Index: sys/netinet/libalias/alias.h =================================================================== --- sys/netinet/libalias/alias.h +++ sys/netinet/libalias/alias.h @@ -37,10 +37,10 @@ */ #ifndef _ALIAS_H_ -#define _ALIAS_H_ +#define _ALIAS_H_ -#include #include +#include #include #define LIBALIAS_BUF_SIZE 128 @@ -48,8 +48,8 @@ /* * The kernel version of libalias does not support these features. */ -#define NO_FW_PUNCH -#define NO_USE_SOCKETS +#define NO_FW_PUNCH +#define NO_USE_SOCKETS #endif /* @@ -83,54 +83,60 @@ /* Initialization and control functions. */ struct libalias *LibAliasInit(struct libalias *); -void LibAliasSetAddress(struct libalias *, struct in_addr _addr); -void LibAliasSetAliasPortRange(struct libalias *la, u_short port_low, u_short port_hi); -void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num); -void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port); -unsigned int LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask); -void LibAliasUninit(struct libalias *); +void LibAliasSetAddress(struct libalias *, struct in_addr _addr); +void LibAliasSetAliasPortRange(struct libalias *la, u_short port_low, + u_short port_hi); +void LibAliasSetFWBase(struct libalias *, unsigned int _base, + unsigned int _num); +void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port); +unsigned int LibAliasSetMode(struct libalias *, unsigned int _flags, + unsigned int _mask); +void LibAliasUninit(struct libalias *); /* Packet Handling functions. */ -int LibAliasIn (struct libalias *, void *_ptr, int _maxpacketsize); -int LibAliasOut(struct libalias *, void *_ptr, int _maxpacketsize); -int LibAliasOutTry(struct libalias *, void *_ptr, int _maxpacketsize, int _create); -int LibAliasUnaliasOut(struct libalias *, void *_ptr, int _maxpacketsize); +int LibAliasIn(struct libalias *, void *_ptr, int _maxpacketsize); +int LibAliasOut(struct libalias *, void *_ptr, int _maxpacketsize); +int LibAliasOutTry(struct libalias *, void *_ptr, int _maxpacketsize, + int _create); +int LibAliasUnaliasOut(struct libalias *, void *_ptr, int _maxpacketsize); /* Port and address redirection functions. */ -int LibAliasAddServer(struct libalias *, struct alias_link *_lnk, - struct in_addr _addr, unsigned short _port); -struct alias_link * LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr, - struct in_addr _alias_addr); -int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_lnk); -void LibAliasRedirectDelete(struct libalias *, struct alias_link *_lnk); -struct alias_link * LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr, - unsigned short _src_port, struct in_addr _dst_addr, - unsigned short _dst_port, struct in_addr _alias_addr, - unsigned short _alias_port, unsigned char _proto); -struct alias_link * LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr, - struct in_addr _dst_addr, struct in_addr _alias_addr, - unsigned char _proto); +int LibAliasAddServer(struct libalias *, struct alias_link *_lnk, + struct in_addr _addr, unsigned short _port); +struct alias_link *LibAliasRedirectAddr(struct libalias *, + struct in_addr _src_addr, struct in_addr _alias_addr); +int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_lnk); +void LibAliasRedirectDelete(struct libalias *, struct alias_link *_lnk); +struct alias_link *LibAliasRedirectPort(struct libalias *, + struct in_addr _src_addr, unsigned short _src_port, + struct in_addr _dst_addr, unsigned short _dst_port, + struct in_addr _alias_addr, unsigned short _alias_port, + unsigned char _proto); +struct alias_link *LibAliasRedirectProto(struct libalias *, + struct in_addr _src_addr, struct in_addr _dst_addr, + struct in_addr _alias_addr, unsigned char _proto); /* Fragment Handling functions. */ -void LibAliasFragmentIn(struct libalias *, void *_ptr, void *_ptr_fragment); -void *LibAliasGetFragment(struct libalias *, void *_ptr); -int LibAliasSaveFragment(struct libalias *, void *_ptr); +void LibAliasFragmentIn(struct libalias *, void *_ptr, void *_ptr_fragment); +void *LibAliasGetFragment(struct libalias *, void *_ptr); +int LibAliasSaveFragment(struct libalias *, void *_ptr); /* Miscellaneous functions. */ -unsigned short LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes); -void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr); +unsigned short LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, + int _nbytes); +void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr); /* Transparent proxying routines. */ -int LibAliasProxyRule(struct libalias *, const char *_cmd); +int LibAliasProxyRule(struct libalias *, const char *_cmd); /* Module handling API */ -int LibAliasLoadModule(char *); -int LibAliasUnLoadAllModule(void); -int LibAliasRefreshModules(void); +int LibAliasLoadModule(char *); +int LibAliasUnLoadAllModule(void); +int LibAliasRefreshModules(void); /* Mbuf helper function. */ -struct mbuf *m_megapullup(struct mbuf *, int); +struct mbuf *m_megapullup(struct mbuf *, int); /* * Mode flags and other constants. @@ -142,13 +148,13 @@ * If PKT_ALIAS_LOG is set, a