diff --git a/logrotate.rinetd b/logrotate.rinetd new file mode 100644 index 0000000000000000000000000000000000000000..29a13a4ab13369cb2d44a5c8c5346299202455c5 --- /dev/null +++ b/logrotate.rinetd @@ -0,0 +1,11 @@ +/var/log/rinetd.log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + copytruncate +} + diff --git a/rc.rinetd b/rc.rinetd new file mode 100644 index 0000000000000000000000000000000000000000..6c5edd9da51bf7309b9cfa90c2d1f661d13aaf84 --- /dev/null +++ b/rc.rinetd @@ -0,0 +1,160 @@ +#! /bin/sh +# Copyright (c) 1995-2001 SuSE GmbH Nuernberg, Germany. +# +# Author: Lenz Grimmer +# +# /etc/init.d/rinetd +# +# and symbolic its link +# +# /usr/sbin/rcrinetd +# +### BEGIN INIT INFO +# Provides: rinetd +# Required-Start: $network $syslog $remote_fs +# Required-Stop: $network $syslog $remote_fs +# Default-Start: 3 5 +# Default-Stop: +# Description: Start the Internet redirection server rinetd +### END INIT INFO + +# Test for required binary +RINETD=/usr/sbin/rinetd +test -x $RINETD || exit 5 + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status +. /etc/rc.status + +# First reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +# Check for existing configuration file first +if ! test -f /etc/rinetd.conf ; then + echo "You must generate a configuration file /etc/rinetd.conf" + echo "before starting rinetd!" + echo "There is a sample configuration in /usr/share/doc/packages/rinetd," + echo "please look in the rinetd(8) manual page for further info." + rc_failed 6 + rc_status -v + rc_exit +fi + +case "$1" in + start) + echo -n "Starting service rinetd" + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + startproc $RINETD + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down service rinetd" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -TERM $RINETD + + # Remember status and be verbose + rc_status -v + ;; + try-restart) + ## Stop the service and if this succeeds (i.e. the + ## service was running before), start it again. + ## Note: try-restart is not (yet) part of LSB (as of 0.7.5) + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + echo -n "Reload service rinetd" + ## if it supports it: + killproc -HUP $RINETD + touch /var/run/rinetd.pid + rc_status -v + + ## Otherwise: + #$0 stop && $0 start + #rc_status + ;; + reload) + ## Like force-reload, but if daemon does not support + ## signalling, do nothing (!) + + # If it supports signalling: + echo -n "Reload service rinetd" + killproc -HUP $RINETD + touch /var/run/rinetd.pid + rc_status -v + + ## Otherwise if it does not support reload: + #rc_failed 3 + #rc_status -v + ;; + status) + echo -n "Checking for service rinetd: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + + checkproc $RINETD + rc_status -v + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + test /etc/rinetd.conf -nt /var/run/rinetd.pid && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit diff --git a/rinetd-0.62.tar.bz2 b/rinetd-0.62.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..b585ea4021fb0be8d2739aa651dd072f85eedeee Binary files /dev/null and b/rinetd-0.62.tar.bz2 differ diff --git a/rinetd-conf.patch b/rinetd-conf.patch new file mode 100644 index 0000000000000000000000000000000000000000..a10c71c81d83b2b1a33492bd80ded397923ef928 --- /dev/null +++ b/rinetd-conf.patch @@ -0,0 +1,71 @@ +--- rinetd.conf.sample ++++ rinetd.conf.sample 2001/03/09 17:34:48 +@@ -0,0 +1,68 @@ ++# This is a sample configuration file for rinetd ++# Please refer to the rinetd manual page, adjust it to your personal needs ++# and copy it to /etc/rinetd.conf ++ ++# FORWARDING RULES ++ ++# A simple forwarding rule ++# ++# Format: ++# ++# This would redirect all connections to port 80 of the "real" IP address ++# 206.125.69.81, which could be a virtual interface, through rinetd to port ++# 80 of the address 10.1.1.2, which would typically be a machine on the ++# inside of a firewall which has no direct routing to the outside world. ++# Service names can be specified instead of port numbers. On most systems, ++# service names are defined in the file /etc/services. ++# Both IP addresses and hostnames are accepted for bindaddress and ++# connectaddress. ++# Optionally another column can be given to specify ++# a local address to bind to specifically on outgoing connections. ++ ++206.125.69.81 80 10.1.1.2 80 ++ ++# ALLOW AND DENY RULES ++ ++# Allow rules which appear before the first forwarding rule are applied ++# globally: if at least one global allow rule exists, and the address of a ++# new connection does not satisfy at least one of the global allow rules, ++# that connection is immediately rejected, regardless of any other rules. ++# ++# Allow rules which appear after a specific forwarding rule apply to that ++# forwarding rule only. If at least one allow rule exists for a particular ++# forwarding rule, and the address of a new connection does not satisfy at ++# least one of the allow rules for that forwarding rule, that connection ++# is immediately rejected, regardless of any other rules. ++# ++# Format: [allow|deny] ++# ++# Patterns can contain the following characters: 0, 1, 2, 3, 4, 5, 6, 7, 8, ++# 9, . (period), ?, and *. The ? wildcard matches any one character. The * ++# wildcard matches any number of characters, including zero. ++# ++# Host names are NOT permitted in allow and deny rules. The performance ++# cost of looking up IP addresses to find their corresponding names is ++# prohibitive. Since rinetd is a single process server, all other connections ++# would be forced to pause during the address lookup. ++# ++# This allow rule matches all IP addresses in the 206.125.69 class C domain. ++ ++allow 206.125.69.* ++ ++# LOGGING ++ ++# rinetd is able to produce a log file in either of two formats: ++# tab-delimited and web server-style "common log format." ++# By default, rinetd does not produce a log file. ++# ++# Format: logfile ++# ++# By default, rinetd logs in a simple tab-delimited format. ++# To activate web server-style "common log format" logging, add the following ++# line to the configuration file: ++# ++# logcommon ++# ++ ++logfile /var/log/rinetd.log ++logcommon diff --git a/rinetd-doc.patch b/rinetd-doc.patch new file mode 100644 index 0000000000000000000000000000000000000000..8807ed7280d90e05888171a2a94a5c30aab9cf4e --- /dev/null +++ b/rinetd-doc.patch @@ -0,0 +1,196 @@ +--- CHANGES ++++ CHANGES +@@ -52,4 +52,10 @@ + accommodate more connections. Thanks to + Sam Hocevar. + ++Version 0.62+syslog: added logging to syslog ++support (SuSE) + ++Version 0.62+syslog+bind: added optional ++sourceaddress column in configuration file to bind ++to a specific local address for outgoing connections ++(Lutz Pressler, ) +--- index.html ++++ index.html +@@ -26,7 +26,7 @@ +

