src - FreeBSD source tree

diff options


context:
space:
mode:

author	Gleb Smirnoff <glebius@FreeBSD.org>	2005-05-04 12:49:44 +0000
committer	Gleb Smirnoff <glebius@FreeBSD.org>	2005-05-04 12:49:44 +0000
commit	e0408a6edcd8cd5e420640a21efb83715c7c3024 (patch)
tree	ff67c2e32d850de98f6b748dae2602e636f9905b /lib/libalias
parent	5d6d6d382fb0ffdfdb4dc6ac92b4cbd5bd354306 (diff)
download	src-e0408a6edcd8cd5e420640a21efb83715c7c3024.tar.gz src-e0408a6edcd8cd5e420640a21efb83715c7c3024.zip

Notes

Diffstat (limited to 'lib/libalias')

-rw-r--r--

lib/libalias/HISTORY

145

-rw-r--r--

lib/libalias/Makefile

-rw-r--r--

lib/libalias/alias.c

1433

-rw-r--r--

lib/libalias/alias.h

265

-rw-r--r--

lib/libalias/alias_cuseeme.c

123

-rw-r--r--

lib/libalias/alias_db.c

2788

-rw-r--r--

lib/libalias/alias_ftp.c

675

-rw-r--r--

lib/libalias/alias_irc.c

386

-rw-r--r--

lib/libalias/alias_local.h

355

-rw-r--r--

lib/libalias/alias_nbt.c

722

-rw-r--r--

lib/libalias/alias_old.c

205

-rw-r--r--

lib/libalias/alias_pptp.c

373

-rw-r--r--

lib/libalias/alias_proxy.c

812

-rw-r--r--

lib/libalias/alias_skinny.c

350

-rw-r--r--

lib/libalias/alias_smedia.c

445

-rw-r--r--

lib/libalias/alias_util.c

164

-rw-r--r--

lib/libalias/libalias.3

1018

17 files changed, 2 insertions, 10259 deletions

diff --git a/lib/libalias/HISTORY b/lib/libalias/HISTORY
deleted file mode 100644
index c5bca59cac1f..000000000000
--- a/lib/libalias/HISTORY
+++ /dev/null

@@ -1,145 +0,0 @@

-$FreeBSD$

-Version 1.0: August 11, 1996 (cjm)

-Version 1.1: August 20, 1996 (cjm)

- - Host accepts incoming connections for ports 0 to 1023.

-Version 1.2: September 7, 1996 (cjm)

- - Fragment handling error in alias_db.c corrected.

-Version 1.3: September 15, 1996 (cjm)

- - Generalized mechanism for handling incoming

- connections (no more 0 to 1023 restriction).

- - Increased ICMP support (will handle traceroute now).

- - Improved TCP close connection logic.

-Version 1.4: September 16, 1996 (cjm)

-Version 1.5: September 17, 1996 (cjm)

- - Corrected error in handling incoming UDP packets

- with zero checksum.

-Version 1.6: September 18, 1996

- - Simplified ICMP data storage. Will now handle

- tracert from Win95 and NT as well as FreeBSD

- traceroute, which uses UDP packets to non-existent

- ports.

-Version 1.7: January 9, 1997 (cjm)

- - Reduced malloc() activity for ICMP echo and

- timestamp requests.

- - Added handling for out-of-order IP fragments.

- - Switched to differential checksum computation

- for IP headers (TCP, UDP and ICMP checksums

- were already differential).

- - Accepts FTP data connections from other than

- port 20. This allows one ftp connections

- from two hosts which are both running packet

- aliasing.

- - Checksum error on FTP transfers. Problem

- in code located by Martin Renters and

- Brian Somers.

-Version 1.8: January 14, 1997 (cjm)

- - Fixed data type error in function StartPoint()

- in alias_db.c (this bug did not exist before v1.7)

- Problem in code located by Ari Suutari.

-Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>)

- - Added support for IRC DCC (ee)

- - Changed the aliasing routines to use ANSI style

- throughout (ee)

- - Minor API changes for integration with other

- programs than PPP (ee)

- - Fixed minor security hole in alias_ftp.c for

- other applications of the aliasing software.

- Hole could _not_ manifest in ppp+pktAlias, but

- could potentially manifest in other applications

- of the aliasing. (ee)

- - Connections initiated from packet aliasing

- host machine will not have their port number

- aliased unless it conflicts with an aliasing

- port already being used. (There is an option

- to disable this for debugging) (cjm)

- - Sockets will be allocated in cases where

- there might be port interference with the

- host machine. This can be disabled in cases

- where the ppp host will be acting purely as a

- masquerading router and not generate any

- traffic of its own.

- (cjm)

-Version 2.0: March, 1997 (cjm)

- - Aliasing links are cleared only when a host interface address

- changes.

- - PacketAliasPermanentLink() API added.

- - Option for only aliasing private, unregistered

- IP addresses added.

- - Substantial rework to the aliasing lookup engine.

-Version 2.1: May, 1997 (cjm)

- - Continuing rework to the aliasing lookup engine

- to support multiple incoming addresses and static

- NAT. PacketAliasRedirectPort() and

- PacketAliasRedirectAddr() added to API.

- - Now supports outgoing as well as incoming ICMP

- error messages.

-Version 2.2: July, 1997 (cjm)

- - Rationalized API function names to all begin with

- "PacketAlias..." Old function names are retained

- for backwards compatibility.

- - Packet aliasing engine will now free memory of

- fragments which are never resolved after a timeout

- period. Once a fragment is resolved, it becomes

- the users responsibility to free the memory.

-Version 2.3: August 11, 1997 (cjm)

- - Problem associated with socket file descriptor

- accumulation in alias_db.c corrected. The sockets

- had to be closed when a binding failed. Problem

- in code located by Gordon Burditt.

-Version 2.4: September 1, 1997 (cjm)

- - PKT_ALIAS_UNREGISTERED_ONLY option repaired.

- This part of the code was incorrectly re-implemented

- in version 2.1.

-Version 2.5: December, 1997 (ee)

- - Added PKT_ALIAS_PUNCH_FW mode for firewall

- bypass of FTP/IRC DCC data connections. Also added

- improved TCP connection monitoring.

-Version 2.6: May, 1998 (amurai)

- - Added supporting routine for NetBios over TCP/IP.

-Version 3.0: January 1, 1999

- - Transparent proxying support added.

- - PPTP redirecting support added based on patches

- contributed by Dru Nelson <dnelson@redwoodsoft.com>.

