| alias.c (374fad8b171448b2cfe3aef740de0411aaed7928) | alias.c (7d96f4efd258d006626436837be5c6add536afdd) |
|---|---|
| 1/* -*- mode: c; tab-width: 8; c-basic-indent: 4; -*- */ 2/* 3 Alias.c provides supervisory control for the functions of the 4 packet aliasing software. It consists of routines to monitor 5 TCP connection state, protocol-specific aliasing routines, 6 fragment handling and the following outside world functional 7 interfaces: SaveFragmentPtr, GetFragmentPtr, FragmentAliasIn, 8 PacketAliasIn and PacketAliasOut. --- 79 unchanged lines hidden (view full) --- 88 89#include <netinet/in_systm.h> 90#include <netinet/in.h> 91#include <netinet/ip.h> 92#include <netinet/ip_icmp.h> 93#include <netinet/tcp.h> 94#include <netinet/udp.h> 95 | 1/* -*- mode: c; tab-width: 8; c-basic-indent: 4; -*- */ 2/* 3 Alias.c provides supervisory control for the functions of the 4 packet aliasing software. It consists of routines to monitor 5 TCP connection state, protocol-specific aliasing routines, 6 fragment handling and the following outside world functional 7 interfaces: SaveFragmentPtr, GetFragmentPtr, FragmentAliasIn, 8 PacketAliasIn and PacketAliasOut. --- 79 unchanged lines hidden (view full) --- 88 89#include <netinet/in_systm.h> 90#include <netinet/in.h> 91#include <netinet/ip.h> 92#include <netinet/ip_icmp.h> 93#include <netinet/tcp.h> 94#include <netinet/udp.h> 95 |
| 96#ifndef IPPROTO_GRE 97#define IPPROTO_GRE 47 98#endif 99 |
|
| 96#include "alias_local.h" 97#include "alias.h" 98 99#define NETBIOS_NS_PORT_NUMBER 137 100#define NETBIOS_DGM_PORT_NUMBER 138 101#define FTP_CONTROL_PORT_NUMBER 21 102#define FTP_CONTROL_PORT_NUMBER 21 103#define IRC_CONTROL_PORT_NUMBER_1 6667 104#define IRC_CONTROL_PORT_NUMBER_2 6668 105#define CUSEEME_PORT_NUMBER 7648 106 | 100#include "alias_local.h" 101#include "alias.h" 102 103#define NETBIOS_NS_PORT_NUMBER 137 104#define NETBIOS_DGM_PORT_NUMBER 138 105#define FTP_CONTROL_PORT_NUMBER 21 106#define FTP_CONTROL_PORT_NUMBER 21 107#define IRC_CONTROL_PORT_NUMBER_1 6667 108#define IRC_CONTROL_PORT_NUMBER_2 6668 109#define CUSEEME_PORT_NUMBER 7648 110 |
| 107/* 108 The following macro is used to update an 109 internet checksum. "delta" is a 32-bit 110 accumulation of all the changes to the 111 checksum (adding in new 16-bit words and 112 subtracting out old words), and "cksum" 113 is the checksum value to be updated. 114*/ 115#define ADJUST_CHECKSUM(acc, cksum) { \ 116 acc += cksum; \ 117 if (acc < 0) \ 118 { \ 119 acc = -acc; \ 120 acc = (acc >> 16) + (acc & 0xffff); \ 121 acc += acc >> 16; \ 122 cksum = (u_short) ~acc; \ 123 } \ 124 else \ 125 { \ 126 acc = (acc >> 16) + (acc & 0xffff); \ 127 acc += acc >> 16; \ 128 cksum = (u_short) acc; \ 129 } \ 130} | |
| 131 132 133 | 111 112 113 |
| 134 | |
| 135/* TCP Handling Routines 136 137 TcpMonitorIn() -- These routines monitor TCP connections, and | 114/* TCP Handling Routines 115 116 TcpMonitorIn() -- These routines monitor TCP connections, and |
| 138 TcpMonitorOut() -- delete a link node when a connection is closed. | 117 TcpMonitorOut() delete a link when a connection is closed. |
