D30844.diff
No OneTemporary
Actions

Size

29 KB

Referenced Files

None

Subscribers

None

D30844.diff
View Options

	diff --git a/sys/netinet/libalias/alias_db.h b/sys/netinet/libalias/alias_db.h
	new file mode 100644
	--- /dev/null
	+++ b/sys/netinet/libalias/alias_db.h
	@@ -0,0 +1,442 @@
	+/*-
	+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
	+ *
	+ * Copyright (c) 2001 Charles Mott <cm@linktel.net>
	+ * All rights reserved.
	+ *
	+ * Redistribution and use in source and binary forms, with or without
	+ * modification, are permitted provided that the following conditions
	+ * are met:
	+ * 1. Redistributions of source code must retain the above copyright
	+ * notice, this list of conditions and the following disclaimer.
	+ * 2. Redistributions in binary form must reproduce the above copyright
	+ * notice, this list of conditions and the following disclaimer in the
	+ * documentation and/or other materials provided with the distribution.
	+ *
	+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	+ * SUCH DAMAGE.
	+ */
	+
	+/*
	+ Alias_db.c encapsulates all data structures used for storing
	+ packet aliasing data. Other parts of the aliasing software
	+ access data through functions provided in this file.
	+
	+ Data storage is based on the notion of a "link", which is
	+ established for ICMP echo/reply packets, UDP datagrams and
	+ TCP stream connections. A link stores the original source
	+ and destination addresses. For UDP and TCP, it also stores
	+ source and destination port numbers, as well as an alias
	+ port number. Links are also used to store information about
	+ fragments.
	+
	+ There is a facility for sweeping through and deleting old
	+ links as new packets are sent through. A simple timeout is
	+ used for ICMP and UDP links. TCP links are left alone unless
	+ there is an incomplete connection, in which case the link
	+ can be deleted after a certain amount of time.
	+
	+ Initial version: August, 1996 (cjm)
	+
	+ Version 1.4: September 16, 1996 (cjm)
	+ Facility for handling incoming links added.
	+
	+ Version 1.6: September 18, 1996 (cjm)
	+ ICMP data handling simplified.
	+
	+ Version 1.7: January 9, 1997 (cjm)
	+ Fragment handling simplified.
	+ Saves pointers for unresolved fragments.
	+ Permits links for unspecified remote ports
	+ or unspecified remote addresses.
	+ Fixed bug which did not properly zero port
	+ table entries after a link was deleted.
	+ Cleaned up some obsolete comments.
	+
	+ Version 1.8: January 14, 1997 (cjm)
	+ Fixed data type error in StartPoint().
	+ (This error did not exist prior to v1.7
	+ and was discovered and fixed by Ari Suutari)
	+
	+ Version 1.9: February 1, 1997
	+ Optionally, connections initiated from packet aliasing host
	+ machine will will not have their port number aliased unless it
	+ conflicts with an aliasing port already being used. (cjm)
	+
	+ All options earlier being #ifdef'ed are now available through
	+ a new interface, SetPacketAliasMode(). This allows run time
	+ control (which is now available in PPP+pktAlias through the
	+ 'alias' keyword). (ee)
	+
	+ Added ability to create an alias port without
	+ either destination address or port specified.
	+ port type = ALIAS_PORT_UNKNOWN_DEST_ALL (ee)
	+
	+ Removed K&R style function headers
	+ and general cleanup. (ee)
	+
	+ Added packetAliasMode to replace compiler #defines's (ee)
	+
	+ Allocates sockets for partially specified
	+ ports if ALIAS_USE_SOCKETS defined. (cjm)
	+
	+ Version 2.0: March, 1997
	+ SetAliasAddress() will now clean up alias links
	+ if the aliasing address is changed. (cjm)
	+
	+ PacketAliasPermanentLink() function added to support permanent
	+ links. (J. Fortes suggested the need for this.)
	+ Examples:
	+
	+ (192.168.0.1, port 23) <-> alias port 6002, unknown dest addr/port
