| alias.c (e3e2c216398b34e94a5d10701c8a25745cb910e0) | alias.c (9fa0fd268273d90e765d9ebfe0be87ea4d64e138) |
|---|---|
| 1/*- 2 * Copyright (c) 2001 Charles Mott <cm@linktel.net> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 159 unchanged lines hidden (view full) --- 168static void TcpMonitorOut(struct ip *, struct alias_link *); 169 170 171static void 172TcpMonitorIn(struct ip *pip, struct alias_link *lnk) 173{ 174 struct tcphdr *tc; 175 | 1/*- 2 * Copyright (c) 2001 Charles Mott <cm@linktel.net> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 159 unchanged lines hidden (view full) --- 168static void TcpMonitorOut(struct ip *, struct alias_link *); 169 170 171static void 172TcpMonitorIn(struct ip *pip, struct alias_link *lnk) 173{ 174 struct tcphdr *tc; 175 |
| 176 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2)); | 176 tc = (struct tcphdr *)ip_next(pip); |
| 177 178 switch (GetStateIn(lnk)) { 179 case ALIAS_TCP_STATE_NOT_CONNECTED: 180 if (tc->th_flags & TH_RST) 181 SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED); 182 else if (tc->th_flags & TH_SYN) 183 SetStateIn(lnk, ALIAS_TCP_STATE_CONNECTED); 184 break; --- 4 unchanged lines hidden (view full) --- 189 } 190} 191 192static void 193TcpMonitorOut(struct ip *pip, struct alias_link *lnk) 194{ 195 struct tcphdr *tc; 196 | 177 178 switch (GetStateIn(lnk)) { 179 case ALIAS_TCP_STATE_NOT_CONNECTED: 180 if (tc->th_flags & TH_RST) 181 SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED); 182 else if (tc->th_flags & TH_SYN) 183 SetStateIn(lnk, ALIAS_TCP_STATE_CONNECTED); 184 break; --- 4 unchanged lines hidden (view full) --- 189 } 190} 191 192static void 193TcpMonitorOut(struct ip *pip, struct alias_link *lnk) 194{ 195 struct tcphdr *tc; 196 |
| 197 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2)); | 197 tc = (struct tcphdr *)ip_next(pip); |
| 198 199 switch (GetStateOut(lnk)) { 200 case ALIAS_TCP_STATE_NOT_CONNECTED: 201 if (tc->th_flags & TH_RST) 202 SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED); 203 else if (tc->th_flags & TH_SYN) 204 SetStateOut(lnk, ALIAS_TCP_STATE_CONNECTED); 205 break; --- 72 unchanged lines hidden (view full) --- 278{ 279/* 280 De-alias incoming echo and timestamp replies. 281 Alias incoming echo and timestamp requests. 282*/ 283 struct alias_link *lnk; 284 struct icmp *ic; 285 | 198 199 switch (GetStateOut(lnk)) { 200 case ALIAS_TCP_STATE_NOT_CONNECTED: 201 if (tc->th_flags & TH_RST) 202 SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED); 203 else if (tc->th_flags & TH_SYN) 204 SetStateOut(lnk, ALIAS_TCP_STATE_CONNECTED); 205 break; --- 72 unchanged lines hidden (view full) --- 278{ 279/* 280 De-alias incoming echo and timestamp replies. 281 Alias incoming echo and timestamp requests. 282*/ 283 struct alias_link *lnk; 284 struct icmp *ic; 285 |
| 286 ic = (struct icmp *)((char *)pip + (pip->ip_hl << 2)); | 286 ic = (struct icmp *)ip_next(pip); |
| 287 288/* Get source address from ICMP data field and restore original data */ 289 lnk = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); 290 if (lnk != NULL) { 291 u_short original_id; 292 int accumulate; 293 294 original_id = GetOriginalPort(lnk); --- 29 unchanged lines hidden (view full) --- 324 IP header and first 64 bits of datagram. 325*/ 326 struct ip *ip; 327 struct icmp *ic, *ic2; 328 struct udphdr *ud; 329 struct tcphdr *tc; 330 struct alias_link *lnk; 331 | 287 288/* Get source address from ICMP data field and restore original data */ 289 lnk = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); 290 if (lnk != NULL) { 291 u_short original_id; 292 int accumulate; 293 294 original_id = GetOriginalPort(lnk); --- 29 unchanged lines hidden (view full) --- 324 IP header and first 64 bits of datagram. 325*/ 326 struct ip *ip; 327 struct icmp *ic, *ic2; 328 struct udphdr *ud; 329 struct tcphdr *tc; 330 struct alias_link *lnk; 331 |
| 332 ic = (struct icmp *)((char *)pip + (pip->ip_hl << 2)); | 332 ic = (struct icmp *)ip_next(pip); |
| 333 ip = &ic->icmp_ip; 334 | 333 ip = &ic->icmp_ip; 334 |