| 139 140These routines look for SYN, ACK and RST flags to determine when TCP 141connections open and close. When a TCP connection closes, the data 142structure containing packet aliasing information is deleted after 143a timeout period. 144*/ 145 146/* Local prototypes */ --- 254 unchanged lines hidden (view full) --- 401 ip->ip_src = original_address; 402 ic2->icmp_id = original_id; 403 } 404 return(PKT_ALIAS_OK); 405 } 406 return(PKT_ALIAS_IGNORED); 407} 408 | 118 119These routines look for SYN, ACK and RST flags to determine when TCP 120connections open and close. When a TCP connection closes, the data 121structure containing packet aliasing information is deleted after 122a timeout period. 123*/ 124 125/* Local prototypes */ --- 254 unchanged lines hidden (view full) --- 380 ip->ip_src = original_address; 381 ic2->icmp_id = original_id; 382 } 383 return(PKT_ALIAS_OK); 384 } 385 return(PKT_ALIAS_IGNORED); 386} 387 |
| 409 | |
| 410static int 411IcmpAliasIn3(struct ip *pip) 412{ 413 struct in_addr original_address; 414 415 original_address = FindOriginalAddress(pip->ip_dst); 416 DifferentialChecksum(&pip->ip_sum, 417 (u_short *) &original_address, --- 6 unchanged lines hidden (view full) --- 424 425 426static int 427IcmpAliasIn(struct ip *pip) 428{ 429 int iresult; 430 struct icmp *ic; 431 | 388static int 389IcmpAliasIn3(struct ip *pip) 390{ 391 struct in_addr original_address; 392 393 original_address = FindOriginalAddress(pip->ip_dst); 394 DifferentialChecksum(&pip->ip_sum, 395 (u_short *) &original_address, --- 6 unchanged lines hidden (view full) --- 402 403 404static int 405IcmpAliasIn(struct ip *pip) 406{ 407 int iresult; 408 struct icmp *ic; 409 |
| 410/* Return if proxy-only mode is enabled */ 411 if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) 412 return PKT_ALIAS_OK; 413 |
|
| 432 ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); 433 434 iresult = PKT_ALIAS_IGNORED; 435 switch (ic->icmp_type) 436 { 437 case ICMP_ECHOREPLY: 438 case ICMP_TSTAMPREPLY: 439 if (ic->icmp_code == 0) --- 118 unchanged lines hidden (view full) --- 558 559 560static int 561IcmpAliasOut(struct ip *pip) 562{ 563 int iresult; 564 struct icmp *ic; 565 | 414 ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); 415 416 iresult = PKT_ALIAS_IGNORED; 417 switch (ic->icmp_type) 418 { 419 case ICMP_ECHOREPLY: 420 case ICMP_TSTAMPREPLY: 421 if (ic->icmp_code == 0) --- 118 unchanged lines hidden (view full) --- 540 541 542static int 543IcmpAliasOut(struct ip *pip) 544{ 545 int iresult; 546 struct icmp *ic; 547 |
| 548/* Return if proxy-only mode is enabled */ 549 if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) 550 return PKT_ALIAS_OK; 551 |
|
| 566 ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); 567 568 iresult = PKT_ALIAS_IGNORED; 569 switch (ic->icmp_type) 570 { 571 case ICMP_ECHO: 572 case ICMP_TSTAMP: 573 if (ic->icmp_code == 0) --- 9 unchanged lines hidden (view full) --- 583 break; 584 case ICMP_ECHOREPLY: 585 case ICMP_TSTAMPREPLY: 586 iresult = IcmpAliasOut3(pip); 587 } 588 return(iresult); 589} 590 | 552 ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); 553 554 iresult = PKT_ALIAS_IGNORED; 555 switch (ic->icmp_type) 556 { 557 case ICMP_ECHO: 558 case ICMP_TSTAMP: 559 if (ic->icmp_code == 0) --- 9 unchanged lines hidden (view full) --- 569 break; 570 case ICMP_ECHOREPLY: 571 case ICMP_TSTAMPREPLY: 572 iresult = IcmpAliasOut3(pip); 573 } 574 return(iresult); 575} 576 |
| 577 578 |
|
| 591static int | 579static int |