	+
	+ (192.168.0.2, port 21) <-> alias port 3604, known dest addr
	+ unknown dest port
	+
	+ These permanent links allow for incoming connections to
	+ machines on the local network. They can be given with a
	+ user-chosen amount of specificity, with increasing specificity
	+ meaning more security. (cjm)
	+
	+ Quite a bit of rework to the basic engine. The portTable[]
	+ array, which kept track of which ports were in use was replaced
	+ by a table/linked list structure. (cjm)
	+
	+ SetExpire() function added. (cjm)
	+
	+ DeleteLink() no longer frees memory association with a pointer
	+ to a fragment (this bug was first recognized by E. Eklund in
	+ v1.9).
	+
	+ Version 2.1: May, 1997 (cjm)
	+ Packet aliasing engine reworked so that it can handle
	+ multiple external addresses rather than just a single
	+ host address.
	+
	+ PacketAliasRedirectPort() and PacketAliasRedirectAddr()
	+ added to the API. The first function is a more generalized
	+ version of PacketAliasPermanentLink(). The second function
	+ implements static network address translation.
	+
	+ Version 3.2: July, 2000 (salander and satoh)
	+ Added FindNewPortGroup to get contiguous range of port values.
	+
	+ Added QueryUdpTcpIn and QueryUdpTcpOut to look for an aliasing
	+ link but not actually add one.
	+
	+ Added FindRtspOut, which is closely derived from FindUdpTcpOut,
	+ except that the alias port (from FindNewPortGroup) is provided
	+ as input.
	+
	+ See HISTORY file for additional revisions.
	+*/
	+
	+#ifndef _ALIAS_DB_H_
	+#define _ALIAS_DB_H_
	+
	+
	+/*
	+ Constants (note: constants are also defined
	+ near relevant functions or structs)
	+*/
	+
	+/* Timeouts (in seconds) for different link types */
	+#define ICMP_EXPIRE_TIME 60
	+#define UDP_EXPIRE_TIME 60
	+#define PROTO_EXPIRE_TIME 60
	+#define FRAGMENT_ID_EXPIRE_TIME 10
	+#define FRAGMENT_PTR_EXPIRE_TIME 30
	+
	+/* TCP link expire time for different cases */
	+/* When the link has been used and closed - minimal grace time to
	+ allow ACKs and potential re-connect in FTP (XXX - is this allowed?) */
	+#ifndef TCP_EXPIRE_DEAD
	+#define TCP_EXPIRE_DEAD 10
	+#endif
	+
	+/* When the link has been used and closed on one side - the other side
	+ is allowed to still send data */
	+#ifndef TCP_EXPIRE_SINGLEDEAD
	+#define TCP_EXPIRE_SINGLEDEAD 90
	+#endif
	+
	+/* When the link isn't yet up */
	+#ifndef TCP_EXPIRE_INITIAL
	+#define TCP_EXPIRE_INITIAL 300
	+#endif
	+
	+/* When the link is up */
	+#ifndef TCP_EXPIRE_CONNECTED
	+#define TCP_EXPIRE_CONNECTED 86400
	+#endif
	+
	+/* Dummy port number codes used for FindLinkIn/Out() and AddLink().
	+ These constants can be anything except zero, which indicates an
	+ unknown port number. */
	+
	+#define NO_DEST_PORT 1
	+#define NO_SRC_PORT 1
	+
	+/* Matches any/unknown address in FindLinkIn/Out() and AddLink(). */
	+static struct in_addr const ANY_ADDR = { INADDR_ANY };
	+
	+/* Data Structures
	+
	+ The fundamental data structure used in this program is
	+ "struct alias_link". Whenever a TCP connection is made,
	+ a UDP datagram is sent out, or an ICMP echo request is made,
	+ a link record is made (if it has not already been created).
	+ The link record is identified by the source address/port
	+ and the destination address/port. In the case of an ICMP
	+ echo request, the source port is treated as being equivalent
	+ with the 16-bit ID number of the ICMP packet.
	+
	+ The link record also can store some auxiliary data. For
	+ TCP connections that have had sequence and acknowledgment
	+ modifications, data space is available to track these changes.
	+ A state field is used to keep track in changes to the TCP
	+ connection state. ID numbers of fragments can also be
	+ stored in the auxiliary space. Pointers to unresolved
	+ fragments can also be stored.