+ VERSION +

+-Version 0.62, 04/13/2003. Version 0.62 corrects a potential ++Version 0.62+syslog+bind, 04/13/2003. Version 0.62 corrects a potential + buffer overflow when reallocating memory to accommodate more + connections. Upgrading is strongly recommended. +

+@@ -66,7 +66,7 @@ + Most entries in the configuration file are forwarding rules. The + format of a forwarding rule is as follows: + 

+-bindaddress bindport connectaddress connectport
++bindaddress bindport connectaddress connectport [sourceaddress]
+
+ For example: + 
+@@ -96,6 +96,9 @@
+ Both IP addresses and hostnames are accepted for
+ bindaddress and connectaddress.
+ 

++The optional sourceaddress can be used to bind to a specific local
++address for the outgoing connection.
++

+ ALLOW AND DENY RULES
+ 

+ Configuration files can also contain allow and deny rules. 
+@@ -146,8 +149,9 @@
+ 

+ LOGGING
+ 

+-rinetd is able to produce a log file in either of two formats:
+-tab-delimited and web server-style "common log format."
++rinetd is able to produce a log output in three ways:
++tab-delimited , web server-style "common log format." both are file-based
++or as syslog output. 
+ 

+ By default, rinetd does not produce a log file. To activate logging, add 
+ the following line to the configuration file:
+@@ -184,6 +188,33 @@
+ logcommon
+
+

++To activate syslog output enter the following line to the ++configuration file: ++

 
++syslog facility priority
++
++Example1: ++
 
++syslog local0 info
++
++in this case all output is logged to the destination configured ++in your syslogd config for facility local0 and priority info ++

++Example2: ++

++syslog
++
++in this case everything goes to daemon info ++

++Example3: ++

 
++syslog wrongfacility wrongpriority
++
++logging to default: daemon info ++

++If configured, the local source address is given in square brackets ++after the "listening host" entry. ++

+ COMMAND LINE OPTIONS +

+ The -c command line option is used to specify an alternate +@@ -231,6 +262,10 @@ + Thomas Boutell can be reached by email: + boutell@boutell.com +

++Logging to syslog added by SuSE.
++Sourceaddress extension added by Lutz Pressler ++<lp@SerNet.DE>. ++

