|
Lines 189-194
Link Here
|
| 189 |
|
189 |
|
| 190 |
static void TcpMonitorOut(u_char, struct alias_link *); |
190 |
static void TcpMonitorOut(u_char, struct alias_link *); |
| 191 |
|
191 |
|
|
|
192 |
/* Local struct */ |
| 193 |
struct updatable_fields { |
| 194 |
int mode; |
| 195 |
struct in_addr addr; |
| 196 |
u_short chksum; |
| 197 |
}; |
| 192 |
|
198 |
|
| 193 |
static void |
199 |
static void |
| 194 |
TcpMonitorIn(u_char th_flags, struct alias_link *lnk) |
200 |
TcpMonitorIn(u_char th_flags, struct alias_link *lnk) |
|
Lines 279-288
Link Here
|
| 279 |
static int IcmpAliasOut2(struct libalias *, struct ip *); |
285 |
static int IcmpAliasOut2(struct libalias *, struct ip *); |
| 280 |
static int IcmpAliasOut(struct libalias *, struct ip *, int create); |
286 |
static int IcmpAliasOut(struct libalias *, struct ip *, int create); |
| 281 |
|
287 |
|
| 282 |
static int ProtoAliasIn(struct libalias *la, struct in_addr ip_src, |
288 |
static struct updatable_fields ProtoAliasIn(struct libalias *la, struct in_addr ip_src, |
| 283 |
struct in_addr *ip_dst, u_char ip_p, u_short *ip_sum); |
289 |
struct in_addr ip_dst, u_char ip_p, u_short ip_sum); |
| 284 |
static int ProtoAliasOut(struct libalias *la, struct in_addr *ip_src, |
290 |
static struct updatable_fields ProtoAliasOut(struct libalias *la, struct in_addr ip_src, |
| 285 |
struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, |
291 |
struct in_addr ip_dst, u_char ip_p, u_short ip_sum, |
| 286 |
int create); |
292 |
int create); |
| 287 |
|
293 |
|
| 288 |
static int UdpAliasIn(struct libalias *, struct ip *); |
294 |
static int UdpAliasIn(struct libalias *, struct ip *); |
|
Lines 443-449
Link Here
|
| 443 |
IcmpAliasIn(struct libalias *la, struct ip *pip) |
449 |
IcmpAliasIn(struct libalias *la, struct ip *pip) |
| 444 |
{ |
450 |
{ |
| 445 |
struct icmp *ic; |
451 |
struct icmp *ic; |
| 446 |
int dlen, iresult; |
452 |
uint16_t dlen; |
|
|
453 |
int iresult; |
| 447 |
|
454 |
|
| 448 |
LIBALIAS_LOCK_ASSERT(la); |
455 |
LIBALIAS_LOCK_ASSERT(la); |
| 449 |
|
456 |
|
|
Lines 665-673
Link Here
|
| 665 |
return (iresult); |
672 |
return (iresult); |
| 666 |
} |
673 |
} |
| 667 |
|
674 |
|
| 668 |
static int |
675 |
static struct updatable_fields |
| 669 |
ProtoAliasIn(struct libalias *la, struct in_addr ip_src, |
676 |
ProtoAliasIn(struct libalias *la, struct in_addr ip_src, |
| 670 |
struct in_addr *ip_dst, u_char ip_p, u_short *ip_sum) |
677 |
struct in_addr ip_dst, u_char ip_p, u_short ip_sum) |
| 671 |
{ |
678 |
{ |
| 672 |
/* |
679 |
/* |
| 673 |
Handle incoming IP packets. The |
680 |
Handle incoming IP packets. The |
|
Lines 676-706
Link Here
|
| 676 |
machine. |
683 |
machine. |
| 677 |
*/ |
684 |
*/ |
| 678 |
struct alias_link *lnk; |
685 |
struct alias_link *lnk; |
|
|
686 |
struct updatable_fields ret = {(PKT_ALIAS_IGNORED),ip_dst,ip_sum}; |
| 679 |
|
687 |
|
| 680 |
LIBALIAS_LOCK_ASSERT(la); |
688 |
LIBALIAS_LOCK_ASSERT(la); |
| 681 |
/* Return if proxy-only mode is enabled */ |
689 |
/* Return if proxy-only mode is enabled */ |
| 682 |
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) |
690 |
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) |
| 683 |
return (PKT_ALIAS_OK); |
691 |
return ret; |
| 684 |
|
692 |
|
| 685 |
lnk = FindProtoIn(la, ip_src, *ip_dst, ip_p); |
693 |
lnk = FindProtoIn(la, ip_src, ip_dst, ip_p); |
| 686 |
if (lnk != NULL) { |
694 |
if (lnk != NULL) { |
| 687 |
struct in_addr original_address; |
695 |
struct in_addr original_address; |
|
|
696 |
u_short chksum; |
| 688 |
|
697 |
|
| 689 |
original_address = GetOriginalAddress(lnk); |
698 |
original_address = GetOriginalAddress(lnk); |
|
|
699 |
chksum = ip_sum; |
| 690 |
|
700 |
|
| 691 |
/* Restore original IP address */ |
701 |
/* Restore original IP address */ |
| 692 |
DifferentialChecksum(ip_sum, |
702 |
DifferentialChecksum(&ip_sum, |
| 693 |
&original_address, ip_dst, 2); |
703 |
&original_address, &ip_dst, 2); |
| 694 |
*ip_dst = original_address; |
|
|
| 695 |
|
704 |
|
| 696 |
return (PKT_ALIAS_OK); |
705 |
ret.mode = (PKT_ALIAS_OK); |
|
|
706 |
ret.addr = original_address; |
| 707 |
ret.chksum = chksum; |
| 708 |
return ret; |
| 697 |
} |
709 |
} |
| 698 |
return (PKT_ALIAS_IGNORED); |
710 |
ret.mode = (PKT_ALIAS_IGNORED); |
|
|
711 |
return ret; |
| 699 |
} |
712 |
} |
| 700 |
|
713 |
|
| 701 |
static int |
714 |
static struct updatable_fields |
| 702 |
ProtoAliasOut(struct libalias *la, struct in_addr *ip_src, |
715 |
ProtoAliasOut(struct libalias *la, struct in_addr ip_src, |
| 703 |
struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create) |
716 |
struct in_addr ip_dst, u_char ip_p, u_short ip_sum, int create) |
| 704 |
{ |
717 |
{ |
| 705 |
/* |
718 |
/* |
| 706 |
Handle outgoing IP packets. The |
719 |
Handle outgoing IP packets. The |
|
Lines 708-737
Link Here
|
| 708 |
the source IP address of the packet. |
721 |
the source IP address of the packet. |
| 709 |
*/ |
722 |
*/ |
| 710 |
struct alias_link *lnk; |
723 |
struct alias_link *lnk; |
|
|
724 |
struct updatable_fields ret = {(PKT_ALIAS_OK),ip_src,ip_sum}; |
| 725 |
|
| 711 |
|
726 |
|
| 712 |
LIBALIAS_LOCK_ASSERT(la); |
727 |
LIBALIAS_LOCK_ASSERT(la); |
| 713 |
|
728 |
|
| 714 |
/* Return if proxy-only mode is enabled */ |
729 |
/* Return if proxy-only mode is enabled */ |
| 715 |
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) |
730 |
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) |
| 716 |
return (PKT_ALIAS_OK); |
731 |
return ret; |
| 717 |
|
732 |
|
| 718 |
if (!create) |
733 |
if (!create) { |
| 719 |
return (PKT_ALIAS_IGNORED); |
734 |
ret.mode = (PKT_ALIAS_IGNORED); |
|
|
735 |
return ret; |
| 736 |
} |
| 720 |
|
737 |
|
| 721 |
lnk = FindProtoOut(la, *ip_src, ip_dst, ip_p); |
738 |
lnk = FindProtoOut(la, ip_src, ip_dst, ip_p); |
| 722 |
if (lnk != NULL) { |
739 |
if (lnk != NULL) { |
| 723 |
struct in_addr alias_address; |
740 |
struct in_addr alias_address; |
|
|
741 |
u_short chksum; |
| 724 |
|
742 |
|
| 725 |
alias_address = GetAliasAddress(lnk); |
743 |
alias_address = GetAliasAddress(lnk); |
|
|
744 |
chksum = ip_sum; |
| 726 |
|
745 |
|
| 727 |
/* Change source address */ |
746 |
/* Change source address */ |
| 728 |
DifferentialChecksum(ip_sum, |
747 |
DifferentialChecksum(&chksum, |
| 729 |
&alias_address, ip_src, 2); |
748 |
&alias_address, &ip_src, 2); |
| 730 |
*ip_src = alias_address; |
|
|
| 731 |
|
749 |
|
| 732 |
return (PKT_ALIAS_OK); |
750 |
ret.mode = (PKT_ALIAS_OK); |
|
|
751 |
ret.addr = alias_address; |
| 752 |
ret.chksum = chksum; |
| 753 |
return ret; |
| 733 |
} |
754 |
} |
| 734 |
return (PKT_ALIAS_IGNORED); |
755 |
ret.mode = (PKT_ALIAS_IGNORED); |
|
|
756 |
return ret; |
| 735 |
} |
757 |
} |
| 736 |
|
758 |
|
| 737 |
|
759 |
|
|
Lines 740-746
Link Here
|
| 740 |
{ |
762 |
{ |
| 741 |
struct udphdr *ud; |
763 |
struct udphdr *ud; |
| 742 |
struct alias_link *lnk; |
764 |
struct alias_link *lnk; |
| 743 |
int dlen; |
765 |
uint16_t dlen; |
| 744 |
|
766 |
|
| 745 |
LIBALIAS_LOCK_ASSERT(la); |
767 |
LIBALIAS_LOCK_ASSERT(la); |
| 746 |
|
768 |
|
|
Lines 839-845
Link Here
|
| 839 |
u_short dest_port; |
861 |
u_short dest_port; |
| 840 |
u_short proxy_server_port; |
862 |
u_short proxy_server_port; |
| 841 |
int proxy_type; |
863 |
int proxy_type; |
| 842 |
int dlen, error; |
864 |
uint16_t dlen; |
|
|
865 |
int error; |
| 843 |
|
866 |
|
| 844 |
LIBALIAS_LOCK_ASSERT(la); |
867 |
LIBALIAS_LOCK_ASSERT(la); |
| 845 |
|
868 |
|
|
Lines 944-950
Link Here
|
| 944 |
{ |
967 |
{ |
| 945 |
struct tcphdr *tc; |
968 |
struct tcphdr *tc; |
| 946 |
struct alias_link *lnk; |
969 |
struct alias_link *lnk; |
| 947 |
int dlen; |
970 |
uint16_t dlen; |
| 948 |
|
971 |
|
| 949 |
LIBALIAS_LOCK_ASSERT(la); |
972 |
LIBALIAS_LOCK_ASSERT(la); |
| 950 |
|
973 |
|
|
Lines 1069-1075
Link Here
|
| 1069 |
static int |
1092 |
static int |
| 1070 |
TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) |