	+
	+ The link records support two independent chainings. Lookup
	+ tables for input and out tables hold the initial pointers
	+ the link chains. On input, the lookup table indexes on alias
	+ port and link type. On output, the lookup table indexes on
	+ source address, destination address, source port, destination
	+ port and link type.
	+*/
	+
	+/* used to save changes to ACK/sequence numbers */
	+struct ack_data_record {
	+ u_long ack_old;
	+ u_long ack_new;
	+ int delta;
	+ int active;
	+};
	+
	+/* Information about TCP connection */
	+struct tcp_state {
	+ int in; /* State for outside -> inside */
	+ int out; /* State for inside -> outside */
	+ int index; /* Index to ACK data array */
	+ /* Indicates whether ACK and sequence numbers been modified */
	+ int ack_modified;
	+};
	+
	+/* Number of distinct ACK number changes
	+ * saved for a modified TCP stream */
	+#define N_LINK_TCP_DATA 3
	+struct tcp_dat {
	+ struct tcp_state state;
	+ struct ack_data_record ack[N_LINK_TCP_DATA];
	+ /* Which firewall record is used for this hole? */
	+ int fwhole;
	+};
	+
	+/* LSNAT server pool (circular list) */
	+struct server {
	+ struct in_addr addr;
	+ u_short port;
	+ struct server *next;
	+};
	+
	+/* Main data structure */
	+struct alias_link {
	+ struct libalias *la;
	+ /* Address and port information */
	+ struct in_addr src_addr;
	+ struct in_addr dst_addr;
	+ struct in_addr alias_addr;
	+ struct in_addr proxy_addr;
	+ u_short src_port;
	+ u_short dst_port;
	+ u_short alias_port;
	+ u_short proxy_port;
	+ struct server *server;
	+ /* Type of link: TCP, UDP, ICMP, proto, frag */
	+ int link_type;
	+/* values for link_type */
	+#define LINK_ICMP IPPROTO_ICMP
	+#define LINK_UDP IPPROTO_UDP
	+#define LINK_TCP IPPROTO_TCP
	+#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1)
	+#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2)
	+#define LINK_ADDR (IPPROTO_MAX + 3)
	+#define LINK_PPTP (IPPROTO_MAX + 4)
	+
	+ int flags; /* indicates special characteristics */
	+ int pflags; /* protocol-specific flags */
	+/* flag bits */
	+#define LINK_UNKNOWN_DEST_PORT 0x01
	+#define LINK_UNKNOWN_DEST_ADDR 0x02
	+#define LINK_PERMANENT 0x04
	+#define LINK_PARTIALLY_SPECIFIED 0x03 /* logical-or of first two bits */
	+#define LINK_UNFIREWALLED 0x08
	+
	+ int timestamp; /* Time link was last accessed */
	+#ifndef NO_USE_SOCKETS
	+ int sockfd; /* socket descriptor */
	+#endif
	+ /* Linked list of pointers for input and output lookup tables */
	+ union {
	+ struct {
	+ SPLAY_ENTRY(alias_link) out;
	+ LIST_ENTRY (alias_link) in;
	+ } all;
	+ struct {
	+ LIST_ENTRY (alias_link) list;
	+ } pptp;
	+ };
	+ struct {
	+ TAILQ_ENTRY(alias_link) list;
	+ int time; /* Expire time for link */
	+ } expire;
	+ /* Auxiliary data */
	+ union {
	+ char *frag_ptr;
	+ struct in_addr frag_addr;
	+ struct tcp_dat *tcp;
	+ } data;
	+};
	+
	+/* Clean up procedure. */
	+static void finishoff(void);
	+
	+/* Internal utility routines (used only in alias_db.c)
	+
	+Lookup table starting points:
	+ StartPointIn() -- link table initial search point for
	+ incoming packets
	+ StartPointOut() -- link table initial search point for
	+ outgoing packets
	+
	+Miscellaneous:
	+ SeqDiff() -- difference between two TCP sequences
	+ ShowAliasStats() -- send alias statistics to a monitor file
	+*/
	+
	+/* Local prototypes */
	+static struct group_in *
	+StartPointIn(struct libalias *, struct in_addr, u_short, int, int);
	+static int SeqDiff(u_long, u_long);
	+
	+#ifndef NO_FW_PUNCH
	+/* Firewall control */
	+static void InitPunchFW(struct libalias *);
	+static void UninitPunchFW(struct libalias *);
	+static void ClearFWHole(struct alias_link *);
	+
	+#endif
	+
	+/* Log file control */
	+static void ShowAliasStats(struct libalias *);
	+static int InitPacketAliasLog(struct libalias *);
	+static void UninitPacketAliasLog(struct libalias *);
	+
	+void SctpShowAliasStats(struct libalias *la);
	+
	+
	+/* Splay handling */
	+static inline int
	+cmp_out(struct alias_link a, struct alias_link b) {
	+ int i = a->src_port - b->src_port;
	+ if (i != 0) return (i);
	+ i = a->src_addr.s_addr - b->src_addr.s_addr;
	+ if (i != 0) return (i);
	+ i = a->dst_addr.s_addr - b->dst_addr.s_addr;
	+ if (i != 0) return (i);
	+ i = a->dst_port - b->dst_port;
	+ if (i != 0) return (i);
	+ i = a->link_type - b->link_type;
	+ return (i);
	+}
	+SPLAY_PROTOTYPE(splay_out, alias_link, all.out, cmp_out);
	+
	+static inline int
	+cmp_in(struct group_in a, struct group_in b) {
	+ int i = a->alias_port - b->alias_port;
	+ if (i != 0) return (i);
	+ i = a->link_type - b->link_type;
	+ if (i != 0) return (i);
	+ i = a->alias_addr.s_addr - b->alias_addr.s_addr;
	+ return (i);
	+}
	+SPLAY_PROTOTYPE(splay_in, group_in, in, cmp_in);
	+
	+/* Internal routines for finding, deleting and adding links
	+
	+Port Allocation:
	+ GetNewPort() -- find and reserve new alias port number
	+ GetSocket() -- try to allocate a socket for a given port
	+
	+Link creation and deletion:
	+ CleanupAliasData() - remove all link chains from lookup table
	+ CleanupLink() - look for a stale link
	+ DeleteLink() - remove link
	+ AddLink() - add link
	+ ReLink() - change link
	+
	+Link search:
	+ FindLinkOut() - find link for outgoing packets
	+ FindLinkIn() - find link for incoming packets
	+
	+Port search:
	+ FindNewPortGroup() - find an available group of ports
	+*/
	+
	+/* Local prototypes */
	+static int GetNewPort(struct libalias , struct alias_link , int);
	+#ifndef NO_USE_SOCKETS
	+static u_short GetSocket(struct libalias , u_short, int , int);
	+#endif
	+static void CleanupAliasData(struct libalias *, int);
	+static void CleanupLink(struct libalias , struct alias_link *, int);
	+static void DeleteLink(struct alias_link **, int);
	+static struct alias_link *
	+UseLink(struct libalias , struct alias_link );
	+
	+static struct alias_link *
	+ReLink(struct alias_link *,
	+ struct in_addr, struct in_addr, struct in_addr,
	+ u_short, u_short, int, int, int);
	+
	+static struct alias_link *
	+FindLinkOut(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int);
	+
	+static struct alias_link *
	+FindLinkIn(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int);
	+
	+static u_short _RandomPort(struct libalias *la);
	+
	+#define GET_NEW_PORT_MAX_ATTEMPTS 20
	+
	+
	+#ifndef NO_FW_PUNCH
	+
	+static void ClearAllFWHoles(struct libalias *la);
	+
	+#define fw_setfield(la, field, num) \
	+do { \
	+ (field)[(num) - la->fireWallBaseNum] = 1; \
	+} /lint -save -e717 / while(0)/* lint -restore */
	+
	+#define fw_clrfield(la, field, num) \
	+do { \
	+ (field)[(num) - la->fireWallBaseNum] = 0; \
	+} /lint -save -e717 / while(0)/* lint -restore */
	+
	+#define fw_tstfield(la, field, num) ((field)[(num) - la->fireWallBaseNum])
	+
	+#endif /* !NO_FW_PUNCH */
	+
	+#endif /* _ALIAS_DB_H_ */
	diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c
	--- a/sys/netinet/libalias/alias_db.c
	+++ b/sys/netinet/libalias/alias_db.c
	@@ -29,120 +29,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-/*
	- Alias_db.c encapsulates all data structures used for storing
	- packet aliasing data. Other parts of the aliasing software
	- access data through functions provided in this file.
	-
	- Data storage is based on the notion of a "link", which is
	- established for ICMP echo/reply packets, UDP datagrams and
	- TCP stream connections. A link stores the original source
	- and destination addresses. For UDP and TCP, it also stores
	- source and destination port numbers, as well as an alias
	- port number. Links are also used to store information about
	- fragments.
	-