+ THANKS +

+ Thanks are due to Bill Davidsen, Libor Pechachek, Sascha Ziemann, +--- rinetd.8 ++++ rinetd.8 +@@ -12,7 +12,7 @@ + .Sh SYNOPSIS + .Nm /usr/sbin/rinetd + .Sh VERSION +-Version 0.62, 04/14/2003. ++Version 0.62+syslog+bind, 04/14/2003. + .Sh DESCRIPTION + .Nm rinetd + redirects TCP connections from one IP address and port to another. rinetd +@@ -34,7 +34,7 @@ + Most entries in the configuration file are forwarding rules. The + format of a forwarding rule is as follows: + .Pp +-bindaddress bindport connectaddress connectport ++bindaddress bindport connectaddress connectport [sourceaddress] + .Pp + For example: + .Pp +@@ -64,6 +64,9 @@ + Both IP addresses and hostnames are accepted for + bindaddress and connectaddress. + .Pp ++The optional sourceaddress can be used to bind to a specific local ++address for the outgoing connection. ++.Pp + .Sh ALLOW AND DENY RULES + Configuration files can also contain allow and deny rules. + .Pp +@@ -82,7 +85,7 @@ + .Pp + Deny rules which appear before the first forwarding rule are + applied globally: if the address of a new connection satisfies +-any of the global allow rules, that connection ++any of the global deny rules, that connection + is immediately rejected, regardless of any other rules. + .Pp + Deny rules which appear after a specific forwarding rule apply +@@ -111,8 +114,9 @@ + connections would be forced to pause during the address lookup. + .Pp + .Sh LOGGING +-rinetd is able to produce a log file in either of two formats: +-tab-delimited and web server-style "common log format." ++rinetd is able to produce a log output in three ways: ++tab-delimited , web server-style "common log format." both are file-based ++or as syslog output. + .Pp + By default, rinetd does not produce a log file. To activate logging, add + the following line to the configuration file: +@@ -146,6 +150,34 @@ + add the following line to the configuration file: + .Pp + logcommon ++ ++to activate syslog output enter the following line to the ++configuration file: ++ ++syslog facility priority ++ ++Example1: ++ ++syslog local0 info ++ ++in this case all output is logged to the destination configured ++in your syslogd config for facility local0 and priority info ++ ++Example2: ++ ++syslog ++ ++in this case everything goes to daemon info ++ ++Example3: ++ ++syslog wrongfacility wrongpriority ++ ++logging to default: daemon info ++ ++.Pp ++If configured, the local source address is given in square brackets ++after the "listening host" entry. + .Sh COMMAND LINE OPTIONS + The -c command line option is used to specify an alternate + configuration file. +@@ -184,6 +216,9 @@ + .Sh CONTACT INFORMATION + See http://www.boutell.com/rinetd/ for the latest release. + Thomas Boutell can be reached by email: boutell@boutell.com ++.Pp ++Logging to syslog added by SuSE. ++Sourceaddress extension added by Lutz Pressler . + .Sh THANKS + Thanks are due to Bill Davidsen, Libor Pechachek, Sascha Ziemann, the + Apache Group, and many others who have contributed advice diff --git a/rinetd-syslog.patch b/rinetd-syslog.patch new file mode 100644 index 0000000000000000000000000000000000000000..fc2ceb2e843beae203b7c008e443b47ac6c3bf75 --- /dev/null +++ b/rinetd-syslog.patch @@ -0,0 +1,819 @@ +Index: rinetd.c +=================================================================== +--- rinetd.c.orig ++++ rinetd.c +@@ -1,10 +1,11 @@ +-#define VERSION "0.62" ++#define VERSION "0.62+syslog+bind" + + #ifdef WIN32 + #include + #include + #include "getopt.h" + #else ++#include + #include + #include + #include +@@ -14,8 +15,12 @@ + #include + #define INVALID_SOCKET (-1) + #include ++/* kus@suse.de at 24.08.99 */ ++#define SYSLOG ++#define SYSLOG_NAMES ++#include + #endif /* WIN32 */ +- ++ + #include + #include + #include +@@ -23,53 +28,53 @@ + #include + #include + #include +- +-#ifndef WIN32 +-/* Windows sockets compatibility defines */ +-#define INVALID_SOCKET (-1) +-#define SOCKET_ERROR (-1) +-int closesocket(int s); +- +-int closesocket(int s) { +- return close(s); +-} +-#define ioctlsocket ioctl +-#define MAKEWORD(a, b) +-#define WSAStartup(a, b) (0) +-#define WSACleanup() +-#ifdef __MAC__ +-/* The constants for these are a little screwy in the prelinked +- MSL GUSI lib and we can't rebuild it, so roll with it */ +-#define WSAEWOULDBLOCK EWOULDBLOCK +-#define WSAEAGAIN EAGAIN +-#define WSAEINPROGRESS EINPROGRESS +-#else +-#define WSAEWOULDBLOCK EWOULDBLOCK +-#define