message will be printed to /var/log/alias.log * every time a link is created or deleted. This is useful for debugging. */ -#define PKT_ALIAS_LOG 0x01 +#define PKT_ALIAS_LOG 0x01 /* * If PKT_ALIAS_DENY_INCOMING is set, then incoming connections (e.g. to ftp, * telnet or web servers will be prevented by the aliasing mechanism. */ -#define PKT_ALIAS_DENY_INCOMING 0x02 +#define PKT_ALIAS_DENY_INCOMING 0x02 /* * If PKT_ALIAS_SAME_PORTS is set, packets will be attempted sent from the @@ -157,7 +163,7 @@ * at all). This mode bit is set by PacketAliasInit(), so it is a default * mode of operation. */ -#define PKT_ALIAS_SAME_PORTS 0x04 +#define PKT_ALIAS_SAME_PORTS 0x04 /* * If PKT_ALIAS_USE_SOCKETS is set, then when partially specified links (e.g. @@ -168,7 +174,7 @@ * a default mode of operation. */ #ifndef NO_USE_SOCKETS -#define PKT_ALIAS_USE_SOCKETS 0x08 +#define PKT_ALIAS_USE_SOCKETS 0x08 #endif /*- * If PKT_ALIAS_UNREGISTERED_ONLY is set, then only packets with @@ -179,7 +185,7 @@ * 172.16.0.0 -> 172.31.255.255 * 192.168.0.0 -> 192.168.255.255 */ -#define PKT_ALIAS_UNREGISTERED_ONLY 0x10 +#define PKT_ALIAS_UNREGISTERED_ONLY 0x10 /* * If PKT_ALIAS_RESET_ON_ADDR_CHANGE is set, then the table of dynamic @@ -188,19 +194,19 @@ * unchanged by this function call, then the table of dynamic aliasing links * will be left intact. This bit is set after a call to PacketAliasInit(). */ -#define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20 +#define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20 /* * If PKT_ALIAS_PROXY_ONLY is set, then NAT will be disabled and only * transparent proxying is performed. */ -#define PKT_ALIAS_PROXY_ONLY 0x40 +#define PKT_ALIAS_PROXY_ONLY 0x40 /* * If PKT_ALIAS_REVERSE is set, the actions of PacketAliasIn() and * PacketAliasOut() are reversed. */ -#define PKT_ALIAS_REVERSE 0x80 +#define PKT_ALIAS_REVERSE 0x80 #ifndef NO_FW_PUNCH /* @@ -210,14 +216,14 @@ * PacketAliasSetFWBase(). The hole will be attached to that * particular alias_link, so when the link goes away the hole is deleted. */ -#define PKT_ALIAS_PUNCH_FW 0x100 +#define PKT_ALIAS_PUNCH_FW 0x100 #endif /* * If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching * states in 'ipfw nat global' rule. */ -#define PKT_ALIAS_SKIP_GLOBAL 0x200 +#define PKT_ALIAS_SKIP_GLOBAL 0x200 /* * Like PKT_ALIAS_UNREGISTERED_ONLY, but includes the RFC 6598 @@ -225,15 +231,15 @@ * * 100.64.0.0 -> 100.127.255.255 */ -#define PKT_ALIAS_UNREGISTERED_CGN 0x400 +#define PKT_ALIAS_UNREGISTERED_CGN 0x400 /* Function return codes. */ -#define PKT_ALIAS_ERROR -1 -#define PKT_ALIAS_OK 1 -#define PKT_ALIAS_IGNORED 2 -#define PKT_ALIAS_UNRESOLVED_FRAGMENT 3 -#define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4 +#define PKT_ALIAS_ERROR -1 +#define PKT_ALIAS_OK 1 +#define PKT_ALIAS_IGNORED 2 +#define PKT_ALIAS_UNRESOLVED_FRAGMENT 3 +#define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4 -#endif /* !_ALIAS_H_ */ +#endif /* !_ALIAS_H_ */ /* lint -restore */ Index: sys/netinet/libalias/alias.c =================================================================== --- sys/netinet/libalias/alias.c +++ sys/netinet/libalias/alias.c @@ -118,16 +118,17 @@ #include #else #include -#include -#include + #include #include #include +#include +#include #include #endif -#include #include +#include #include #include #include @@ -139,6 +140,7 @@ #include #else #include + #include "alias.h" #include "alias_local.h" #include "alias_mod.h" @@ -183,9 +185,9 @@ */ /* Local prototypes */ -static void TcpMonitorIn(u_char, struct alias_link *); +static void TcpMonitorIn(u_char, struct alias_link *); -static void TcpMonitorOut(u_char, struct alias_link *); +static void TcpMonitorOut(u_char, struct alias_link *); static void TcpMonitorIn(u_char th_flags, struct alias_link *lnk) @@ -261,25 +263,24 @@ */ /* Local prototypes */ -static int IcmpAliasIn1(struct libalias *, struct ip *); -static int IcmpAliasIn2(struct libalias *, struct ip *); -static int IcmpAliasIn(struct libalias *, struct ip *); +static int IcmpAliasIn1(struct libalias *, struct ip *); +static int IcmpAliasIn2(struct libalias *, struct ip *); +static int IcmpAliasIn(struct libalias *, struct ip *); -static int IcmpAliasOut1(struct libalias *, struct ip *, int create); -static int IcmpAliasOut2(struct libalias *, struct ip *); -static int IcmpAliasOut(struct libalias *, struct ip *, int create); +static int IcmpAliasOut1(struct libalias *, struct ip *, int create); +static int IcmpAliasOut2(struct libalias *, struct ip *); +static int IcmpAliasOut(struct libalias *, struct ip *, int create); -static int ProtoAliasIn(struct libalias *la, struct in_addr ip_src, - struct ip *pip, u_char ip_p, u_short *ip_sum); -static int ProtoAliasOut(struct libalias *la, struct ip *pip, - struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, - int create); +static int ProtoAliasIn(struct libalias *la, struct in_addr ip_src, + struct ip *pip, u_char ip_p, u_short *ip_sum); +static int ProtoAliasOut(struct libalias *la, struct ip *pip, + struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create); -static int UdpAliasIn(struct libalias *, struct ip *); -static int UdpAliasOut(struct libalias *, struct ip *, int, int create); +static int UdpAliasIn(struct libalias *, struct ip *); +static int UdpAliasOut(struct libalias *, struct ip *, int, int create); -static int TcpAliasIn(struct libalias *, struct ip *); -static int TcpAliasOut(struct libalias *, struct ip *, int, int create); +static int TcpAliasIn(struct libalias *, struct ip *); +static int TcpAliasOut(struct libalias *, struct ip *, int, int create); /* De-alias incoming echo and timestamp replies. @@ -315,8 +316,8 @@ struct in_addr original_address; original_address = GetOriginalAddress(lnk); - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_dst, 2); pip->ip_dst = original_address; } @@ -347,16 +348,16 @@ ic2 = (struct icmp *)ip_next(ip); if (ip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, - ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); + lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, ud->uh_dport, + ud->uh_sport, IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, - tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); + lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, tc->th_dport, + tc->th_sport, IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { - if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); + if (ic2->icmp_type == ICMP_ECHO || + ic2->icmp_type == ICMP_TSTAMP) + lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src, + ic2->icmp_id, 0); else lnk = NULL; } else @@ -383,8 +384,8 @@ ADJUST_CHECKSUM(accumulate2, ic->icmp_cksum); /* Un-alias address in IP header */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_dst, 2); pip->ip_dst = original_address; /* Un-alias address and port number of @@ -412,8 +413,8 @@ ADJUST_CHECKSUM(accumulate2, ic->icmp_cksum); /* Un-alias address in IP header */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_dst, 2); pip->ip_dst = original_address; /* Un-alias address of original IP packet and @@ -457,8 +458,7 @@ case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - if (dlen < ICMP_ADVLENMIN || - dlen < (size_t)ICMP_ADVLEN(ic)) + if (dlen < ICMP_ADVLENMIN || dlen < (size_t)ICMP_ADVLEN(ic)) return (PKT_ALIAS_IGNORED); iresult = IcmpAliasIn2(la, pip); break; @@ -504,8 +504,8 @@ struct in_addr alias_address; alias_address = GetAliasAddress(lnk); - DifferentialChecksum(&pip->ip_sum, - &alias_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &alias_address, + &pip->ip_src, 2); pip->ip_src = alias_address; } @@ -536,16 +536,16 @@ ic2 = (struct icmp *)ip_next(ip); if (ip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, - ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); + lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, ud->uh_dport, + ud->uh_sport, IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, - tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); + lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, tc->th_dport, + tc->th_sport, IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { - if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); + if (ic2->icmp_type == ICMP_ECHO || + ic2->icmp_type == ICMP_TSTAMP) + lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src, + ic2->icmp_id, 0); else lnk = NULL; } else @@ -657,8 +657,8 @@ machine. */ static int -ProtoAliasIn(struct libalias *la, struct in_addr ip_src, - struct ip *pip, u_char ip_p, u_short *ip_sum) +ProtoAliasIn(struct libalias *la, struct in_addr ip_src, struct ip *pip, + u_char ip_p, u_short *ip_sum) { struct alias_link *lnk; @@ -674,8 +674,8 @@ original_address = GetOriginalAddress(lnk); /* Restore original IP address */ - DifferentialChecksum(ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(ip_sum, &original_address, &pip->ip_dst, + 2); pip->ip_dst = original_address; return (PKT_ALIAS_OK); @@ -689,8 +689,8 @@ the source IP address of the packet. */ static int -ProtoAliasOut(struct libalias *la, struct ip *pip, - struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create) +ProtoAliasOut(struct libalias *la, struct ip *pip, struct in_addr ip_dst, + u_char ip_p, u_short *ip_sum, int create) { struct alias_link *lnk; @@ -710,8 +710,7 @@ alias_address = GetAliasAddress(lnk); /* Change source address */ - DifferentialChecksum(ip_sum, - &alias_address, &pip->ip_src, 2); + DifferentialChecksum(ip_sum, &alias_address, &pip->ip_src, 2); pip->ip_src = alias_address; return (PKT_ALIAS_OK); @@ -719,7 +718,7 @@ return (PKT_ALIAS_IGNORED); } -#define MF_ISSET(_pip) (ntohs((_pip)->ip_off) & IP_MF) +#define MF_ISSET(_pip) (ntohs((_pip)->ip_off) & IP_MF) #define FRAG_NO_HDR(_pip) (ntohs((_pip)->ip_off) & IP_OFFMASK) static struct udphdr * @@ -729,7 +728,8 @@ size_t dlen; #ifdef _KERNEL - KASSERT(!FRAG_NO_HDR(pip), ("header-less fragment isn't expected here")); + KASSERT(!FRAG_NO_HDR(pip), + ("header-less fragment isn't expected here")); #endif dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); if (dlen < sizeof(struct udphdr)) @@ -752,9 +752,9 @@ if (ud == NULL) return (PKT_ALIAS_IGNORED); - lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, - ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); + lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport, + ud->uh_dport, IPPROTO_UDP, + !