	- There is a facility for sweeping through and deleting old
	- links as new packets are sent through. A simple timeout is
	- used for ICMP and UDP links. TCP links are left alone unless
	- there is an incomplete connection, in which case the link
	- can be deleted after a certain amount of time.
	-
	- Initial version: August, 1996 (cjm)
	-
	- Version 1.4: September 16, 1996 (cjm)
	- Facility for handling incoming links added.
	-
	- Version 1.6: September 18, 1996 (cjm)
	- ICMP data handling simplified.
	-
	- Version 1.7: January 9, 1997 (cjm)
	- Fragment handling simplified.
	- Saves pointers for unresolved fragments.
	- Permits links for unspecified remote ports
	- or unspecified remote addresses.
	- Fixed bug which did not properly zero port
	- table entries after a link was deleted.
	- Cleaned up some obsolete comments.
	-
	- Version 1.8: January 14, 1997 (cjm)
	- Fixed data type error in StartPoint().
	- (This error did not exist prior to v1.7
	- and was discovered and fixed by Ari Suutari)
	-
	- Version 1.9: February 1, 1997
	- Optionally, connections initiated from packet aliasing host
	- machine will will not have their port number aliased unless it
	- conflicts with an aliasing port already being used. (cjm)
	-
	- All options earlier being #ifdef'ed are now available through
	- a new interface, SetPacketAliasMode(). This allows run time
	- control (which is now available in PPP+pktAlias through the
	- 'alias' keyword). (ee)
	-
	- Added ability to create an alias port without
	- either destination address or port specified.
	- port type = ALIAS_PORT_UNKNOWN_DEST_ALL (ee)
	-
	- Removed K&R style function headers
	- and general cleanup. (ee)
	-
	- Added packetAliasMode to replace compiler #defines's (ee)
	-
	- Allocates sockets for partially specified
	- ports if ALIAS_USE_SOCKETS defined. (cjm)
	-
	- Version 2.0: March, 1997
	- SetAliasAddress() will now clean up alias links
	- if the aliasing address is changed. (cjm)
	-
	- PacketAliasPermanentLink() function added to support permanent
	- links. (J. Fortes suggested the need for this.)
	- Examples:
	-
	- (192.168.0.1, port 23) <-> alias port 6002, unknown dest addr/port
	-
	- (192.168.0.2, port 21) <-> alias port 3604, known dest addr
	- unknown dest port
	-
	- These permanent links allow for incoming connections to
	- machines on the local network. They can be given with a
	- user-chosen amount of specificity, with increasing specificity
	- meaning more security. (cjm)
	-
	- Quite a bit of rework to the basic engine. The portTable[]
	- array, which kept track of which ports were in use was replaced
	- by a table/linked list structure. (cjm)
	-
	- SetExpire() function added. (cjm)
	-
	- DeleteLink() no longer frees memory association with a pointer
	- to a fragment (this bug was first recognized by E. Eklund in
	- v1.9).
	-
	- Version 2.1: May, 1997 (cjm)
	- Packet aliasing engine reworked so that it can handle
	- multiple external addresses rather than just a single
	- host address.
	-
	- PacketAliasRedirectPort() and PacketAliasRedirectAddr()
	- added to the API. The first function is a more generalized
	- version of PacketAliasPermanentLink(). The second function
	- implements static network address translation.
	-
	- Version 3.2: July, 2000 (salander and satoh)
	- Added FindNewPortGroup to get contiguous range of port values.
	-
	- Added QueryUdpTcpIn and QueryUdpTcpOut to look for an aliasing
	- link but not actually add one.
	-
	- Added FindRtspOut, which is closely derived from FindUdpTcpOut,
	- except that the alias port (from FindNewPortGroup) is provided
	- as input.
	-
	- See HISTORY file for additional revisions.
	-*/
	-
	#ifdef _KERNEL
	#include <machine/stdarg.h>
	#include <sys/param.h>
	@@ -175,177 +61,11 @@
	#include "alias_mod.h"
	#endif

