Resync with official IPF
This commit is contained in:
parent
5b3c5dc17f
commit
b69124b84c
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: fil.c,v 1.57 2002/09/19 08:09:10 martti Exp $ */
|
||||
/* $NetBSD: fil.c,v 1.58 2002/09/19 08:12:43 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2001 by Darren Reed.
|
||||
|
@ -100,7 +100,7 @@
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.57 2002/09/19 08:09:10 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.58 2002/09/19 08:12:43 martti Exp $");
|
||||
#else
|
||||
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp";
|
||||
|
@ -152,9 +152,6 @@ static int frflushlist __P((int, minor_t, int *, frentry_t **));
|
|||
#ifdef _KERNEL
|
||||
static void frsynclist __P((frentry_t *));
|
||||
#endif
|
||||
#ifndef _KERNEL
|
||||
int mbuflen(mb_t *);
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
|
@ -616,7 +613,7 @@ void *m;
|
|||
#endif
|
||||
|
||||
FR_VERBOSE(("%c", fr->fr_skip ? 's' :
|
||||
(pass & FR_PASS) ? 'p' :
|
||||
(pass & FR_PASS) ? 'p' :
|
||||
(pass & FR_AUTH) ? 'a' :
|
||||
(pass & FR_ACCOUNT) ? 'A' :
|
||||
(pass & FR_NOMATCH) ? 'n' : 'b'));
|
||||
|
@ -928,7 +925,7 @@ int out;
|
|||
fin->fin_qif = qif;
|
||||
# endif
|
||||
#endif /* _KERNEL */
|
||||
|
||||
|
||||
changed = 0;
|
||||
fin->fin_ifp = ifp;
|
||||
fin->fin_v = v;
|
||||
|
@ -1676,10 +1673,10 @@ minor_t which;
|
|||
int set;
|
||||
{
|
||||
frgroup_t *fg, **fgp;
|
||||
|
||||
|
||||
if (!(fg = fr_findgroup(num, flags, which, set, &fgp)))
|
||||
return;
|
||||
|
||||
|
||||
*fgp = fg->fg_next;
|
||||
KFREE(fg);
|
||||
}
|
||||
|
@ -1711,7 +1708,7 @@ frentry_t **listp;
|
|||
|
||||
ATOMIC_DEC32(fp->fr_ref);
|
||||
if (fp->fr_grhead) {
|
||||
fr_delgroup(fp->fr_grhead, fp->fr_flags,
|
||||
fr_delgroup(fp->fr_grhead, fp->fr_flags,
|
||||
unit, set);
|
||||
fp->fr_grhead = 0;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_auth.c,v 1.29 2002/09/19 08:09:11 martti Exp $ */
|
||||
/* $NetBSD: ip_auth.c,v 1.30 2002/09/19 08:12:45 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1998-2001 by Darren Reed & Guido van Rooij.
|
||||
|
@ -108,7 +108,7 @@ extern struct ifqueue ipintrq; /* ip packet input queue */
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_auth.c,v 1.29 2002/09/19 08:09:11 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_auth.c,v 1.30 2002/09/19 08:12:45 martti Exp $");
|
||||
#else
|
||||
static const char rcsid[] = "@(#)Id: ip_auth.c,v 2.11.2.20 2002/06/04 14:40:42 darrenr Exp";
|
||||
#endif
|
||||
|
@ -503,7 +503,7 @@ fr_authioctlloop:
|
|||
/*
|
||||
* If we experience an error which will result in the packet
|
||||
* not being processed, make sure we advance to the next one.
|
||||
*/
|
||||
*/
|
||||
if (error == ENOBUFS) {
|
||||
fr_authused--;
|
||||
fra->fra_index = -1;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_compat.h,v 1.30 2002/09/19 08:09:11 martti Exp $ */
|
||||
/* $NetBSD: ip_compat.h,v 1.31 2002/09/19 08:12:46 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2001 by Darren Reed.
|
||||
|
@ -258,8 +258,8 @@ typedef u_int32_t u_32_t;
|
|||
# include "opt_inet6.h"
|
||||
# endif
|
||||
# ifdef INET6
|
||||
# define USE_INET6
|
||||
# endif
|
||||
# define USE_INET6
|
||||
# endif
|
||||
# endif
|
||||
# if !defined(_KERNEL) && !defined(IPFILTER_LKM) && !defined(USE_INET6)
|
||||
# if (defined(__FreeBSD_version) && (__FreeBSD_version >= 400000)) || \
|
||||
|
@ -1087,7 +1087,7 @@ typedef struct uio {
|
|||
# define SPL_X(x)
|
||||
# define SPL_NET(x)
|
||||
# define SPL_IMP(x)
|
||||
|
||||
|
||||
# define bcmp(a,b,c) memcmp(a,b,c)
|
||||
# define bcopy(a,b,c) memcpy(b,a,c)
|
||||
# define bzero(a,c) memset(a,0,c)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_fil.c,v 1.85 2002/09/19 08:09:12 martti Exp $ */
|
||||
/* $NetBSD: ip_fil.c,v 1.86 2002/09/19 08:12:47 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2001 by Darren Reed.
|
||||
|
@ -123,7 +123,7 @@ extern int ip_optcopy __P((struct ip *, struct ip *));
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_fil.c,v 1.85 2002/09/19 08:09:12 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_fil.c,v 1.86 2002/09/19 08:12:47 martti Exp $");
|
||||
#else
|
||||
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.42.2.60 2002/08/28 12:40:39 darrenr Exp";
|
||||
|
@ -199,6 +199,15 @@ struct timeout ipfr_slowtimer_ch;
|
|||
toid_t ipfr_slowtimer_ch;
|
||||
#endif
|
||||
|
||||
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000) && \
|
||||
defined(_KERNEL)
|
||||
#include <sys/conf.h>
|
||||
const struct cdevsw ipl_cdevsw = {
|
||||
iplopen, iplclose, iplread, nowrite, iplioctl,
|
||||
nostop, notty, nopoll, nommap,
|
||||
};
|
||||
#endif
|
||||
|
||||
#if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
|
||||
# include <sys/device.h>
|
||||
# include <sys/conf.h>
|
||||
|
@ -291,7 +300,7 @@ struct mbuf **mp;
|
|||
struct ifnet *ifp;
|
||||
int dir;
|
||||
{
|
||||
|
||||
|
||||
return (fr_check(mtod(*mp, struct ip *), sizeof(struct ip6_hdr),
|
||||
ifp, (dir == PFIL_OUT), mp));
|
||||
}
|
||||
|
@ -1834,7 +1843,7 @@ sendorfree:
|
|||
else
|
||||
m_freem(m);
|
||||
}
|
||||
}
|
||||
}
|
||||
done:
|
||||
if (!error)
|
||||
ipl_frouteok[0]++;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_fil.h,v 1.46 2002/09/19 08:09:13 martti Exp $ */
|
||||
/* $NetBSD: ip_fil.h,v 1.47 2002/09/19 08:12:48 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2002 by Darren Reed.
|
||||
|
@ -416,7 +416,8 @@ typedef struct frgroup {
|
|||
typedef struct iplog {
|
||||
u_32_t ipl_magic;
|
||||
u_int ipl_count;
|
||||
struct timeval ipl_time;
|
||||
u_long ipl_sec;
|
||||
u_long ipl_usec;
|
||||
size_t ipl_dsize;
|
||||
struct iplog *ipl_next;
|
||||
} iplog_t;
|
||||
|
@ -643,7 +644,7 @@ extern int fr_minttllog;
|
|||
extern fr_info_t frcache[2];
|
||||
extern char ipfilter_version[];
|
||||
extern iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1];
|
||||
extern u_32_t iplused[IPL_LOGMAX + 1];
|
||||
extern size_t iplused[IPL_LOGMAX + 1];
|
||||
extern struct frentry *ipfilter[2][2], *ipacct[2][2];
|
||||
#ifdef USE_INET6
|
||||
extern struct frentry *ipfilter6[2][2], *ipacct6[2][2];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_frag.c,v 1.33 2002/09/19 08:09:14 martti Exp $ */
|
||||
/* $NetBSD: ip_frag.c,v 1.34 2002/09/19 08:12:49 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2001 by Darren Reed.
|
||||
|
@ -93,7 +93,7 @@ extern struct timeout ipfr_slowtimer_ch;
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.33 2002/09/19 08:09:14 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.34 2002/09/19 08:12:49 martti Exp $");
|
||||
#else
|
||||
static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_frag.c,v 2.10.2.24 2002/08/28 12:41:04 darrenr Exp";
|
||||
|
@ -216,7 +216,7 @@ ipfr_t *table[];
|
|||
/*
|
||||
* Compute the offset of the expected start of the next packet.
