From 7f91436fead9673d99b74d0e0f797f7c45223248 Mon Sep 17 00:00:00 2001 From: Genadijus Paleckis Date: Mon, 2 Jan 2012 14:55:43 +0100 Subject: Ported to OpenBSD * In particular use /dev/pf for transparent client lookups --- common/smtppass.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ configure.in | 4 ++++ 2 files changed, 51 insertions(+) diff --git a/common/smtppass.c b/common/smtppass.c index 45ad0b7..0d0bc33 100644 --- a/common/smtppass.c +++ b/common/smtppass.c @@ -73,6 +73,14 @@ #include #endif +#ifdef USE_PF_NATLOOKUP +#include + +#include +#include +#include +#endif /* USE_PF_NATLOOKUP */ + #include "compat.h" #include "sock_any.h" #include "stringx.h" @@ -801,6 +809,11 @@ static int make_connections(spctx_t* ctx, int client) const char* dstname; const char* srcname; +#ifdef USE_PF_NATLOOKUP + struct pfioc_natlook nl; + int dev; +#endif /* USE_PF_NATLOOKUP */ + ASSERT(client != -1); /* Setup the incoming connection. This also fills in peeraddr for us */ @@ -829,6 +842,40 @@ static int make_connections(spctx_t* ctx, int client) return -1; } +#ifdef USE_PF_NATLOOKUP + dev = open("/dev/pf", O_RDWR); + if (dev == -1) { + sp_message(ctx, LOG_ERR, "open(\"/dev/pf\") failed"); + return -1; + } + + memset(&nl, 0, sizeof(struct pfioc_natlook)); + + memcpy(&nl.saddr.v4.s_addr, &(peeraddr.s.in.sin_addr), sizeof(struct in_addr)); + nl.sport = peeraddr.s.in.sin_port; + + memcpy(&nl.daddr.v4.s_addr, &(addr.s.in.sin_addr), sizeof(struct in_addr)); + nl.dport = addr.s.in.sin_port; + + nl.af = AF_INET; + nl.proto = IPPROTO_TCP; + + if (ioctl(dev, DIOCNATLOOK, &nl)) { + sp_message(ctx, LOG_ERR, "DIOCNATLOOK"); + return -1; + } + + if (close(dev) != 0) { + sp_message(ctx, LOG_ERR, "close(\"/dev/pf\") failed"); + return -1; + } + + memcpy(&(addr.s.in.sin_addr), &nl.rdaddr.v4.s_addr, + sizeof(struct in_addr)); + addr.s.in.sin_port = nl.rdport; + addr.s.in.sin_family = AF_INET; +#endif /* USE_PF_NATLOOKUP */ + /* Check address types */ if(sock_any_cmp(&addr, &peeraddr, SANY_OPT_NOPORT) == 0) { diff --git a/configure.in b/configure.in index 1b2b485..0f69b88 100644 --- a/configure.in +++ b/configure.in @@ -88,6 +88,10 @@ AC_CHECK_HEADERS([linux/types.h linux/netfilter_ipv4.h], ]] ) +# Check for OpenBSD type transparent proxy support +AC_CHECK_HEADERS([net/pfvar.h], + AC_DEFINE(USE_PF_NATLOOKUP, 1, [Whether the system supports OpenBSD packet filter for transparent proxy]),,) + # Checks for typedefs, structures, and compiler characteristics. AC_TYPE_SIZE_T -- cgit v1.2.3