-Version 3.1: May, 2000 (Erik Salander, erik@whistle.com)

- - Added support to alias 227 replies, allows aliasing for

- FTP servers in passive mode.

- - Added support for PPTP aliasing.

-Version 3.2: July, 2000 (Erik Salander, erik@whistle.com and

- Junichi Satoh, junichi@junichi.org)

- - Added support for streaming media (RTSP and PNA) aliasing.

diff --git a/lib/libalias/Makefile b/lib/libalias/Makefile
index dc6eb2df2617..448346738298 100644
--- a/lib/libalias/Makefile
+++ b/lib/libalias/Makefile

@@ -1,5 +1,7 @@

# $FreeBSD$

+.PATH: ${.CURDIR}/../../sys/netinet/libalias

LIB= alias

SHLIBDIR?= /lib

SHLIB_MAJOR= 4

diff --git a/lib/libalias/alias.c b/lib/libalias/alias.c
deleted file mode 100644
index 053c18dc997a..000000000000
--- a/lib/libalias/alias.c
+++ /dev/null

@@ -1,1433 +0,0 @@

-/*-

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- * notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the

- * documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- */

-#include <sys/cdefs.h>

-__FBSDID("$FreeBSD$");

-/*

- Alias.c provides supervisory control for the functions of the

- packet aliasing software. It consists of routines to monitor

- TCP connection state, protocol-specific aliasing routines,

- fragment handling and the following outside world functional

- interfaces: SaveFragmentPtr, GetFragmentPtr, FragmentAliasIn,

- PacketAliasIn and PacketAliasOut.

- The other C program files are briefly described. The data

- structure framework which holds information needed to translate

- packets is encapsulated in alias_db.c. Data is accessed by

- function calls, so other segments of the program need not know

- about the underlying data structures. Alias_ftp.c contains

- special code for modifying the ftp PORT command used to establish

- data connections, while alias_irc.c does the same for IRC

- DCC. Alias_util.c contains a few utility routines.

- Version 1.0 August, 1996 (cjm)

- Version 1.1 August 20, 1996 (cjm)

- PPP host accepts incoming connections for ports 0 to 1023.

- (Gary Roberts pointed out the need to handle incoming

- connections.)

- Version 1.2 September 7, 1996 (cjm)

- Fragment handling error in alias_db.c corrected.

- (Tom Torrance helped fix this problem.)

- Version 1.4 September 16, 1996 (cjm)

- - A more generalized method for handling incoming

- connections, without the 0-1023 restriction, is

- implemented in alias_db.c

- - Improved ICMP support in alias.c. Traceroute

- packet streams can now be correctly aliased.

- - TCP connection closing logic simplified in

- alias.c and now allows for additional 1 minute

- "grace period" after FIN or RST is observed.

- Version 1.5 September 17, 1996 (cjm)

- Corrected error in handling incoming UDP packets with 0 checksum.

- (Tom Torrance helped fix this problem.)

- Version 1.6 September 18, 1996 (cjm)

- Simplified ICMP aliasing scheme. Should now support

- traceroute from Win95 as well as FreeBSD.

- Version 1.7 January 9, 1997 (cjm)

- - Out-of-order fragment handling.

- - IP checksum error fixed for ftp transfers

- from aliasing host.

- - Integer return codes added to all

- aliasing/de-aliasing functions.

- - Some obsolete comments cleaned up.

- - Differential checksum computations for

- IP header (TCP, UDP and ICMP were already

- differential).

- Version 2.1 May 1997 (cjm)

- - Added support for outgoing ICMP error

- messages.

- - Added two functions PacketAliasIn2()

- and PacketAliasOut2() for dynamic address

- control (e.g. round-robin allocation of

- incoming packets).

- Version 2.2 July 1997 (cjm)

- - Rationalized API function names to begin

- with "PacketAlias..."

- - Eliminated PacketAliasIn2() and

- PacketAliasOut2() as poorly conceived.

- Version 2.3 Dec 1998 (dillon)

- - Major bounds checking additions, see FreeBSD/CVS

- Version 3.1 May, 2000 (salander)

- - Added hooks to handle PPTP.

- Version 3.2 July, 2000 (salander and satoh)

- - Added PacketUnaliasOut routine.

- - Added hooks to handle RTSP/RTP.

- See HISTORY file for additional revisions.

-*/

-#include <sys/types.h>

-#include <netinet/in_systm.h>

-#include <netinet/in.h>

-#include <netinet/ip.h>

-#include <netinet/ip_icmp.h>

-#include <netinet/tcp.h>

-#include <netinet/udp.h>

-#include <stdio.h>

-#include "alias_local.h"

-#include "alias.h"

-#define NETBIOS_NS_PORT_NUMBER 137

-#define NETBIOS_DGM_PORT_NUMBER 138

-#define FTP_CONTROL_PORT_NUMBER 21

-#define IRC_CONTROL_PORT_NUMBER_1 6667

-#define IRC_CONTROL_PORT_NUMBER_2 6668

-#define CUSEEME_PORT_NUMBER 7648

-#define RTSP_CONTROL_PORT_NUMBER_1 554

-#define RTSP_CONTROL_PORT_NUMBER_2 7070

-#define TFTP_PORT_NUMBER 69

-#define PPTP_CONTROL_PORT_NUMBER 1723

-static __inline int

-twowords(void *p)

- uint8_t *c = p;

-#if BYTE_ORDER == LITTLE_ENDIAN

- uint16_t s1 = ((uint16_t)c[1] << 8) + (uint16_t)c[0];

- uint16_t s2 = ((uint16_t)c[3] << 8) + (uint16_t)c[2];

-#else

- uint16_t s1 = ((uint16_t)c[0] << 8) + (uint16_t)c[1];

- uint16_t s2 = ((uint16_t)c[2] << 8) + (uint16_t)c[3];

-#endif

- return (s1 + s2);

-/* TCP Handling Routines

- TcpMonitorIn() -- These routines monitor TCP connections, and

- TcpMonitorOut() delete a link when a connection is closed.

-These routines look for SYN, FIN and RST flags to determine when TCP

-connections open and close. When a TCP connection closes, the data

-structure containing packet aliasing information is deleted after

-a timeout period.

