~mdw / fwd / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update manual style.
[fwd] / inet.c
1 /* -*-c-*-
2 *
3 * $Id: inet.c,v 1.3 2000/08/01 17:59:56 mdw Exp $
4 *
5 * Protocol specific definitions for IPv4 sockets
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of the `fw' port forwarder.
13 *
14 * `fw' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * `fw' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with `fw'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 */
28
29 /*----- Revision history --------------------------------------------------*
30 *
31 * $Log: inet.c,v $
32 * Revision 1.3 2000/08/01 17:59:56 mdw
33 * Switch over to using `size_t' for socket address lengths.
34 *
35 * Revision 1.2 1999/07/27 18:30:53 mdw
36 * Various minor portability fixes.
37 *
38 * Revision 1.1 1999/07/26 23:34:11 mdw
39 * New socket address types.
40 *
41 */
42
43 /*----- Header files ------------------------------------------------------*/
44
45 #include "config.h"
46
47 #include <ctype.h>
48 #include <errno.h>
49 #include <stdio.h>
50 #include <stdlib.h>
51 #include <string.h>
52
53 #include <sys/types.h>
54 #include <unistd.h>
55
56 #include <sys/socket.h>
57 #include <netinet/in.h>
58 #include <arpa/inet.h>
59 #include <netdb.h>
60
61 #include <mLib/alloc.h>
62 #include <mLib/dstr.h>
63 #include <mLib/report.h>
64 #include <mLib/sub.h>
65
66 #include "acl.h"
67 #include "addr.h"
68 #include "conf.h"
69 #include "identify.h"
70 #include "inet.h"
71 #include "reffd.h"
72 #include "scan.h"
73
74 /*----- Data structures ---------------------------------------------------*/
75
76 typedef struct inet_addrx {
77 addr a;
78 struct sockaddr_in sin;
79 } inet_addrx;
80
81 typedef struct inet_opts {
82 addr_opts ao;
83 acl_entry *acl;
84 acl_entry **acltail;
85 } inet_opts;
86
87 /*----- Protocol operations -----------------------------------------------*/
88
89 /* --- @read@ --- */
90
91 static addr *inet_read(scanner *sc, unsigned type)
92 {
93 inet_addrx *ia = xmalloc(sizeof(*ia));
94
95 ia->a.ops = &inet_ops;
96 ia->a.sz = sizeof(struct sockaddr_in);
97 memset(&ia->sin, 0, sizeof(ia->sin));
98 ia->sin.sin_family = AF_INET;
99
100 /* --- Read the host address part --- */
101
102 switch (type) {
103 case ADDR_SRC:
104 if (sc->t == CTOK_WORD && strcmp(sc->d.buf, "port") == 0)
105 token(sc);
106 ia->sin.sin_addr.s_addr = htonl(INADDR_ANY);
107 break;
108 case ADDR_DEST: {
109 struct hostent *h;
110 dstr d = DSTR_INIT;
111 conf_name(sc, '.', &d);
112 if ((h = gethostbyname(d.buf)) == 0)
113 error(sc, "couldn't resolve Internet address `%s'", d.buf);
114 memcpy(&ia->sin.sin_addr, h->h_addr, sizeof(struct in_addr));
115 dstr_destroy(&d);
116 if (sc->t == ':')
117 token(sc);
118 } break;
119 }
120
121 /* --- Read the port number --- */
122
123 {
124 struct servent *s;
125
126 if (sc->t != CTOK_WORD)
127 error(sc, "parse error, TCP port expected");
128 if (isdigit((unsigned char)sc->d.buf[0]))
129 ia->sin.sin_port = htons(atoi(sc->d.buf));
130 else if ((s = getservbyname(sc->d.buf, "tcp")) == 0)
131 error(sc, "unknown tcp service `%s'", sc->d.buf);
132 else
133 ia->sin.sin_port = s->s_port;
134 token(sc);
135 }
136
137 return (&ia->a);
138 }
139
140 /* --- @destroy@ --- */
141
142 static void inet_destroy(addr *a)
143 {
144 inet_addrx *ia = (inet_addrx *)a;
145 DESTROY(ia);
146 }
147
148 /* --- @print@ --- */
149
150 static void inet_print(addr *a, unsigned type, dstr *d)
151 {
152 inet_addrx *ia = (inet_addrx *)a;