	+#include "alias_db.h"
	+
	static LIST_HEAD(, libalias) instancehead = LIST_HEAD_INITIALIZER(instancehead);
	int LibAliasTime;

	-/*
	- Constants (note: constants are also defined
	- near relevant functions or structs)
	-*/
	-
	-/* Timeouts (in seconds) for different link types */
	-#define ICMP_EXPIRE_TIME 60
	-#define UDP_EXPIRE_TIME 60
	-#define PROTO_EXPIRE_TIME 60
	-#define FRAGMENT_ID_EXPIRE_TIME 10
	-#define FRAGMENT_PTR_EXPIRE_TIME 30
	-
	-/* TCP link expire time for different cases */
	-/* When the link has been used and closed - minimal grace time to
	- allow ACKs and potential re-connect in FTP (XXX - is this allowed?) */
	-#ifndef TCP_EXPIRE_DEAD
	-#define TCP_EXPIRE_DEAD 10
	-#endif
	-
	-/* When the link has been used and closed on one side - the other side
	- is allowed to still send data */
	-#ifndef TCP_EXPIRE_SINGLEDEAD
	-#define TCP_EXPIRE_SINGLEDEAD 90
	-#endif
	-
	-/* When the link isn't yet up */
	-#ifndef TCP_EXPIRE_INITIAL
	-#define TCP_EXPIRE_INITIAL 300
	-#endif
	-
	-/* When the link is up */
	-#ifndef TCP_EXPIRE_CONNECTED
	-#define TCP_EXPIRE_CONNECTED 86400
	-#endif
	-
	-/* Dummy port number codes used for FindLinkIn/Out() and AddLink().
	- These constants can be anything except zero, which indicates an
	- unknown port number. */
	-
	-#define NO_DEST_PORT 1
	-#define NO_SRC_PORT 1
	-
	-/* Matches any/unknown address in FindLinkIn/Out() and AddLink(). */
	-static struct in_addr const ANY_ADDR = { INADDR_ANY };
	-
	-/* Data Structures
	-
	- The fundamental data structure used in this program is
	- "struct alias_link". Whenever a TCP connection is made,
	- a UDP datagram is sent out, or an ICMP echo request is made,
	- a link record is made (if it has not already been created).
	- The link record is identified by the source address/port
	- and the destination address/port. In the case of an ICMP
	- echo request, the source port is treated as being equivalent
	- with the 16-bit ID number of the ICMP packet.
	-
	- The link record also can store some auxiliary data. For
	- TCP connections that have had sequence and acknowledgment
	- modifications, data space is available to track these changes.
	- A state field is used to keep track in changes to the TCP
	- connection state. ID numbers of fragments can also be
	- stored in the auxiliary space. Pointers to unresolved
	- fragments can also be stored.
	-
	- The link records support two independent chainings. Lookup
	- tables for input and out tables hold the initial pointers
	- the link chains. On input, the lookup table indexes on alias
	- port and link type. On output, the lookup table indexes on
	- source address, destination address, source port, destination
	- port and link type.
	-*/
	-
	-/* used to save changes to ACK/sequence numbers */
	-struct ack_data_record {
	- u_long ack_old;
	- u_long ack_new;
	- int delta;
	- int active;
	-};
	-
	-/* Information about TCP connection */
	-struct tcp_state {
	- int in; /* State for outside -> inside */
	- int out; /* State for inside -> outside */
	- int index; /* Index to ACK data array */
	- /* Indicates whether ACK and sequence numbers been modified */
	- int ack_modified;
	-};
	-
	-/* Number of distinct ACK number changes
	- * saved for a modified TCP stream */
	-#define N_LINK_TCP_DATA 3
	-struct tcp_dat {
	- struct tcp_state state;
	- struct ack_data_record ack[N_LINK_TCP_DATA];
	- /* Which firewall record is used for this hole? */
	- int fwhole;
	-};
	-
	-/* LSNAT server pool (circular list) */
	-struct server {
	- struct in_addr addr;
	- u_short port;
	- struct server *next;
	-};
	-
	-/* Main data structure */
	-struct alias_link {
	- struct libalias *la;
	- /* Address and port information */
	- struct in_addr src_addr;
	- struct in_addr dst_addr;
	- struct in_addr alias_addr;
	- struct in_addr proxy_addr;
	- u_short src_port;
	- u_short dst_port;
	- u_short alias_port;
	- u_short proxy_port;
	- struct server *server;
	- /* Type of link: TCP, UDP, ICMP, proto, frag */
	- int link_type;
	-/* values for link_type */
	-#define LINK_ICMP IPPROTO_ICMP
	-#define LINK_UDP IPPROTO_UDP
	-#define LINK_TCP IPPROTO_TCP
	-#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1)
	-#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2)
	-#define LINK_ADDR (IPPROTO_MAX + 3)
	-#define LINK_PPTP (IPPROTO_MAX + 4)
	-
	- int flags; /* indicates special characteristics */
	- int pflags; /* protocol-specific flags */
	-/* flag bits */
	-#define LINK_UNKNOWN_DEST_PORT 0x01
	-#define LINK_UNKNOWN_DEST_ADDR 0x02
	-#define LINK_PERMANENT 0x04
	-#define LINK_PARTIALLY_SPECIFIED 0x03 /* logical-or of first two bits */
	-#define LINK_UNFIREWALLED 0x08
	-
	- int timestamp; /* Time link was last accessed */
	-#ifndef NO_USE_SOCKETS
	- int sockfd; /* socket descriptor */
	-#endif
	- /* Linked list of pointers for input and output lookup tables */
	- union {
	- struct {
	- SPLAY_ENTRY(alias_link) out;
	- LIST_ENTRY (alias_link) in;
	- } all;
	- struct {
	- LIST_ENTRY (alias_link) list;
	- } pptp;
	- };
	- struct {
	- TAILQ_ENTRY(alias_link) list;
	- int time; /* Expire time for link */
	- } expire;
	- /* Auxiliary data */
	- union {
	- char *frag_ptr;
	- struct in_addr frag_addr;
	- struct tcp_dat *tcp;
	- } data;
	-};
	-
	-/* Clean up procedure. */
	-static void finishoff(void);
	-
	/* Kernel module definition. */
	#ifdef _KERNEL
	MALLOC_DEFINE(M_ALIAS, "libalias", "packet aliasing");
	@@ -373,67 +93,7 @@
	DECLARE_MODULE(alias, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
	#endif

