Subject: bin/25991: ipnat.conf rules don't allow port/protocol names
To: None <gnats-bugs@gnats.NetBSD.org>
From: Martin Husemann <martin@duskware.de>
List: netbsd-bugs
Date: 06/21/2004 12:44:30
>Number: 25991
>Category: bin
>Synopsis: ipnat.conf rules don't allow port/protocol names
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jun 21 10:45:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Martin Husemann
>Release: NetBSD 2.0F
>Organization:
>Environment:
System: NetBSD night-porter.duskware.de 2.0F NetBSD 2.0F (PORTER) #0: Sun Jun 20 13:08:18 CEST 2004 martin@night-porter.duskware.de:/usr/src/sys/arch/i386/compile/PORTER i386
Architecture: i386
Machine: i386
>Description:
In IPF 3.x it was possible to have nat rdr rules name a port, like
rdr pppoe0 XXX.XXX.XXX.XXX/32 port smtp -> YYY.YYY.YYY.YYY port smtp
Now it needs a port number (25 instead of smtp).
>How-To-Repeat:
obvious
>Fix:
This patch fixes it for me (and also cleans up a few bugs in the grammar,
leaving only 3 shift/reduce conflicts).
Index: ipnat_y.y
===================================================================
RCS file: /cvsroot/src/dist/ipf/tools/ipnat_y.y,v
retrieving revision 1.2
diff -c -u -r1.2 ipnat_y.y
--- ipnat_y.y 26 May 2004 20:32:48 -0000 1.2
+++ ipnat_y.y 21 Jun 2004 10:42:24 -0000
@@ -89,7 +89,7 @@
%token IPNY_ROUNDROBIN IPNY_FRAG IPNY_AGE IPNY_ICMPIDMAP IPNY_PROXY
%token IPNY_TCP IPNY_UDP IPNY_TCPUDP IPNY_STICKY IPNY_MSSCLAMP IPNY_TAG
%token IPNY_TLATE
-%type <num> hexnumber numports compare range proto
+%type <num> hexnumber compare range proto portspec
%type <ipa> hostname ipv4
%type <ipp> addr nummask rhaddr
%type <pc> portstuff
@@ -277,6 +277,8 @@
| IPNY_RANGE ipv4 '-' ipv4
{ $$.a = $2; $$.m = $4;
nat->in_flags |= IPN_IPRANGE; }
+ ;
+
dip:
ipv4 { nat->in_inip = $1.s_addr;
nat->in_inmsk = 0xffffffff; }
@@ -285,16 +287,20 @@
nat->in_inmsk = $3.s_addr; }
;
-dport: | IPNY_PORT YY_NUMBER { nat->in_pmin = htons($2);
+portspec: YY_NUMBER { $$ = $1; }
+ | YY_STR { $$ = getport($1); }
+ ;
+
+dport: IPNY_PORT portspec { nat->in_pmin = htons($2);
nat->in_pmax = htons($2); }
- | IPNY_PORT YY_NUMBER '-' YY_NUMBER { nat->in_pmin = htons($2);
+ | IPNY_PORT portspec '-' portspec { nat->in_pmin = htons($2);
nat->in_pmax = htons($4); }
;
-nport: IPNY_PORT YY_NUMBER { nat->in_pnext = htons($2); }
+nport: IPNY_PORT portspec { nat->in_pnext = htons($2); }
;
-ports: | IPNY_PORTS numports { nat->in_pmin = $2; }
+ports: | IPNY_PORTS portspec { nat->in_pmin = $2; }
| IPNY_PORTS IPNY_AUTO { nat->in_flags |= IPN_AUTOPORTMAP; }
;
@@ -345,7 +351,7 @@
;
mapport:
- IPNY_PORTMAP tcpudp YY_NUMBER ':' YY_NUMBER
+ IPNY_PORTMAP tcpudp portspec ':' portspec
{ nat->in_pmin = htons($3);
nat->in_pmax = htons($5); }
| IPNY_PORTMAP tcpudp IPNY_AUTO { nat->in_flags |= IPN_AUTOPORTMAP;
@@ -411,8 +417,8 @@
;
portstuff:
- compare YY_NUMBER { $$.pc = $1; $$.p1 = $2; }
- | YY_NUMBER range YY_NUMBER { $$.pc = $2; $$.p1 = $1; $$.p1 = $3; }
+ compare portspec { $$.pc = $1; $$.p1 = $2; }
+ | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p1 = $3; }
;
mapoptions:
@@ -462,7 +468,7 @@
;
rdrproxy:
- | IPNY_PROXY YY_STR
+ IPNY_PROXY YY_STR
{ strncpy(nat->in_plabel, $2,
sizeof(nat->in_plabel));
nat->in_dport = nat->in_pnext;
@@ -476,10 +482,6 @@
}
;
-numports:
- YY_NUMBER { $$ = $1; }
- ;
-
proto: YY_NUMBER { $$ = $1; }
| IPNY_TCP { $$ = IPPROTO_TCP; }
| IPNY_UDP { $$ = IPPROTO_UDP; }
>Release-Note:
>Audit-Trail:
>Unformatted: