|
Lines 45-50
__FBSDID("$FreeBSD$");
Link Here
|
| 45 |
|
45 |
|
| 46 |
#include <net/if.h> |
46 |
#include <net/if.h> |
| 47 |
#include <net/if_var.h> |
47 |
#include <net/if_var.h> |
|
|
48 |
#include <net/if_pflog.h> |
| 48 |
#include <netinet/in.h> |
49 |
#include <netinet/in.h> |
| 49 |
#include <netinet/ip.h> |
50 |
#include <netinet/ip.h> |
| 50 |
#include <netinet/ip_var.h> |
51 |
#include <netinet/ip_var.h> |
|
Lines 53-58
__FBSDID("$FreeBSD$");
Link Here
|
| 53 |
#include <netinet/udp.h> |
54 |
#include <netinet/udp.h> |
| 54 |
|
55 |
|
| 55 |
#include <netpfil/ipfw/ip_fw_private.h> |
56 |
#include <netpfil/ipfw/ip_fw_private.h> |
|
|
57 |
#include <netpfil/pf/pf.h> |
| 56 |
|
58 |
|
| 57 |
#include <machine/in_cksum.h> /* XXX for in_cksum */ |
59 |
#include <machine/in_cksum.h> /* XXX for in_cksum */ |
| 58 |
|
60 |
|
|
Lines 279-285
free_nat_instance(struct cfg_nat *ptr)
Link Here
|
| 279 |
free(ptr, M_IPFW); |
281 |
free(ptr, M_IPFW); |
| 280 |
} |
282 |
} |
| 281 |
|
283 |
|
|
|
284 |
static void |
| 285 |
init_loghdr(struct pfloghdr *plog, uint32_t id, uint32_t rulenum) |
| 286 |
{ |
| 282 |
|
287 |
|
|
|
288 |
memset(plog, 0, sizeof(*plog)); |
| 289 |
plog->length = PFLOG_REAL_HDRLEN; |
| 290 |
plog->af = AF_INET; |
| 291 |
plog->action = PF_NAT; |
| 292 |
plog->dir = PF_IN; |
| 293 |
plog->rulenr = htonl(id); /* NAT id */ |
| 294 |
plog->subrulenr = htonl(rulenum); /* ipfw's rule number */ |
| 295 |
strlcpy(plog->ifname, "NAT44", sizeof(plog->ifname)); |
| 296 |
} |
| 297 |
|
| 283 |
/* |
298 |
/* |
| 284 |
* ipfw_nat - perform mbuf header translation. |
299 |
* ipfw_nat - perform mbuf header translation. |
| 285 |
* |
300 |
* |
|
Lines 290-295
free_nat_instance(struct cfg_nat *ptr)
Link Here
|
| 290 |
static int |
305 |
static int |
| 291 |
ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) |
306 |
ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) |
| 292 |
{ |
307 |
{ |
|
|
308 |
struct pfloghdr loghdr; |
| 293 |
struct mbuf *mcl; |
309 |
struct mbuf *mcl; |
| 294 |
struct ip *ip; |
310 |
struct ip *ip; |
| 295 |
/* XXX - libalias duct tape */ |
311 |
/* XXX - libalias duct tape */ |
|
Lines 363-368
ipfw_nat(struct ip_fw_args *args, struct cfg_nat *
Link Here
|
| 363 |
mcl->m_len + M_TRAILINGSPACE(mcl), 0); |
379 |
mcl->m_len + M_TRAILINGSPACE(mcl), 0); |
| 364 |
if (retval == PKT_ALIAS_OK) { |
380 |
if (retval == PKT_ALIAS_OK) { |
| 365 |
/* Nat instance recognises state */ |
381 |
/* Nat instance recognises state */ |
|
|
382 |
if (t->mode & PKT_ALIAS_LOG) |
| 383 |
init_loghdr(&loghdr, t->id, |
| 384 |
args->rule.rulenum); |
| 366 |
found = 1; |
385 |
found = 1; |
| 367 |
break; |
386 |
break; |
| 368 |
} |
387 |
} |
|
Lines 373-378
ipfw_nat(struct ip_fw_args *args, struct cfg_nat *
Link Here
|
| 373 |
return (IP_FW_NAT); |
392 |
return (IP_FW_NAT); |
| 374 |
} |
393 |
} |
| 375 |
} else { |
394 |
} else { |
|
|
395 |
if (t->mode & PKT_ALIAS_LOG) { |
| 396 |
init_loghdr(&loghdr, t->id, args->rule.rulenum); |
| 397 |
ipfw_bpf_mtap2(&loghdr, PFLOG_HDRLEN, mcl); |
| 398 |
} |
| 376 |
if (args->flags & IPFW_ARGS_IN) |
399 |
if (args->flags & IPFW_ARGS_IN) |
| 377 |
retval = LibAliasIn(t->lib, c, |
400 |
retval = LibAliasIn(t->lib, c, |
| 378 |
mcl->m_len + M_TRAILINGSPACE(mcl)); |
401 |
mcl->m_len + M_TRAILINGSPACE(mcl)); |
|
Lines 453-458
ipfw_nat(struct ip_fw_args *args, struct cfg_nat *
Link Here
|
| 453 |
} |
476 |
} |
| 454 |
} |
477 |
} |
| 455 |
args->m = mcl; |
478 |
args->m = mcl; |
|
|
479 |
if (t->mode & PKT_ALIAS_LOG) { |
| 480 |
loghdr.dir = PF_OUT; |
| 481 |
ipfw_bpf_mtap2(&loghdr, PFLOG_HDRLEN, mcl); |
| 482 |
} |
| 456 |
return (IP_FW_NAT); |
483 |
return (IP_FW_NAT); |
| 457 |
} |
484 |
} |
| 458 |
|
485 |
|