Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src/sys/netinet Pull up revision 1.26 (requested by darrenr):
details: https://anonhg.NetBSD.org/src/rev/d576a9adcad8
branches: netbsd-1-4
changeset: 469948:d576a9adcad8
user: he <he%NetBSD.org@localhost>
date: Mon Dec 20 21:07:41 1999 +0000
description:
Pull up revision 1.26 (requested by darrenr):
Update IPF to version 3.3.5.
diffstat:
sys/netinet/ip_nat.c | 1157 ++++++++++++++++++++++++++++++++-----------------
1 files changed, 757 insertions(+), 400 deletions(-)
diffs (truncated from 1800 to 300 lines):
diff -r 63551cb1818c -r d576a9adcad8 sys/netinet/ip_nat.c
--- a/sys/netinet/ip_nat.c Mon Dec 20 21:07:36 1999 +0000
+++ b/sys/netinet/ip_nat.c Mon Dec 20 21:07:41 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_nat.c,v 1.25 1999/03/05 07:27:09 mycroft Exp $ */
+/* $NetBSD: ip_nat.c,v 1.25.2.1 1999/12/20 21:07:41 he Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
@@ -11,10 +11,10 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.25 1999/03/05 07:27:09 mycroft Exp $";
+static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.25.2.1 1999/12/20 21:07:41 he Exp $";
#else
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.0.2.44.2.30 1998/11/22 01:50:27 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.2.2.10 1999/12/07 12:53:42 darrenr Exp";
#endif
#endif
@@ -54,7 +54,9 @@
#else
# include <sys/filio.h>
# include <sys/byteorder.h>
-# include <sys/dditypes.h>
+# ifdef _KERNEL
+# include <sys/dditypes.h>
+# endif
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
@@ -64,9 +66,12 @@
#include <net/if.h>
#if __FreeBSD_version >= 300000
# include <net/if_var.h>
+# if defined(_KERNEL) && !defined(IPFILTER_LKM)
+# include "opt_ipfilter.h"
+# endif
#endif
#ifdef sun
-#include <net/af.h>
+# include <net/af.h>
#endif
#include <net/route.h>
#include <netinet/in.h>
@@ -81,8 +86,8 @@
#endif
#ifdef RFC1825
-#include <vpn/md5.h>
-#include <vpn/ipsec.h>
+# include <vpn/md5.h>
+# include <vpn/ipsec.h>
extern struct ifnet vpnif;
#endif
@@ -99,16 +104,28 @@
#include "netinet/ip_nat.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
+#if (__FreeBSD_version >= 300000)
+# include <sys/malloc.h>
+#endif
#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
+# define MIN(a,b) (((a)<(b))?(a):(b))
#endif
#undef SOCKADDR_IN
#define SOCKADDR_IN struct sockaddr_in
-nat_t *nat_table[2][NAT_SIZE], *nat_instances = NULL;
+nat_t **nat_table[2] = { NULL, NULL },
+ *nat_instances = NULL;
ipnat_t *nat_list = NULL;
-u_long fr_defnatage = 1200, /* 10 minutes (600 seconds) */
- fr_defnaticmpage = 6; /* 3 seconds */
+u_int ipf_nattable_sz = NAT_TABLE_SZ;
+u_int ipf_natrules_sz = NAT_SIZE;
+u_int ipf_rdrrules_sz = RDR_SIZE;
+u_32_t nat_masks = 0;
+u_32_t rdr_masks = 0;
+ipnat_t **nat_rules = NULL;
+ipnat_t **rdr_rules = NULL;
+
+u_long fr_defnatage = DEF_NAT_AGE,
+ fr_defnaticmpage = 6; /* 3 seconds */
natstat_t nat_stats;
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
extern kmutex_t ipf_rw;
@@ -118,31 +135,87 @@
static int nat_flushtable __P((void));
static int nat_clearlist __P((void));
static void nat_delete __P((struct nat *));
-static int nat_ifpaddr __P((nat_t *, void *, struct in_addr *));
+static void nat_delrdr __P((struct ipnat *));
+static void nat_delnat __P((struct ipnat *));
+
+
+int nat_init()
+{
+ KMALLOCS(nat_table[0], nat_t **, sizeof(nat_t *) * ipf_nattable_sz);
+ if (nat_table[0] != NULL)
+ bzero((char *)nat_table[0], ipf_nattable_sz * sizeof(nat_t *));
+ else
+ return -1;
+
+ KMALLOCS(nat_table[1], nat_t **, sizeof(nat_t *) * ipf_nattable_sz);
+ if (nat_table[1] != NULL)
+ bzero((char *)nat_table[1], ipf_nattable_sz * sizeof(nat_t *));
+ else
+ return -1;
+
+ KMALLOCS(nat_rules, ipnat_t **, sizeof(ipnat_t *) * ipf_natrules_sz);
+ if (nat_rules != NULL)
+ bzero((char *)nat_rules, ipf_natrules_sz * sizeof(ipnat_t *));
