Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-1-5]: src/sys/netinet Pull up revisions 1.37-1.38, 1.40-1.44 (via ...



details:   https://anonhg.NetBSD.org/src/rev/fe492d863f19
branches:  netbsd-1-5
changeset: 492713:fe492d863f19
user:      he <he%NetBSD.org@localhost>
date:      Sat Feb 09 16:59:16 2002 +0000

description:
Pull up revisions 1.37-1.38,1.40-1.44 (via patch, requested by martti):
  Updated IPFilter to 3.4.23.

diffstat:

 sys/netinet/ip_nat.c |  1050 ++++++++++++++++++++++++++++++++++++-------------
 1 files changed, 774 insertions(+), 276 deletions(-)

diffs (truncated from 1828 to 300 lines):

diff -r 2962ba43372a -r fe492d863f19 sys/netinet/ip_nat.c
--- a/sys/netinet/ip_nat.c      Sat Feb 09 16:58:52 2002 +0000
+++ b/sys/netinet/ip_nat.c      Sat Feb 09 16:59:16 2002 +0000
@@ -1,23 +1,12 @@
-/*     $NetBSD: ip_nat.c,v 1.34.2.3 2001/04/14 20:57:01 he Exp $       */
+/*     $NetBSD: ip_nat.c,v 1.34.2.4 2002/02/09 16:59:16 he Exp $       */
 
 /*
- * Copyright (C) 1995-2000 by Darren Reed.
+ * Copyright (C) 1995-2001 by Darren Reed.
  *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
  *
  * Added redirect stuff and a LOT of bug fixes. (mcn%EnGarde.com@localhost)
  */
-#if !defined(lint)
-#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.34.2.3 2001/04/14 20:57:01 he Exp $";
-#else
-static const char sccsid[] = "@(#)ip_nat.c     1.11 6/5/96 (C) 1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.20 2000/08/08 16:01:01 darrenr Exp";
-#endif
-#endif
-
 #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
 #define _KERNEL
 #endif
@@ -28,7 +17,7 @@
 #include <sys/time.h>
 #include <sys/file.h>
 #if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
-    defined(_KERNEL) && !defined(_LKM)
+    defined(_KERNEL)
 # include "opt_ipfilter_log.h"
 #endif
 #if !defined(_KERNEL) && !defined(KERNEL)
@@ -97,6 +86,7 @@
 
 #ifndef linux
 # include <netinet/ip_var.h>
+# include <netinet/tcp_fsm.h>
 #endif
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
@@ -104,10 +94,10 @@
 #include "netinet/ip_compat.h"
 #include <netinet/tcpip.h>
 #include "netinet/ip_fil.h"
-#include "netinet/ip_proxy.h"
 #include "netinet/ip_nat.h"
 #include "netinet/ip_frag.h"
 #include "netinet/ip_state.h"
+#include "netinet/ip_proxy.h"
 #if (__FreeBSD_version >= 300000)
 # include <sys/malloc.h>
 #endif
@@ -117,6 +107,16 @@
 #undef SOCKADDR_IN
 #define        SOCKADDR_IN     struct sockaddr_in
 
+#if !defined(lint)
+#if defined(__NetBSD__)
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.34.2.4 2002/02/09 16:59:16 he Exp $");
+#else
+static const char sccsid[] = "@(#)ip_nat.c     1.11 6/5/96 (C) 1995 Darren Reed";
+static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.58 2002/01/02 03:40:24 darrenr Exp";
+#endif
+#endif
+
 nat_t  **nat_table[2] = { NULL, NULL },
        *nat_instances = NULL;
 ipnat_t        *nat_list = NULL;
@@ -135,12 +135,11 @@
 natstat_t nat_stats;
 int    fr_nat_lock = 0;
 #if    (SOLARIS || defined(__sgi)) && defined(_KERNEL)
-extern kmutex_t        ipf_rw, ipf_hostmap;
+extern kmutex_t        ipf_rw;
 extern KRWLOCK_T       ipf_nat;
 #endif
 