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); if (lnk != NULL) { struct in_addr alias_address; struct in_addr original_address; @@ -763,15 +763,13 @@ u_short proxy_port; int accumulate; int error; - struct alias_data ad = { - .lnk = lnk, + struct alias_data ad = { .lnk = lnk, .oaddr = &original_address, .aaddr = &alias_address, .aport = &alias_port, .sport = &ud->uh_sport, .dport = &ud->uh_dport, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; alias_address = GetAliasAddress(lnk); original_address = GetOriginalAddress(lnk); @@ -816,14 +814,14 @@ ud->uh_sport = proxy_port; if (proxy_address.s_addr != 0) { - DifferentialChecksum(&pip->ip_sum, - &proxy_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &proxy_address, + &pip->ip_src, 2); pip->ip_src = proxy_address; } /* Restore original IP address */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_dst, 2); pip->ip_dst = original_address; return (PKT_ALIAS_OK); @@ -877,21 +875,18 @@ pip->ip_dst = proxy_server_address; ud->uh_dport = proxy_server_port; } - lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, - ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, create); + lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, ud->uh_sport, + ud->uh_dport, IPPROTO_UDP, create); if (lnk != NULL) { u_short alias_port; struct in_addr alias_address; - struct alias_data ad = { - .lnk = lnk, + struct alias_data ad = { .lnk = lnk, .oaddr = NULL, .aaddr = &alias_address, .aport = &alias_port, .sport = &ud->uh_sport, .dport = &ud->uh_dport, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; /* Save original destination address, if this is a proxy packet. * Also modify packet to include destination encoding. This may @@ -924,8 +919,8 @@ ud->uh_sport = alias_port; /* Change source address */ - DifferentialChecksum(&pip->ip_sum, - &alias_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &alias_address, &pip->ip_src, + 2); pip->ip_src = alias_address; return (PKT_ALIAS_OK); @@ -947,9 +942,8 @@ return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); - lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, - tc->th_sport, tc->th_dport, - IPPROTO_TCP, + lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, tc->th_sport, + tc->th_dport, IPPROTO_TCP, !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); if (lnk != NULL) { struct in_addr alias_address; @@ -965,15 +959,13 @@ * packet and not the original one looks below [*]. */ - struct alias_data ad = { - .lnk = lnk, + struct alias_data ad = { .lnk = lnk, .oaddr = NULL, .aaddr = NULL, .aport = NULL, .sport = &tc->th_sport, .dport = &tc->th_dport, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; /* Walk out chain. */ find_handler(IN, TCP, la, pip, &ad); @@ -1081,8 +1073,8 @@ if (create) proxy_type = ProxyCheck(la, &proxy_server_address, - &proxy_server_port, pip->ip_src, pip->ip_dst, - tc->th_dport, pip->ip_p); + &proxy_server_port, pip->ip_src, pip->ip_dst, tc->th_dport, + pip->ip_p); else proxy_type = 0; @@ -1108,24 +1100,21 @@ accumulate -= twowords(&pip->ip_dst); ADJUST_CHECKSUM(accumulate, pip->ip_sum); } - lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, - tc->th_sport, tc->th_dport, - IPPROTO_TCP, create); + lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, tc->th_sport, + tc->th_dport, IPPROTO_TCP, create); if (lnk == NULL) return (PKT_ALIAS_IGNORED); if (lnk != NULL) { u_short alias_port; struct in_addr alias_address; int accumulate; - struct alias_data ad = { - .lnk = lnk, + struct alias_data ad = { .lnk = lnk, .oaddr = NULL, .aaddr = &alias_address, .aport = &alias_port, .sport = &tc->th_sport, .dport = &tc->th_dport, - .maxpktsize = maxpacketsize - }; + .maxpktsize = maxpacketsize }; /* Save original destination address, if this is a proxy packet. * Also modify packet to include destination @@ -1194,10 +1183,9 @@ */ /* Local prototypes */ -static int FragmentIn(struct libalias *la, struct in_addr ip_src, - struct ip *pip, u_short ip_id, u_short *ip_sum); -static int FragmentOut(struct libalias *, struct ip *pip, - u_short *ip_sum); +static int FragmentIn(struct libalias *la, struct in_addr ip_src, + struct ip *pip, u_short ip_id, u_short *ip_sum); +static int FragmentOut(struct libalias *, struct ip *pip, u_short *ip_sum); static int FragmentIn(struct libalias *la, struct in_addr ip_src, struct ip *pip, @@ -1211,8 +1199,8 @@ struct in_addr original_address; GetFragmentAddr(lnk, &original_address); - DifferentialChecksum(ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(ip_sum, &original_address, &pip->ip_dst, + 2); pip->ip_dst = original_address; return (PKT_ALIAS_OK); @@ -1227,8 +1215,7 @@ LIBALIAS_LOCK_ASSERT(la); alias_address = FindAliasAddress(la, pip->ip_src); - DifferentialChecksum(ip_sum, - &alias_address, &pip->ip_src, 