-*/

-/* Local prototypes */

-static void TcpMonitorIn(struct ip *, struct alias_link *);

-static void TcpMonitorOut(struct ip *, struct alias_link *);

-static void

-TcpMonitorIn(struct ip *pip, struct alias_link *lnk)

- struct tcphdr *tc;

- tc = (struct tcphdr *)ip_next(pip);

- switch (GetStateIn(lnk)) {

- case ALIAS_TCP_STATE_NOT_CONNECTED:

- if (tc->th_flags & TH_RST)

- SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED);

- else if (tc->th_flags & TH_SYN)

- SetStateIn(lnk, ALIAS_TCP_STATE_CONNECTED);

- break;

- case ALIAS_TCP_STATE_CONNECTED:

- if (tc->th_flags & (TH_FIN | TH_RST))

- SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED);

- break;

- }

-static void

-TcpMonitorOut(struct ip *pip, struct alias_link *lnk)

- struct tcphdr *tc;

- tc = (struct tcphdr *)ip_next(pip);

- switch (GetStateOut(lnk)) {

- case ALIAS_TCP_STATE_NOT_CONNECTED:

- if (tc->th_flags & TH_RST)

- SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED);

- else if (tc->th_flags & TH_SYN)

- SetStateOut(lnk, ALIAS_TCP_STATE_CONNECTED);

- break;

- case ALIAS_TCP_STATE_CONNECTED:

- if (tc->th_flags & (TH_FIN | TH_RST))

- SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED);

- break;

- }

-/* Protocol Specific Packet Aliasing Routines

- IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2()

- IcmpAliasOut(), IcmpAliasOut1(), IcmpAliasOut2()

- ProtoAliasIn(), ProtoAliasOut()

- UdpAliasIn(), UdpAliasOut()

- TcpAliasIn(), TcpAliasOut()

-These routines handle protocol specific details of packet aliasing.

-One may observe a certain amount of repetitive arithmetic in these

-functions, the purpose of which is to compute a revised checksum

-without actually summing over the entire data packet, which could be

-unnecessarily time consuming.

-The purpose of the packet aliasing routines is to replace the source

-address of the outgoing packet and then correctly put it back for

-any incoming packets. For TCP and UDP, ports are also re-mapped.

-For ICMP echo/timestamp requests and replies, the following scheme

-is used: the ID number is replaced by an alias for the outgoing

-packet.

-ICMP error messages are handled by looking at the IP fragment

-in the data section of the message.

-For TCP and UDP protocols, a port number is chosen for an outgoing

-packet, and then incoming packets are identified by IP address and

-port numbers. For TCP packets, there is additional logic in the event

-that sequence and ACK numbers have been altered (as in the case for

-FTP data port commands).

-The port numbers used by the packet aliasing module are not true

-ports in the Unix sense. No sockets are actually bound to ports.

-They are more correctly thought of as placeholders.

-All packets go through the aliasing mechanism, whether they come from

-the gateway machine or other machines on a local area network.

-*/

-/* Local prototypes */

-static int IcmpAliasIn1(struct libalias *, struct ip *);

-static int IcmpAliasIn2(struct libalias *, struct ip *);

-static int IcmpAliasIn(struct libalias *, struct ip *);

-static int IcmpAliasOut1(struct libalias *, struct ip *, int create);

-static int IcmpAliasOut2(struct libalias *, struct ip *);

-static int IcmpAliasOut(struct libalias *, struct ip *, int create);

-static int ProtoAliasIn(struct libalias *, struct ip *);

-static int ProtoAliasOut(struct libalias *, struct ip *, int create);

-static int UdpAliasIn(struct libalias *, struct ip *);

-static int UdpAliasOut(struct libalias *, struct ip *, int create);

-static int TcpAliasIn(struct libalias *, struct ip *);

-static int TcpAliasOut(struct libalias *, struct ip *, int, int create);

-static int

-IcmpAliasIn1(struct libalias *la, struct ip *pip)

-/*

- De-alias incoming echo and timestamp replies.

- Alias incoming echo and timestamp requests.

-*/

- struct alias_link *lnk;

- struct icmp *ic;

- ic = (struct icmp *)ip_next(pip);

-/* Get source address from ICMP data field and restore original data */

- lnk = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1);

- if (lnk != NULL) {

- u_short original_id;

- int accumulate;

- original_id = GetOriginalPort(lnk);

-/* Adjust ICMP checksum */

- accumulate = ic->icmp_id;

- accumulate -= original_id;

- ADJUST_CHECKSUM(accumulate, ic->icmp_cksum);

-/* Put original sequence number back in */

- ic->icmp_id = original_id;

-/* Put original address back into IP header */

- {

- struct in_addr original_address;

- original_address = GetOriginalAddress(lnk);

- DifferentialChecksum(&pip->ip_sum,

- &original_address, &pip->ip_dst, 2);

- pip->ip_dst = original_address;

- }

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-IcmpAliasIn2(struct libalias *la, struct ip *pip)

-/*

- Alias incoming ICMP error messages containing

- IP header and first 64 bits of datagram.

-*/

- struct ip *ip;

- struct icmp *ic, *ic2;

- struct udphdr *ud;

- struct tcphdr *tc;

- struct alias_link *lnk;

- ic = (struct icmp *)ip_next(pip);

- ip = &ic->icmp_ip;

- ud = (struct udphdr *)ip_next(ip);

- tc = (struct tcphdr *)ip_next(ip);

- ic2 = (struct icmp *)ip_next(ip);

- if (ip->ip_p == IPPROTO_UDP)

- lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src,

- ud->uh_dport, ud->uh_sport,

- IPPROTO_UDP, 0);

- else if (ip->ip_p == IPPROTO_TCP)

- lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src,

- tc->th_dport, tc->th_sport,

- IPPROTO_TCP, 0);

- else if (ip->ip_p == IPPROTO_ICMP) {

- if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)

- lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);

- else

- lnk = NULL;

- } else

- lnk = NULL;

- if (lnk != NULL) {

- if (ip->ip_p == IPPROTO_UDP || ip->ip_p == IPPROTO_TCP) {

- int accumulate, accumulate2;

- struct in_addr original_address;

- u_short original_port;

- original_address = GetOriginalAddress(lnk);

- original_port = GetOriginalPort(lnk);

-/* Adjust ICMP checksum */

- accumulate = twowords(&ip->ip_src);

- accumulate -= twowords(&original_address);

- accumulate += ud->uh_sport;

- accumulate -= original_port;

- accumulate2 = accumulate;

- accumulate2 += ip->ip_sum;

- ADJUST_CHECKSUM(accumulate, ip->ip_sum);

- accumulate2 -= ip->ip_sum;