1093 |
TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) |
| 1071 |
{ |
1094 |
{ |
| 1072 |
int dlen, proxy_type, error; |
1095 |
uint16_t dlen; |
|
|
1096 |
int proxy_type, error; |
| 1073 |
u_short dest_port; |
1097 |
u_short dest_port; |
| 1074 |
u_short proxy_server_port; |
1098 |
u_short proxy_server_port; |
| 1075 |
struct in_addr dest_address; |
1099 |
struct in_addr dest_address; |
|
Lines 1202-1245
Link Here
|
| 1202 |
*/ |
1226 |
*/ |
| 1203 |
|
1227 |
|
| 1204 |
/* Local prototypes */ |
1228 |
/* Local prototypes */ |
| 1205 |
static int FragmentIn(struct libalias *la, struct in_addr ip_src, |
1229 |
static struct updatable_fields FragmentIn(struct libalias *la, struct in_addr ip_src, |
| 1206 |
struct in_addr *ip_dst, u_short ip_id, u_short *ip_sum); |
1230 |
struct in_addr ip_dst, u_short ip_id, u_short ip_sum); |
| 1207 |
static int FragmentOut(struct libalias *, struct in_addr *ip_src, |
1231 |
static struct updatable_fields FragmentOut(struct libalias *, struct in_addr ip_src, |
| 1208 |
u_short *ip_sum); |
1232 |
u_short ip_sum); |
| 1209 |
|
1233 |
|
| 1210 |
static int |
1234 |
static struct updatable_fields |
| 1211 |
FragmentIn(struct libalias *la, struct in_addr ip_src, struct in_addr *ip_dst, |
1235 |
FragmentIn(struct libalias *la, struct in_addr ip_src, struct in_addr ip_dst, |
| 1212 |
u_short ip_id, u_short *ip_sum) |
1236 |
u_short ip_id, u_short ip_sum) |
| 1213 |
{ |
1237 |
{ |
| 1214 |
struct alias_link *lnk; |
1238 |
struct alias_link *lnk; |
|
|
1239 |
struct updatable_fields ret = {(PKT_ALIAS_UNRESOLVED_FRAGMENT),ip_src,ip_sum}; |
| 1215 |
|
1240 |
|
| 1216 |
LIBALIAS_LOCK_ASSERT(la); |
1241 |
LIBALIAS_LOCK_ASSERT(la); |
| 1217 |
lnk = FindFragmentIn2(la, ip_src, *ip_dst, ip_id); |
1242 |
lnk = FindFragmentIn2(la, ip_src, ip_dst, ip_id); |
| 1218 |
if (lnk != NULL) { |
1243 |
if (lnk != NULL) { |
| 1219 |
struct in_addr original_address; |
1244 |
struct in_addr original_address; |
| 1220 |
|
1245 |
|
| 1221 |
GetFragmentAddr(lnk, &original_address); |
1246 |
GetFragmentAddr(lnk, &original_address); |
| 1222 |
DifferentialChecksum(ip_sum, |
1247 |
DifferentialChecksum(&ip_sum, |
| 1223 |
&original_address, ip_dst, 2); |
1248 |
&original_address, &ip_dst, 2); |
| 1224 |
*ip_dst = original_address; |
|
|
| 1225 |
|
1249 |
|
| 1226 |
return (PKT_ALIAS_OK); |
1250 |
ret.mode = PKT_ALIAS_OK; |
|
|
1251 |
return ret; |
| 1227 |
} |
1252 |
} |
| 1228 |
return (PKT_ALIAS_UNRESOLVED_FRAGMENT); |
1253 |
return ret; |
| 1229 |
} |
1254 |
} |
| 1230 |
|
1255 |
|
| 1231 |
static int |
1256 |
static struct updatable_fields |
| 1232 |
