MFC: latest fixes from -current. - src

diff options


context:
space:
mode:

author	Ruslan Ermilov <ru@FreeBSD.org>	2000-09-14 17:32:39 +0000
committer	Ruslan Ermilov <ru@FreeBSD.org>	2000-09-14 17:32:39 +0000
commit	f8ac4c0f4220ea9f1a5ac52a9ec76cb62d4ad319 (patch)
tree	c2f13c466b525a4f233aeaad5342e5282b6017fc /lib
parent	a83464c5b58e52f4f5ecffdf2531edc88ff8fe2c (diff)

Notes

Diffstat (limited to 'lib')

-rw-r--r--

lib/libalias/alias.c

-rw-r--r--

lib/libalias/alias_db.c

-rw-r--r--

lib/libalias/alias_nbt.c

-rw-r--r--

lib/libalias/alias_pptp.c

-rw-r--r--

lib/libalias/libalias.3

5 files changed, 103 insertions, 169 deletions

diff --git a/lib/libalias/alias.c b/lib/libalias/alias.c
index d70efb8904c2..636b13ae8545 100644
--- a/lib/libalias/alias.c
+++ b/lib/libalias/alias.c

@@ -180,8 +180,8 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)

/* Protocol Specific Packet Aliasing Routines

- IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2(), IcmpAliasIn3()

- IcmpAliasOut(), IcmpAliasOut1(), IcmpAliasOut2(), IcmpAliasOut3()

+ IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2()

+ IcmpAliasOut(), IcmpAliasOut1(), IcmpAliasOut2()

ProtoAliasIn(), ProtoAliasOut()

UdpAliasIn(), UdpAliasOut()

TcpAliasIn(), TcpAliasOut()

@@ -222,12 +222,10 @@ the gateway machine or other machines on a local area network.

/* Local prototypes */

static int IcmpAliasIn1(struct ip *);

static int IcmpAliasIn2(struct ip *);

-static int IcmpAliasIn3(struct ip *);

static int IcmpAliasIn (struct ip *);

static int IcmpAliasOut1(struct ip *);

static int IcmpAliasOut2(struct ip *);

-static int IcmpAliasOut3(struct ip *);

static int IcmpAliasOut (struct ip *);

static int ProtoAliasIn(struct ip *);

@@ -246,7 +244,8 @@ static int

IcmpAliasIn1(struct ip *pip)

{

- De-alias incoming echo and timestamp replies

+ De-alias incoming echo and timestamp replies.

+ Alias incoming echo and timestamp requests.

struct alias_link *link;

struct icmp *ic;

@@ -301,7 +300,7 @@ IcmpAliasIn2(struct ip *pip)

struct alias_link *link;

ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));

- ip = (struct ip *) ic->icmp_data;

+ ip = &ic->icmp_ip;

ud = (struct udphdr *) ((char *) ip + (ip->ip_hl <<2));

tc = (struct tcphdr *) ud;

@@ -358,7 +357,7 @@ fragment contained in ICMP data section */

ip->ip_src = original_address;

ud->uh_sport = original_port;

}

- else if (pip->ip_p == IPPROTO_ICMP)

+ else if (ip->ip_p == IPPROTO_ICMP)

{

u_short *sptr;

int accumulate;

@@ -396,21 +395,6 @@ fragment contained in ICMP data section */

return(PKT_ALIAS_IGNORED);

}

-static int

-IcmpAliasIn3(struct ip *pip)

- struct in_addr original_address;

- original_address = FindOriginalAddress(pip->ip_dst);

- DifferentialChecksum(&pip->ip_sum,

- (u_short *) &original_address,

- (u_short *) &pip->ip_dst,

- 2);

- pip->ip_dst = original_address;

- return PKT_ALIAS_OK;

static int

IcmpAliasIn(struct ip *pip)

@@ -442,7 +426,7 @@ IcmpAliasIn(struct ip *pip)

break;

case ICMP_ECHO:

case ICMP_TSTAMP:

- iresult = IcmpAliasIn3(pip);

+ iresult = IcmpAliasIn1(pip);

break;

}

return(iresult);

@@ -453,7 +437,8 @@ static int

IcmpAliasOut1(struct ip *pip)

{

- Alias ICMP echo and timestamp packets

+ Alias outgoing echo and timestamp requests.