- ADJUST_CHECKSUM(accumulate2, ic->icmp_cksum);

-/* Un-alias address in IP header */

- DifferentialChecksum(&pip->ip_sum,

- &original_address, &pip->ip_dst, 2);

- pip->ip_dst = original_address;

-/* Un-alias address and port number of original IP packet

-fragment contained in ICMP data section */

- ip->ip_src = original_address;

- ud->uh_sport = original_port;

- } else if (ip->ip_p == IPPROTO_ICMP) {

- int accumulate, accumulate2;

- struct in_addr original_address;

- u_short original_id;

- original_address = GetOriginalAddress(lnk);

- original_id = GetOriginalPort(lnk);

-/* Adjust ICMP checksum */

- accumulate = twowords(&ip->ip_src);

- accumulate -= twowords(&original_address);

- accumulate += ic2->icmp_id;

- accumulate -= original_id;

- accumulate2 = accumulate;

- accumulate2 += ip->ip_sum;

- ADJUST_CHECKSUM(accumulate, ip->ip_sum);

- accumulate2 -= ip->ip_sum;

- ADJUST_CHECKSUM(accumulate2, ic->icmp_cksum);

-/* Un-alias address in IP header */

- DifferentialChecksum(&pip->ip_sum,

- &original_address, &pip->ip_dst, 2);

- pip->ip_dst = original_address;

-/* Un-alias address of original IP packet and sequence number of

- embedded ICMP datagram */

- ip->ip_src = original_address;

- ic2->icmp_id = original_id;

- }

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-IcmpAliasIn(struct libalias *la, struct ip *pip)

- int iresult;

- struct icmp *ic;

-/* Return if proxy-only mode is enabled */

- if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)

- return (PKT_ALIAS_OK);

- ic = (struct icmp *)ip_next(pip);

- iresult = PKT_ALIAS_IGNORED;

- switch (ic->icmp_type) {

- case ICMP_ECHOREPLY:

- case ICMP_TSTAMPREPLY:

- if (ic->icmp_code == 0) {

- iresult = IcmpAliasIn1(la, pip);

- }

- break;

- case ICMP_UNREACH:

- case ICMP_SOURCEQUENCH:

- case ICMP_TIMXCEED:

- case ICMP_PARAMPROB:

- iresult = IcmpAliasIn2(la, pip);

- break;

- case ICMP_ECHO:

- case ICMP_TSTAMP:

- iresult = IcmpAliasIn1(la, pip);

- break;

- }

- return (iresult);

-static int

-IcmpAliasOut1(struct libalias *la, struct ip *pip, int create)

-/*

- Alias outgoing echo and timestamp requests.

- De-alias outgoing echo and timestamp replies.

-*/

- struct alias_link *lnk;

- struct icmp *ic;

- ic = (struct icmp *)ip_next(pip);

-/* Save overwritten data for when echo packet returns */

- lnk = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, create);

- if (lnk != NULL) {

- u_short alias_id;

- int accumulate;

- alias_id = GetAliasPort(lnk);

-/* Since data field is being modified, adjust ICMP checksum */

- accumulate = ic->icmp_id;

- accumulate -= alias_id;

- ADJUST_CHECKSUM(accumulate, ic->icmp_cksum);

-/* Alias sequence number */

- ic->icmp_id = alias_id;

-/* Change source address */

- {

- struct in_addr alias_address;

- alias_address = GetAliasAddress(lnk);

- DifferentialChecksum(&pip->ip_sum,

- &alias_address, &pip->ip_src, 2);

- pip->ip_src = alias_address;

- }

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-IcmpAliasOut2(struct libalias *la, struct ip *pip)

-/*

- Alias outgoing ICMP error messages containing

- IP header and first 64 bits of datagram.

-*/

- struct ip *ip;

- struct icmp *ic, *ic2;

- struct udphdr *ud;

- struct tcphdr *tc;

- struct alias_link *lnk;

- ic = (struct icmp *)ip_next(pip);

- ip = &ic->icmp_ip;

- ud = (struct udphdr *)ip_next(ip);

- tc = (struct tcphdr *)ip_next(ip);

- ic2 = (struct icmp *)ip_next(ip);

- if (ip->ip_p == IPPROTO_UDP)

- lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src,

- ud->uh_dport, ud->uh_sport,

- IPPROTO_UDP, 0);

- else if (ip->ip_p == IPPROTO_TCP)

- lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src,

- tc->th_dport, tc->th_sport,

- IPPROTO_TCP, 0);

- else if (ip->ip_p == IPPROTO_ICMP) {

- if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)

- lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);

- else

- lnk = NULL;

- } else

- lnk = NULL;

- if (lnk != NULL) {

- if (ip->ip_p == IPPROTO_UDP || ip->ip_p == IPPROTO_TCP) {

- int accumulate;

- struct in_addr alias_address;

- u_short alias_port;

- alias_address = GetAliasAddress(lnk);

- alias_port = GetAliasPort(lnk);

-/* Adjust ICMP checksum */

- accumulate = twowords(&ip->ip_dst);

- accumulate -= twowords(&alias_address);

- accumulate += ud->uh_dport;

- accumulate -= alias_port;

- ADJUST_CHECKSUM(accumulate, ic->icmp_cksum);

-/*

- * Alias address in IP header if it comes from the host

- * the original TCP/UDP packet was destined for.

- */

- if (pip->ip_src.s_addr == ip->ip_dst.s_addr) {

- DifferentialChecksum(&pip->ip_sum,

- &alias_address, &pip->ip_src, 2);

- pip->ip_src = alias_address;

- }

-/* Alias address and port number of original IP packet

-fragment contained in ICMP data section */

- ip->ip_dst = alias_address;

- ud->uh_dport = alias_port;

- } else if (ip->ip_p == IPPROTO_ICMP) {

- int accumulate;

- struct in_addr alias_address;

- u_short alias_id;

- alias_address = GetAliasAddress(lnk);

- alias_id = GetAliasPort(lnk);

-/* Adjust ICMP checksum */

- accumulate = twowords(&ip->ip_dst);

- accumulate -= twowords(&alias_address);

- accumulate += ic2->icmp_id;

- accumulate -= alias_id;

- ADJUST_CHECKSUM(accumulate, ic->icmp_cksum);

-/*

- * Alias address in IP header if it comes from the host

- * the original ICMP message was destined for.