	-/* Internal utility routines (used only in alias_db.c)
	-
	-Lookup table starting points:
	- StartPointIn() -- link table initial search point for
	- incoming packets
	- StartPointOut() -- link table initial search point for
	- outgoing packets
	-
	-Miscellaneous:
	- SeqDiff() -- difference between two TCP sequences
	- ShowAliasStats() -- send alias statistics to a monitor file
	-*/
	-
	-/* Local prototypes */
	-static struct group_in *
	-StartPointIn(struct libalias *, struct in_addr, u_short, int, int);
	-static int SeqDiff(u_long, u_long);
	-
	-#ifndef NO_FW_PUNCH
	-/* Firewall control */
	-static void InitPunchFW(struct libalias *);
	-static void UninitPunchFW(struct libalias *);
	-static void ClearFWHole(struct alias_link *);
	-
	-#endif
	-
	-/* Log file control */
	-static void ShowAliasStats(struct libalias *);
	-static int InitPacketAliasLog(struct libalias *);
	-static void UninitPacketAliasLog(struct libalias *);
	-
	-void SctpShowAliasStats(struct libalias *la);
	-
	-
	-/* Splay handling */
	-static inline int
	-cmp_out(struct alias_link a, struct alias_link b) {
	- int i = a->src_port - b->src_port;
	- if (i != 0) return (i);
	- i = a->src_addr.s_addr - b->src_addr.s_addr;
	- if (i != 0) return (i);
	- i = a->dst_addr.s_addr - b->dst_addr.s_addr;
	- if (i != 0) return (i);
	- i = a->dst_port - b->dst_port;
	- if (i != 0) return (i);
	- i = a->link_type - b->link_type;
	- return (i);
	-}
	-SPLAY_PROTOTYPE(splay_out, alias_link, all.out, cmp_out);
	SPLAY_GENERATE(splay_out, alias_link, all.out, cmp_out);
	-
	-static inline int
	-cmp_in(struct group_in a, struct group_in b) {
	- int i = a->alias_port - b->alias_port;
	- if (i != 0) return (i);
	- i = a->link_type - b->link_type;
	- if (i != 0) return (i);
	- i = a->alias_addr.s_addr - b->alias_addr.s_addr;
	- return (i);
	-}
	-SPLAY_PROTOTYPE(splay_in, group_in, in, cmp_in);
	SPLAY_GENERATE(splay_in, group_in, in, cmp_in);

