New option: -redirect_proto.

2 files changed, 91 insertions, 1 deletions

diff --git a/sbin/natd/natd.8 b/sbin/natd/natd.8
index 1feabd1ea0a9..b6cedeeff5a3 100644
--- a/sbin/natd/natd.8
+++ b/sbin/natd/natd.8
@@ -35,6 +35,7 @@ Network Address Translation Daemon
 .Op Fl interface Ar interface
 .Op Fl config Ar configfile
 .Op Fl redirect_port Ar linkspec
+.Op Fl redirect_proto Ar linkspec
 .Op Fl redirect_address Ar linkspec
 .Op Fl reverse
 .Op Fl proxy_only
@@ -139,7 +140,26 @@ be sent to the telnet port on the inside1 machine.
 will redirect incoming connections on ports 3300-3399 to host
 inside2, ports 2300-2399.
 The mapping is 1:1 meaning port 3300 maps to 2300, 3301 maps to 2301, etc.
-
+.It Fl redirect_proto Ar proto localIP Xo
+.Op Ar publicIP Op Ar remoteIP
+.Xc
+Redirect incoming IP packets of protocol
+.Ar proto
+.Pq see Xr protocols 5
+destined for
+.Ar publicIP
+address to a
+.Ar localIP
+address and vice versa.
+.Pp
+If
+.Ar publicIP
+is not specified, then the default aliasing address is used.
+If
+.Ar remoteIP
+is specified, then only packets coming from/to
+.Ar remoteIP
+will match the rule.
 .It Fl redirect_address Ar localIP publicIP
 Redirect traffic for public IP address to a machine on the local
 network.
diff --git a/sbin/natd/natd.c b/sbin/natd/natd.c
index c03a7ae79500..6bb35846e531 100644
--- a/sbin/natd/natd.c
+++ b/sbin/natd/natd.c
@@ -89,6 +89,7 @@ static void	RefreshAddr (int);
 static void	ParseOption (const char* option, const char* parms, int cmdLine);
 static void	ReadConfigFile (const char* fileName);
 static void	SetupPortRedirect (const char* parms);
+static void	SetupProtoRedirect(const char* parms);
 static void	SetupAddressRedirect (const char* parms);
 static void	SetupPptpAlias (const char* parms);
 static void	StrToAddr (const char* str, struct in_addr* addr);
@@ -861,6 +862,7 @@ enum Option {
 	AliasAddress,
 	InterfaceName,
 	RedirectPort,
+	RedirectProto,
 	RedirectAddress,
 	ConfigFile,
 	DynamicMode,
@@ -1031,6 +1033,14 @@ static struct OptionInfo optionTable[] = {
 		"redirect_port",
 		NULL },
 
+	{ RedirectProto,
+		0,
+		String,
+	        "proto local_addr [public_addr] [remote_addr]",
+		"redirect packets of a given proto",
+		"redirect_proto",
+		NULL },
+
 	{ RedirectAddress,
 		0,
 		String,
@@ -1200,6 +1210,10 @@ static void ParseOption (const char* option, const char* parms, int cmdLine)
 		SetupPortRedirect (strValue);
 		break;
 
+	case RedirectProto:
+		SetupProtoRedirect(strValue);
+		break;
+
 	case RedirectAddress:
 		SetupAddressRedirect (strValue);
 		break;
@@ -1488,6 +1502,62 @@ void SetupPortRedirect (const char* parms)
 	}
 }
 
+void
+SetupProtoRedirect(const char* parms)
+{
+	char		buf[128];
+	char*		ptr;
+	struct in_addr	localAddr;
+	struct in_addr	publicAddr;
+	struct in_addr	remoteAddr;
+	int		proto;
+	char*		protoName;
+	struct protoent *protoent;
+
+	strcpy (buf, parms);
+/*
+ * Extract protocol.
+ */
+	protoName = strtok(buf, " \t");
+	if (!protoName)
+		errx(1, "redirect_proto: missing protocol");
+
+	protoent = getprotobyname(protoName);
+	if (protoent == NULL)
+		errx(1, "redirect_proto: unknown protocol %s", protoName);
+	else
+		proto = protoent->p_proto;
+/*
+ * Extract local address.
+ */
+	ptr = strtok(NULL, " \t");
+	if (!ptr)
+		errx(1, "redirect_proto: missing local address");
+	else
+		StrToAddr(ptr, &localAddr);
+/*
+ * Extract optional public address.
+ */
+	ptr = strtok(NULL, " \t");
+	if (ptr)
+		StrToAddr(ptr, &publicAddr);
+	else
+		publicAddr.s_addr = INADDR_ANY;
+/*
+ * Extract optional remote address.
+ */
+	ptr = strtok(NULL, " \t");
+	if (ptr)
+		StrToAddr(ptr, &remoteAddr);
+	else
+		remoteAddr.s_addr = INADDR_ANY;
+/*
+ * Create aliasing link.
+ */
+	(void)PacketAliasRedirectProto(localAddr, remoteAddr, publicAddr,
+				       proto);
+}
+
 void SetupAddressRedirect (const char* parms)
 {
 	char		buf[128];