| 580PptpAliasIn(struct ip *pip) 581{ 582/* 583 Handle incoming PPTP packets. The 584 only thing which is done in this case is to alias 585 the dest IP address of the packet to our inside 586 machine. 587*/ 588 struct in_addr alias_addr; 589 590 if (!GetPptpAlias (&alias_addr)) 591 return PKT_ALIAS_IGNORED; 592 593 if (pip->ip_src.s_addr != alias_addr.s_addr) { 594 595 DifferentialChecksum(&pip->ip_sum, 596 (u_short *) &alias_addr, 597 (u_short *) &pip->ip_dst, 598 2); 599 pip->ip_dst = alias_addr; 600 } 601 602 return PKT_ALIAS_OK; 603} 604 605 606static int 607PptpAliasOut(struct ip *pip) 608{ 609/* 610 Handle outgoing PPTP packets. The 611 only thing which is done in this case is to alias 612 the source IP address of the packet. 613*/ 614 struct in_addr alias_addr; 615 616 if (!GetPptpAlias (&alias_addr)) 617 return PKT_ALIAS_IGNORED; 618 619 if (pip->ip_src.s_addr == alias_addr.s_addr) { 620 621 alias_addr = FindAliasAddress(pip->ip_src); 622 DifferentialChecksum(&pip->ip_sum, 623 (u_short *) &alias_addr, 624 (u_short *) &pip->ip_src, 625 2); 626 pip->ip_src = alias_addr; 627 } 628 629 return PKT_ALIAS_OK; 630} 631 632 633 634static int |
|
| 592UdpAliasIn(struct ip *pip) 593{ 594 struct udphdr *ud; 595 struct alias_link *link; 596 | 635UdpAliasIn(struct ip *pip) 636{ 637 struct udphdr *ud; 638 struct alias_link *link; 639 |
| 640/* Return if proxy-only mode is enabled */ 641 if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) 642 return PKT_ALIAS_OK; 643 |
|
| 597 ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2)); 598 599 link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, 600 ud->uh_sport, ud->uh_dport, 601 IPPROTO_UDP); 602 if (link != NULL) 603 { 604 struct in_addr alias_address; --- 60 unchanged lines hidden (view full) --- 665} 666 667static int 668UdpAliasOut(struct ip *pip) 669{ 670 struct udphdr *ud; 671 struct alias_link *link; 672 | 644 ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2)); 645 646 link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, 647 ud->uh_sport, ud->uh_dport, 648 IPPROTO_UDP); 649 if (link != NULL) 650 { 651 struct in_addr alias_address; --- 60 unchanged lines hidden (view full) --- 712} 713 714static int 715UdpAliasOut(struct ip *pip) 716{ 717 struct udphdr *ud; 718 struct alias_link *link; 719 |
| 720/* Return if proxy-only mode is enabled */ 721 if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) 722 return PKT_ALIAS_OK; 723 |
|
| 673 ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2)); 674 675 link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, 676 ud->uh_sport, ud->uh_dport, 677 IPPROTO_UDP); 678 if (link != NULL) 679 { 680 u_short alias_port; --- 65 unchanged lines hidden (view full) --- 746 747 link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, 748 tc->th_sport, tc->th_dport, 749 IPPROTO_TCP); 750 if (link != NULL) 751 { 752 struct in_addr alias_address; 753 struct in_addr original_address; | 724 ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2)); 725 726 link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, 727 ud->uh_sport, ud->uh_dport, 728 IPPROTO_UDP); 729 if (link != NULL) 730 { 731 u_short alias_port; --- 65 unchanged lines hidden (view full) --- 797 798 link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, 799 tc->th_sport, tc->th_dport, 800 IPPROTO_TCP); 801 if (link != NULL) 802 { 803 struct in_addr alias_address; 804 struct in_addr original_address; |
| 805 struct in_addr proxy_address; |
|
| 754 u_short alias_port; | 806 u_short alias_port; |
| 807 u_short proxy_port; |
|