+ De-alias outgoing echo and timestamp replies.

struct alias_link *link;

struct icmp *ic;

@@ -509,7 +494,7 @@ IcmpAliasOut2(struct ip *pip)

struct alias_link *link;

ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));

- ip = (struct ip *) ic->icmp_data;

+ ip = &ic->icmp_ip;

ud = (struct udphdr *) ((char *) ip + (ip->ip_hl <<2));

tc = (struct tcphdr *) ud;

@@ -554,19 +539,24 @@ IcmpAliasOut2(struct ip *pip)

accumulate -= alias_port;

ADJUST_CHECKSUM(accumulate, ic->icmp_cksum)

-/* Alias address in IP header */

- DifferentialChecksum(&pip->ip_sum,

- (u_short *) &alias_address,

- (u_short *) &pip->ip_src,

- 2);

- pip->ip_src = alias_address;

+/*

+ * Alias address in IP header if it comes from the host

+ * the original TCP/UDP packet was destined for.

+ */

+ if (pip->ip_src.s_addr == ip->ip_dst.s_addr) {

+ DifferentialChecksum(&pip->ip_sum,

+ (u_short *) &alias_address,

+ (u_short *) &pip->ip_src,

+ 2);

+ pip->ip_src = alias_address;

+ }

/* Alias address and port number of original IP packet

fragment contained in ICMP data section */

ip->ip_dst = alias_address;

ud->uh_dport = alias_port;

}

- else if (pip->ip_p == IPPROTO_ICMP)

+ else if (ip->ip_p == IPPROTO_ICMP)

{

u_short *sptr;

int accumulate;

@@ -587,12 +577,17 @@ fragment contained in ICMP data section */

accumulate -= alias_id;

ADJUST_CHECKSUM(accumulate, ic->icmp_cksum)

-/* Alias address in IP header */

- DifferentialChecksum(&pip->ip_sum,

- (u_short *) &alias_address,

- (u_short *) &pip->ip_src,

- 2);

- pip->ip_src = alias_address;

+/*

+ * Alias address in IP header if it comes from the host

+ * the original ICMP message was destined for.

+ */

+ if (pip->ip_src.s_addr == ip->ip_dst.s_addr) {

+ DifferentialChecksum(&pip->ip_sum,

+ (u_short *) &alias_address,

+ (u_short *) &pip->ip_src,

+ 2);

+ pip->ip_src = alias_address;

+ }

/* Alias address of original IP packet and sequence number of

embedded ICMP datagram */

@@ -606,27 +601,6 @@ fragment contained in ICMP data section */

static int

-IcmpAliasOut3(struct ip *pip)

-/*

- Handle outgoing echo and timestamp replies. The

- only thing which is done in this case is to alias

- the source IP address of the packet.

-*/

- struct in_addr alias_addr;

- alias_addr = FindAliasAddress(pip->ip_src);

- DifferentialChecksum(&pip->ip_sum,

- (u_short *) &alias_addr,

- (u_short *) &pip->ip_src,

- 2);

- pip->ip_src = alias_addr;

- return PKT_ALIAS_OK;

-static int

IcmpAliasOut(struct ip *pip)

{

int iresult;

@@ -656,7 +630,7 @@ IcmpAliasOut(struct ip *pip)

break;

case ICMP_ECHOREPLY:

case ICMP_TSTAMPREPLY:

- iresult = IcmpAliasOut3(pip);

+ iresult = IcmpAliasOut1(pip);

}

return(iresult);

}

diff --git a/lib/libalias/alias_db.c b/lib/libalias/alias_db.c
index 7556fd354414..0facbaae56c5 100644
--- a/lib/libalias/alias_db.c
+++ b/lib/libalias/alias_db.c

@@ -125,6 +125,7 @@

#include <stdio.h>

#include <unistd.h>

+#include <sys/queue.h>

#include <sys/socket.h>

#include <sys/time.h>

#include <sys/types.h>

@@ -293,12 +294,8 @@ struct alias_link /* Main data structure */

int sockfd; /* socket descriptor */

- u_int start_point_out; /* Index number in output lookup table */

- u_int start_point_in;

- struct alias_link *next_out; /* Linked list pointers for input and */

- struct alias_link *last_out; /* output tables */

- struct alias_link *next_in; /* . */

- struct alias_link *last_in; /* . */

+ LIST_ENTRY(alias_link) list_out; /* Linked list of pointers for */

+ LIST_ENTRY(alias_link) list_in; /* input and output lookup tables */

union /* Auxiliary data */

{

@@ -331,10 +328,10 @@ static struct in_addr targetAddress; /* IP address incoming packets */

static struct in_addr nullAddress; /* Used as a dummy parameter for */

/* some function calls */

-static struct alias_link *

+static LIST_HEAD(, alias_link)

linkTableOut[LINK_TABLE_OUT_SIZE]; /* Lookup table of pointers to */

/* chains of link records. Each */

-static struct alias_link * /* link record is doubly indexed */

+static LIST_HEAD(, alias_link) /* link record is doubly indexed */

linkTableIn[LINK_TABLE_IN_SIZE]; /* into input and output lookup */

/* tables. */

@@ -825,11 +822,11 @@ CleanupAliasData(void)

icount = 0;

for (i=0; i<LINK_TABLE_OUT_SIZE; i++)

{

- link = linkTableOut[i];

+ link = LIST_FIRST(&linkTableOut[i]);

while (link != NULL)

{

struct alias_link *link_next;

- link_next = link->next_out;

+ link_next = LIST_NEXT(link, list_out);

icount++;

DeleteLink(link);

link = link_next;

@@ -847,13 +844,13 @@ IncrementalCleanup(void)

struct alias_link *link;

icount = 0;

- link = linkTableOut[cleanupIndex++];

+ link = LIST_FIRST(&linkTableOut[cleanupIndex++]);

while (link != NULL)

{

int idelta;

struct alias_link *link_next;

- link_next = link->next_out;

+ link_next = LIST_NEXT(link, list_out);

idelta = timeStamp - link->timestamp;

switch (link->link_type)

{

@@ -886,11 +883,9 @@ IncrementalCleanup(void)

cleanupIndex = 0;

}

-void

+static void

DeleteLink(struct alias_link *link)

{

- struct alias_link *link_last;

- struct alias_link *link_next;

/* Don't do anything if the link is marked permanent */

if (deleteAllLinks == 0 && link->flags & LINK_PERMANENT)

@@ -913,28 +908,10 @@ DeleteLink(struct alias_link *link)

}

/* Adjust output table pointers */

- link_last = link->last_out;

- link_next = link->next_out;

- if (link_last != NULL)

- link_last->next_out = link_next;

- else

- linkTableOut[link->start_point_out] = link_next;

- if (link_next != NULL)

- link_next->last_out = link_last;

+ LIST_REMOVE(link, list_out);

/* Adjust input table pointers */

- link_last = link->last_in;

- link_next = link->next_in;

- if (link_last != NULL)

- link_last->next_in = link_next;

- else

- linkTableIn[link->start_point_in] = link_next;

- if (link_next != NULL)

- link_next->last_in = link_last;

+ LIST_REMOVE(link, list_in);

/* Close socket, if one has been allocated */

if (link->sockfd != -1)

@@ -997,7 +974,6 @@ AddLink(struct in_addr src_addr,

{ /* chosen. If greater than */

u_int start_point; /* zero, equal to alias port */

struct alias_link *link;

- struct alias_link *first_link;

link = malloc(sizeof(struct alias_link));

if (link != NULL)

@@ -1060,29 +1036,11 @@ AddLink(struct in_addr src_addr,

/* Set up pointers for output lookup table */

start_point = StartPointOut(src_addr, dst_addr,

src_port, dst_port, link_type);

- first_link = linkTableOut[start_point];

- link->last_out = NULL;

- link->next_out = first_link;

- link->start_point_out = start_point;

- if (first_link != NULL)

- first_link->last_out = link;

- linkTableOut[start_point] = link;

+ LIST_INSERT_HEAD(&linkTableOut[start_point], link, list_out);

/* Set up pointers for input lookup table */

start_point = StartPointIn(alias_addr, link->alias_port, link_type);

- first_link = linkTableIn[start_point];

- link->last_in = NULL;

- link->next_in = first_link;

- link->start_point_in = start_point;

- if (first_link != NULL)

- first_link->last_in = link;

- linkTableIn[start_point] = link;

+ LIST_INSERT_HEAD(&linkTableIn[start_point], link, list_in);

/* Link-type dependent initialization */

switch(link_type)

@@ -1190,8 +1148,7 @@ _FindLinkOut(struct in_addr src_addr,

struct alias_link *link;

i = StartPointOut(src_addr, dst_addr, src_port, dst_port, link_type);

- link = linkTableOut[i];

- while (link != NULL)

+ LIST_FOREACH(link, &linkTableOut[i], list_out)

{

if (link->src_addr.s_addr == src_addr.s_addr

&& link->server == NULL

@@ -1203,7 +1160,6 @@ _FindLinkOut(struct in_addr src_addr,

link->timestamp = timeStamp;

break;

}

- link = link->next_out;

}

/* Search for partially specified links. */

@@ -1299,8 +1255,7 @@ _FindLinkIn(struct in_addr dst_addr,

/* Search loop */

start_point = StartPointIn(alias_addr, alias_port, link_type);

- link = linkTableIn[start_point];

- while (link != NULL)

+ LIST_FOREACH(link, &linkTableIn[start_point], list_in)

{

int flags;

@@ -1350,7 +1305,6 @@ _FindLinkIn(struct in_addr dst_addr,

link_unknown_dst_port = link;

}

- link = link->next_in;

}

@@ -1447,9 +1401,22 @@ FindIcmpIn(struct in_addr dst_addr,

struct in_addr alias_addr,

u_short id_alias)

{

- return FindLinkIn(dst_addr, alias_addr,

+ struct alias_link *link;

+ link = FindLinkIn(dst_addr, alias_addr,

NO_DEST_PORT, id_alias,

LINK_ICMP, 0);

+ if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))

+ {

+ struct in_addr target_addr;

+ target_addr = FindOriginalAddress(alias_addr);

+ link = AddLink(target_addr, dst_addr, alias_addr,

+ id_alias, NO_DEST_PORT, id_alias,

+ LINK_ICMP);

+ }

+ return (link);

}

@@ -2554,9 +2521,9 @@ PacketAliasInit(void)

houseKeepingResidual = 0;

for (i=0; i<LINK_TABLE_OUT_SIZE; i++)

- linkTableOut[i] = NULL;

+ LIST_INIT(&linkTableOut[i]);

for (i=0; i<LINK_TABLE_IN_SIZE; i++)

- linkTableIn[i] = NULL;

+ LIST_INIT(&linkTableIn[i]);

atexit(PacketAliasUninit);

firstCall = 0;

@@ -2649,7 +2616,6 @@ PacketAliasCheckNewLink(void)

****************/

/* Firewall include files */

-#include <sys/queue.h>

#include <net/if.h>

#include <netinet/ip_fw.h>

#include <string.h>

diff --git a/lib/libalias/alias_nbt.c b/lib/libalias/alias_nbt.c
index b5afedf1ab56..065fe3712987 100644
--- a/lib/libalias/alias_nbt.c
+++ b/lib/libalias/alias_nbt.c

@@ -44,23 +44,6 @@

#include "alias_local.h"

-#define ADJUST_CHECKSUM(acc, cksum) { \

- acc += cksum; \

- if (acc < 0) \

- { \

- acc = -acc; \

- acc = (acc >> 16) + (acc & 0xffff); \

- acc += acc >> 16; \

- cksum = (u_short) ~acc; \

- } \

- else \

- { \

- acc = (acc >> 16) + (acc & 0xffff); \

- acc += acc >> 16; \

- cksum = (u_short) acc; \

- } \

typedef struct {

struct in_addr oldaddr;

u_short oldport;

diff --git a/lib/libalias/alias_pptp.c b/lib/libalias/alias_pptp.c
index 822cfa61ddff..4df8a32dfc75 100644
--- a/lib/libalias/alias_pptp.c
+++ b/lib/libalias/alias_pptp.c

@@ -45,8 +45,8 @@

"de-aliasing" of incoming packets, this is different than any other

TCP applications that are currently (ie. FTP, IRC and RTSP) aliased.

- For Call IDs encountered for the first time, a GRE alias link is created.

- The GRE alias link uses the Call ID in place of the original port number.

+ For Call IDs encountered for the first time, a PPTP alias link is created.

+ The PPTP alias link uses the Call ID in place of the original port number.

An alias Call ID is created.