|
||||
*/
|
||||
off = ntohs(ip->ip_off) & IP_OFFMASK;
|
||||
off = ip->ip_off & IP_OFFMASK;
|
||||
if (!off)
|
||||
fra->ipfr_seen0 = 1;
|
||||
fra->ipfr_off = off + (fin->fin_dlen >> 3);
|
||||
|
@ -284,7 +284,7 @@ ipfr_t *table[];
|
|||
{
|
||||
ipfr_t *f, frag;
|
||||
u_int idx;
|
||||
|
||||
|
||||
/*
|
||||
* For fragments, we record protocol, packet id, TOS and both IP#'s
|
||||
* (these should all be the same for all fragments of a packet).
|
||||
|
@ -348,7 +348,7 @@ ipfr_t *table[];
|
|||
* last (in order), shrink expiration time.
|
||||
*/
|
||||
if (off == f->ipfr_off) {
|
||||
if (!(ip->ip_off & htons(IP_MF)))
|
||||
if (!(ip->ip_off & IP_MF))
|
||||
f->ipfr_ttl = 1;
|
||||
else
|
||||
f->ipfr_off = atoff;
|
||||
|
@ -586,7 +586,7 @@ void ipfr_slowtimer()
|
|||
#if defined(_KERNEL) && SOLARIS
|
||||
extern int fr_running;
|
||||
|
||||
if (fr_running <= 0)
|
||||
if (fr_running <= 0)
|
||||
return;
|
||||
READ_ENTER(&ipf_solaris);
|
||||
#endif
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* $NetBSD: ip_ftp_pxy.c,v 1.25 2002/09/19 08:09:15 martti Exp $ */
|
||||
/* $NetBSD: ip_ftp_pxy.c,v 1.26 2002/09/19 08:12:50 martti Exp $ */
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_ftp_pxy.c,v 1.25 2002/09/19 08:09:15 martti Exp $");
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_ftp_pxy.c,v 1.26 2002/09/19 08:12:50 martti Exp $");
|
||||
|
||||
/*
|
||||
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
|
||||
|
@ -44,10 +44,6 @@ extern kmutex_t ipf_rw;
|
|||
#define FTPXY_PASS_2 14
|
||||
#define FTPXY_PAOK_2 15
|
||||
|
||||
#ifndef _KERNEL
|
||||
extern int mbuflen(mb_t *);
|
||||
#endif
|
||||
|
||||
int ippr_ftp_client __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
|
||||
int ippr_ftp_complete __P((char *, size_t));
|
||||
int ippr_ftp_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/* $NetBSD: ip_h323_pxy.c,v 1.5 2002/09/19 08:09:16 martti Exp $ */
|
||||
/* $NetBSD: ip_h323_pxy.c,v 1.6 2002/09/19 08:12:51 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2001, QNX Software Systems Ltd. All Rights Reserved
|
||||
*
|
||||
*
|
||||
* This source code has been published by QNX Software Systems Ltd. (QSSL).
|
||||
* However, any use, reproduction, modification, distribution or transfer of
|
||||
* this software, or any software which includes or is based upon any of this
|
||||
|
@ -16,7 +16,7 @@
|
|||
|
||||
/*
|
||||
* Simple H.323 proxy
|
||||
*
|
||||
*
|
||||
* by xtang@canada.com
|
||||
* ported to ipfilter 3.4.20 by Michael Grant mg-ipf@grant.org
|
||||
*/
|
||||
|
@ -28,7 +28,7 @@
|
|||
# include <sys/ioctl.h>
|
||||
#endif
|
||||
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_h323_pxy.c,v 1.5 2002/09/19 08:09:16 martti Exp $");
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_h323_pxy.c,v 1.6 2002/09/19 08:12:51 martti Exp $");
|
||||
|
||||
#define IPF_H323_PROXY
|
||||
|
||||
|
@ -63,7 +63,7 @@ unsigned short *port;
|
|||
|
||||
if (datlen < 6)
|
||||
return -1;
|
||||
|
||||
|
||||
*port = 0;
|
||||
offset = *off;
|
||||
dp = (u_char *)data;
|
||||
|
@ -78,7 +78,7 @@ unsigned short *port;
|
|||
}
|
||||
}
|
||||
*off = offset;
|
||||
return (offset > datlen - 6) ? -1 : 0;
|
||||
return (offset > datlen - 6) ? -1 : 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -112,13 +112,13 @@ ap_session_t *aps;
|
|||
{
|
||||
int i;
|
||||
ipnat_t *ipn;
|
||||
|
||||
|
||||
if (aps->aps_data) {
|
||||
for (i = 0, ipn = aps->aps_data;
|
||||
i < (aps->aps_psiz / sizeof(ipnat_t));
|
||||
i < (aps->aps_psiz / sizeof(ipnat_t));
|
||||
i++, ipn = (ipnat_t *)((char *)ipn + sizeof(*ipn)))
|
||||
{
|
||||
/*
|
||||
/*
|
||||
* Check the comment in ippr_h323_in() function,
|
||||
* just above nat_ioctl() call.