| 755 int accumulate; 756 u_short *sptr; 757 758 alias_address = GetAliasAddress(link); 759 original_address = GetOriginalAddress(link); | 808 int accumulate; 809 u_short *sptr; 810 811 alias_address = GetAliasAddress(link); 812 original_address = GetOriginalAddress(link); |
| 813 proxy_address = GetProxyAddress(link); |
|
| 760 alias_port = tc->th_dport; 761 tc->th_dport = GetOriginalPort(link); | 814 alias_port = tc->th_dport; 815 tc->th_dport = GetOriginalPort(link); |
| 816 proxy_port = GetProxyPort(link); |
|
| 762 763/* Adjust TCP checksum since destination port is being unaliased */ 764/* and destination port is being altered. */ 765 accumulate = alias_port; 766 accumulate -= tc->th_dport; 767 sptr = (u_short *) &alias_address; 768 accumulate += *sptr++; 769 accumulate += *sptr; 770 sptr = (u_short *) &original_address; 771 accumulate -= *sptr++; 772 accumulate -= *sptr; 773 | 817 818/* Adjust TCP checksum since destination port is being unaliased */ 819/* and destination port is being altered. */ 820 accumulate = alias_port; 821 accumulate -= tc->th_dport; 822 sptr = (u_short *) &alias_address; 823 accumulate += *sptr++; 824 accumulate += *sptr; 825 sptr = (u_short *) &original_address; 826 accumulate -= *sptr++; 827 accumulate -= *sptr; 828 |
| 829/* If this is a proxy, then modify the tcp source port and 830 checksum accumulation */ 831 if (proxy_port != 0) 832 { 833 accumulate += tc->th_sport; 834 tc->th_sport = proxy_port; 835 accumulate -= tc->th_sport; 836 837 sptr = (u_short *) &pip->ip_src; 838 accumulate += *sptr++; 839 accumulate += *sptr; 840 sptr = (u_short *) &proxy_address; 841 accumulate -= *sptr++; 842 accumulate -= *sptr; 843 } 844 |
|
| 774/* See if ack number needs to be modified */ 775 if (GetAckModified(link) == 1) 776 { 777 int delta; 778 779 delta = GetDeltaAckIn(pip, link); 780 if (delta != 0) 781 { --- 5 unchanged lines hidden (view full) --- 787 accumulate -= *sptr++; 788 accumulate -= *sptr; 789 } 790 } 791 792 ADJUST_CHECKSUM(accumulate, tc->th_sum); 793 794/* Restore original IP address */ | 845/* See if ack number needs to be modified */ 846 if (GetAckModified(link) == 1) 847 { 848 int delta; 849 850 delta = GetDeltaAckIn(pip, link); 851 if (delta != 0) 852 { --- 5 unchanged lines hidden (view full) --- 858 accumulate -= *sptr++; 859 accumulate -= *sptr; 860 } 861 } 862 863 ADJUST_CHECKSUM(accumulate, tc->th_sum); 864 865/* Restore original IP address */ |
| 795 DifferentialChecksum(&pip->ip_sum, 796 (u_short *) &original_address, 797 (u_short *) &pip->ip_dst, 798 2); | 866 sptr = (u_short *) &pip->ip_dst; 867 accumulate = *sptr++; 868 accumulate += *sptr; |
| 799 pip->ip_dst = original_address; | 869 pip->ip_dst = original_address; |
| 870 sptr = (u_short *) &pip->ip_dst; 871 accumulate -= *sptr++; 872 accumulate -= *sptr; |
|
| 800 | 873 |
| 874/* If this is a transparent proxy packet, then modify the source 875 address */ 876 if (proxy_address.s_addr != 0) 877 { 878 sptr = (u_short *) &pip->ip_src; 879 accumulate += *sptr++; 880 accumulate += *sptr; 881 pip->ip_src = proxy_address; 882 sptr = (u_short *) &pip->ip_src; 883 accumulate -= *sptr++; 884 accumulate -= *sptr; 885 } 886 887 ADJUST_CHECKSUM(accumulate, pip->ip_sum); 888 |
|
