From e842c54054b846061bf92d0f8a23ee3126ede6a9 Mon Sep 17 00:00:00 2001 From: Alexander Motin Date: Tue, 22 May 2007 12:23:39 +0000 Subject: [PATCH] Add support for setmode and settarget messages. Approved by: glebius (mentor) --- share/man/man4/ng_nat.4 | 21 ++++++++++++ sys/netgraph/ng_nat.c | 76 +++++++++++++++++++++++++++++++++++++++++ sys/netgraph/ng_nat.h | 23 +++++++++++++ 3 files changed, 120 insertions(+) diff --git a/share/man/man4/ng_nat.4 b/share/man/man4/ng_nat.4 index 3d6d04fdde3..dcb521f7fa7 100644 --- a/share/man/man4/ng_nat.4 +++ b/share/man/man4/ng_nat.4 @@ -60,6 +60,27 @@ This node type supports the generic control messages, plus the following: Configure aliasing address for a node. After both hooks have been connected and aliasing address was configured, a node is ready for aliasing operation. +.It Dv NGM_NAT_SET_MODE Pq Li setmode +Set node's operation mode using supplied +.Vt "struct ng_nat_mode". +.Bd -literal +struct ng_nat_mode { + uint32_t flags; + uint32_t mask; +}; +/* Supported flags: */ +#define NG_NAT_LOG 0x01 +#define NG_NAT_DENY_INCOMING 0x02 +#define NG_NAT_SAME_PORTS 0x04 +#define NG_NAT_UNREGISTERED_ONLY 0x10 +#define NG_NAT_RESET_ON_ADDR_CHANGE 0x20 +#define NG_NAT_PROXY_ONLY 0x40 +#define NG_NAT_REVERSE 0x80 +.Ed +.It Dv NGM_NAT_SET_TARGET Pq Li settarget +Configure target address for a node. +When an incoming packet not associated with any pre-existing aliasing +link arrives at the host machine, it will be sent to the specified address. .El .Sh SHUTDOWN This node shuts down upon receipt of a diff --git a/sys/netgraph/ng_nat.c b/sys/netgraph/ng_nat.c index 761d38f9f62..fb6e947ad4b 100644 --- a/sys/netgraph/ng_nat.c +++ b/sys/netgraph/ng_nat.c @@ -56,6 +56,16 @@ static ng_newhook_t ng_nat_newhook; static ng_rcvdata_t ng_nat_rcvdata; static ng_disconnect_t ng_nat_disconnect; +static unsigned int ng_nat_translate_flags(unsigned int x); + +/* Parse type for struct ng_nat_mode. */ +static const struct ng_parse_struct_field ng_nat_mode_fields[] + = NG_NAT_MODE_INFO; +static const struct ng_parse_type ng_nat_mode_type = { + &ng_parse_struct_type, + ng_nat_mode_fields +}; + /* List of commands and how to convert arguments to/from ASCII. */ static const struct ng_cmdlist ng_nat_cmdlist[] = { { @@ -65,6 +75,20 @@ static const struct ng_cmdlist ng_nat_cmdlist[] = { &ng_parse_ipaddr_type, NULL }, + { + NGM_NAT_COOKIE, + NGM_NAT_SET_MODE, + "setmode", + &ng_nat_mode_type, + NULL + }, + { + NGM_NAT_COOKIE, + NGM_NAT_SET_TARGET, + "settarget", + &ng_parse_ipaddr_type, + NULL + }, { 0 } }; @@ -178,6 +202,36 @@ ng_nat_rcvmsg(node_p node, item_p item, hook_p lasthook) priv->flags |= NGNAT_ADDR_DEFINED; } break; + case NGM_NAT_SET_MODE: + { + struct ng_nat_mode *const mode = + (struct ng_nat_mode *)msg->data; + + if (msg->header.arglen < sizeof(*mode)) { + error = EINVAL; + break; + } + + if (LibAliasSetMode(priv->lib, + ng_nat_translate_flags(mode->flags), + ng_nat_translate_flags(mode->mask)) < 0) { + error = ENOMEM; + break; + } + } + break; + case NGM_NAT_SET_TARGET: + { + struct in_addr *const ia = (struct in_addr *)msg->data; + + if (msg->header.arglen < sizeof(*ia)) { + error = EINVAL; + break; + } + + LibAliasSetTarget(priv->lib, *ia); + } + break; default: error = EINVAL; /* unknown command */ break; @@ -329,3 +383,25 @@ ng_nat_disconnect(hook_p hook) return (0); } +static unsigned int +ng_nat_translate_flags(unsigned int x) +{ + unsigned int res = 0; + + if (x & NG_NAT_LOG) + res |= PKT_ALIAS_LOG; + if (x & NG_NAT_DENY_INCOMING) + res |= PKT_ALIAS_DENY_INCOMING; + if (x & NG_NAT_SAME_PORTS) + res |= PKT_ALIAS_SAME_PORTS; + if (x & NG_NAT_UNREGISTERED_ONLY) + res |= PKT_ALIAS_UNREGISTERED_ONLY; + if (x & NG_NAT_RESET_ON_ADDR_CHANGE) + res |= PKT_ALIAS_RESET_ON_ADDR_CHANGE; + if (x & NG_NAT_PROXY_ONLY) + res |= PKT_ALIAS_PROXY_ONLY; + if (x & NG_NAT_REVERSE) + res |= PKT_ALIAS_REVERSE; + + return (res); +} diff --git a/sys/netgraph/ng_nat.h b/sys/netgraph/ng_nat.h index 5afcec55a26..a548cd261e7 100644 --- a/sys/netgraph/ng_nat.h +++ b/sys/netgraph/ng_nat.h @@ -32,6 +32,29 @@ #define NG_NAT_HOOK_IN "in" #define NG_NAT_HOOK_OUT "out" +/* Arguments for NGM_NAT_SET_MODE message */ +struct ng_nat_mode { + uint32_t flags; + uint32_t mask; +}; + +/* Keep this in sync with the above structure definition */ +#define NG_NAT_MODE_INFO { \ + { "flags", &ng_parse_uint32_type }, \ + { "mask", &ng_parse_uint32_type }, \ + { NULL } \ +} + +#define NG_NAT_LOG 0x01 +#define NG_NAT_DENY_INCOMING 0x02 +#define NG_NAT_SAME_PORTS 0x04 +#define NG_NAT_UNREGISTERED_ONLY 0x10 +#define NG_NAT_RESET_ON_ADDR_CHANGE 0x20 +#define NG_NAT_PROXY_ONLY 0x40 +#define NG_NAT_REVERSE 0x80 + enum { NGM_NAT_SET_IPADDR = 1, + NGM_NAT_SET_MODE, + NGM_NAT_SET_TARGET, };