|
||||
* We are lucky here because this function is not
|
||||
|
@ -158,10 +158,10 @@ nat_t *nat;
|
|||
unsigned short port;
|
||||
unsigned char *data;
|
||||
tcphdr_t *tcp;
|
||||
|
||||
|
||||
tcp = (tcphdr_t *)fin->fin_dp;
|
||||
ipaddr = ip->ip_src.s_addr;
|
||||
|
||||
|
||||
data = (unsigned char *)tcp + (tcp->th_off << 2);
|
||||
datlen = fin->fin_dlen - (tcp->th_off << 2);
|
||||
if (find_port(ipaddr, data, datlen, &off, &port) == 0) {
|
||||
|
@ -179,17 +179,17 @@ nat_t *nat;
|
|||
ipn = (ipnat_t *)&newarray[aps->aps_psiz];
|
||||
bcopy(nat->nat_ptr, ipn, sizeof(ipnat_t));
|
||||
strncpy(ipn->in_plabel, "h245", APR_LABELLEN);
|
||||
|
||||
|
||||
ipn->in_inip = nat->nat_inip.s_addr;
|
||||
ipn->in_inmsk = 0xffffffff;
|
||||
ipn->in_dport = htons(port);
|
||||
/*
|
||||
/*
|
||||
* we got a problem here. we need to call nat_ioctl() to add
|
||||
* the h245 proxy rule, but since we already hold (READ locked)
|
||||
* the nat table rwlock (ipf_nat), if we go into nat_ioctl(),
|
||||
* it will try to WRITE lock it. This will causing dead lock
|
||||
* on RTP.
|
||||
*
|
||||
*
|
||||
* The quick & dirty solution here is release the read lock,
|
||||
* call nat_ioctl() and re-lock it.
|
||||
* A (maybe better) solution is do a UPGRADE(), and instead
|
||||
|
@ -241,7 +241,7 @@ nat_t *nat;
|
|||
u_short port;
|
||||
unsigned char *data;
|
||||
tcphdr_t *tcp;
|
||||
|
||||
|
||||
tcp = (tcphdr_t *)fin->fin_dp;
|
||||
ipaddr = nat->nat_inip.s_addr;
|
||||
data = (unsigned char *)tcp + (tcp->th_off << 2);
|
||||
|
@ -256,21 +256,21 @@ nat_t *nat;
|
|||
if (ipn == NULL) {
|
||||
struct ip newip;
|
||||
struct udphdr udp;
|
||||
|
||||
|
||||
bcopy(ip, &newip, sizeof(newip));
|
||||
newip.ip_len = fin->fin_hlen + sizeof(udp);
|
||||
newip.ip_p = IPPROTO_UDP;
|
||||
newip.ip_src = nat->nat_inip;
|
||||
|
||||
|
||||
bzero(&udp, sizeof(udp));
|
||||
udp.uh_sport = port;
|
||||
|
||||
|
||||
bcopy(fin, &fi, sizeof(fi));
|
||||
fi.fin_fi.fi_p = IPPROTO_UDP;
|
||||
fi.fin_data[0] = port;
|
||||
fi.fin_data[1] = 0;
|
||||
fi.fin_dp = (char *)&udp;
|
||||
|
||||
|
||||
ipn = nat_new(&fi, &newip, nat->nat_ptr, NULL,
|
||||
IPN_UDP|FI_W_DPORT, NAT_OUTBOUND);
|
||||
if (ipn != NULL) {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_log.c,v 1.21 2002/07/01 13:55:35 christos Exp $ */
|
||||
/* $NetBSD: ip_log.c,v 1.22 2002/09/19 08:12:51 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1997-2001 by Darren Reed.