2); + DifferentialChecksum(ip_sum, &alias_address, &pip->ip_src, 2); pip->ip_src = alias_address; return (PKT_ALIAS_OK); @@ -1278,7 +1265,7 @@ if (lnk != NULL) { GetFragmentPtr(lnk, &fptr); SetFragmentPtr(lnk, NULL); - SetExpire(lnk, 0); /* Deletes link */ + SetExpire(lnk, 0); /* Deletes link */ } else fptr = NULL; @@ -1288,8 +1275,8 @@ void LibAliasFragmentIn(struct libalias *la, - void *ptr, /* Points to correctly de-aliased header fragment */ - void *ptr_fragment /* fragment which must be de-aliased */ + void *ptr, /* Points to correctly de-aliased header fragment */ + void *ptr_fragment /* fragment which must be de-aliased */ ) { struct ip *pip; @@ -1300,18 +1287,15 @@ pip = (struct ip *)ptr; fpip = (struct ip *)ptr_fragment; - DifferentialChecksum(&fpip->ip_sum, - &pip->ip_dst, &fpip->ip_dst, 2); + DifferentialChecksum(&fpip->ip_sum, &pip->ip_dst, &fpip->ip_dst, 2); fpip->ip_dst = pip->ip_dst; LIBALIAS_UNLOCK(la); } /* Local prototypes */ -static int -LibAliasOutLocked(struct libalias *la, struct ip *pip, +static int LibAliasOutLocked(struct libalias *la, struct ip *pip, int maxpacketsize, int create); -static int -LibAliasInLocked(struct libalias *la, struct ip *pip, +static int LibAliasInLocked(struct libalias *la, struct ip *pip, int maxpacketsize); int @@ -1341,8 +1325,8 @@ alias_addr = pip->ip_dst; /* Defense against mangled packets */ - if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) { + if (ntohs(pip->ip_len) > maxpacketsize || + (pip->ip_hl << 2) > maxpacketsize) { iresult = PKT_ALIAS_IGNORED; goto getout; } @@ -1371,28 +1355,26 @@ #endif case IPPROTO_GRE: { int error; - struct alias_data ad = { - .lnk = NULL, + struct alias_data ad = { .lnk = NULL, .oaddr = NULL, .aaddr = NULL, .aport = NULL, .sport = NULL, .dport = NULL, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; /* Walk out chain. */ error = find_handler(IN, IP, la, pip, &ad); if (error == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasIn(la, pip->ip_src, - pip, pip->ip_p, &pip->ip_sum); + iresult = ProtoAliasIn(la, pip->ip_src, pip, pip->ip_p, + &pip->ip_sum); break; } default: - iresult = ProtoAliasIn(la, pip->ip_src, pip, - pip->ip_p, &pip->ip_sum); + iresult = ProtoAliasIn(la, pip->ip_src, pip, pip->ip_p, + &pip->ip_sum); break; } @@ -1453,10 +1435,10 @@ } static int -LibAliasOutLocked(struct libalias *la, - struct ip *pip, /* valid IP packet */ - int maxpacketsize, /* How much the packet data may grow (FTP and IRC inline changes) */ - int create /* Create new entries ? */ +LibAliasOutLocked(struct libalias *la, struct ip *pip, /* valid IP packet */ + int maxpacketsize, /* How much the packet data may grow (FTP and IRC inline + changes) */ + int create /* Create new entries ? */ ) { int iresult; @@ -1471,8 +1453,8 @@ HouseKeeping(la); /* Defense against mangled packets */ - if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) { + if (ntohs(pip->ip_len) > maxpacketsize || + (pip->ip_hl << 2) > maxpacketsize) { iresult = PKT_ALIAS_IGNORED; goto getout; } @@ -1487,11 +1469,14 @@ addr = ntohl(pip->ip_src.s_addr); if (addr >= UNREG_ADDR_C_LOWER && addr <= UNREG_ADDR_C_UPPER) iclass = 3; - else if (addr >= UNREG_ADDR_B_LOWER && addr <= UNREG_ADDR_B_UPPER) + else if (addr >= UNREG_ADDR_B_LOWER && + addr <= UNREG_ADDR_B_UPPER) iclass = 2; - else if (addr >= UNREG_ADDR_A_LOWER && addr <= UNREG_ADDR_A_UPPER) + else if (addr >= UNREG_ADDR_A_LOWER && + addr <= UNREG_ADDR_A_UPPER) iclass = 1; - else if (addr >= UNREG_ADDR_CGN_LOWER && addr <= UNREG_ADDR_CGN_UPPER && + else if (addr >= UNREG_ADDR_CGN_LOWER && + addr <= UNREG_ADDR_CGN_UPPER && la->packetAliasMode & PKT_ALIAS_UNREGISTERED_CGN) iclass = 4; @@ -1525,27 +1510,25 @@ #endif case IPPROTO_GRE: { int error; - struct alias_data ad = { - .lnk = NULL, + struct alias_data ad = { .lnk = NULL, .oaddr = NULL, .aaddr = NULL, .aport = NULL, .sport = NULL, .dport = NULL, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; /* Walk out chain. */ error = find_handler(OUT, IP, la, pip, &ad); if (error == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasOut(la, pip, - pip->ip_dst, pip->ip_p, &pip->ip_sum, create); + iresult = ProtoAliasOut(la, pip, pip->ip_dst, pip->ip_p, + &pip->ip_sum, create); break; - } + } default: - iresult = ProtoAliasOut(la, pip, - pip->ip_dst, pip->ip_p, &pip->ip_sum, create); + iresult = ProtoAliasOut(la, pip, pip->ip_dst, pip->ip_p, + &pip->ip_sum, create); break; } @@ -1556,9 +1539,8 @@ } int -LibAliasUnaliasOut(struct libalias *la, - void *ptr, /* valid IP packet */ - int maxpacketsize /* for error checking */ +LibAliasUnaliasOut(struct libalias *la, void *ptr, /* valid IP packet */ + int maxpacketsize /* for error checking */ ) { struct ip *pip; @@ -1572,8 +1554,8 @@ pip = (struct ip *)ptr; /* Defense against mangled packets */ - if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) + if (ntohs(pip->ip_len) > maxpacketsize || + (pip->ip_hl << 2) > maxpacketsize) goto getout; ud = (struct udphdr *)ip_next(pip); @@ -1582,13 +1564,11 @@ /* Find a link */ if (pip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, - ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); + lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, ud->uh_dport, + ud->uh_sport, IPPROTO_UDP, 0); else if (pip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, - tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); + lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, tc->th_dport, + tc->th_sport, IPPROTO_TCP, 0); else if (pip->ip_p == IPPROTO_ICMP) lnk = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0); else @@ -1619,8 +1599,8 @@ } /* Adjust IP checksum */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_src, 2); /* Un-alias source address and port number */ pip->ip_src = original_address; @@ -1646,8 +1626,8 @@ ADJUST_CHECKSUM(accumulate, ic->icmp_cksum); /* Adjust IP checksum */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_src, 2); /* Un-alias source address and port number */ pip->ip_src = original_address; @@ -1704,14 +1684,14 @@ const char *error; moduledata_t *p; - handle = dlopen (path, RTLD_LAZY); + handle = dlopen(path, RTLD_LAZY); if (!handle) { fprintf(stderr, "%s\n", dlerror()); return (EINVAL); } p = dlsym(handle, "alias_mod"); - if ((error = dlerror()) != NULL) { + if ((error = dlerror()) != NULL) { fprintf(stderr, "%s\n", dlerror()); return (EINVAL); } @@ -1728,7 +1708,7 @@ } m = dlsym(t->handle, "handlers"); - if ((error = dlerror()) != NULL) { + if ((error = dlerror()) != NULL) { fprintf(stderr, "%s\n", error); return (EINVAL); } Index: sys/netinet/libalias/alias_db.h =================================================================== --- sys/netinet/libalias/alias_db.h +++ sys/netinet/libalias/alias_db.h @@ -143,48 +143,47 @@ #ifndef _ALIAS_DB_H_ #define _ALIAS_DB_H_ - /* Constants (note: constants are also defined near relevant functions or structs) */ /* Timeouts (in seconds) for different link types */ -#define ICMP_EXPIRE_TIME 60 -#define UDP_EXPIRE_TIME 60 -#define PROTO_EXPIRE_TIME 60 -#define FRAGMENT_ID_EXPIRE_TIME 10 -#define FRAGMENT_PTR_EXPIRE_TIME 30 +#define ICMP_EXPIRE_TIME 60 +#define UDP_EXPIRE_TIME 60 +#define PROTO_EXPIRE_TIME 60 +#define FRAGMENT_ID_EXPIRE_TIME 10 +#define FRAGMENT_PTR_EXPIRE_TIME 30 /* TCP link expire time for different cases */ /* When the link has been used and closed - minimal grace time to allow ACKs and potential re-connect in FTP (XXX - is this allowed?) */ #ifndef TCP_EXPIRE_DEAD -#define TCP_EXPIRE_DEAD 10 +#define TCP_EXPIRE_DEAD 10 #endif /* When the link has been used and closed on one side - the other side is allowed to still send data */ #ifndef TCP_EXPIRE_SINGLEDEAD -#define TCP_EXPIRE_SINGLEDEAD 90 +#define TCP_EXPIRE_SINGLEDEAD 90 #endif /* When the link isn't yet up */ #ifndef TCP_EXPIRE_INITIAL -#define TCP_EXPIRE_INITIAL 300 +#define TCP_EXPIRE_INITIAL 300 #endif /* When the link is up */ #ifndef TCP_EXPIRE_CONNECTED -#define TCP_EXPIRE_CONNECTED 86400 +#define TCP_EXPIRE_CONNECTED 86400 #endif /* Dummy port number codes used for FindLinkIn/Out() and AddLink(). These constants can be anything except zero, which indicates an unknown port number. */ -#define NO_DEST_PORT 1 -#define NO_SRC_PORT 1 +#define NO_DEST_PORT 1 +#define NO_SRC_PORT 1 /* Matches any/unknown address in FindLinkIn/Out() and AddLink(). */ static struct in_addr const ANY_ADDR = { INADDR_ANY }; @@ -218,93 +217,93 @@ /* used to save changes to ACK/sequence numbers */ struct ack_data_record { - u_long ack_old; - u_long ack_new; - int delta; - int active; + u_long ack_old; + u_long ack_new; + int delta; + int active; }; /* Information about TCP connection */ struct tcp_state { - int in; /* State for outside -> inside */ - int out; /* State for inside -> outside */ - int index; /* Index to ACK data array */ + int in; /* State for outside -> inside */ + int out; /* State for inside -> outside */ + int index; /* Index to ACK data array */ /* Indicates whether ACK and sequence numbers been modified */ - int ack_modified; + int ack_modified; }; /* Number of distinct ACK number changes * saved for a modified TCP stream */ -#define N_LINK_TCP_DATA 3 +#define N_LINK_TCP_DATA 3 struct tcp_dat { struct tcp_state state; struct ack_data_record ack[N_LINK_TCP_DATA]; /* Which firewall record is used for this hole? */ - int fwhole; + int fwhole; }; /* LSNAT server pool (circular list) */ struct server { - struct in_addr addr; - u_short port; - struct server *next; + struct in_addr addr; + u_short port; + struct server *next; }; /* Main data structure */ struct alias_link { struct libalias *la; /* Address and port information */ - struct in_addr src_addr; - struct in_addr dst_addr; - struct in_addr alias_addr; - struct in_addr proxy_addr; - u_short src_port; - u_short dst_port; - u_short alias_port; - u_short proxy_port; - struct server *server; + struct in_addr src_addr; + struct in_addr dst_addr; + struct in_addr alias_addr; + struct in_addr proxy_addr; + u_short src_port; + u_short dst_port; + u_short alias_port; + u_short proxy_port; + struct server *server; /* Type