+ else
+ return -1;
+
+ KMALLOCS(rdr_rules, ipnat_t **, sizeof(ipnat_t *) * ipf_rdrrules_sz);
+ if (rdr_rules != NULL)
+ bzero((char *)rdr_rules, ipf_rdrrules_sz * sizeof(ipnat_t *));
+ else
+ return -1;
+ return 0;
+}
-#define LONG_SUM(in) (((in) & 0xffff) + ((in) >> 16))
+void nat_delrdr(n)
+ipnat_t *n;
+{
+ ipnat_t **n1;
+ u_32_t iph;
+ u_int hv;
+
+ iph = n->in_outip & n->in_outmsk;
+ hv = NAT_HASH_FN(iph, ipf_rdrrules_sz);
+ for (n1 = &rdr_rules[hv]; *n1 && (*n1 != n); n1 = &(*n1)->in_rnext)
+ ;
+ if (*n1)
+ *n1 = n->in_rnext;
+}
+
-#define CALC_SUMD(s1, s2, sd) { \
- (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
- (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
- /* Do it twice */ \
- (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
- (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
- /* Because ~1 == -2, We really need ~1 == -1 */ \
- if ((s1) > (s2)) (s2)--; \
- (sd) = (s2) - (s1); \
- (sd) = ((sd) & 0xffff) + ((sd) >> 16); }
+static void nat_delnat(n)
+ipnat_t *n;
+{
+ ipnat_t **n1;
+ u_32_t iph;
+ u_int hv;
-void fix_outcksum(sp, n)
+ iph = n->in_inip & n->in_inmsk;
+ hv = NAT_HASH_FN(iph, ipf_natrules_sz);
+ for (n1 = &nat_rules[hv]; *n1 && (*n1 != n); n1 = &(*n1)->in_mnext)
+ ;
+ if (*n1)
+ *n1 = n->in_mnext;
+}
+
+
+void fix_outcksum(sp, n , len)
u_short *sp;
u_32_t n;
+int len;
{
register u_short sumshort;
register u_32_t sum1;
if (!n)
return;
+#if SOLARIS2 >= 6
+ else if (n & NAT_HW_CKSUM) {
+ *sp = n & 0xffff;
+ return;
+ }
+#endif
sum1 = (~ntohs(*sp)) & 0xffff;
sum1 += (n);
sum1 = (sum1 >> 16) + (sum1 & 0xffff);
@@ -153,15 +226,22 @@
}
-void fix_incksum(sp, n)
+void fix_incksum(sp, n , len)
u_short *sp;
u_32_t n;
+int len;
{
register u_short sumshort;
register u_32_t sum1;
if (!n)
return;
+#if SOLARIS2 >= 6
+ else if (n & NAT_HW_CKSUM) {
+ *sp = n & 0xffff;
+ return;
+ }
+#endif
#ifdef sparc
sum1 = (~(*sp)) & 0xffff;
#else
@@ -210,14 +290,20 @@
int mode;
{
register ipnat_t *nat, *nt, *n = NULL, **np = NULL;
+ int error = 0, ret, k;
ipnat_t natd;
- int error = 0, ret;
+ u_32_t i, j;
#if defined(_KERNEL) && !SOLARIS
int s;
#endif
+#if (BSD >= 199306) && defined(_KERNEL)
+ if ((securelevel >= 2) && (mode & FWRITE))
+ return EPERM;
+#endif
+
nat = NULL; /* XXX gcc -Wuninitialized */
- KMALLOC(nt, ipnat_t *, sizeof(*nt));
+ KMALLOC(nt, ipnat_t *);
if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT))
IRCOPY(data, (char *)&natd, sizeof(natd));
@@ -228,8 +314,12 @@
WRITE_ENTER(&ipf_nat);
if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT)) {
nat = &natd;
- nat->in_inip &= nat->in_inmsk;
- nat->in_outip &= nat->in_outmsk;
+ nat->in_flags &= IPN_USERFLAGS;
+ if ((nat->in_redir & NAT_MAPBLK) == 0) {
+ nat->in_inip &= nat->in_inmsk;
+ if ((nat->in_flags & IPN_RANGE) == 0)
+ nat->in_outip &= nat->in_outmsk;
+ }
for (np = &nat_list; (n = *np); np = &n->in_next)
if (!bcmp((char *)&nat->in_flags, (char *)&n->in_flags,
IPN_CMPSIZ))
@@ -239,11 +329,7 @@
switch (cmd)
{
case SIOCADNAT :
-#if defined(__NetBSD__) && defined(_KERNEL)
- if ((securelevel >= 2) || !(mode & FWRITE)) {
-#else
if (!(mode & FWRITE)) {
-#endif
error = EPERM;
break;
}
@@ -251,31 +337,82 @@
error = EEXIST;
break;
}
- n = nt;
- nt = NULL;
- if (n == NULL) {
+ if (nt == NULL) {
error = ENOMEM;
break;
}
+ n = nt;
+ nt = NULL;
bcopy((char *)nat, (char *)n, sizeof(*n));
n->in_ifp = (void *)GETUNIT(n->in_ifname);
if (!n->in_ifp)
n->in_ifp = (void *)-1;
if (n->in_plabel[0] != '\0') {
- n->in_apr = ap_match(n->in_p, n->in_plabel);
+ n->in_apr = appr_match(n->in_p, n->in_plabel);
if (!n->in_apr) {
error = ENOENT;
break;
}
}
- n->in_next = *np;
+ n->in_next = NULL;
+ *np = n;
+
+ if (n->in_redir & NAT_REDIRECT) {
+ u_int hv;
+
+ k = countbits(n->in_outmsk);
+ if ((k >= 0) && (k != 32))
Home |
Main Index |
Thread Index |
Old Index