|
||||
|
@ -9,7 +9,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_log.c,v 1.21 2002/07/01 13:55:35 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_log.c,v 1.22 2002/09/19 08:12:51 martti Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#if defined(KERNEL) && !defined(_KERNEL)
|
||||
|
@ -133,7 +133,7 @@ extern kcondvar_t iplwait;
|
|||
# endif
|
||||
|
||||
iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1], *ipll[IPL_LOGMAX+1];
|
||||
u_32_t iplused[IPL_LOGMAX+1];
|
||||
size_t iplused[IPL_LOGMAX+1];
|
||||
static fr_info_t iplcrc[IPL_LOGMAX+1];
|
||||
|
||||
|
||||
|
@ -195,7 +195,7 @@ mb_t *m;
|
|||
struct icmp *icmp;
|
||||
|
||||
icmp = (struct icmp *)fin->fin_dp;
|
||||
|
||||
|
||||
/*
|
||||
* For ICMP, if the packet is an error packet, also
|
||||
* include the information about the packet which
|
||||
|
@ -288,7 +288,7 @@ int *types, cnt;
|
|||
iplog_t *ipl;
|
||||
size_t len;
|
||||
int i;
|
||||
|
||||
|
||||
/*
|
||||
* Check to see if this log record has a CRC which matches the last
|
||||
* record logged. If it does, just up the count on the previous one
|
||||
|
@ -340,15 +340,15 @@ int *types, cnt;
|
|||
ipl->ipl_dsize = len;
|
||||
# ifdef _KERNEL
|
||||
# if SOLARIS || defined(sun)
|
||||
uniqtime(&ipl->ipl_time);
|
||||
uniqtime((struct timeval *)&ipl->ipl_sec);
|
||||
# else
|
||||
# if BSD >= 199306 || defined(__FreeBSD__) || defined(__sgi)
|
||||
microtime(&ipl->ipl_time);
|
||||
microtime((struct timeval *)&ipl->ipl_sec);
|
||||
# endif
|
||||
# endif
|
||||
# else
|
||||
ipl->ipl_time.tv_sec = 0;
|
||||
ipl->ipl_time.tv_usec = 0;
|
||||
ipl->ipl_sec = 0;
|
||||
ipl->ipl_usec = 0;
|
||||
# endif
|
||||
|
||||
/*
|
||||
|
@ -403,7 +403,7 @@ struct uio *uio;
|
|||
return 0;
|
||||
if (uio->uio_resid < IPLOG_SIZE)
|
||||
return EINVAL;
|
||||
|
||||
|
||||
/*
|
||||
* Lock the log so we can snapshot the variables. Wait for a signal
|
||||
* if the log is empty.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_nat.c,v 1.52 2002/09/19 08:09:16 martti Exp $ */
|
||||
/* $NetBSD: ip_nat.c,v 1.53 2002/09/19 08:12:52 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995-2001 by Darren Reed.
|
||||
|
@ -112,7 +112,7 @@ extern struct ifnet vpnif;
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.52 2002/09/19 08:09:16 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.53 2002/09/19 08:12:52 martti Exp $");
|
||||
#else
|
||||
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.70 2002/08/28 12:45:48 darrenr Exp";
|
||||
|
@ -157,6 +157,7 @@ static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr,
|
|||
static void nat_hostmapdel __P((struct hostmap *));
|
||||
static void tcp_mss_clamp __P((tcphdr_t *, uint32_t, fr_info_t *, u_short *));
|
||||
|
||||
|
||||
int nat_init()
|
||||
{
|
||||
KMALLOCS(nat_table[0], nat_t **, sizeof(nat_t *) * ipf_nattable_sz);
|
||||
|
@ -370,13 +371,13 @@ u_32_t n;
|
|||
* fix_datacksum is used *only* for the adjustments of checksums in the data
|
||||
* section of an IP packet.
|
||||
*
|
||||
* The only situation in which you need to do this is when NAT'ing an
|
||||
* The only situation in which you need to do this is when NAT'ing an
|
||||
* ICMP error message. Such a message, contains in its body the IP header
|
||||
* of the original IP packet, that causes the error.
|
||||
*
|
||||
* You can't use fix_incksum or fix_outcksum in that case, because for the
|
||||
* kernel the data section of the ICMP error is just data, and no special
|
||||
* processing like hardware cksum or ntohs processing have been done by the
|
||||
* kernel the data section of the ICMP error is just data, and no special
|
||||
* processing like hardware cksum or ntohs processing have been done by the
|
||||
* kernel on the data section.
|
||||
*/
|
||||
void fix_datacksum(sp, n)
|
||||
|
@ -1802,14 +1803,14 @@ int dir;
|
|||
* Fix IP checksum of the offending IP packet to adjust for
|
||||
* the change in the IP address.