FragmentOut(struct libalias *la, struct in_addr *ip_src, u_short *ip_sum) |
1257 |
FragmentOut(struct libalias *la, struct in_addr ip_src, u_short ip_sum) |
| 1233 |
{ |
1258 |
{ |
| 1234 |
struct in_addr alias_address; |
1259 |
struct in_addr alias_address; |
| 1235 |
|
1260 |
|
| 1236 |
LIBALIAS_LOCK_ASSERT(la); |
1261 |
LIBALIAS_LOCK_ASSERT(la); |
| 1237 |
alias_address = FindAliasAddress(la, *ip_src); |
1262 |
alias_address = FindAliasAddress(la, ip_src); |
| 1238 |
DifferentialChecksum(ip_sum, |
1263 |
DifferentialChecksum(&ip_sum, |
| 1239 |
&alias_address, ip_src, 2); |
1264 |
&alias_address, &ip_src, 2); |
| 1240 |
*ip_src = alias_address; |
|
|
| 1241 |
|
1265 |
|
| 1242 |
return (PKT_ALIAS_OK); |
1266 |
struct updatable_fields ret = {(PKT_ALIAS_OK),ip_src,ip_sum}; |
|
|
1267 |
return ret; |
| 1243 |
} |
1268 |
} |
| 1244 |
|
1269 |
|
| 1245 |
|
1270 |
|
|
Lines 1346-1351
Link Here
|
| 1346 |
struct in_addr alias_addr; |
1371 |
struct in_addr alias_addr; |
| 1347 |
struct ip *pip; |
1372 |
struct ip *pip; |
| 1348 |
int iresult; |
1373 |
int iresult; |
|
|
1374 |
struct updatable_fields proto_result; |
| 1349 |
|
1375 |
|
| 1350 |
if (la->packetAliasMode & PKT_ALIAS_REVERSE) { |
1376 |
if (la->packetAliasMode & PKT_ALIAS_REVERSE) { |
| 1351 |
la->packetAliasMode &= ~PKT_ALIAS_REVERSE; |
1377 |
la->packetAliasMode &= ~PKT_ALIAS_REVERSE; |
|
Lines 1398-1412
Link Here
|
| 1398 |
error = find_handler(IN, IP, la, pip, &ad); |
1424 |
error = find_handler(IN, IP, la, pip, &ad); |
| 1399 |
if (error == 0) |
1425 |
if (error == 0) |
| 1400 |
iresult = PKT_ALIAS_OK; |
1426 |
iresult = PKT_ALIAS_OK; |
| 1401 |
else |
1427 |
else { |
| 1402 |
iresult = ProtoAliasIn(la, pip->ip_src, |
1428 |
proto_result = ProtoAliasIn(la, pip->ip_src, |
| 1403 |
&pip->ip_dst, pip->ip_p, &pip->ip_sum); |
1429 |
pip->ip_dst, pip->ip_p, pip->ip_sum); |
|
|
1430 |
pip->ip_dst = proto_result.addr; |
| 1431 |
pip->ip_sum = proto_result.chksum; |
| 1432 |
iresult = proto_result.mode; |
| 1433 |
} |
| 1404 |
} |
1434 |
} |
| 1405 |
break; |
1435 |
break; |
| 1406 |
default: |
1436 |
default: { |
| 1407 |
iresult = ProtoAliasIn(la, pip->ip_src, &pip->ip_dst, |
1437 |
proto_result = ProtoAliasIn(la, pip->ip_src, |
| 1408 |
pip->ip_p, &pip->ip_sum); |
1438 |
pip->ip_dst, pip->ip_p, pip->ip_sum); |
|
|
1439 |
pip->ip_dst = proto_result.addr; |
| 1440 |
pip->ip_sum = proto_result.chksum; |
| 1441 |
iresult = proto_result.mode; |
| 1409 |
break; |
1442 |
break; |
|
|
1443 |
} |
| 1410 |
} |
1444 |
} |
| 1411 |
|
1445 |
|
| 1412 |
if (ntohs(pip->ip_off) & IP_MF) { |
1446 |
if (ntohs(pip->ip_off) & IP_MF) { |
|
Lines 1421-1428