- */

- if (pip->ip_src.s_addr == ip->ip_dst.s_addr) {

- DifferentialChecksum(&pip->ip_sum,

- &alias_address, &pip->ip_src, 2);

- pip->ip_src = alias_address;

- }

-/* Alias address of original IP packet and sequence number of

- embedded ICMP datagram */

- ip->ip_dst = alias_address;

- ic2->icmp_id = alias_id;

- }

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-IcmpAliasOut(struct libalias *la, struct ip *pip, int create)

- int iresult;

- struct icmp *ic;

- (void)create;

-/* Return if proxy-only mode is enabled */

- if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)

- return (PKT_ALIAS_OK);

- ic = (struct icmp *)ip_next(pip);

- iresult = PKT_ALIAS_IGNORED;

- switch (ic->icmp_type) {

- case ICMP_ECHO:

- case ICMP_TSTAMP:

- if (ic->icmp_code == 0) {

- iresult = IcmpAliasOut1(la, pip, create);

- }

- break;

- case ICMP_UNREACH:

- case ICMP_SOURCEQUENCH:

- case ICMP_TIMXCEED:

- case ICMP_PARAMPROB:

- iresult = IcmpAliasOut2(la, pip);

- break;

- case ICMP_ECHOREPLY:

- case ICMP_TSTAMPREPLY:

- iresult = IcmpAliasOut1(la, pip, create);

- }

- return (iresult);

-static int

-ProtoAliasIn(struct libalias *la, struct ip *pip)

-/*

- Handle incoming IP packets. The

- only thing which is done in this case is to alias

- the dest IP address of the packet to our inside

- machine.

-*/

- struct alias_link *lnk;

-/* Return if proxy-only mode is enabled */

- if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)

- return (PKT_ALIAS_OK);

- lnk = FindProtoIn(la, pip->ip_src, pip->ip_dst, pip->ip_p);

- if (lnk != NULL) {

- struct in_addr original_address;

- original_address = GetOriginalAddress(lnk);

-/* Restore original IP address */

- DifferentialChecksum(&pip->ip_sum,

- &original_address, &pip->ip_dst, 2);

- pip->ip_dst = original_address;

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-ProtoAliasOut(struct libalias *la, struct ip *pip, int create)

-/*

- Handle outgoing IP packets. The

- only thing which is done in this case is to alias

- the source IP address of the packet.

-*/

- struct alias_link *lnk;

- (void)create;

-/* Return if proxy-only mode is enabled */

- if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)

- return (PKT_ALIAS_OK);

- lnk = FindProtoOut(la, pip->ip_src, pip->ip_dst, pip->ip_p);

- if (lnk != NULL) {

- struct in_addr alias_address;

- alias_address = GetAliasAddress(lnk);

-/* Change source address */

- DifferentialChecksum(&pip->ip_sum,

- &alias_address, &pip->ip_src, 2);

- pip->ip_src = alias_address;

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-UdpAliasIn(struct libalias *la, struct ip *pip)

- struct udphdr *ud;

- struct alias_link *lnk;

-/* Return if proxy-only mode is enabled */

- if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)

- return (PKT_ALIAS_OK);

- ud = (struct udphdr *)ip_next(pip);

- lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,

- ud->uh_sport, ud->uh_dport,

- IPPROTO_UDP, 1);

- if (lnk != NULL) {

- struct in_addr alias_address;

- struct in_addr original_address;

- u_short alias_port;

- int accumulate;

- int r = 0;

- alias_address = GetAliasAddress(lnk);

- original_address = GetOriginalAddress(lnk);

- alias_port = ud->uh_dport;

- ud->uh_dport = GetOriginalPort(lnk);

-/* Special processing for IP encoding protocols */

- if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER)

- AliasHandleCUSeeMeIn(la, pip, original_address);

-/* If NETBIOS Datagram, It should be alias address in UDP Data, too */

- else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER

- || ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER)

- r = AliasHandleUdpNbt(la, pip, lnk, &original_address, ud->uh_dport);

- else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER

- || ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER)

- r = AliasHandleUdpNbtNS(la, pip, lnk, &alias_address, &alias_port,

- &original_address, &ud->uh_dport);

-/* If UDP checksum is not zero, then adjust since destination port */

-/* is being unaliased and destination address is being altered. */

- if (ud->uh_sum != 0) {

- accumulate = alias_port;

- accumulate -= ud->uh_dport;

- accumulate += twowords(&alias_address);

- accumulate -= twowords(&original_address);

- ADJUST_CHECKSUM(accumulate, ud->uh_sum);

- }

-/* Restore original IP address */

- DifferentialChecksum(&pip->ip_sum,

- &original_address, &pip->ip_dst, 2);

- pip->ip_dst = original_address;

- /*

- * If we cannot figure out the packet, ignore it.

- */

- if (r < 0)

- return (PKT_ALIAS_IGNORED);

- else

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-UdpAliasOut(struct libalias *la, struct ip *pip, int create)

- struct udphdr *ud;

- struct alias_link *lnk;

-/* Return if proxy-only mode is enabled */

- if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)

- return (PKT_ALIAS_OK);

- ud = (struct udphdr *)ip_next(pip);

- lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,

- ud->uh_sport, ud->uh_dport,

- IPPROTO_UDP, create);

- if (lnk != NULL) {

- u_short alias_port;

- struct in_addr alias_address;

- alias_address = GetAliasAddress(lnk);

- alias_port = GetAliasPort(lnk);

-/* Special processing for IP encoding protocols */

- if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER)

- AliasHandleCUSeeMeOut(la, pip, lnk);

-/* If NETBIOS Datagram, It should be alias address in UDP Data, too */

- else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER

- || ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER)

- AliasHandleUdpNbt(la, pip, lnk, &alias_address, alias_port);

- else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER

- || ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER)

- AliasHandleUdpNbtNS(la, pip, lnk, &pip->ip_src, &ud->uh_sport,

- &alias_address, &alias_port);

-/*

- * We don't know in advance what TID the TFTP server will choose,

- * so we create a wilcard link (destination port is unspecified)

- * that will match any TID from a given destination.