|
||||
*
|
||||
* Normally, you would expect that the ICMP checksum of the
|
||||
* Normally, you would expect that the ICMP checksum of the
|
||||
* ICMP error message needs to be adjusted as well for the
|
||||
* IP address change in oip.
|
||||
* However, this is a NOP, because the ICMP checksum is
|
||||
* However, this is a NOP, because the ICMP checksum is
|
||||
* calculated over the complete ICMP packet, which includes the
|
||||
* changed oip IP addresses and oip->ip_sum. However, these
|
||||
* changed oip IP addresses and oip->ip_sum. However, these
|
||||
* two changes cancel each other out (if the delta for
|
||||
* the IP address is x, then the delta for ip_sum is minus x),
|
||||
* the IP address is x, then the delta for ip_sum is minus x),
|
||||
* so no change in the icmp_cksum is necessary.
|
||||
*
|
||||
* Be careful that nat_dir refers to the direction of the
|
||||
|
@ -1823,7 +1824,7 @@ int dir;
|
|||
*/
|
||||
if (oip->ip_p == IPPROTO_UDP && udp->uh_sum) {
|
||||
/*
|
||||
* The UDP checksum is optional, only adjust it
|
||||
* The UDP checksum is optional, only adjust it
|
||||
* if it has been set.
|
||||
*/
|
||||
sum1 = ntohs(udp->uh_sum);
|
||||
|
@ -1831,7 +1832,7 @@ int dir;
|
|||
sum2 = ntohs(udp->uh_sum);
|
||||
|
||||
/*
|
||||
* Fix ICMP checksum to compensate the UDP
|
||||
* Fix ICMP checksum to compensate the UDP
|
||||
* checksum adjustment.
|
||||
*/
|
||||
CALC_SUMD(sum1, sum2, sumd);
|
||||
|
@ -1839,19 +1840,19 @@ int dir;
|
|||
}
|
||||
|
||||
/*
|
||||
* Fix TCP pseudo header checksum to compensate for the
|
||||
* Fix TCP pseudo header checksum to compensate for the
|
||||
* IP address change. Before we can do the change, we
|
||||
* must make sure that oip is sufficient large to hold
|
||||
* the TCP checksum (normally it does not!).
|
||||
*/
|
||||
if (oip->ip_p == IPPROTO_TCP && dlen >= 18) {
|
||||
|
||||
|
||||
sum1 = ntohs(tcp->th_sum);
|
||||
fix_datacksum(&tcp->th_sum, sumd);
|
||||
sum2 = ntohs(tcp->th_sum);
|
||||
|
||||
/*
|
||||
* Fix ICMP checksum to compensate the TCP
|
||||
* Fix ICMP checksum to compensate the TCP
|
||||
* checksum adjustment.
|
||||
*/
|
||||
CALC_SUMD(sum1, sum2, sumd);
|
||||
|
@ -1863,14 +1864,14 @@ int dir;
|
|||
* Fix IP checksum of the offending IP packet to adjust for
|
||||
* the change in the IP address.
|
||||
*
|
||||
* Normally, you would expect that the ICMP checksum of the
|
||||
* Normally, you would expect that the ICMP checksum of the
|
||||
* ICMP error message needs to be adjusted as well for the
|
||||
* IP address change in oip.
|
||||
* However, this is a NOP, because the ICMP checksum is
|
||||
* However, this is a NOP, because the ICMP checksum is
|
||||
* calculated over the complete ICMP packet, which includes the
|
||||
* changed oip IP addresses and oip->ip_sum. However, these
|
||||
* changed oip IP addresses and oip->ip_sum. However, these
|
||||
* two changes cancel each other out (if the delta for
|
||||
* the IP address is x, then the delta for ip_sum is minus x),
|
||||
* the IP address is x, then the delta for ip_sum is minus x),
|
||||
* so no change in the icmp_cksum is necessary.
|
||||
*
|
||||
* Be careful that nat_dir refers to the direction of the
|
||||
|
@ -1879,7 +1880,7 @@ int dir;
|
|||
fix_datacksum(&oip->ip_sum, sumd);
|
||||
|
||||
/* XXX FV : without having looked at Solaris source code, it seems unlikely
|
||||
* that SOLARIS would compensate this in the kernel (a body of an IP packet
|
||||
* that SOLARIS would compensate this in the kernel (a body of an IP packet
|
||||
* in the data section of an ICMP packet). I have the feeling that this should
|
||||
* be unconditional, but I'm not in a position to check.