For this routine to work, the PPTP control messages must fit entirely

@@ -114,7 +114,7 @@ enum {

PPTP_StopCtrlConnRequest = 3,

PPTP_StopCtrlConnReply = 4,

PPTP_EchoRequest = 5,

- PPTP_statoReply = 6,

+ PPTP_EchoReply = 6,

PPTP_OutCallRequest = 7,

PPTP_OutCallReply = 8,

PPTP_InCallRequest = 9,

@@ -172,7 +172,7 @@ void

AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */

struct alias_link *link) /* The PPTP control link */

{

- struct alias_link *gre_link;

+ struct alias_link *pptp_link;

PptpCallId cptr;

u_int16_t ctl_type; /* control message type */

struct tcphdr *tc;

@@ -182,22 +182,32 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */

return;

/* Modify certain PPTP messages */

- if ((ctl_type >= PPTP_OutCallRequest) &&

- (ctl_type <= PPTP_CallDiscNotify)) {

+ switch (ctl_type) {

+ case PPTP_OutCallRequest:

+ case PPTP_OutCallReply:

+ case PPTP_InCallRequest:

+ case PPTP_InCallReply:

+ case PPTP_CallClearRequest:

+ case PPTP_CallDiscNotify:

- /* Establish GRE link for address and Call ID found in PPTP Control Msg */

- gre_link = FindPptpOut(GetOriginalAddress(link), GetDestAddress(link),

- cptr->cid1);

+ /* Establish PPTP link for address and Call ID found in PPTP Control Msg */

+ pptp_link = FindPptpOut(GetOriginalAddress(link), GetDestAddress(link),

+ cptr->cid1);

+ if (pptp_link != NULL) {

+ int accumulate = cptr->cid1;

- if (gre_link != NULL) {

/* alias the Call Id */

- cptr->cid1 = GetAliasPort(gre_link);

+ cptr->cid1 = GetAliasPort(pptp_link);

/* Compute TCP checksum for revised packet */

tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));

- tc->th_sum = 0;

- tc->th_sum = TcpChecksum(pip);

+ accumulate -= cptr->cid1;

+ ADJUST_CHECKSUM(accumulate, tc->th_sum);

}

+ break;

+ default:

+ return;

}

@@ -205,7 +215,7 @@ void

AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */

struct alias_link *link) /* The PPTP control link */

{

- struct alias_link *gre_link;

+ struct alias_link *pptp_link;

PptpCallId cptr;

u_int16_t *pcall_id;

u_int16_t ctl_type; /* control message type */

@@ -229,21 +239,22 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */

break;

default:

return;

- break;

}

- /* Find GRE link for address and Call ID found in PPTP Control Msg */

- gre_link = FindPptpIn(GetDestAddress(link), GetAliasAddress(link),

- *pcall_id);

+ /* Find PPTP link for address and Call ID found in PPTP Control Msg */

+ pptp_link = FindPptpIn(GetDestAddress(link), GetAliasAddress(link),

+ *pcall_id);

+ if (pptp_link != NULL) {

+ int accumulate = *pcall_id;

- if (gre_link != NULL) {

/* alias the Call Id */

- *pcall_id = GetOriginalPort(gre_link);

+ *pcall_id = GetOriginalPort(pptp_link);

/* Compute TCP checksum for modified packet */

tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));

- tc->th_sum = 0;

- tc->th_sum = TcpChecksum(pip);

+ accumulate -= *pcall_id;

+ ADJUST_CHECKSUM(accumulate, tc->th_sum);

}

diff --git a/lib/libalias/libalias.3 b/lib/libalias/libalias.3
index 0090387b5282..1b2f81f0075c 100644
--- a/lib/libalias/libalias.3
+++ b/lib/libalias/libalias.3

@@ -812,14 +812,14 @@ will return zero.

.Ft int

.Fn PacketUnaliasOut "char *buffer" "int maxpacketsize"

.Bd -ragged -offset indent

-An outgoing packet, which has already been aliased, has its private address/port

-information restored by this function.

+An outgoing packet, which has already been aliased,

+has its private address/port information restored by this function.

The IP packet is pointed to by

.Fa buffer ,

and

.Fa maxpacketsize

-is provided for error checking purposes.

-This function can be used if an already-aliased packet needs to have its

+is provided for error checking purposes.

+This function can be used if an already-aliased packet needs to have its

original IP header restored for further processing (eg. logging).

.Ed

.Sh BUGS