| 801/* Monitor TCP connection state */ 802 TcpMonitorIn(pip, link); 803 804 return(PKT_ALIAS_OK); 805 } 806 return(PKT_ALIAS_IGNORED); 807} 808 809static int 810TcpAliasOut(struct ip *pip, int maxpacketsize) 811{ | 889/* Monitor TCP connection state */ 890 TcpMonitorIn(pip, link); 891 892 return(PKT_ALIAS_OK); 893 } 894 return(PKT_ALIAS_IGNORED); 895} 896 897static int 898TcpAliasOut(struct ip *pip, int maxpacketsize) 899{ |
| 900 int proxy_type; 901 u_short dest_port; 902 u_short proxy_server_port; 903 struct in_addr dest_address; 904 struct in_addr proxy_server_address; |
|
| 812 struct tcphdr *tc; 813 struct alias_link *link; 814 815 tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); 816 | 905 struct tcphdr *tc; 906 struct alias_link *link; 907 908 tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); 909 |
| 910 proxy_type = ProxyCheck(pip, &proxy_server_address, &proxy_server_port); 911 912 if (proxy_type == 0 && (packetAliasMode & PKT_ALIAS_PROXY_ONLY)) 913 return PKT_ALIAS_OK; 914 915/* If this is a transparent proxy, save original destination, 916 then alter the destination and adust checksums */ 917 dest_port = tc->th_dport; 918 dest_address = pip->ip_dst; 919 if (proxy_type != 0) 920 { 921 int accumulate; 922 u_short *sptr; 923 924 accumulate = tc->th_dport; 925 tc->th_dport = proxy_server_port; 926 accumulate -= tc->th_dport; 927 928 sptr = (u_short *) &(pip->ip_dst); 929 accumulate += *sptr++; 930 accumulate += *sptr; 931 sptr = (u_short *) &proxy_server_address; 932 accumulate -= *sptr++; 933 accumulate -= *sptr; 934 935 ADJUST_CHECKSUM(accumulate, tc->th_sum); 936 937 sptr = (u_short *) &(pip->ip_dst); 938 accumulate = *sptr++; 939 accumulate += *sptr; 940 pip->ip_dst = proxy_server_address; 941 sptr = (u_short *) &(pip->ip_dst); 942 accumulate -= *sptr++; 943 accumulate -= *sptr; 944 945 ADJUST_CHECKSUM(accumulate, pip->ip_sum); 946 } 947 |
|
| 817 link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, 818 tc->th_sport, tc->th_dport, 819 IPPROTO_TCP); 820 if (link !=NULL) 821 { | 948 link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, 949 tc->th_sport, tc->th_dport, 950 IPPROTO_TCP); 951 if (link !=NULL) 952 { |
| 822 struct in_addr alias_address; | |
| 823 u_short alias_port; | 953 u_short alias_port; |
| 954 struct in_addr alias_address; |
|
| 824 int accumulate; 825 u_short *sptr; 826 | 955 int accumulate; 956 u_short *sptr; 957 |
| 958/* Save original destination address, if this is a proxy packet. 959 Also modify packet to include destination encoding. */ 960 if (proxy_type != 0) 961 { 962 SetProxyPort(link, dest_port); 963 SetProxyAddress(link, dest_address); 964 ProxyModify(link, pip, maxpacketsize, proxy_type); 965 } 966 967/* Get alias address and port */ |
|
| 827 alias_port = GetAliasPort(link); 828 alias_address = GetAliasAddress(link); 829 830/* Monitor tcp connection state */ 831 TcpMonitorOut(pip, link); 832 | 968 alias_port = GetAliasPort(link); 969 alias_address = GetAliasAddress(link); 970 971/* Monitor tcp connection state */ 972 TcpMonitorOut(pip, link); 973 |
| 833/* Special processing for ftp connection */ | 974/* Special processing for IP encoding protocols */ |
| 834 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER 835 || ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER) 836 AliasHandleFtpOut(pip, link, maxpacketsize); 837 if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1 | 975 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER 976 || ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER) 977 AliasHandleFtpOut(pip, link, maxpacketsize); 978 if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1 |