WSAEAGAIN EAGAIN +-#define WSAEINPROGRESS EINPROGRESS +-#endif /* __MAC__ */ +-#define WSAEINTR EINTR +-#define SOCKET int +-#define GetLastError() (errno) +-typedef struct { +- int dummy; +-} WSADATA; +- +-void Sleep(long ms); +- +-void Sleep(long ms) +-{ +- struct timeval tv; +- tv.tv_sec = ms / 1000; +- tv.tv_usec = ms * 1000; +- select(0, 0, 0, 0, &tv); +-} +-#else +-/* WIN32 doesn't really have WSAEAGAIN */ +-#ifndef WSAEAGAIN +-#define WSAEAGAIN WSAEWOULDBLOCK +-#endif +-#endif /* WIN32 */ ++ ++#ifndef WIN32 ++/* Windows sockets compatibility defines */ ++#define INVALID_SOCKET (-1) ++#define SOCKET_ERROR (-1) ++int closesocket(int s); ++ ++int closesocket(int s) { ++ return close(s); ++} ++#define ioctlsocket ioctl ++#define MAKEWORD(a, b) ++#define WSAStartup(a, b) (0) ++#define WSACleanup() ++#ifdef __MAC__ ++/* The constants for these are a little screwy in the prelinked ++ MSL GUSI lib and we can't rebuild it, so roll with it */ ++#define WSAEWOULDBLOCK EWOULDBLOCK ++#define WSAEAGAIN EAGAIN ++#define WSAEINPROGRESS EINPROGRESS ++#else ++#define WSAEWOULDBLOCK EWOULDBLOCK ++#define WSAEAGAIN EAGAIN ++#define WSAEINPROGRESS EINPROGRESS ++#endif /* __MAC__ */ ++#define WSAEINTR EINTR ++#define SOCKET int ++#define GetLastError() (errno) ++typedef struct { ++ int dummy; ++} WSADATA; ++ ++void Sleep(long ms); ++ ++void Sleep(long ms) ++{ ++ struct timeval tv; ++ tv.tv_sec = ms / 1000; ++ tv.tv_usec = ms * 1000; ++ select(0, 0, 0, 0, &tv); ++} ++#else ++/* WIN32 doesn't really have WSAEAGAIN */ ++#ifndef WSAEAGAIN ++#define WSAEAGAIN WSAEWOULDBLOCK ++#endif ++#endif /* WIN32 */ + + #ifndef TRUE + #define TRUE 1 +@@ -91,15 +96,17 @@ void Sleep(long ms) + #include + #endif /* FIONBIO */ + +-#include "match.h" ++#include "match.h" + + SOCKET *seFds = 0; + /* In network order, for network purposes */ + struct in_addr *seLocalAddrs = 0; + unsigned short *seLocalPorts = 0; ++struct in_addr *seLocalSAddrs = 0; + /* In ASCII and local byte order, for logging purposes */ + char **seFromHosts; + int *seFromPorts; ++char **seFromSHosts; + char **seToHosts; + int *seToPorts; + +@@ -143,6 +150,15 @@ char *pidLogFileName = 0; + int logFormatCommon = 0; + FILE *logFile = 0; + ++#ifdef SYSLOG ++ int decode __P((char *, CODE *)); ++ char *syslogFacility_default = "daemon"; ++ char *syslogFacility = 0; ++ char *syslogLevel_default = "info"; ++ char *syslogLevel = 0; ++ int syslogpriority = -1; ++#endif ++ + /* If 'newsize' bytes can be allocated, *data is set to point + to them, the previous data is copied, and 1 is returned. + If 'size' bytes cannot be allocated, *data is UNCHANGED, +@@ -174,8 +190,9 @@ void RegisterPID(void); + void selectLoop(void); + + void log(int i, int coSe, int result); +- +-int getAddress(char *host, struct in_addr *iaddr); ++void simplelog(char *message); ++ ++int getAddress(char *host, struct in_addr *iaddr); + + char *logMessages[] = { + "done-local-closed", +@@ -191,6 +208,8 @@ char *logMessages[] = { + "not-allowed", + 0, + "denied", ++ 0, ++ "started", + 0 + }; + +@@ -201,6 +220,7 @@ char *logMessages[] = { + #define logLocalConnectFailed 8 + #define logNotAllowed 10 + #define logDenied 12 ++#define logStarted 14 + + #define logLocalClosedFirst 0 + #define logRemoteClosedFirst 1 +@@ -222,32 +242,32 @@ int readArgs (int argc, + RinetdOptions *options); + + int main(int argc, char *argv[]) +-{ +- WSADATA wsaData; +- int result = WSAStartup(MAKEWORD(1, 1), &wsaData); +- if (result != 0) { +- fprintf(stderr, "Your computer was not connected " +- "to the Internet at the time that " +- "this program was launched, or you " +- "do not have a 32-bit " +- "connection to the Internet."); +- exit(1); +- } ++{ ++ WSADATA wsaData; ++ int result = WSAStartup(MAKEWORD(1, 1), &wsaData); ++ if (result != 0) { ++ fprintf(stderr, "Your computer was not connected " ++ "to the Internet at the time that " ++ "this program was launched, or you " ++ "do not have a 32-bit " ++ "connection to the Internet."); ++ exit(1); ++ } + readArgs(argc, argv, &options); +-#ifndef WIN32 ++#ifndef WIN32 + #ifndef DEBUG + if (!fork()) { + if (!fork()) { + #endif /* DEBUG */ + signal(SIGPIPE, plumber); + signal(SIGHUP, hup); +-#endif /* WIN32 */ ++#endif /* WIN32 */ + signal(SIGTERM, term); + initArrays(); + readConfiguration(); + RegisterPID(); + selectLoop(); +-#ifndef WIN32 ++#ifndef WIN32 + #ifndef DEBUG + } else { + exit(0); +@@ -256,7 +276,7 @@ int main(int argc, char *argv[]) + exit(0); + } + #endif /* DEBUG */ +-#endif /* WIN32 */ ++#endif /* WIN32 */ + return 0; + } + +@@ -264,6 +284,30 @@ int getConfLine(FILE *in, char *line, in + + int patternBad(char *pattern); + ++/* ++ kus@suse.de at 25.08.1999 ++ Thanks to the logger.c folks ++*/ ++#ifdef SYSLOG ++int decode(name, codetab) ++ char *name; ++ CODE *codetab; ++{ ++ register CODE *c; ++ ++ if (isdigit(*name)) ++ return (atoi(name)); ++ ++ for (c = codetab; c->c_name; c++) ++ if (!strcasecmp(name, c->c_name)) ++ return (c->c_val); ++ ++ return (-1); ++} ++ ++#endif ++/*End kus@suse.de at 25.08.1999 */ ++ + void readConfiguration(void) + { + FILE *in; +@@ -285,8 +329,10 @@ void readConfiguration(void) + free(seFds); + free(seLocalAddrs); + free(seLocalPorts); ++ free(seLocalSAddrs); + free(seFromHosts); + free(seFromPorts); ++ free(seFromSHosts); + free(seToHosts); + free(seToPorts); + free(seAllowRules); +@@ -319,6 +365,16 @@ void readConfiguration(void) + free(logFileName); + logFileName = 0; + } ++/* kus@suse.de at 25.08.1999 syslog stuff */ ++ if (syslogLevel){ ++ free(syslogLevel); ++ syslogLevel=0; ++ } ++ if (syslogFacility){ ++ free(syslogFacility); ++ syslogFacility=0; ++ } ++/* End kus@suse.de at 25.08.1999 */ + if (pidLogFileName) { + free(pidLogFileName); + pidLogFileName = 0; +@@ -342,6 +398,11 @@ void readConfiguration(void) + continue; + } else if (!strcmp(t, "logcommon")) { + continue; ++/* kus@suse.de at 24.08.1999 */ ++#ifdef SYSLOG ++ } else if (!strcmp(t, "syslog")) { ++ continue; ++#endif + } else if (!strcmp(t, "allow")) { + allowRulesTotal++; + } else if (!strcmp(t, "deny")) { +@@ -366,6 +427,11 @@ void readConfiguration(void) + if (!seLocalPorts) { + goto lowMemory; + } ++ seLocalSAddrs = (struct in_addr *) malloc(sizeof(struct in_addr) * ++ seTotal); ++ if (!seLocalSAddrs) { ++ goto lowMemory; ++ } + seFromHosts = (char **) + malloc(sizeof(char *) * seTotal); + if (!seFromHosts) { +@@ -376,6 +442,11 @@ void readConfiguration(void) + if (!seFromPorts) { + goto lowMemory; + } ++ seFromSHosts = (char **) ++ malloc(sizeof(char *) * seTotal); ++ if (!seFromSHosts) { ++ goto lowMemory; ++ } + seToHosts = (char **) + malloc(sizeof(char *) * seTotal); + if (!seToHosts) { +@@ -436,10 +507,12 @@ void readConfiguration(void) + char *bindPortS; + char *connectPortS; + unsigned short connectPort; ++ char *sourceAddress; + struct in_addr iaddr; + struct sockaddr_in saddr; + struct servent *service; + int j; ++ + if (!getConfLine(in, line, sizeof(line), &lnum)) { + break; + } +@@ -527,6 +600,82 @@ void readConfiguration(void) + strcpy(pidLogFileName, nt); + } else if (!strcmp(bindAddress, "logcommon")) { + logFormatCommon = 1; ++/* kus@suse.de at 24.08.1999 */ ++#ifdef SYSLOG ++ } else if (!strcmp(bindAddress, "syslog")) { ++ char dummy[100]=""; ++ char *param1 = strtok(0, " \t\r\n"); ++ char *param2 = strtok(0, " \t\r\n"); ++ int level = -1; ++ int facility = -1; ++/* ++ If we don't got a param after the syslog statment in the conf-file ++ we set the Facility and the Level to default ++*/ ++ if (!param1) { ++ syslogFacility = malloc(strlen(syslogFacility_default) + 1); ++ if (!syslogFacility) { ++ goto lowMemory; ++ } ++ syslogLevel = malloc(strlen(syslogLevel_default) + 1); ++ if (!syslogLevel) { ++ goto lowMemory; ++ } ++ strcpy(syslogFacility,syslogFacility_default); ++ strcpy(syslogLevel,syslogLevel_default); ++ } else { ++ ++ facility = decode(param1, facilitynames); ++ if (facility >= 0) { ++ syslogFacility = malloc(strlen(param1) + 1); ++ if (!syslogFacility) { ++ goto lowMemory; ++ } ++ strcpy(syslogFacility,param1); ++ } else { ++ // log that param 1 isn't vaild ++ syslogFacility = malloc(strlen(syslogFacility_default) + 1); ++ if (!syslogFacility) { ++ goto lowMemory; ++ } ++ strcpy(syslogFacility,syslogFacility_default); ++ } ++ if (param2) { ++ level = decode(param2, prioritynames); ++ if (level >=0) { ++ syslogLevel = malloc(strlen(param2) + 1); ++ if (!syslogLevel) { ++ goto lowMemory; ++ } ++ strcpy(syslogLevel,param2); ++ } else { ++ // log that param 2 isn't vaild ++ syslogLevel = malloc(strlen(syslogLevel_default) + 1); ++ if (!syslogLevel) { ++ goto lowMemory; ++ } ++ strcpy(syslogLevel,syslogLevel_default); ++ } ++ } else { ++ /* set level to default */ ++ syslogLevel = malloc(strlen(syslogLevel_default) + 1); ++ if (!syslogLevel) { ++ goto lowMemory; ++ } ++ strcpy(syslogLevel,syslogLevel_default); ++ } ++ } ++ ++ logFormatCommon = 2; ++ syslogpriority = decode(syslogLevel, prioritynames); ++ strcat(dummy,"Start with Facility: "); ++ strcat(dummy,syslogFacility); ++ strcat(dummy," Priority: "); ++ strcat(dummy,syslogLevel); ++ simplelog(dummy); ++ continue; ++#endif ++/* End kus@suse.de at 24.08.1999 */ + } else { + /* A regular forwarding rule. */ + bindPortS = strtok(0, " \t\r\n"); +@@ -569,6 +718,8 @@ void readConfiguration(void) + "or out of range on line %d.