| 335 ud = (struct udphdr *)((char *)ip + (ip->ip_hl << 2)); 336 tc = (struct tcphdr *)ud; 337 ic2 = (struct icmp *)ud; | 335 ud = (struct udphdr *)ip_next(ip); 336 tc = (struct tcphdr *)ip_next(ip); 337 ic2 = (struct icmp *)ip_next(ip); |
| 338 339 if (ip->ip_p == IPPROTO_UDP) 340 lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, 341 ud->uh_dport, ud->uh_sport, 342 IPPROTO_UDP, 0); 343 else if (ip->ip_p == IPPROTO_TCP) 344 lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, 345 tc->th_dport, tc->th_sport, --- 75 unchanged lines hidden (view full) --- 421{ 422 int iresult; 423 struct icmp *ic; 424 425/* Return if proxy-only mode is enabled */ 426 if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) 427 return (PKT_ALIAS_OK); 428 | 338 339 if (ip->ip_p == IPPROTO_UDP) 340 lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, 341 ud->uh_dport, ud->uh_sport, 342 IPPROTO_UDP, 0); 343 else if (ip->ip_p == IPPROTO_TCP) 344 lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, 345 tc->th_dport, tc->th_sport, --- 75 unchanged lines hidden (view full) --- 421{ 422 int iresult; 423 struct icmp *ic; 424 425/* Return if proxy-only mode is enabled */ 426 if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) 427 return (PKT_ALIAS_OK); 428 |
| 429 ic = (struct icmp *)((char *)pip + (pip->ip_hl << 2)); | 429 ic = (struct icmp *)ip_next(pip); |
| 430 431 iresult = PKT_ALIAS_IGNORED; 432 switch (ic->icmp_type) { 433 case ICMP_ECHOREPLY: 434 case ICMP_TSTAMPREPLY: 435 if (ic->icmp_code == 0) { 436 iresult = IcmpAliasIn1(la, pip); 437 } --- 18 unchanged lines hidden (view full) --- 456{ 457/* 458 Alias outgoing echo and timestamp requests. 459 De-alias outgoing echo and timestamp replies. 460*/ 461 struct alias_link *lnk; 462 struct icmp *ic; 463 | 430 431 iresult = PKT_ALIAS_IGNORED; 432 switch (ic->icmp_type) { 433 case ICMP_ECHOREPLY: 434 case ICMP_TSTAMPREPLY: 435 if (ic->icmp_code == 0) { 436 iresult = IcmpAliasIn1(la, pip); 437 } --- 18 unchanged lines hidden (view full) --- 456{ 457/* 458 Alias outgoing echo and timestamp requests. 459 De-alias outgoing echo and timestamp replies. 460*/ 461 struct alias_link *lnk; 462 struct icmp *ic; 463 |
| 464 ic = (struct icmp *)((char *)pip + (pip->ip_hl << 2)); | 464 ic = (struct icmp *)ip_next(pip); |
| 465 466/* Save overwritten data for when echo packet returns */ 467 lnk = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); 468 if (lnk != NULL) { 469 u_short alias_id; 470 int accumulate; 471 472 alias_id = GetAliasPort(lnk); --- 30 unchanged lines hidden (view full) --- 503 IP header and first 64 bits of datagram. 504*/ 505 struct ip *ip; 506 struct icmp *ic, *ic2; 507 struct udphdr *ud; 508 struct tcphdr *tc; 509 struct alias_link *lnk; 510 | 465 466/* Save overwritten data for when echo packet returns */ 467 lnk = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); 468 if (lnk != NULL) { 469 u_short alias_id; 470 int accumulate; 471 472 alias_id = GetAliasPort(lnk); --- 30 unchanged lines hidden (view full) --- 503 IP header and first 64 bits of datagram. 504*/ 505 struct ip *ip; 506 struct icmp *ic, *ic2; 507 struct udphdr *ud; 508 struct tcphdr *tc; 509 struct alias_link *lnk; 510 |
| 511 ic = (struct icmp *)((char *)pip + (pip->ip_hl << 2)); | 511 ic = (struct icmp *)ip_next(pip); |
| 512 ip = &ic->icmp_ip; 513 | 512 ip = &ic->icmp_ip; 513 |
| 514 ud = (struct udphdr *)((char *)ip + (ip->ip_hl << 2)); 515 tc = (struct tcphdr *)ud; 516 ic2 = (struct icmp *)ud; | 514 ud = (struct udphdr *)ip_next(ip); 515 tc = (struct tcphdr *)ip_next(ip); 516 ic2 = (struct icmp *)ip_next(ip); |
