Hi,
just noticed:
adding dynamic rules to ipfw via PKT_ALIAS_PUNCH_FW (or the command
"nat punch_fw" in ppp) doesn't work:
For adding firewall rules, IP_FW_ADD requires getsockopt() instead of
setsockopt().
This should also be reflected in the manual page.
Below is my fix and a quick test suggest it is indeed working now.
Daniel
Index: alias_db.c
===================================================================
RCS file: /data/cvs/src/lib/libalias/alias_db.c,v
retrieving revision 1.47
diff -u -r1.47 alias_db.c
--- alias_db.c 3 Nov 2001 11:34:09 -0000 1.47
+++ alias_db.c 26 Nov 2001 03:34:22 -0000
@@ -2688,6 +2688,7 @@
PunchFWHole(struct alias_link *link) {
int r; /* Result code */
struct ip_fw rule; /* On-the-fly built rule */
+ int rsz;
int fwhole; /* Where to punch hole */
/* Don't do anything unless we are asked to */
@@ -2744,19 +2745,21 @@
(Code should be left even if the problem is fixed - it is a
clear optimization) */
if (rule.fw_uar.fw_pts[0] != 0 && rule.fw_uar.fw_pts[1] != 0) {
- r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
+ rsz = sizeof(rule);
+ r = getsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, &rsz);
#ifdef DEBUG
if (r)
- err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)");
+ err(1, "alias punch inbound(1) getsockopt(IP_FW_ADD)");
#endif
rule.fw_src = GetDestAddress(link);
rule.fw_dst = GetOriginalAddress(link);
rule.fw_uar.fw_pts[0] = ntohs(GetDestPort(link));
rule.fw_uar.fw_pts[1] = ntohs(GetOriginalPort(link));
- r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
+ rsz = sizeof(rule);
+ r = getsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, &rsz);
#ifdef DEBUG
if (r)
- err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)");
+ err(1, "alias punch inbound(2) getsockopt(IP_FW_ADD)");
#endif
}
/* Indicate hole applied */