	static struct group_in *
	@@ -528,53 +188,6 @@
	ShowAliasStats(la);
	}

	-/* Internal routines for finding, deleting and adding links
	-
	-Port Allocation:
	- GetNewPort() -- find and reserve new alias port number
	- GetSocket() -- try to allocate a socket for a given port
	-
	-Link creation and deletion:
	- CleanupAliasData() - remove all link chains from lookup table
	- CleanupLink() - look for a stale link
	- DeleteLink() - remove link
	- AddLink() - add link
	- ReLink() - change link
	-
	-Link search:
	- FindLinkOut() - find link for outgoing packets
	- FindLinkIn() - find link for incoming packets
	-
	-Port search:
	- FindNewPortGroup() - find an available group of ports
	-*/
	-
	-/* Local prototypes */
	-static int GetNewPort(struct libalias , struct alias_link , int);
	-#ifndef NO_USE_SOCKETS
	-static u_short GetSocket(struct libalias , u_short, int , int);
	-#endif
	-static void CleanupAliasData(struct libalias *, int);
	-static void CleanupLink(struct libalias , struct alias_link *, int);
	-static void DeleteLink(struct alias_link **, int);
	-static struct alias_link *
	-UseLink(struct libalias , struct alias_link );
	-
	-static struct alias_link *
	-ReLink(struct alias_link *,
	- struct in_addr, struct in_addr, struct in_addr,
	- u_short, u_short, int, int, int);
	-
	-static struct alias_link *
	-FindLinkOut(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int);
	-
	-static struct alias_link *
	-FindLinkIn(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int);
	-
	-static u_short _RandomPort(struct libalias *la);
	-
	-#define GET_NEW_PORT_MAX_ATTEMPTS 20
	-
	/* get random port in network byte order */
	static u_short
	_RandomPort(struct libalias *la) {
	@@ -2670,20 +2283,6 @@
	return ((char )cmd - (char )buf);
	}

	-static void ClearAllFWHoles(struct libalias *la);
	-
	-#define fw_setfield(la, field, num) \
	-do { \
	- (field)[(num) - la->fireWallBaseNum] = 1; \
	-} /lint -save -e717 / while(0)/* lint -restore */
	-
	-#define fw_clrfield(la, field, num) \
	-do { \
	- (field)[(num) - la->fireWallBaseNum] = 0; \
	-} /lint -save -e717 / while(0)/* lint -restore */
	-
	-#define fw_tstfield(la, field, num) ((field)[(num) - la->fireWallBaseNum])
	-
	static void
	InitPunchFW(struct libalias *la)
	{

File Metadata

Mime Type: text/plain
Expires: Tue, Jan 28, 8:31 AM (5 h, 20 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16263071
Default Alt Text: D30844.diff (29 KB)

D30844.diffNo OneTemporaryActions

D30844.diffView Options

File Metadata

Event Timeline

D30844.diff
No OneTemporary
Actions

D30844.diff
View Options