\n", lnum); + continue; + } ++ sourceAddress = strtok(0, " \t\r\n"); ++ + /* Turn all of this stuff into reasonable addresses */ + if (!getAddress(bindAddress, &iaddr)) { + fprintf(stderr, "rinetd: host %s could not be " +@@ -583,12 +734,12 @@ void readConfiguration(void) + "server socket!\n"); + seFds[i] = -1; + continue; +- } ++ } + #ifndef WIN32 + if (seFds[i] > maxfd) { + maxfd = seFds[i]; + } +-#endif ++#endif + saddr.sin_family = AF_INET; + memcpy(&saddr.sin_addr, &iaddr, sizeof(iaddr)); + saddr.sin_port = htons(bindPort); +@@ -614,8 +765,8 @@ void readConfiguration(void) + closesocket(seFds[i]); + seFds[i] = INVALID_SOCKET; + continue; +- } +- ioctlsocket(seFds[i], FIONBIO, &j); ++ } ++ ioctlsocket(seFds[i], FIONBIO, &j); + if (!getAddress(connectAddress, &iaddr)) { + /* Warn -- don't exit. */ + fprintf(stderr, "rinetd: host %s could not be " +@@ -627,6 +778,27 @@ void readConfiguration(void) + } + seLocalAddrs[i] = iaddr; + seLocalPorts[i] = htons(connectPort); ++ if (sourceAddress) { ++ if (!getAddress(sourceAddress, &iaddr)) { ++ /* Warn -- don't exit. */ ++ fprintf(stderr, "rinetd: host %s could " ++ "not be resolved on line %d.\n", ++ sourceAddress, lnum); ++ closesocket(seFds[i]); ++ seFds[i] = INVALID_SOCKET; ++ continue; ++ } ++ seLocalSAddrs[i] = iaddr; ++ seFromSHosts[i] = ++ malloc(strlen(sourceAddress) + 1); ++ if (!seFromSHosts[i]) { ++ goto lowMemory; ++ } ++ strcpy(seFromSHosts[i], sourceAddress); ++ } else { ++ seLocalSAddrs[i].s_addr = 0; ++ seFromSHosts[i] = NULL; ++ } + seFromHosts[i] = malloc(strlen(bindAddress) + 1); + if (!seFromHosts[i]) { + goto lowMemory; +@@ -646,18 +818,22 @@ void readConfiguration(void) + } + } + } +- /* Open the log file */ +- if (logFile) { +- fclose(logFile); +- logFile = 0; +- } +- if (logFileName) { +- logFile = fopen(logFileName, "a"); +- if (!logFile) { +- fprintf(stderr, "rinetd: could not open %s to append.\n", +- logFileName); +- } +- } ++ /* Open the log file */ ++/* kus@suse.de at 25.08.1999 */ ++ if (logFormatCommon != 2) { ++ if (logFile) { ++ fclose(logFile); ++ logFile = 0; ++ } ++ if (logFileName) { ++ logFile = fopen(logFileName, "a"); ++ if (!logFile) { ++ fprintf(stderr, "rinetd: could not open %s to append.\n", ++ logFileName); ++ } ++ } ++ } ++/* End kus@suse.de at 25.08.1999 */ + return; + lowMemory: + fprintf(stderr, "rinetd: not enough memory to start rinetd.\n"); +@@ -955,7 +1131,7 @@ void handleCloseFromLocal(int i) + loClosed[i] = 1; + if (!reClosed[i]) { + #ifndef LINUX +-#ifndef WIN32 ++#ifndef WIN32 + /* Now set up the remote end for a polite closing */ + + /* Request a low-water mark equal to the entire +@@ -963,7 +1139,7 @@ void handleCloseFromLocal(int i) + tells us for sure that we can close the socket. */ + arg = 1024; + setsockopt(reFds[i], SOL_SOCKET, SO_SNDLOWAT, +- &arg, sizeof(arg)); ++ &arg, sizeof(arg)); + #endif /* WIN32 */ + #endif /* LINUX */ + coLog[i] = logLocalClosedFirst; +@@ -980,7 +1156,7 @@ void handleCloseFromRemote(int i) + closesocket(reFds[i]); + reClosed[i] = 1; + if (!loClosed[i]) { +-#ifndef LINUX ++#ifndef LINUX + #ifndef WIN32 + /* Now set up the local end for a polite closing */ + +@@ -989,7 +1165,7 @@ void handleCloseFromRemote(int i) + tells us for sure that we can close the socket. */ + arg = 1024; + setsockopt(loFds[i], SOL_SOCKET, SO_SNDLOWAT, +- &arg, sizeof(arg)); ++ &arg, sizeof(arg)); + #endif /* WIN32 */ + #endif /* LINUX */ + loClosed[i] = 0; +@@ -1016,17 +1192,17 @@ void handleAccept(int i) + log(-1, i, logAcceptFailed); + return; + } +-#ifndef WIN32 ++#ifndef WIN32 + if (nfd > maxfd) { + maxfd = nfd; + } +-#endif /* WIN32 */ ++#endif /* WIN32 */ + j = 1; +- ioctlsocket(nfd, FIONBIO, &j); ++ ioctlsocket(nfd, FIONBIO, &j); + j = 0; +-#ifndef WIN32 ++#ifndef WIN32 + setsockopt(nfd, SOL_SOCKET, SO_LINGER, &j, sizeof(j)); +-#endif ++#endif + for (j = 0; (j < coTotal); j++) { + if (coClosed[j]) { + index = j; +@@ -1190,6 +1366,9 @@ void handleAccept(int i) + for (j = 0; (j < globalDenyRules); j++) { + if (match(addressText, denyRules[j])) { + refuse(index, logDenied); ++/* kus@suse.de at 25.08.1999 */ ++ return; ++/* End kus@suse.de at 25.08.1999 */ + } + } + } +@@ -1217,6 +1396,9 @@ void handleAccept(int i) + if (match(addressText, + denyRules[seDenyRules[i] + j])) { + refuse(index, logDenied); ++/* kus@suse.de at 25.08.1999 */ ++ return; ++/* End kus@suse.de at 25.08.1999 */ + } + } + } +@@ -1224,6 +1406,7 @@ void handleAccept(int i) + This, too, is nonblocking. Why wait + for anything when you don't have to? */ + openLocalFd(i, index); ++ log(i, coSe[i], logStarted); + return; + shortage: + fprintf(stderr, "rinetd: not enough memory to " +@@ -1245,15 +1428,15 @@ void openLocalFd(int se, int i) + log(i, coSe[i], logLocalSocketFailed); + return; + } +-#ifndef WIN32 ++#ifndef WIN32 + if (loFds[i] > maxfd) { + maxfd = loFds[i]; + } +-#endif /* WIN32 */ ++#endif /* WIN32 */ + /* Bind the local socket */ + saddr.sin_family = AF_INET; + saddr.sin_port = INADDR_ANY; +- saddr.sin_addr.s_addr = 0; ++ memcpy(&saddr.sin_addr, &seLocalSAddrs[se], sizeof(struct in_addr)); + if (bind(loFds[i], (struct sockaddr *) &saddr, sizeof(saddr)) == SOCKET_ERROR) { + closesocket(loFds[i]); + closesocket(reFds[i]); +@@ -1267,7 +1450,7 @@ void openLocalFd(int se, int i) + saddr.sin_family = AF_INET; + memcpy(&saddr.sin_addr, &seLocalAddrs[se], sizeof(struct in_addr)); + saddr.sin_port = seLocalPorts[se]; +-#ifndef WIN32 ++#ifndef WIN32 + #ifdef LINUX + j = 0; + setsockopt(loFds[i], SOL_SOCKET, SO_LINGER, &j, sizeof(j)); +@@ -1275,14 +1458,14 @@ void openLocalFd(int se, int i) + j = 1024; + setsockopt(loFds[i], SOL_SOCKET, SO_SNDBUF, &j, sizeof(j)); + #endif /* LINUX */ +-#endif /* WIN32 */ +- j = 1; +- ioctlsocket(loFds[i], FIONBIO, &j); ++#endif /* WIN32 */ ++ j = 1; ++ ioctlsocket(loFds[i], FIONBIO, &j); + if (connect(loFds[i], (struct sockaddr *)&saddr, + sizeof(struct sockaddr_in)) == INVALID_SOCKET) + { +- if ((GetLastError() != WSAEINPROGRESS) && +- (GetLastError() != WSAEWOULDBLOCK)) ++ if ((GetLastError() != WSAEINPROGRESS) && ++ (GetLastError() != WSAEWOULDBLOCK)) + { + PERROR("rinetd: connect"); + closesocket(loFds[i]); +@@ -1323,11 +1506,14 @@ int getAddress(char *host, struct in_add + return 1; + } + } +- ++ + #ifndef WIN32 + void plumber(int s) + { + /* Just reinstall */ ++#ifdef SYSLOG ++ simplelog("SIGPIPE"); ++#endif + signal(SIGPIPE, plumber); + } + +@@ -1338,7 +1524,7 @@ void hup(int s) + /* And reinstall the signal handler */ + signal(SIGHUP, hup); + } +-#endif /* WIN32 */ ++#endif /* WIN32 */ + + int safeRealloc(void **data, int oldsize, int newsize) + { +@@ -1380,6 +1566,18 @@ void RegisterPID(void) + unsigned char nullAddress[4] = { 0, 0, 0, 0 }; + + struct tm *get_gmtoff(int *tz); ++/* Funktion for some extra logging info ++ kus@suse.de at 25.08.1999 ++*/ ++ ++void simplelog(char *message) ++{ ++ char *facility = syslogFacility?syslogFacility:syslogFacility_default; ++ openlog("",LOG_PID,decode(facility, facilitynames)); ++ syslog(syslogpriority,"%s\n",message); ++ closelog(); ++} ++/* kus@suse.de at 25.08.1999 */ + + void log(int i, int coSe, int result) + { +@@ -1412,7 +1610,7 @@ void log(int i, int coSe, int result) + bytesInput = 0; + } + if (logFile) { +- if (logFormatCommon) { ++ if (logFormatCommon == 1) { + /* Fake a common log format log file in a way that + most web analyzers can do something interesting with. + We lie and say the protocol is HTTP because we don't +@@ -1425,9 +1623,14 @@ void log(int i, int coSe, int result) + after several placeholders meant to fill the + positions frequently occupied by user agent, + referrer, and server name information. */ +- fprintf(logFile, "%d.%d.%d.%d - - " ++ fprintf(logFile, seFromSHosts[coSe] ? ++ "%d.%d.%d.%d - - " ++ "[%s %c%.2d%.2d] " ++ "\"GET /rinetd-services/%s[%s]/%d/%s/%d/%s HTTP/1.0\" " ++ "200 %d - - - %d\n" : ++ "%d.%d.%d.%d - - " + "[%s %c%.2d%.2d] " +- "\"GET /rinetd-services/%s/%d/%s/%d/%s HTTP/1.0\" " ++ "\"GET /rinetd-services/%s%.0s/%d/%s/%d/%s HTTP/1.0\" " + "200 %d - - - %d\n", + reAddress[0], + reAddress[1], +@@ -1437,7 +1640,8 @@ void log(int i, int coSe, int result) + sign, + timz / 60, + timz % 60, +- seFromHosts[coSe], seFromPorts[coSe], ++ seFromHosts[coSe], seFromSHosts[coSe], ++ seFromPorts[coSe], + seToHosts[coSe], seToPorts[coSe], + logMessages[result], + bytesOutput, +@@ -1445,19 +1649,39 @@ void log(int i, int coSe, int result) + } else { + /* Write an rinetd-specific log entry with a + less goofy format. */ +- fprintf(logFile, "%s\t%d.