| 517 518 if (ip->ip_p == IPPROTO_UDP) 519 lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, 520 ud->uh_dport, ud->uh_sport, 521 IPPROTO_UDP, 0); 522 else if (ip->ip_p == IPPROTO_TCP) 523 lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, 524 tc->th_dport, tc->th_sport, --- 77 unchanged lines hidden (view full) --- 602 struct icmp *ic; 603 604 (void)create; 605 606/* Return if proxy-only mode is enabled */ 607 if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) 608 return (PKT_ALIAS_OK); 609 | 517 518 if (ip->ip_p == IPPROTO_UDP) 519 lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, 520 ud->uh_dport, ud->uh_sport, 521 IPPROTO_UDP, 0); 522 else if (ip->ip_p == IPPROTO_TCP) 523 lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, 524 tc->th_dport, tc->th_sport, --- 77 unchanged lines hidden (view full) --- 602 struct icmp *ic; 603 604 (void)create; 605 606/* Return if proxy-only mode is enabled */ 607 if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) 608 return (PKT_ALIAS_OK); 609 |
| 610 ic = (struct icmp *)((char *)pip + (pip->ip_hl << 2)); | 610 ic = (struct icmp *)ip_next(pip); |
| 611 612 iresult = PKT_ALIAS_IGNORED; 613 switch (ic->icmp_type) { 614 case ICMP_ECHO: 615 case ICMP_TSTAMP: 616 if (ic->icmp_code == 0) { 617 iresult = IcmpAliasOut1(la, pip); 618 } --- 83 unchanged lines hidden (view full) --- 702{ 703 struct udphdr *ud; 704 struct alias_link *lnk; 705 706/* Return if proxy-only mode is enabled */ 707 if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) 708 return (PKT_ALIAS_OK); 709 | 611 612 iresult = PKT_ALIAS_IGNORED; 613 switch (ic->icmp_type) { 614 case ICMP_ECHO: 615 case ICMP_TSTAMP: 616 if (ic->icmp_code == 0) { 617 iresult = IcmpAliasOut1(la, pip); 618 } --- 83 unchanged lines hidden (view full) --- 702{ 703 struct udphdr *ud; 704 struct alias_link *lnk; 705 706/* Return if proxy-only mode is enabled */ 707 if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) 708 return (PKT_ALIAS_OK); 709 |
| 710 ud = (struct udphdr *)((char *)pip + (pip->ip_hl << 2)); | 710 ud = (struct udphdr *)ip_next(pip); |
| 711 712 lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, 713 ud->uh_sport, ud->uh_dport, 714 IPPROTO_UDP, 1); 715 if (lnk != NULL) { 716 struct in_addr alias_address; 717 struct in_addr original_address; 718 u_short alias_port; --- 47 unchanged lines hidden (view full) --- 766{ 767 struct udphdr *ud; 768 struct alias_link *lnk; 769 770/* Return if proxy-only mode is enabled */ 771 if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) 772 return (PKT_ALIAS_OK); 773 | 711 712 lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, 713 ud->uh_sport, ud->uh_dport, 714 IPPROTO_UDP, 1); 715 if (lnk != NULL) { 716 struct in_addr alias_address; 717 struct in_addr original_address; 718 u_short alias_port; --- 47 unchanged lines hidden (view full) --- 766{ 767 struct udphdr *ud; 768 struct alias_link *lnk; 769 770/* Return if proxy-only mode is enabled */ 771 if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) 772 return (PKT_ALIAS_OK); 773 |
| 774 ud = (struct udphdr *)((char *)pip + (pip->ip_hl << 2)); | 774 ud = (struct udphdr *)ip_next(pip); |
| 775 776 lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, 777 ud->uh_sport, ud->uh_dport, 778 IPPROTO_UDP, create); 779 if (lnk != NULL) { 780 u_short alias_port; 781 struct in_addr alias_address; 782 --- 47 unchanged lines hidden (view full) --- 830 831 832static int 833TcpAliasIn(struct libalias *la, struct ip *pip) 834{ 835 struct tcphdr *tc; 836 struct alias_link *lnk; 837 | 775 776 lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, 777 ud->uh_sport, ud->uh_dport, 778 IPPROTO_UDP, create); 779 if (lnk != NULL) { 780 u_short alias_port; 781 struct in_addr alias_address; 782 --- 47 unchanged lines hidden (view full) --- 830 831 832static int 833TcpAliasIn(struct libalias *la, struct ip *pip) 834{ 835 struct tcphdr *tc; 836 struct alias_link *lnk; 837 |
| 838 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2)); | 838 tc = (struct tcphdr *)ip_next(pip); |
