, &i, sizeof(i)) == -1)
206 errx(EX_USAGE, "NAT %d in use or not exists", i);
210 nat_state_show(int ac, char **av)
223 nat_id = strtoul(*av, NULL, 10);
226 while (nbytes >= nalloc) {
229 if ((data = realloc(data, nbytes)) == NULL) {
230 err(EX_OSERR, "realloc");
232 memcpy(data, &nat_id, sizeof(int));
233 if (do_get_x(IP_FW_NAT_GET_RECORD, data, &nbytes) < 0) {
234 err(EX_OSERR, "do_get_x(IP_FW_NAT_GET_RECORD)");
240 struct ioc_nat_state *ioc;
241 ioc =(struct ioc_nat_state *)data;
242 int count = nbytes / LEN_IOC_NAT_STATE;
244 for (i = 0; i < count; i ++) {
245 printf("%d %d", ioc->nat_id, ioc->cpu_id);
246 if (ioc->proto == IPPROTO_ICMP) {
248 } else if (ioc->proto == IPPROTO_TCP) {
250 } else if (ioc->proto == IPPROTO_UDP) {
253 printf(" %s:%hu",inet_ntoa(ioc->src_addr),
254 htons(ioc->src_port));
255 printf(" %s:%hu",inet_ntoa(ioc->alias_addr),
256 htons(ioc->alias_port));
257 printf(" %s:%hu",inet_ntoa(ioc->dst_addr),
258 htons(ioc->dst_port));
259 printf(" %c", ioc->direction? 'o' : 'i');
260 printf(" %lld", (long long)ioc->life);
267 nat_config_flush(void)
269 int cmd = IP_FW_NAT_FLUSH;
273 printf("Are you sure? [yn] ");
276 c = toupper(getc(stdin));
277 while (c != '\n' && getc(stdin) != '\n')
279 return; /* and do not flush */
280 } while (c != 'Y' && c != 'N');
281 if (c == 'N') /* user said no */
284 if (do_set_x(cmd, NULL, 0) < 0 ) {
285 errx(EX_USAGE, "NAT configuration in use");
288 printf("Flushed all nat configurations");
293 nat_main(int ac, char **av)
295 if (!strncmp(*av, "config", strlen(*av))) {
296 nat_config_add(ac, av);
297 } else if (!strncmp(*av, "flush", strlen(*av))) {
299 } else if (!strncmp(*av, "show", strlen(*av))) {
300 if (ac > 2 && isdigit(*(av[1]))) {
306 if (!strncmp(*av, "config", strlen(*av))) {
307 nat_config_get(ac, av);
308 } else if (!strncmp(*av, "state", strlen(*av))) {
309 nat_state_show(ac,av);
311 errx(EX_USAGE, "bad nat show command `%s'", *av);
313 } else if (!strncmp(*av, "delete", strlen(*av))) {
314 nat_config_delete(ac, av);
316 errx(EX_USAGE, "bad ipfw nat command `%s'", *av);