 static int     nat_flushtable __P((void));
-static int     nat_clearlist __P((void));
 static void    nat_addnat __P((struct ipnat *));
 static void    nat_addrdr __P((struct ipnat *));
 static void    nat_delete __P((struct nat *));
@@ -149,6 +148,7 @@
 static int     fr_natgetent __P((caddr_t));
 static int     fr_natgetsz __P((caddr_t));
 static int     fr_natputent __P((caddr_t));
+static void    nat_tabmove __P((fr_info_t *, nat_t *));
 static int     nat_match __P((fr_info_t *, ipnat_t *, ip_t *));
 static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr,
                                    struct in_addr));
@@ -255,6 +255,8 @@
 /*
  * check if an ip address has already been allocated for a given mapping that
  * is not doing port based translation.
+ *
+ * Must be called with ipf_nat held as a write lock.
  */
 static struct hostmap *nat_hostmap(np, real, map)
 ipnat_t *np;
@@ -264,13 +266,11 @@
        hostmap_t *hm;
        u_int hv;
 
-       MUTEX_ENTER(&ipf_hostmap);
        hv = real.s_addr % HOSTMAP_SIZE;
        for (hm = maptable[hv]; hm; hm = hm->hm_next)
                if ((hm->hm_realip.s_addr == real.s_addr) &&
                    (np == hm->hm_ipnat)) {
                        hm->hm_ref++;
-                       MUTEX_EXIT(&ipf_hostmap);
                        return hm;
                }
 
@@ -286,15 +286,16 @@
                hm->hm_mapip = map;
                hm->hm_ref = 1;
        }
-       MUTEX_EXIT(&ipf_hostmap);
        return hm;
 }
 
 
+/*
+ * Must be called with ipf_nat held as a write lock.
+ */
 static void nat_hostmapdel(hm)
 struct hostmap *hm;
 {
-       MUTEX_ENTER(&ipf_hostmap);
        ATOMIC_DEC32(hm->hm_ref);
        if (hm->hm_ref == 0) {
                if (hm->hm_next)
@@ -302,26 +303,26 @@
                *hm->hm_pnext = hm->hm_next;
                KFREE(hm);
        }
-       MUTEX_EXIT(&ipf_hostmap);
 }
 
 
-void fix_outcksum(sp, n , len)
+void fix_outcksum(fin, sp, n)
+fr_info_t *fin;
 u_short *sp;
 u_32_t n;
-int len;
 {
-       u_short sumshort;
-       u_32_t sum1;
+       register u_short sumshort;
+       register u_32_t sum1;
 
        if (!n)
                return;
-#if SOLARIS2 >= 6
        else if (n & NAT_HW_CKSUM) {
+               n &= 0xffff;
+               n += fin->fin_dlen;
+               n = (n & 0xffff) + (n >> 16);
                *sp = n & 0xffff;
                return;
        }
-#endif
        sum1 = (~ntohs(*sp)) & 0xffff;
        sum1 += (n);
        sum1 = (sum1 >> 16) + (sum1 & 0xffff);
@@ -332,23 +333,28 @@
 }
 
 
-void fix_incksum(sp, n , len)
+void fix_incksum(fin, sp, n)
+fr_info_t *fin;
 u_short *sp;
 u_32_t n;
-int len;
 {
-       u_short sumshort;
-       u_32_t sum1;
+       register u_short sumshort;
+       register u_32_t sum1;
 
        if (!n)
                return;
-#if SOLARIS2 >= 6
        else if (n & NAT_HW_CKSUM) {
+               n &= 0xffff;
+               n += fin->fin_dlen;
+               n = (n & 0xffff) + (n >> 16);
                *sp = n & 0xffff;
                return;
        }
+#ifdef sparc
+       sum1 = (~(*sp)) & 0xffff;
+#else
+       sum1 = (~ntohs(*sp)) & 0xffff;
 #endif
-       sum1 = (~ntohs(*sp)) & 0xffff;
        sum1 += ~(n) & 0xffff;
        sum1 = (sum1 >> 16) + (sum1 & 0xffff);
        /* Again */
@@ -359,6 +365,38 @@
 