|
||||
*/
|
||||
|
@ -1890,29 +1891,29 @@ int dir;
|
|||
*/
|
||||
if (oip->ip_p == IPPROTO_UDP && udp->uh_sum) {
|
||||
/*
|
||||
* The UDP checksum is optional, only adjust it
|
||||
* if it has been set
|
||||
* The UDP checksum is optional, only adjust it
|
||||
* if it has been set
|
||||
*/
|
||||
sum1 = ntohs(udp->uh_sum);
|
||||
fix_datacksum(&udp->uh_sum, sumd);
|
||||
sum2 = ntohs(udp->uh_sum);
|
||||
|
||||
/*
|
||||
* Fix ICMP checksum to compensate the UDP
|
||||
* Fix ICMP checksum to compensate the UDP
|
||||
* checksum adjustment.
|
||||
*/
|
||||
CALC_SUMD(sum1, sum2, sumd);
|
||||
sumd2 = sumd;
|
||||
}
|
||||
|
||||
/*
|
||||
* Fix TCP pseudo header checksum to compensate for the
|
||||
|
||||
/*
|
||||
* Fix TCP pseudo header checksum to compensate for the
|
||||
* IP address change. Before we can do the change, we
|
||||
* must make sure that oip is sufficient large to hold
|
||||
* the TCP checksum (normally it does not!).
|
||||
*/
|
||||
if (oip->ip_p == IPPROTO_TCP && dlen >= 18) {
|
||||
|
||||
|
||||
sum1 = ntohs(tcp->th_sum);
|
||||
fix_datacksum(&tcp->th_sum, sumd);
|
||||
sum2 = ntohs(tcp->th_sum);
|
||||
|
@ -1928,12 +1929,6 @@ int dir;
|
|||
}
|
||||
|
||||
if ((flags & IPN_TCPUDP) != 0) {
|
||||
/*
|
||||
* XXX - what if this is bogus hl and we go off the end ?
|
||||
* In this case, nat_icmpinlookup() will have returned NULL.
|
||||
*/
|
||||
tcp = (tcphdr_t *)udp;
|
||||
|
||||
/*
|
||||
* Step 2 :
|
||||
* For offending TCP/UDP IP packets, translate the ports as
|
||||
|
@ -1982,8 +1977,8 @@ int dir;
|
|||
sum2 = ntohs(udp->uh_sum);
|
||||
|
||||
/*
|
||||
* Fix ICMP checksum to
|
||||
* compensate UDP checksum
|
||||
* Fix ICMP checksum to
|
||||
* compensate UDP checksum
|
||||
* adjustment.
|
||||
*/
|
||||
CALC_SUMD(sum1, sum2, sumd);
|
||||
|
@ -2003,8 +1998,8 @@ int dir;
|
|||
sum2 = ntohs(tcp->th_sum);
|
||||
|
||||
/*
|
||||
* Fix ICMP checksum to
|
||||
* compensate TCP checksum
|
||||
* Fix ICMP checksum to
|
||||
* compensate TCP checksum
|
||||
* adjustment.
|
||||
*/
|
||||
CALC_SUMD(sum1, sum2, sumd);
|
||||
|
@ -2809,7 +2804,6 @@ maskloop:
|
|||
*/
|
||||
if (nat->nat_age == fr_tcpclosed)
|
||||
nat->nat_age = fr_tcplastack;
|
||||
|
||||
MUTEX_EXIT(&nat->nat_lock);
|
||||
} else if (fin->fin_p == IPPROTO_UDP) {
|
||||
udphdr_t *udp = (udphdr_t *)tcp;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_netbios_pxy.c,v 1.3 2002/06/09 16:33:42 itojun Exp $ */
|
||||
/* $NetBSD: ip_netbios_pxy.c,v 1.4 2002/09/19 08:12:53 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Simple netbios-dgm transparent proxy for in-kernel use.
|
||||
|
@ -34,7 +34,7 @@
|
|||
* Id: ip_netbios_pxy.c,v 1.1.2.3 2002/01/09 09:28:37 darrenr Exp
|
||||
*/
|
||||
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_netbios_pxy.c,v 1.3 2002/06/09 16:33:42 itojun Exp $");
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_netbios_pxy.c,v 1.4 2002/09/19 08:12:53 martti Exp $");
|
||||
|
||||
#define IPF_NETBIOS_PROXY
|
||||
|
||||
|
@ -78,16 +78,16 @@ nat_t *nat;
|
|||
/*
|
||||
* no net bios datagram could possibly be shorter than this
|
||||
*/
|
||||
if (dlen < 11)
|
||||
if (dlen < 11)
|
||||
return 0;
|
||||
|
||||
udp = (udphdr_t *)fin->fin_dp;
|
||||
|
||||
/*
|
||||
/*
|
||||
* move past the
|
||||
* ip header;
|
||||
* udp header;
|
||||
* 4 bytes into the net bios dgm header.