Link Here
|
| 1421 |
} |
1455 |
} |
| 1422 |
} |
1456 |
} |
| 1423 |
} else { |
1457 |
} else { |
| 1424 |
iresult = FragmentIn(la, pip->ip_src, &pip->ip_dst, pip->ip_id, |
1458 |
proto_result = FragmentIn(la, pip->ip_src, |
| 1425 |
&pip->ip_sum); |
1459 |
pip->ip_dst, pip->ip_id, pip->ip_sum); |
|
|
1460 |
pip->ip_dst = proto_result.addr; |
| 1461 |
pip->ip_sum = proto_result.chksum; |
| 1462 |
iresult = proto_result.mode; |
| 1426 |
} |
1463 |
} |
| 1427 |
|
1464 |
|
| 1428 |
getout: |
1465 |
getout: |
|
Lines 1481-1486
Link Here
|
| 1481 |
int iresult; |
1518 |
int iresult; |
| 1482 |
struct in_addr addr_save; |
1519 |
struct in_addr addr_save; |
| 1483 |
struct ip *pip; |
1520 |
struct ip *pip; |
|
|
1521 |
struct updatable_fields proto_result; |
| 1484 |
|
1522 |
|
| 1485 |
if (la->packetAliasMode & PKT_ALIAS_REVERSE) { |
1523 |
if (la->packetAliasMode & PKT_ALIAS_REVERSE) { |
| 1486 |
la->packetAliasMode &= ~PKT_ALIAS_REVERSE; |
1524 |
la->packetAliasMode &= ~PKT_ALIAS_REVERSE; |
|
Lines 1555-1572
Link Here
|
| 1555 |
error = find_handler(OUT, IP, la, pip, &ad); |
1593 |
error = find_handler(OUT, IP, la, pip, &ad); |
| 1556 |
if (error == 0) |
1594 |
if (error == 0) |
| 1557 |
iresult = PKT_ALIAS_OK; |
1595 |
iresult = PKT_ALIAS_OK; |
| 1558 |
else |
1596 |
else { |
| 1559 |
iresult = ProtoAliasOut(la, &pip->ip_src, |
1597 |
proto_result = ProtoAliasOut(la, pip->ip_src, |
| 1560 |
pip->ip_dst, pip->ip_p, &pip->ip_sum, create); |
1598 |
pip->ip_dst, pip->ip_p, pip->ip_sum, create); |
|
|
1599 |
pip->ip_src = proto_result.addr; |
| 1600 |
pip->ip_sum = proto_result.chksum; |
| 1601 |
iresult = proto_result.mode; |
| 1602 |
} |
| 1561 |
} |
1603 |
} |
| 1562 |
break; |
1604 |
break; |
| 1563 |
default: |
1605 |
default: { |
| 1564 |
iresult = ProtoAliasOut(la, &pip->ip_src, |
1606 |
proto_result = ProtoAliasOut(la, pip->ip_src, |
| 1565 |
pip->ip_dst, pip->ip_p, &pip->ip_sum, create); |
1607 |
pip->ip_dst, pip->ip_p, pip->ip_sum, create); |
|
|
1608 |
pip->ip_src = proto_result.addr; |
| 1609 |
pip->ip_sum = proto_result.chksum; |
| 1610 |
iresult = proto_result.mode; |
| 1611 |
} |
| 1566 |
break; |
1612 |
break; |
| 1567 |
} |
1613 |
} |
| 1568 |
} else { |
1614 |
} else { |
| 1569 |
iresult = FragmentOut(la, &pip->ip_src, &pip->ip_sum); |
1615 |
proto_result = FragmentOut(la, pip->ip_src, pip->ip_sum); |
|
|
1616 |
pip->ip_src = proto_result.addr; |
| 1617 |
pip->ip_sum = proto_result.chksum; |
| 1618 |
iresult = proto_result.mode; |
| 1570 |
} |
1619 |
} |
| 1571 |
|
1620 |
|
| 1572 |
SetDefaultAliasAddress(la, addr_save); |
1621 |
SetDefaultAliasAddress(la, addr_save); |