 
 /*
+ * fix_datacksum is used *only* for the adjustments of checksums in the data
+ * section of an IP packet.
+ *
+ * The only situation in which you need to do this is when NAT'ing an 
+ * ICMP error message. Such a message, contains in its body the IP header
+ * of the original IP packet, that causes the error.
+ *
+ * You can't use fix_incksum or fix_outcksum in that case, because for the
+ * kernel the data section of the ICMP error is just data, and no special 
+ * processing like hardware cksum or ntohs processing have been done by the 
+ * kernel on the data section.
+ */
+void fix_datacksum(sp, n)
+u_short *sp;
+u_32_t n;
+{
+       register u_short sumshort;
+       register u_32_t sum1;
+
+       if (!n)
+               return;
+
+       sum1 = (~ntohs(*sp)) & 0xffff;
+       sum1 += (n);
+       sum1 = (sum1 >> 16) + (sum1 & 0xffff);
+       /* Again */
+       sum1 = (sum1 >> 16) + (sum1 & 0xffff);
+       sumshort = ~(u_short)sum1;
+       *(sp) = htons(sumshort);
+}
+
+/*
  * How the NAT is organised and works.
  *
  * Inside (interface y) NAT       Outside (interface x)
@@ -469,7 +507,7 @@
                if (!n->in_ifp)
                        n->in_ifp = (void *)-1;
                if (n->in_plabel[0] != '\0') {
-                       n->in_apr = appr_match(n->in_p, n->in_plabel);
+                       n->in_apr = appr_lookup(n->in_p, n->in_plabel);
                        if (!n->in_apr) {
                                error = ENOENT;
                                break;
@@ -596,9 +634,11 @@
                nat_stats.ns_table[0] = nat_table[0];
                nat_stats.ns_table[1] = nat_table[1];
                nat_stats.ns_list = nat_list;
+               nat_stats.ns_maptable = maptable;
                nat_stats.ns_nattab_sz = ipf_nattable_sz;
                nat_stats.ns_rultab_sz = ipf_natrules_sz;
                nat_stats.ns_rdrtab_sz = ipf_rdrrules_sz;
+               nat_stats.ns_hostmap_sz = ipf_hostmap_sz;
                nat_stats.ns_instances = nat_instances;
                nat_stats.ns_apslist = ap_sess_list;
                error = IWCOPYPTR((char *)&nat_stats, (char *)data,
@@ -669,9 +709,9 @@
                break;
        case FIONREAD :
 #ifdef IPFILTER_LOG
+               arg = (int)iplused[IPL_LOGNAT];
                MUTEX_DOWNGRADE(&ipf_nat);
-               error = IWCOPY((caddr_t)&iplused[IPL_LOGNAT], (caddr_t)data,
-                              sizeof(iplused[IPL_LOGNAT]));
+               error = IWCOPY((caddr_t)&arg, (caddr_t)data, sizeof(arg));
                if (error)
                        error = EFAULT;
 #endif
@@ -858,15 +898,17 @@
        /*
         * Initialize all these so that nat_delete() doesn't cause a crash.
         */
-       nat->nat_hstart[0] = NULL;
-       nat->nat_hstart[1] = NULL;
+       nat->nat_phnext[0] = NULL;
+       nat->nat_phnext[1] = NULL;
        fr = nat->nat_fr;
        nat->nat_fr = NULL;
        aps = nat->nat_aps;
        nat->nat_aps = NULL;
        in = nat->nat_ptr;
        nat->nat_ptr = NULL;
+       nat->nat_hm = NULL;
        nat->nat_data = NULL;
+       nat->nat_ifp = GETUNIT(nat->nat_ifname, 4);
 
        /*



Home | Main Index | Thread Index | Old Index