- */

- else if (ntohs(ud->uh_dport) == TFTP_PORT_NUMBER)

- FindRtspOut(la, pip->ip_src, pip->ip_dst,

- ud->uh_sport, alias_port, IPPROTO_UDP);

-/* If UDP checksum is not zero, adjust since source port is */

-/* being aliased and source address is being altered */

- if (ud->uh_sum != 0) {

- int accumulate;

- accumulate = ud->uh_sport;

- accumulate -= alias_port;

- accumulate += twowords(&pip->ip_src);

- accumulate -= twowords(&alias_address);

- ADJUST_CHECKSUM(accumulate, ud->uh_sum);

- }

-/* Put alias port in UDP header */

- ud->uh_sport = alias_port;

-/* Change source address */

- DifferentialChecksum(&pip->ip_sum,

- &alias_address, &pip->ip_src, 2);

- pip->ip_src = alias_address;

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-TcpAliasIn(struct libalias *la, struct ip *pip)

- struct tcphdr *tc;

- struct alias_link *lnk;

- tc = (struct tcphdr *)ip_next(pip);

- lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,

- tc->th_sport, tc->th_dport,

- IPPROTO_TCP,

- !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY));

- if (lnk != NULL) {

- struct in_addr alias_address;

- struct in_addr original_address;

- struct in_addr proxy_address;

- u_short alias_port;

- u_short proxy_port;

- int accumulate;

-/* Special processing for IP encoding protocols */

- if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER

- || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)

- AliasHandlePptpIn(la, pip, lnk);

- else if (la->skinnyPort != 0 && (ntohs(tc->th_dport) == la->skinnyPort

- || ntohs(tc->th_sport) == la->skinnyPort))

- AliasHandleSkinny(la, pip, lnk);

- alias_address = GetAliasAddress(lnk);

- original_address = GetOriginalAddress(lnk);

- proxy_address = GetProxyAddress(lnk);

- alias_port = tc->th_dport;

- tc->th_dport = GetOriginalPort(lnk);

- proxy_port = GetProxyPort(lnk);

-/* Adjust TCP checksum since destination port is being unaliased */

-/* and destination port is being altered. */

- accumulate = alias_port;

- accumulate -= tc->th_dport;

- accumulate += twowords(&alias_address);

- accumulate -= twowords(&original_address);

-/* If this is a proxy, then modify the TCP source port and

- checksum accumulation */

- if (proxy_port != 0) {

- accumulate += tc->th_sport;

- tc->th_sport = proxy_port;

- accumulate -= tc->th_sport;

- accumulate += twowords(&pip->ip_src);

- accumulate -= twowords(&proxy_address);

- }

-/* See if ACK number needs to be modified */

- if (GetAckModified(lnk) == 1) {

- int delta;

- delta = GetDeltaAckIn(pip, lnk);

- if (delta != 0) {

- accumulate += twowords(&tc->th_ack);

- tc->th_ack = htonl(ntohl(tc->th_ack) - delta);

- accumulate -= twowords(&tc->th_ack);

- }

- ADJUST_CHECKSUM(accumulate, tc->th_sum);

-/* Restore original IP address */

- accumulate = twowords(&pip->ip_dst);

- pip->ip_dst = original_address;

- accumulate -= twowords(&pip->ip_dst);

-/* If this is a transparent proxy packet, then modify the source

- address */

- if (proxy_address.s_addr != 0) {

- accumulate += twowords(&pip->ip_src);

- pip->ip_src = proxy_address;

- accumulate -= twowords(&pip->ip_src);

- }

- ADJUST_CHECKSUM(accumulate, pip->ip_sum);

-/* Monitor TCP connection state */

- TcpMonitorIn(pip, lnk);

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-static int

-TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)

- int proxy_type;

- u_short dest_port;

- u_short proxy_server_port;

- struct in_addr dest_address;

- struct in_addr proxy_server_address;

- struct tcphdr *tc;

- struct alias_link *lnk;

- tc = (struct tcphdr *)ip_next(pip);

- proxy_type = ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port);

- if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY))

- return (PKT_ALIAS_OK);

-/* If this is a transparent proxy, save original destination,

- then alter the destination and adjust checksums */

- dest_port = tc->th_dport;

- dest_address = pip->ip_dst;

- if (proxy_type != 0) {

- int accumulate;

- accumulate = tc->th_dport;

- tc->th_dport = proxy_server_port;

- accumulate -= tc->th_dport;

- accumulate += twowords(&pip->ip_dst);

- accumulate -= twowords(&proxy_server_address);

- ADJUST_CHECKSUM(accumulate, tc->th_sum);

- accumulate = twowords(&pip->ip_dst);

- pip->ip_dst = proxy_server_address;

- accumulate -= twowords(&pip->ip_dst);

- ADJUST_CHECKSUM(accumulate, pip->ip_sum);

- }

- lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,

- tc->th_sport, tc->th_dport,

- IPPROTO_TCP, create);

- if (lnk == NULL)

- return (PKT_ALIAS_IGNORED);

- if (lnk != NULL) {

- u_short alias_port;

- struct in_addr alias_address;

- int accumulate;

-/* Save original destination address, if this is a proxy packet.

- Also modify packet to include destination encoding. This may

- change the size of IP header. */

- if (proxy_type != 0) {

- SetProxyPort(lnk, dest_port);

- SetProxyAddress(lnk, dest_address);

- ProxyModify(la, lnk, pip, maxpacketsize, proxy_type);

- tc = (struct tcphdr *)ip_next(pip);

- }

-/* Get alias address and port */

- alias_port = GetAliasPort(lnk);

- alias_address = GetAliasAddress(lnk);

-/* Monitor TCP connection state */

- TcpMonitorOut(pip, lnk);

-/* Special processing for IP encoding protocols */

- if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER

- || ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER)

- AliasHandleFtpOut(la, pip, lnk, maxpacketsize);

- else if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1

- || ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2)

- AliasHandleIrcOut(la, pip, lnk, maxpacketsize);

- else if (ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_1

- || ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_1

- || ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_2

- || ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_2)

- AliasHandleRtspOut(la, pip, lnk, maxpacketsize);

- else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER

- || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)

- AliasHandlePptpOut(la, pip, lnk);

- else if (la->skinnyPort != 0 && (ntohs(tc->th_sport) == la->skinnyPort

- || ntohs(tc->th_dport) == la->skinnyPort))

- AliasHandleSkinny(la, pip, lnk);

-/* Adjust TCP checksum since source port is being aliased */

-/* and source address is being altered */

- accumulate = tc->th_sport;

- tc->th_sport = alias_port;

- accumulate -= tc->th_sport;

- accumulate += twowords(&pip->ip_src);

- accumulate -= twowords(&alias_address);

-/* Modify sequence number if necessary */

- if (GetAckModified(lnk) == 1) {

- int delta;

- delta = GetDeltaSeqOut(pip, lnk);

- if (delta != 0) {

- accumulate += twowords(&tc->th_seq);

- tc->th_seq = htonl(ntohl(tc->th_seq) + delta);

- accumulate -= twowords(&tc->th_seq);

- }

- ADJUST_CHECKSUM(accumulate, tc->th_sum);

-/* Change source address */

- accumulate = twowords(&pip->ip_src);

- pip->ip_src = alias_address;

- accumulate -= twowords(&pip->ip_src);

- ADJUST_CHECKSUM(accumulate, pip->ip_sum);

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_IGNORED);

-/* Fragment Handling

- FragmentIn()

- FragmentOut()

-The packet aliasing module has a limited ability for handling IP

-fragments. If the ICMP, TCP or UDP header is in the first fragment

-received, then the ID number of the IP packet is saved, and other

-fragments are identified according to their ID number and IP address

-they were sent from. Pointers to unresolved fragments can also be

-saved and recalled when a header fragment is seen.

