Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys/netinet Pull up revisions 1.37-1.38, 1.40-1.44 (via ...
details: https://anonhg.NetBSD.org/src/rev/fe492d863f19
branches: netbsd-1-5
changeset: 492713:fe492d863f19
user: he <he%NetBSD.org@localhost>
date: Sat Feb 09 16:59:16 2002 +0000
description:
Pull up revisions 1.37-1.38,1.40-1.44 (via patch, requested by martti):
Updated IPFilter to 3.4.23.
diffstat:
sys/netinet/ip_nat.c | 1050 ++++++++++++++++++++++++++++++++++++-------------
1 files changed, 774 insertions(+), 276 deletions(-)
diffs (truncated from 1828 to 300 lines):
diff -r 2962ba43372a -r fe492d863f19 sys/netinet/ip_nat.c
--- a/sys/netinet/ip_nat.c Sat Feb 09 16:58:52 2002 +0000
+++ b/sys/netinet/ip_nat.c Sat Feb 09 16:59:16 2002 +0000
@@ -1,23 +1,12 @@
-/* $NetBSD: ip_nat.c,v 1.34.2.3 2001/04/14 20:57:01 he Exp $ */
+/* $NetBSD: ip_nat.c,v 1.34.2.4 2002/02/09 16:59:16 he Exp $ */
/*
- * Copyright (C) 1995-2000 by Darren Reed.
+ * Copyright (C) 1995-2001 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*
* Added redirect stuff and a LOT of bug fixes. (mcn%EnGarde.com@localhost)
*/
-#if !defined(lint)
-#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.34.2.3 2001/04/14 20:57:01 he Exp $";
-#else
-static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.20 2000/08/08 16:01:01 darrenr Exp";
-#endif
-#endif
-
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
#define _KERNEL
#endif
@@ -28,7 +17,7 @@
#include <sys/time.h>
#include <sys/file.h>
#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
- defined(_KERNEL) && !defined(_LKM)
+ defined(_KERNEL)
# include "opt_ipfilter_log.h"
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@@ -97,6 +86,7 @@
#ifndef linux
# include <netinet/ip_var.h>
+# include <netinet/tcp_fsm.h>
#endif
#include <netinet/tcp.h>
#include <netinet/udp.h>
@@ -104,10 +94,10 @@
#include "netinet/ip_compat.h"
#include <netinet/tcpip.h>
#include "netinet/ip_fil.h"
-#include "netinet/ip_proxy.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
+#include "netinet/ip_proxy.h"
#if (__FreeBSD_version >= 300000)
# include <sys/malloc.h>
#endif
@@ -117,6 +107,16 @@
#undef SOCKADDR_IN
#define SOCKADDR_IN struct sockaddr_in
+#if !defined(lint)
+#if defined(__NetBSD__)
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.34.2.4 2002/02/09 16:59:16 he Exp $");
+#else
+static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
+static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.58 2002/01/02 03:40:24 darrenr Exp";
+#endif
+#endif
+
nat_t **nat_table[2] = { NULL, NULL },
*nat_instances = NULL;
ipnat_t *nat_list = NULL;
@@ -135,12 +135,11 @@
natstat_t nat_stats;
int fr_nat_lock = 0;
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
-extern kmutex_t ipf_rw, ipf_hostmap;
+extern kmutex_t ipf_rw;
extern KRWLOCK_T ipf_nat;
#endif
static int nat_flushtable __P((void));
-static int nat_clearlist __P((void));
static void nat_addnat __P((struct ipnat *));
static void nat_addrdr __P((struct ipnat *));
static void nat_delete __P((struct nat *));
@@ -149,6 +148,7 @@
static int fr_natgetent __P((caddr_t));
static int fr_natgetsz __P((caddr_t));
static int fr_natputent __P((caddr_t));
+static void nat_tabmove __P((fr_info_t *, nat_t *));
static int nat_match __P((fr_info_t *, ipnat_t *, ip_t *));
static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr,
struct in_addr));
@@ -255,6 +255,8 @@
/*
* check if an ip address has already been allocated for a given mapping that
* is not doing port based translation.
+ *
+ * Must be called with ipf_nat held as a write lock.
*/
static struct hostmap *nat_hostmap(np, real, map)
ipnat_t *np;
@@ -264,13 +266,11 @@
hostmap_t *hm;
u_int hv;
- MUTEX_ENTER(&ipf_hostmap);
hv = real.s_addr % HOSTMAP_SIZE;
for (hm = maptable[hv]; hm; hm = hm->hm_next)
if ((hm->hm_realip.s_addr == real.s_addr) &&
(np == hm->hm_ipnat)) {
hm->hm_ref++;
- MUTEX_EXIT(&ipf_hostmap);
return hm;
}
@@ -286,15 +286,16 @@
hm->hm_mapip = map;
hm->hm_ref = 1;
}
- MUTEX_EXIT(&ipf_hostmap);
return hm;
}
+/*
+ * Must be called with ipf_nat held as a write lock.