| 838 || ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2) | 979 || ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2) |
| 839 AliasHandleIrcOut(pip, link, maxpacketsize); 840 841/* Adjust TCP checksum since source port is being aliased */ 842/* and source address is being altered */ 843 accumulate = tc->th_sport; | 980 AliasHandleIrcOut(pip, link, maxpacketsize); 981 982/* Adjust TCP checksum since source port is being aliased */ 983/* and source address is being altered */ 984 accumulate = tc->th_sport; |
| 844 accumulate -= alias_port; | 985 tc->th_sport = alias_port; 986 accumulate -= tc->th_sport; 987 |
| 845 sptr = (u_short *) &(pip->ip_src); 846 accumulate += *sptr++; 847 accumulate += *sptr; 848 sptr = (u_short *) &alias_address; 849 accumulate -= *sptr++; 850 accumulate -= *sptr; 851 852/* Modify sequence number if necessary */ --- 11 unchanged lines hidden (view full) --- 864 sptr = (u_short *) &tc->th_seq; 865 accumulate -= *sptr++; 866 accumulate -= *sptr; 867 } 868 } 869 870 ADJUST_CHECKSUM(accumulate, tc->th_sum) 871 | 988 sptr = (u_short *) &(pip->ip_src); 989 accumulate += *sptr++; 990 accumulate += *sptr; 991 sptr = (u_short *) &alias_address; 992 accumulate -= *sptr++; 993 accumulate -= *sptr; 994 995/* Modify sequence number if necessary */ --- 11 unchanged lines hidden (view full) --- 1007 sptr = (u_short *) &tc->th_seq; 1008 accumulate -= *sptr++; 1009 accumulate -= *sptr; 1010 } 1011 } 1012 1013 ADJUST_CHECKSUM(accumulate, tc->th_sum) 1014 |
| 872/* Put alias address in TCP header */ 873 tc->th_sport = alias_port; 874 | |
| 875/* Change source address */ | 1015/* Change source address */ |
| 876 DifferentialChecksum(&pip->ip_sum, 877 (u_short *) &alias_address, 878 (u_short *) &pip->ip_src, 879 2); | 1016 sptr = (u_short *) &(pip->ip_src); 1017 accumulate = *sptr++; 1018 accumulate += *sptr; |
| 880 pip->ip_src = alias_address; | 1019 pip->ip_src = alias_address; |
| 1020 sptr = (u_short *) &(pip->ip_src); 1021 accumulate -= *sptr++; 1022 accumulate -= *sptr; |
|
| 881 | 1023 |
| 1024 ADJUST_CHECKSUM(accumulate, pip->ip_sum) 1025 |
|
| 882 return(PKT_ALIAS_OK); 883 } 884 return(PKT_ALIAS_IGNORED); 885} 886 887 888 889 --- 136 unchanged lines hidden (view full) --- 1026 1027int 1028PacketAliasIn(char *ptr, int maxpacketsize) 1029{ 1030 struct in_addr alias_addr; 1031 struct ip *pip; 1032 int iresult; 1033 | 1026 return(PKT_ALIAS_OK); 1027 } 1028 return(PKT_ALIAS_IGNORED); 1029} 1030 1031 1032 1033 --- 136 unchanged lines hidden (view full) --- 1170 1171int 1172PacketAliasIn(char *ptr, int maxpacketsize) 1173{ 1174 struct in_addr alias_addr; 1175 struct ip *pip; 1176 int iresult; 1177 |
| 1178 if (packetAliasMode & PKT_ALIAS_REVERSE) 1179 return PacketAliasOut(ptr, maxpacketsize); 1180 |
|
| 1034 HouseKeeping(); 1035 ClearCheckNewLink(); 1036 pip = (struct ip *) ptr; 1037 alias_addr = pip->ip_dst; 1038 1039 /* Defense against mangled packets */ 1040 if (ntohs(pip->ip_len) > maxpacketsize 1041 || (pip->ip_hl<<2) > maxpacketsize) --- 8 unchanged lines hidden (view full) --- 1050 iresult = IcmpAliasIn(pip); 1051 break; 1052 case IPPROTO_UDP: 1053 iresult = UdpAliasIn(pip); 1054 break; 1055 case IPPROTO_TCP: 1056 iresult = TcpAliasIn(pip); 1057 break; | 1181 HouseKeeping(); 1182 ClearCheckNewLink(); 1183 pip = (struct ip *) ptr; 1184 alias_addr = pip->ip_dst; 1185 1186 /* Defense against mangled packets */ 1187 if (ntohs(pip->ip_len) > maxpacketsize 1188 || (pip->ip_hl<<2) > maxpacketsize) --- 8 unchanged lines hidden (view full) --- 1197 iresult = IcmpAliasIn(pip); 1198 break; 1199 case IPPROTO_UDP: 1200 iresult = UdpAliasIn(pip); 1201 break; 1202 case IPPROTO_TCP: 1203 iresult = TcpAliasIn(pip); 1204 break; |