-*/

-/* Local prototypes */

-static int FragmentIn(struct libalias *, struct ip *);

-static int FragmentOut(struct libalias *, struct ip *);

-static int

-FragmentIn(struct libalias *la, struct ip *pip)

- struct alias_link *lnk;

- lnk = FindFragmentIn2(la, pip->ip_src, pip->ip_dst, pip->ip_id);

- if (lnk != NULL) {

- struct in_addr original_address;

- GetFragmentAddr(lnk, &original_address);

- DifferentialChecksum(&pip->ip_sum,

- &original_address, &pip->ip_dst, 2);

- pip->ip_dst = original_address;

- return (PKT_ALIAS_OK);

- }

- return (PKT_ALIAS_UNRESOLVED_FRAGMENT);

-static int

-FragmentOut(struct libalias *la, struct ip *pip)

- struct in_addr alias_address;

- alias_address = FindAliasAddress(la, pip->ip_src);

- DifferentialChecksum(&pip->ip_sum,

- &alias_address, &pip->ip_src, 2);

- pip->ip_src = alias_address;

- return (PKT_ALIAS_OK);

-/* Outside World Access

- PacketAliasSaveFragment()

- PacketAliasGetFragment()

- PacketAliasFragmentIn()

- PacketAliasIn()

- PacketAliasOut()

- PacketUnaliasOut()

-(prototypes in alias.h)

-*/

-int

-LibAliasSaveFragment(struct libalias *la, char *ptr)

- int iresult;

- struct alias_link *lnk;

- struct ip *pip;

- pip = (struct ip *)ptr;

- lnk = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id);

- iresult = PKT_ALIAS_ERROR;

- if (lnk != NULL) {

- SetFragmentPtr(lnk, ptr);

- iresult = PKT_ALIAS_OK;

- }

- return (iresult);

-char *

-LibAliasGetFragment(struct libalias *la, char *ptr)

- struct alias_link *lnk;

- char *fptr;

- struct ip *pip;

- pip = (struct ip *)ptr;

- lnk = FindFragmentPtr(la, pip->ip_src, pip->ip_id);

- if (lnk != NULL) {

- GetFragmentPtr(lnk, &fptr);

- SetFragmentPtr(lnk, NULL);

- SetExpire(lnk, 0); /* Deletes link */

- return (fptr);

- } else {

- return (NULL);

- }

-void

-LibAliasFragmentIn(struct libalias *la, char *ptr, /* Points to correctly

- * de-aliased header

- * fragment */

- char *ptr_fragment /* Points to fragment which must be

- * de-aliased */

- struct ip *pip;

- struct ip *fpip;

- (void)la;

- pip = (struct ip *)ptr;

- fpip = (struct ip *)ptr_fragment;

- DifferentialChecksum(&fpip->ip_sum,

- &pip->ip_dst, &fpip->ip_dst, 2);

- fpip->ip_dst = pip->ip_dst;

-int

-LibAliasIn(struct libalias *la, char *ptr, int maxpacketsize)

- struct in_addr alias_addr;

- struct ip *pip;

- int iresult;

- if (la->packetAliasMode & PKT_ALIAS_REVERSE) {

- la->packetAliasMode &= ~PKT_ALIAS_REVERSE;

- iresult = LibAliasOut(la, ptr, maxpacketsize);

- la->packetAliasMode |= PKT_ALIAS_REVERSE;

- return (iresult);

- }

- HouseKeeping(la);

- ClearCheckNewLink(la);

- pip = (struct ip *)ptr;

- alias_addr = pip->ip_dst;

- /* Defense against mangled packets */

- if (ntohs(pip->ip_len) > maxpacketsize

- || (pip->ip_hl << 2) > maxpacketsize)

- return (PKT_ALIAS_IGNORED);

- iresult = PKT_ALIAS_IGNORED;

- if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) {

- switch (pip->ip_p) {

- case IPPROTO_ICMP:

- iresult = IcmpAliasIn(la, pip);

- break;

- case IPPROTO_UDP:

- iresult = UdpAliasIn(la, pip);

- break;

- case IPPROTO_TCP:

- iresult = TcpAliasIn(la, pip);

- break;

- case IPPROTO_GRE:

- if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY ||

- AliasHandlePptpGreIn(la, pip) == 0)

- iresult = PKT_ALIAS_OK;

- else

- iresult = ProtoAliasIn(la, pip);

- break;

- default:

- iresult = ProtoAliasIn(la, pip);

- break;

- }

- if (ntohs(pip->ip_off) & IP_MF) {

- struct alias_link *lnk;

- lnk = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id);

- if (lnk != NULL) {

- iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT;

- SetFragmentAddr(lnk, pip->ip_dst);

- } else {

- iresult = PKT_ALIAS_ERROR;

- }

- } else {

- iresult = FragmentIn(la, pip);

- }

- return (iresult);

-/* Unregistered address ranges */

-/* 10.0.0.0 -> 10.255.255.255 */

-#define UNREG_ADDR_A_LOWER 0x0a000000

-#define UNREG_ADDR_A_UPPER 0x0affffff

-/* 172.16.0.0 -> 172.31.255.255 */

-#define UNREG_ADDR_B_LOWER 0xac100000

-#define UNREG_ADDR_B_UPPER 0xac1fffff

-/* 192.168.0.0 -> 192.168.255.255 */

-#define UNREG_ADDR_C_LOWER 0xc0a80000

-#define UNREG_ADDR_C_UPPER 0xc0a8ffff

-int

-LibAliasOut(struct libalias *la, char *ptr, /* valid IP packet */

- int maxpacketsize /* How much the packet data may grow (FTP

- * and IRC inline changes) */

- return (LibAliasOutTry(la, ptr, maxpacketsize, 1));