of link: TCP, UDP, ICMP, proto, frag */ - int link_type; + int link_type; /* values for link_type */ -#define LINK_ICMP IPPROTO_ICMP -#define LINK_UDP IPPROTO_UDP -#define LINK_TCP IPPROTO_TCP -#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1) -#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2) -#define LINK_ADDR (IPPROTO_MAX + 3) -#define LINK_PPTP (IPPROTO_MAX + 4) - - int flags; /* indicates special characteristics */ - int pflags; /* protocol-specific flags */ +#define LINK_ICMP IPPROTO_ICMP +#define LINK_UDP IPPROTO_UDP +#define LINK_TCP IPPROTO_TCP +#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1) +#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2) +#define LINK_ADDR (IPPROTO_MAX + 3) +#define LINK_PPTP (IPPROTO_MAX + 4) + + int flags; /* indicates special characteristics */ + int pflags; /* protocol-specific flags */ /* flag bits */ -#define LINK_UNKNOWN_DEST_PORT 0x01 -#define LINK_UNKNOWN_DEST_ADDR 0x02 -#define LINK_PERMANENT 0x04 -#define LINK_PARTIALLY_SPECIFIED 0x03 /* logical-or of first two bits */ -#define LINK_UNFIREWALLED 0x08 +#define LINK_UNKNOWN_DEST_PORT 0x01 +#define LINK_UNKNOWN_DEST_ADDR 0x02 +#define LINK_PERMANENT 0x04 +#define LINK_PARTIALLY_SPECIFIED 0x03 /* logical-or of first two bits */ +#define LINK_UNFIREWALLED 0x08 - int timestamp; /* Time link was last accessed */ + int timestamp; /* Time link was last accessed */ #ifndef NO_USE_SOCKETS - int sockfd; /* socket descriptor */ + int sockfd; /* socket descriptor */ #endif /* Linked list of pointers for input and output lookup tables */ union { struct { SPLAY_ENTRY(alias_link) out; - LIST_ENTRY (alias_link) in; + LIST_ENTRY(alias_link) in; } all; struct { - LIST_ENTRY (alias_link) list; + LIST_ENTRY(alias_link) list; } pptp; }; struct { TAILQ_ENTRY(alias_link) list; - int time; /* Expire time for link */ + int time; /* Expire time for link */ } expire; /* Auxiliary data */ union { - char *frag_ptr; - struct in_addr frag_addr; + char *frag_ptr; + struct in_addr frag_addr; struct tcp_dat *tcp; } data; }; @@ -326,50 +325,61 @@ */ /* Local prototypes */ -static struct group_in * -StartPointIn(struct libalias *, struct in_addr, u_short, int, int); -static int SeqDiff(u_long, u_long); +static struct group_in *StartPointIn(struct libalias *, struct in_addr, u_short, + int, int); +static int SeqDiff(u_long, u_long); #ifndef NO_FW_PUNCH /* Firewall control */ -static void InitPunchFW(struct libalias *); -static void UninitPunchFW(struct libalias *); -static void ClearFWHole(struct alias_link *); +static void InitPunchFW(struct libalias *); +static void UninitPunchFW(struct libalias *); +static void ClearFWHole(struct alias_link *); #endif /* Log file control */ -static void ShowAliasStats(struct libalias *); -static int InitPacketAliasLog(struct libalias *); -static void UninitPacketAliasLog(struct libalias *); - -void SctpShowAliasStats(struct libalias *la); +static void ShowAliasStats(struct libalias *); +static int InitPacketAliasLog(struct libalias *); +static void UninitPacketAliasLog(struct libalias *); +void SctpShowAliasStats(struct libalias *la); /* Splay handling */ static inline int -cmp_out(struct alias_link *a, struct alias_link *b) { +cmp_out(struct alias_link *a, struct alias_link *b) +{ int i = a->src_port - b->src_port; - if (i != 0) return (i); - if (a->src_addr.s_addr > b->src_addr.s_addr) return (1); - if (a->src_addr.s_addr < b->src_addr.s_addr) return (-1); - if (a->dst_addr.s_addr > b->dst_addr.s_addr) return (1); - if (a->dst_addr.s_addr < b->dst_addr.s_addr) return (-1); + if (i != 0) + return (i); + if (a->src_addr.s_addr > b->src_addr.s_addr) + return (1); + if (a->src_addr.s_addr < b->src_addr.s_addr) + return (-1); + if (a->dst_addr.s_addr > b->dst_addr.s_addr) + return (1); + if (a->dst_addr.s_addr < b->dst_addr.s_addr) + return (-1); i = a->dst_port - b->dst_port; - if (i != 0) return (i); + if (i != 0) + return (i); i = a->link_type - b->link_type; return (i); } SPLAY_PROTOTYPE(splay_out, alias_link, all.out, cmp_out); static inline int -cmp_in(struct group_in *a, struct group_in *b) { +cmp_in(struct group_in *a, struct group_in *b) +{ int i = a->alias_port - b->alias_port; - if (i != 0) return (i); + if (i != 0) + return (i); i = a->link_type - b->link_type; - if (i != 0) return (i); - if (a->alias_addr.s_addr > b->alias_addr.s_addr) return (1); - if (a->alias_addr.s_addr < b->alias_addr.s_addr) return (-1); + if (i != 0) + return (i); + if (a->alias_addr.s_addr > b->alias_addr.s_addr) + return (1); + if (a->alias_addr.s_addr < b->alias_addr.s_addr) + return (-1); return (0); } SPLAY_PROTOTYPE(splay_in, group_in, in, cmp_in); @@ -396,47 +406,43 @@ */ /* Local prototypes */ -static int GetNewPort(struct libalias *, struct alias_link *, int); +static int GetNewPort(struct libalias *, struct alias_link *, int); #ifndef NO_USE_SOCKETS -static u_short GetSocket(struct libalias *, u_short, int *, int); +static u_short GetSocket(struct libalias *, u_short, int *, int); #endif -static void CleanupAliasData(struct