|
||||
* 4 bytes into the net bios dgm header.
|
||||
* According to rfc1002, this should be the exact location of
|
||||
* the source address/port
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_proxy.c,v 1.35 2002/09/19 08:09:18 martti Exp $ */
|
||||
/* $NetBSD: ip_proxy.c,v 1.36 2002/09/19 08:12:54 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1997-2002 by Darren Reed.
|
||||
|
@ -17,8 +17,8 @@
|
|||
#include <sys/param.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/file.h>
|
||||
#if !defined(__FreeBSD_version)
|
||||
# include <sys/ioctl.h>
|
||||
#if !defined(__FreeBSD_version)
|
||||
# include <sys/ioctl.h>
|
||||
#endif
|
||||
#include <sys/fcntl.h>
|
||||
#if !defined(_KERNEL) && !defined(KERNEL)
|
||||
|
@ -79,7 +79,7 @@
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_proxy.c,v 1.35 2002/09/19 08:09:18 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_proxy.c,v 1.36 2002/09/19 08:12:54 martti Exp $");
|
||||
#else
|
||||
static const char rcsid[] = "@(#)Id: ip_proxy.c,v 2.9.2.24 2002/08/28 12:45:51 darrenr Exp";
|
||||
#endif
|
||||
|
@ -136,10 +136,10 @@ aproxy_t ap_proxies[] = {
|
|||
#endif
|
||||
#ifdef IPF_H323_PROXY
|
||||
{ NULL, "h323", (char)IPPROTO_TCP, 0, 0, ippr_h323_init, NULL,
|
||||
ippr_h323_new, ippr_h323_del, ippr_h323_in, ippr_h323_out, NULL },
|
||||
ippr_h323_new, ippr_h323_del, ippr_h323_in, ippr_h323_out, NULL },
|
||||
{ NULL, "h245", (char)IPPROTO_TCP, 0, 0, ippr_h245_init, NULL,
|
||||
ippr_h245_new, NULL, NULL, ippr_h245_out, NULL },
|
||||
#endif
|
||||
ippr_h245_new, NULL, NULL, ippr_h245_out, NULL },
|
||||
#endif
|
||||
{ NULL, "", '\0', 0, 0, NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
|
@ -431,7 +431,7 @@ ap_session_t *aps;
|
|||
apr = aps->aps_apr;
|
||||
if ((apr != NULL) && (apr->apr_del != NULL))
|
||||
(*apr->apr_del)(aps);
|
||||
|
||||
|
||||
if ((aps->aps_data != NULL) && (aps->aps_psiz != 0))
|
||||
KFREES(aps->aps_data, aps->aps_psiz);
|
||||
KFREE(aps);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_state.c,v 1.41 2002/09/19 08:09:19 martti Exp $ */
|
||||
/* $NetBSD: ip_state.c,v 1.42 2002/09/19 08:12:54 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995-2002 by Darren Reed.
|
||||
|
@ -96,7 +96,7 @@
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.41 2002/09/19 08:09:19 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.42 2002/09/19 08:12:54 martti Exp $");
|
||||
#else
|
||||
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_state.c,v 2.30.2.74 2002/07/27 15:58:10 darrenr Exp";
|
||||
|
@ -1026,7 +1026,7 @@ tcphdr_t *tcp;
|
|||
|
||||
idx = (out << 1) + rev;
|
||||
|
||||
if ((is->is_ifp[idx] == NULL &&
|
||||
if ((is->is_ifp[idx] == NULL &&
|
||||
(*is->is_ifname[idx] == '\0' || *is->is_ifname[idx] == '*')) ||
|
||||
is->is_ifp[idx] == ifp)
|
||||
ret = 1;
|
||||
|
@ -1294,7 +1294,7 @@ fr_info_t *fin;
|
|||
}
|
||||
RWLOCK_EXIT(&ipf_state);
|
||||
return fr;
|
||||
|
||||
|
||||
case IPPROTO_TCP :
|
||||
case IPPROTO_UDP :
|
||||
if (fin->fin_plen < ICMPERR_MAXPKTLEN)
|
||||
|
|
Loading…
Reference in New Issue