+ */
static void nat_hostmapdel(hm)
struct hostmap *hm;
{
- MUTEX_ENTER(&ipf_hostmap);
ATOMIC_DEC32(hm->hm_ref);
if (hm->hm_ref == 0) {
if (hm->hm_next)
@@ -302,26 +303,26 @@
*hm->hm_pnext = hm->hm_next;
KFREE(hm);
}
- MUTEX_EXIT(&ipf_hostmap);
}
-void fix_outcksum(sp, n , len)
+void fix_outcksum(fin, sp, n)
+fr_info_t *fin;
u_short *sp;
u_32_t n;
-int len;
{
- u_short sumshort;
- u_32_t sum1;
+ register u_short sumshort;
+ register u_32_t sum1;
if (!n)
return;
-#if SOLARIS2 >= 6
else if (n & NAT_HW_CKSUM) {
+ n &= 0xffff;
+ n += fin->fin_dlen;
+ n = (n & 0xffff) + (n >> 16);
*sp = n & 0xffff;
return;
}
-#endif
sum1 = (~ntohs(*sp)) & 0xffff;
sum1 += (n);
sum1 = (sum1 >> 16) + (sum1 & 0xffff);
@@ -332,23 +333,28 @@
}
-void fix_incksum(sp, n , len)
+void fix_incksum(fin, sp, n)
+fr_info_t *fin;
u_short *sp;
u_32_t n;
-int len;
{
- u_short sumshort;
- u_32_t sum1;
+ register u_short sumshort;
+ register u_32_t sum1;
if (!n)
return;
-#if SOLARIS2 >= 6
else if (n & NAT_HW_CKSUM) {
+ n &= 0xffff;
+ n += fin->fin_dlen;
+ n = (n & 0xffff) + (n >> 16);
*sp = n & 0xffff;
return;
}
+#ifdef sparc
+ sum1 = (~(*sp)) & 0xffff;
+#else
+ sum1 = (~ntohs(*sp)) & 0xffff;
#endif
- sum1 = (~ntohs(*sp)) & 0xffff;
sum1 += ~(n) & 0xffff;
sum1 = (sum1 >> 16) + (sum1 & 0xffff);
/* Again */
@@ -359,6 +365,38 @@
/*
+ * fix_datacksum is used *only* for the adjustments of checksums in the data
+ * section of an IP packet.
+ *
+ * The only situation in which you need to do this is when NAT'ing an
+ * ICMP error message. Such a message, contains in its body the IP header
+ * of the original IP packet, that causes the error.
+ *
+ * You can't use fix_incksum or fix_outcksum in that case, because for the
+ * kernel the data section of the ICMP error is just data, and no special
+ * processing like hardware cksum or ntohs processing have been done by the
+ * kernel on the data section.
+ */
+void fix_datacksum(sp, n)
+u_short *sp;
+u_32_t n;
+{
+ register u_short sumshort;
+ register u_32_t sum1;
+
+ if (!n)
+ return;
+
+ sum1 = (~ntohs(*sp)) & 0xffff;
+ sum1 += (n);
+ sum1 = (sum1 >> 16) + (sum1 & 0xffff);
+ /* Again */
+ sum1 = (sum1 >> 16) + (sum1 & 0xffff);
+ sumshort = ~(u_short)sum1;
+ *(sp) = htons(sumshort);
+}
+
+/*
* How the NAT is organised and works.
*
* Inside (interface y) NAT Outside (interface x)
@@ -469,7 +507,7 @@
if (!n->in_ifp)
n->in_ifp = (void *)-1;
if (n->in_plabel[0] != '\0') {
- n->in_apr = appr_match(n->in_p, n->in_plabel);
+ n->in_apr = appr_lookup(n->in_p, n->in_plabel);
if (!n->in_apr) {
error = ENOENT;
break;
@@ -596,9 +634,11 @@
nat_stats.ns_table[0] = nat_table[0];
nat_stats.ns_table[1] = nat_table[1];
nat_stats.ns_list = nat_list;
+ nat_stats.ns_maptable = maptable;
nat_stats.ns_nattab_sz = ipf_nattable_sz;
nat_stats.ns_rultab_sz = ipf_natrules_sz;
nat_stats.ns_rdrtab_sz = ipf_rdrrules_sz;
+ nat_stats.ns_hostmap_sz = ipf_hostmap_sz;
nat_stats.ns_instances = nat_instances;
nat_stats.ns_apslist = ap_sess_list;
error = IWCOPYPTR((char *)&nat_stats, (char *)data,
@@ -669,9 +709,9 @@
break;
case FIONREAD :
#ifdef IPFILTER_LOG
+ arg = (int)iplused[IPL_LOGNAT];
MUTEX_DOWNGRADE(&ipf_nat);
- error = IWCOPY((caddr_t)&iplused[IPL_LOGNAT], (caddr_t)data,
- sizeof(iplused[IPL_LOGNAT]));
+ error = IWCOPY((caddr_t)&arg, (caddr_t)data, sizeof(arg));
if (error)
error = EFAULT;
#endif
@@ -858,15 +898,17 @@
/*
* Initialize all these so that nat_delete() doesn't cause a crash.
*/
- nat->nat_hstart[0] = NULL;
- nat->nat_hstart[1] = NULL;
+ nat->nat_phnext[0] = NULL;
+ nat->nat_phnext[1] = NULL;
fr = nat->nat_fr;
nat->nat_fr = NULL;
aps = nat->nat_aps;
nat->nat_aps = NULL;
in = nat->nat_ptr;
nat->nat_ptr = NULL;
+ nat->nat_hm = NULL;
nat->nat_data = NULL;
+ nat->nat_ifp = GETUNIT(nat->nat_ifname, 4);
/*
Home |
Main Index |
Thread Index |
Old Index