| 1205 case IPPROTO_GRE: 1206 iresult = PptpAliasIn(pip); 1207 break; |
|
| 1058 } 1059 1060 if (ntohs(pip->ip_off) & IP_MF) 1061 { 1062 struct alias_link *link; 1063 1064 link = FindFragmentIn1(pip->ip_src, alias_addr, pip->ip_id); 1065 if (link != NULL) --- 26 unchanged lines hidden (view full) --- 1092/* 172.16.0.0 -> 172.31.255.255 */ 1093#define UNREG_ADDR_B_LOWER 0xac100000 1094#define UNREG_ADDR_B_UPPER 0xac1fffff 1095 1096/* 192.168.0.0 -> 192.168.255.255 */ 1097#define UNREG_ADDR_C_LOWER 0xc0a80000 1098#define UNREG_ADDR_C_UPPER 0xc0a8ffff 1099 | 1208 } 1209 1210 if (ntohs(pip->ip_off) & IP_MF) 1211 { 1212 struct alias_link *link; 1213 1214 link = FindFragmentIn1(pip->ip_src, alias_addr, pip->ip_id); 1215 if (link != NULL) --- 26 unchanged lines hidden (view full) --- 1242/* 172.16.0.0 -> 172.31.255.255 */ 1243#define UNREG_ADDR_B_LOWER 0xac100000 1244#define UNREG_ADDR_B_UPPER 0xac1fffff 1245 1246/* 192.168.0.0 -> 192.168.255.255 */ 1247#define UNREG_ADDR_C_LOWER 0xc0a80000 1248#define UNREG_ADDR_C_UPPER 0xc0a8ffff 1249 |
| 1100 1101 | |
| 1102int 1103PacketAliasOut(char *ptr, /* valid IP packet */ 1104 int maxpacketsize /* How much the packet data may grow 1105 (FTP and IRC inline changes) */ 1106 ) 1107{ 1108 int iresult; 1109 struct in_addr addr_save; 1110 struct ip *pip; 1111 | 1250int 1251PacketAliasOut(char *ptr, /* valid IP packet */ 1252 int maxpacketsize /* How much the packet data may grow 1253 (FTP and IRC inline changes) */ 1254 ) 1255{ 1256 int iresult; 1257 struct in_addr addr_save; 1258 struct ip *pip; 1259 |
| 1260 if (packetAliasMode & PKT_ALIAS_REVERSE) 1261 return PacketAliasIn(ptr, maxpacketsize); 1262 |
|
| 1112 HouseKeeping(); 1113 ClearCheckNewLink(); 1114 pip = (struct ip *) ptr; 1115 1116 /* Defense against mangled packets */ 1117 if (ntohs(pip->ip_len) > maxpacketsize 1118 || (pip->ip_hl<<2) > maxpacketsize) 1119 return PKT_ALIAS_IGNORED; --- 28 unchanged lines hidden (view full) --- 1148 iresult = IcmpAliasOut(pip); 1149 break; 1150 case IPPROTO_UDP: 1151 iresult = UdpAliasOut(pip); 1152 break; 1153 case IPPROTO_TCP: 1154 iresult = TcpAliasOut(pip, maxpacketsize); 1155 break; | 1263 HouseKeeping(); 1264 ClearCheckNewLink(); 1265 pip = (struct ip *) ptr; 1266 1267 /* Defense against mangled packets */ 1268 if (ntohs(pip->ip_len) > maxpacketsize 1269 || (pip->ip_hl<<2) > maxpacketsize) 1270 return PKT_ALIAS_IGNORED; --- 28 unchanged lines hidden (view full) --- 1299 iresult = IcmpAliasOut(pip); 1300 break; 1301 case IPPROTO_UDP: 1302 iresult = UdpAliasOut(pip); 1303 break; 1304 case IPPROTO_TCP: 1305 iresult = TcpAliasOut(pip, maxpacketsize); 1306 break; |
| 1307 case IPPROTO_GRE: 1308 iresult = PptpAliasOut(pip); 1309 break; |
|
| 1156 } 1157 } 1158 else 1159 { 1160 iresult = FragmentOut(pip); 1161 } 1162 1163 SetDefaultAliasAddress(addr_save); 1164 return(iresult); 1165} | 1310 } 1311 } 1312 else 1313 { 1314 iresult = FragmentOut(pip); 1315 } 1316 1317 SetDefaultAliasAddress(addr_save); 1318 return(iresult); 1319} |