%d.%d.%d\t%s\t%d\t%s\t%d\t%d" +- "\t%d\t%s\n", +- tstr, ++ fprintf(logFile, seFromSHosts[coSe] ? ++ "%s\t%d.%d.%d.%d\t%s[%s]\t%d\t%s\t%d\t%d" ++ "\t%d\t%s\n" : ++ "%s\t%d.%d.%d.%d\t%s%.0s\t%d\t%s\t%d\t%d" ++ "\t%d\t%s\n", ++ tstr, + reAddress[0], + reAddress[1], + reAddress[2], + reAddress[3], +- seFromHosts[coSe], seFromPorts[coSe], ++ seFromHosts[coSe], seFromSHosts[coSe], ++ seFromPorts[coSe], + seToHosts[coSe], seToPorts[coSe], + bytesInput, + bytesOutput, + logMessages[result]); + } ++/* kus@suse.de at 25.08.1999 */ ++#ifdef SYSLOG ++ } else if (logFormatCommon == 2) { ++ /* kus@suse.de at 24.08.1999 */ ++ syslog(syslogpriority,"%d.%d.%d.%d %s:%d %s:%d in:%d out:%d %s", ++ reAddress[0], ++ reAddress[1], ++ reAddress[2], ++ reAddress[3], ++ seFromHosts[coSe], seFromPorts[coSe], ++ seToHosts[coSe], seToPorts[coSe], ++ bytesInput, ++ bytesOutput, ++ logMessages[result]); ++#endif ++/* End kus@suse.de at 25.08.1999 */ + } + } + +@@ -1508,7 +1732,7 @@ int readArgs (int argc, + default: + exit (1); + } +- } ++ } + return 0; + } + +@@ -1557,6 +1781,9 @@ void refuse(int index, int logCode) + void term(int s) + { + /* Obey the request, but first flush the log */ ++#ifdef SYSLOG ++ simplelog("TERM"); ++#endif + if (logFile) { + fclose(logFile); + } diff --git a/rinetd.service b/rinetd.service new file mode 100644 index 0000000000000000000000000000000000000000..e62362eb42aebf4c70f0ad550b09d61372aaf513 --- /dev/null +++ b/rinetd.service @@ -0,0 +1,11 @@ +[Unit] +Description=ritned daemon + +[Service] +Type=forking +PIDFile=/var/run/rinetd.pid +ExecStart=/usr/sbin/rinetd +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/rinetd.spec b/rinetd.spec new file mode 100644 index 0000000000000000000000000000000000000000..bcac783aef80ed750d9cbe32bb6f6b846acea0cf --- /dev/null +++ b/rinetd.spec @@ -0,0 +1,88 @@ +%define with_systemd 1 +Name: rinetd +Version: 0.62 +Release: 1 +Summary: TCP Redirection Server +License: GPL-2.0-or-later +URL: http://www.boutell.com/rinetd/ +Source0: %{name}-%{version}.tar.bz2 +Source1: rc.rinetd +Source2: logrotate.rinetd +Source3: rinetd.service +Patch0: rinetd-doc.patch +Patch1: rinetd-syslog.patch +Patch2: rinetd-conf.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if %{with_systemd} +BuildRequires: pkgconfig(systemd) +%{?systemd_ordering} +%else +PreReq: %fillup_prereq %insserv_prereq +%endif +%description +rinetd redirects TCP connections from one IP address and port to +another address and port. rinetd is a single-process server which +handles any number of connections to the address or port pairs +specified in the file /etc/rinetd.conf. Because rinetd runs as a single +process using nonblocking I/O, it is able to redirect a large number of +connections without a severe impact on the machine. This makes it +practical to run TCP services on machines inside an IP masquerading +firewall. +Note: rinetd can not redirect FTP because FTP requires more than one +socket. + +%prep +%autosetup + +%build +make CFLAGS="$CFLAGS $RPM_OPT_FLAGS -DLINUX -fno-strict-aliasing" + +%install +mkdir -p %{buildroot}/%_mandir/man8 +mkdir -p %{buildroot}/%{_sbindir} +%if %{with_systemd} +mkdir -p %{buildroot}%{_unitdir} +install -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}.service +ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name} +%else +mkdir -p %{buildroot}/etc/init.d +install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/init.d/rinetd +ln -s ../../etc/init.d/rinetd $RPM_BUILD_ROOT/usr/sbin/rcrinetd +%endif +mkdir -p %{buildroot}/etc/logrotate.d +touch $RPM_BUILD_ROOT/etc/rinetd.conf +install -m 700 rinetd %{buildroot}/usr/sbin +install -m 644 rinetd.8 %{buildroot}%_mandir/man8 +install -m 644 %SOURCE2 %{buildroot}/etc/logrotate.d/rinetd + +%post +%if %{with_systemd} +%service_add_post %{name}.service +%else +%{fillup_and_insserv rinetd} +%endif + +%postun +%if %{with_systemd} +%service_del_postun %{name}.service +%else +%{insserv_cleanup} +%endif + +%files +%defattr(-, root, root) +%doc CHANGES README index.html rinetd.conf.sample +%config(missingok,noreplace) %ghost /etc/rinetd.conf +%config(noreplace) /etc/logrotate.d/rinetd +%if %{with_systemd} +%{_unitdir}/%{name}.service +%else +%config /etc/init.d/rinetd +%endif +%_mandir/man8/rinetd.8.gz +/usr/sbin/rcrinetd +/usr/sbin/rinetd + +%changelog +* Fri May 7 2021 baizhonggui - 0.62-1 +- package init