| 839 840 lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, 841 tc->th_sport, tc->th_dport, 842 IPPROTO_TCP, 843 !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); 844 if (lnk != NULL) { 845 struct in_addr alias_address; 846 struct in_addr original_address; --- 74 unchanged lines hidden (view full) --- 921 int proxy_type; 922 u_short dest_port; 923 u_short proxy_server_port; 924 struct in_addr dest_address; 925 struct in_addr proxy_server_address; 926 struct tcphdr *tc; 927 struct alias_link *lnk; 928 | 839 840 lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, 841 tc->th_sport, tc->th_dport, 842 IPPROTO_TCP, 843 !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); 844 if (lnk != NULL) { 845 struct in_addr alias_address; 846 struct in_addr original_address; --- 74 unchanged lines hidden (view full) --- 921 int proxy_type; 922 u_short dest_port; 923 u_short proxy_server_port; 924 struct in_addr dest_address; 925 struct in_addr proxy_server_address; 926 struct tcphdr *tc; 927 struct alias_link *lnk; 928 |
| 929 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2)); | 929 tc = (struct tcphdr *)ip_next(pip); |
| 930 931 proxy_type = ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port); 932 933 if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)) 934 return (PKT_ALIAS_OK); 935 936/* If this is a transparent proxy, save original destination, 937 then alter the destination and adjust checksums */ --- 26 unchanged lines hidden (view full) --- 964 965/* Save original destination address, if this is a proxy packet. 966 Also modify packet to include destination encoding. This may 967 change the size of IP header. */ 968 if (proxy_type != 0) { 969 SetProxyPort(lnk, dest_port); 970 SetProxyAddress(lnk, dest_address); 971 ProxyModify(la, lnk, pip, maxpacketsize, proxy_type); | 930 931 proxy_type = ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port); 932 933 if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)) 934 return (PKT_ALIAS_OK); 935 936/* If this is a transparent proxy, save original destination, 937 then alter the destination and adjust checksums */ --- 26 unchanged lines hidden (view full) --- 964 965/* Save original destination address, if this is a proxy packet. 966 Also modify packet to include destination encoding. This may 967 change the size of IP header. */ 968 if (proxy_type != 0) { 969 SetProxyPort(lnk, dest_port); 970 SetProxyAddress(lnk, dest_address); 971 ProxyModify(la, lnk, pip, maxpacketsize, proxy_type); |
| 972 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2)); | 972 tc = (struct tcphdr *)ip_next(pip); |
| 973 } 974/* Get alias address and port */ 975 alias_port = GetAliasPort(lnk); 976 alias_address = GetAliasAddress(lnk); 977 978/* Monitor TCP connection state */ 979 TcpMonitorOut(pip, lnk); 980 --- 360 unchanged lines hidden (view full) --- 1341 1342 pip = (struct ip *)ptr; 1343 1344 /* Defense against mangled packets */ 1345 if (ntohs(pip->ip_len) > maxpacketsize 1346 || (pip->ip_hl << 2) > maxpacketsize) 1347 return (iresult); 1348 | 973 } 974/* Get alias address and port */ 975 alias_port = GetAliasPort(lnk); 976 alias_address = GetAliasAddress(lnk); 977 978/* Monitor TCP connection state */ 979 TcpMonitorOut(pip, lnk); 980 --- 360 unchanged lines hidden (view full) --- 1341 1342 pip = (struct ip *)ptr; 1343 1344 /* Defense against mangled packets */ 1345 if (ntohs(pip->ip_len) > maxpacketsize 1346 || (pip->ip_hl << 2) > maxpacketsize) 1347 return (iresult); 1348 |
| 1349 ud = (struct udphdr *)((char *)pip + (pip->ip_hl << 2)); 1350 tc = (struct tcphdr *)ud; 1351 ic = (struct icmp *)ud; | 1349 ud = (struct udphdr *)ip_next(pip); 1350 tc = (struct tcphdr *)ip_next(pip); 1351 ic = (struct icmp *)ip_next(pip); |
| 1352 1353 /* Find a link */ 1354 if (pip->ip_p == IPPROTO_UDP) 1355 lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, 1356 ud->uh_dport, ud->uh_sport, 1357 IPPROTO_UDP, 0); 1358 else if (pip->ip_p == IPPROTO_TCP) 1359 lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, --- 74 unchanged lines hidden --- | 1352 1353 /* Find a link */ 1354 if (pip->ip_p == IPPROTO_UDP) 1355 lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, 1356 ud->uh_dport, ud->uh_sport, 1357 IPPROTO_UDP, 0); 1358 else if (pip->ip_p == IPPROTO_TCP) 1359 lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, --- 74 unchanged lines hidden --- |