-int

-LibAliasOutTry(struct libalias *la, char *ptr, /* valid IP packet */

- int maxpacketsize, /* How much the packet data may grow (FTP

- * and IRC inline changes) */

- int create /* Create new entries ? */

- int iresult;

- struct in_addr addr_save;

- struct ip *pip;

- if (la->packetAliasMode & PKT_ALIAS_REVERSE) {

- la->packetAliasMode &= ~PKT_ALIAS_REVERSE;

- iresult = LibAliasIn(la, ptr, maxpacketsize);

- la->packetAliasMode |= PKT_ALIAS_REVERSE;

- return (iresult);

- }

- HouseKeeping(la);

- ClearCheckNewLink(la);

- pip = (struct ip *)ptr;

- /* Defense against mangled packets */

- if (ntohs(pip->ip_len) > maxpacketsize

- || (pip->ip_hl << 2) > maxpacketsize)

- return (PKT_ALIAS_IGNORED);

- addr_save = GetDefaultAliasAddress(la);

- if (la->packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY) {

- u_long addr;

- int iclass;

- iclass = 0;

- addr = ntohl(pip->ip_src.s_addr);

- if (addr >= UNREG_ADDR_C_LOWER && addr <= UNREG_ADDR_C_UPPER)

- iclass = 3;

- else if (addr >= UNREG_ADDR_B_LOWER && addr <= UNREG_ADDR_B_UPPER)

- iclass = 2;

- else if (addr >= UNREG_ADDR_A_LOWER && addr <= UNREG_ADDR_A_UPPER)

- iclass = 1;

- if (iclass == 0) {

- SetDefaultAliasAddress(la, pip->ip_src);

- }

- } else if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) {

- SetDefaultAliasAddress(la, pip->ip_src);

- }

- iresult = PKT_ALIAS_IGNORED;

- if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) {

- switch (pip->ip_p) {

- case IPPROTO_ICMP:

- iresult = IcmpAliasOut(la, pip, create);

- break;

- case IPPROTO_UDP:

- iresult = UdpAliasOut(la, pip, create);

- break;

- case IPPROTO_TCP:

- iresult = TcpAliasOut(la, pip, maxpacketsize, create);

- break;

- case IPPROTO_GRE:

- if (AliasHandlePptpGreOut(la, pip) == 0)

- iresult = PKT_ALIAS_OK;

- else

- iresult = ProtoAliasOut(la, pip, create);

- break;

- default:

- iresult = ProtoAliasOut(la, pip, create);

- break;

- }

- } else {

- iresult = FragmentOut(la, pip);

- }

- SetDefaultAliasAddress(la, addr_save);

- return (iresult);

-int

-LibAliasUnaliasOut(struct libalias *la, char *ptr, /* valid IP packet */

- int maxpacketsize /* for error checking */

- struct ip *pip;

- struct icmp *ic;

- struct udphdr *ud;

- struct tcphdr *tc;

- struct alias_link *lnk;

- int iresult = PKT_ALIAS_IGNORED;

- pip = (struct ip *)ptr;

- /* Defense against mangled packets */

- if (ntohs(pip->ip_len) > maxpacketsize

- || (pip->ip_hl << 2) > maxpacketsize)

- return (iresult);

- ud = (struct udphdr *)ip_next(pip);

- tc = (struct tcphdr *)ip_next(pip);

- ic = (struct icmp *)ip_next(pip);

- /* Find a link */

- if (pip->ip_p == IPPROTO_UDP)

- lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src,

- ud->uh_dport, ud->uh_sport,

- IPPROTO_UDP, 0);

- else if (pip->ip_p == IPPROTO_TCP)

- lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src,

- tc->th_dport, tc->th_sport,

- IPPROTO_TCP, 0);

- else if (pip->ip_p == IPPROTO_ICMP)

- lnk = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0);

- else

- lnk = NULL;

- /* Change it from an aliased packet to an unaliased packet */

- if (lnk != NULL) {

- if (pip->ip_p == IPPROTO_UDP || pip->ip_p == IPPROTO_TCP) {

- int accumulate;

- struct in_addr original_address;

- u_short original_port;

- original_address = GetOriginalAddress(lnk);

- original_port = GetOriginalPort(lnk);

- /* Adjust TCP/UDP checksum */

- accumulate = twowords(&pip->ip_src);

- accumulate -= twowords(&original_address);

- if (pip->ip_p == IPPROTO_UDP) {

- accumulate += ud->uh_sport;

- accumulate -= original_port;

- ADJUST_CHECKSUM(accumulate, ud->uh_sum);

- } else {

- accumulate += tc->th_sport;

- accumulate -= original_port;

- ADJUST_CHECKSUM(accumulate, tc->th_sum);

- }

- /* Adjust IP checksum */

- DifferentialChecksum(&pip->ip_sum,

- &original_address, &pip->ip_src, 2);

- /* Un-alias source address and port number */

- pip->ip_src = original_address;

- if (pip->ip_p == IPPROTO_UDP)

- ud->uh_sport = original_port;

- else

- tc->th_sport = original_port;

- iresult = PKT_ALIAS_OK;

- } else if (pip->ip_p == IPPROTO_ICMP) {

- int accumulate;

- struct in_addr original_address;

- u_short original_id;

- original_address = GetOriginalAddress(lnk);

- original_id = GetOriginalPort(lnk);

- /* Adjust ICMP checksum */

- accumulate = twowords(&pip->ip_src);

- accumulate -= twowords(&original_address);

- accumulate += ic->icmp_id;

- accumulate -= original_id;

- ADJUST_CHECKSUM(accumulate, ic->icmp_cksum);

- /* Adjust IP checksum */

- DifferentialChecksum(&pip->ip_sum,

- &original_address, &pip->ip_src, 2);

- /* Un-alias source address and port number */

- pip->ip_src = original_address;

- ic->icmp_id = original_id;

- iresult = PKT_ALIAS_OK;

- }

- return (iresult);

diff --git a/lib/libalias/alias.h b/lib/libalias/alias.h
deleted file mode 100644
index 1deec9f08315..000000000000
--- a/lib/libalias/alias.h
+++ /dev/null

@@ -1,265 +0,0 @@

-/* lint -save -library Flexelint comment for external headers */