153 switch (type) {
154 case ADDR_SRC:
155 dstr_putf(d, "inet:%u", (unsigned)ntohs(ia->sin.sin_port));
156 break;
157 case ADDR_DEST:
158 dstr_putf(d, "inet:%s:%u",
159 inet_ntoa(ia->sin.sin_addr),
160 (unsigned)ntohs(ia->sin.sin_port));
161 break;
162 }
163 }
164
165 /* --- @initopts@ --- */
166
167 static addr_opts *inet_initopts(void)
168 {
169 inet_opts *io = CREATE(inet_opts);
170 io->acl = 0;
171 io->acltail = &io->acl;
172 return (&io->ao);
173 }
174
175 /* --- @option@ --- */
176
177 static int inet_option(scanner *sc, addr_opts *ao)
178 {
179 inet_opts *io = (inet_opts *)ao;
180
181 CONF_BEGIN(sc, "inet", "Internet socket")
182
183 unsigned act;
184
185 /* --- Access control limitations --- */
186
187 if ((strcmp(sc->d.buf, "allow") == 0 && (act = ACL_ALLOW, 1)) ||
188 (strcmp(sc->d.buf, "deny") == 0 && (act = ACL_DENY, 1))) {
189 struct hostent *h;
190 struct netent *n;
191 struct in_addr a, m;
192 dstr d = DSTR_INIT;
193
194 /* --- Find the host or network address --- */
195
196 token(sc);
197 if (sc->t == CTOK_WORD && strcmp(sc->d.buf, "from") == 0)
198 token(sc);
199 conf_name(sc, '.', &d);
200 if ((n = getnetbyname(d.buf)) != 0)
201 a.s_addr = htonl(n->n_net);
202 else if ((h = gethostbyname(d.buf)) == 0)
203 error(sc, "couldn't resolve address `%s'", d.buf);
204 else
205 memcpy(&a, h->h_addr, sizeof(struct in_addr));
206
207 /* --- Find the netmask, if any --- */
208
209 if (sc->t != '/')
210 m.s_addr = ~0ul;
211 else {
212 token(sc);
213 DRESET(&d);
214 conf_name(sc, '.', &d);
215 if (strchr(d.buf, '.') == 0) {
216 int n = atoi(d.buf);
217 if (n == 0)
218 m.s_addr = 0;
219 else
220 m.s_addr = htonl((~0ul << (32 - n)) & 0xffffffff);
221 } else {
222 #ifdef HAVE_INET_ATON
223 if (!inet_aton(d.buf, &m))
224 error(sc, "bad netmask `%s'", d.buf);
225 #else
226 m.s_addr = inet_addr(d.buf);
227 #endif
228 }
229 }
230 dstr_destroy(&d);
231
232 /* --- Add the access control entry --- */
233
234 acl_add(io ? &io->acltail : 0, act, a, m);
235 CONF_ACCEPT;
236 }
237
238 /* --- Anything unrecognized --- */
239
240 CONF_END;
241 }
242
243 /* --- @accept@ --- */
244
245 static reffd *inet_accept(int fd, addr_opts *ao, const char *desc)
246 {
247 inet_opts *io = (inet_opts *)ao;
248 int nfd;
249 id_req q;
250 size_t lsinsz = sizeof(q.lsin), rsinsz = sizeof(q.rsin);
251
252 /* --- Accept the new connection --- */
253
254 if ((nfd = accept(fd, (struct sockaddr *)&q.rsin, &rsinsz)) < 0)
255 return (0);
256 if (getsockname(nfd, (struct sockaddr *)&q.lsin, &lsinsz)) {
257 close(nfd);
258 return (0);
259 }
260 q.desc = desc;
261 q.r = reffd_init(nfd);
262
263 /* --- Find out whether this connection is allowed --- */
264
265 if (!acl_check(io->acl, q.rsin.sin_addr)) {
266 q.act = "refused";
267 if (!(io->ao.f & ADDRF_NOLOG))
268 identify(&q);
269 REFFD_DEC(q.r);
270 return (0);
271 }
272
273 /* --- Everything seems to be OK --- */
274
275 q.act = "accepted";
276 if (!(io->ao.f & ADDRF_NOLOG))
277 identify(&q);
278 return (q.r);
279 }
280
281 /* --- @freeopts@ --- */
282
283 static void inet_freeopts(addr_opts *ao)
284 {
285 inet_opts *io = (inet_opts *)ao;
286 acl_free(io->acl);
287 DESTROY(ao);
288 }
289
290 /* --- Ops table --- */
291
292 addr_ops inet_ops = {
293 "inet", PF_INET,
294 inet_read, inet_destroy, inet_print,
295 inet_initopts, inet_option, inet_accept, inet_freeopts, 0, 0
296 };
297
298 /*----- That's all, folks -------------------------------------------------*/
Port forwarder with too many features