libalias *, int); -static void CleanupLink(struct libalias *, struct alias_link **, int); -static void DeleteLink(struct alias_link **, int); -static struct alias_link * -UseLink(struct libalias *, struct alias_link *); +static void CleanupAliasData(struct libalias *, int); +static void CleanupLink(struct libalias *, struct alias_link **, int); +static void DeleteLink(struct alias_link **, int); +static struct alias_link *UseLink(struct libalias *, struct alias_link *); -static struct alias_link * -ReLink(struct alias_link *, - struct in_addr, struct in_addr, struct in_addr, - u_short, u_short, int, int, int); +static struct alias_link *ReLink(struct alias_link *, struct in_addr, + struct in_addr, struct in_addr, u_short, u_short, int, int, int); -static struct alias_link * -FindLinkOut(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int); +static struct alias_link *FindLinkOut(struct libalias *, struct in_addr, + struct in_addr, u_short, u_short, int, int); -static struct alias_link * -FindLinkIn(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int); +static struct alias_link *FindLinkIn(struct libalias *, struct in_addr, + struct in_addr, u_short, u_short, int, int); static u_short _RandomPort(struct libalias *la); -#define GET_NEW_PORT_MAX_ATTEMPTS 20 - +#define GET_NEW_PORT_MAX_ATTEMPTS 20 #ifndef NO_FW_PUNCH static void ClearAllFWHoles(struct libalias *la); -#define fw_setfield(la, field, num) \ -do { \ - (field)[(num) - la->fireWallBaseNum] = 1; \ -} /*lint -save -e717 */ while(0)/* lint -restore */ +#define fw_setfield(la, field, num) \ + do { \ + (field)[(num)-la->fireWallBaseNum] = 1; \ + } /*lint -save -e717 */ while (0) /* lint -restore */ -#define fw_clrfield(la, field, num) \ -do { \ - (field)[(num) - la->fireWallBaseNum] = 0; \ -} /*lint -save -e717 */ while(0)/* lint -restore */ +#define fw_clrfield(la, field, num) \ + do { \ + (field)[(num)-la->fireWallBaseNum] = 0; \ + } /*lint -save -e717 */ while (0) /* lint -restore */ -#define fw_tstfield(la, field, num) ((field)[(num) - la->fireWallBaseNum]) +#define fw_tstfield(la, field, num) ((field)[(num)-la->fireWallBaseNum]) #endif /* !NO_FW_PUNCH */ Index: sys/netinet/libalias/alias_db.c =================================================================== --- sys/netinet/libalias/alias_db.c +++ sys/netinet/libalias/alias_db.c @@ -28,31 +28,34 @@ #include #ifdef _KERNEL -#include #include -#include #include +#include #include #include #include #include + +#include #else -#include -#include -#include #include #include + +#include +#include +#include #include #endif #include + #include #ifdef _KERNEL +#include #include #include #include -#include #else #include "alias.h" #include "alias_local.h" @@ -84,9 +87,7 @@ } } -static moduledata_t alias_mod = { - "alias", alias_mod_handler, NULL -}; +static moduledata_t alias_mod = { "alias", alias_mod_handler, NULL }; DECLARE_MODULE(alias, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); #endif @@ -95,16 +96,13 @@ SPLAY_GENERATE(splay_in, group_in, in, cmp_in); static struct group_in * -StartPointIn(struct libalias *la, - struct in_addr alias_addr, u_short alias_port, int link_type, - int create) +StartPointIn(struct libalias *la, struct in_addr alias_addr, u_short alias_port, + int link_type, int create) { struct group_in *grp; - struct group_in needle = { - .alias_addr = alias_addr, + struct group_in needle = { .alias_addr = alias_addr, .alias_port = alias_port, - .link_type = link_type - }; + .link_type = link_type }; grp = SPLAY_FIND(splay_in, &la->linkSplayIn, &needle); if (grp != NULL || !create || (grp = malloc(sizeof(*grp))) == NULL) @@ -121,10 +119,10 @@ static int SeqDiff(u_long x, u_long y) { -/* Return the difference between two TCP sequence numbers - * This function is encapsulated in case there are any unusual - * arithmetic conditions that need to be considered. - */ + /* Return the difference between two TCP sequence numbers + * This function is encapsulated in case there are any unusual + * arithmetic conditions that need to be considered. + */ return (ntohl(y) - ntohl(x)); } @@ -157,41 +155,38 @@ LIBALIAS_LOCK_ASSERT(la); /* Used for debugging */ if (la->logDesc) { - int tot = la->icmpLinkCount + la->udpLinkCount + - (la->sctpLinkCount>>1) + /* sctp counts half associations */ - la->tcpLinkCount + la->pptpLinkCount + - la->protoLinkCount + la->fragmentIdLinkCount + - la->fragmentPtrLinkCount; + int tot = la->icmpLinkCount + la->udpLinkCount + + (la->sctpLinkCount >> + 1) + /* sctp counts half associations */ + la->tcpLinkCount + + la->pptpLinkCount + la->protoLinkCount + + la->fragmentIdLinkCount + la->fragmentPtrLinkCount; AliasLog(la->logDesc, "icmp=%u, udp=%u, tcp=%u, sctp=%u, pptp=%u, proto=%u, frag_id=%u frag_ptr=%u / tot=%u", - la->icmpLinkCount, - la->udpLinkCount, - la->tcpLinkCount, - la->sctpLinkCount>>1, /* sctp counts half associations */ - la->pptpLinkCount, - la->protoLinkCount, - la->fragmentIdLinkCount, - la->fragmentPtrLinkCount, - tot); + la->icmpLinkCount, la->udpLinkCount, la->tcpLinkCount, + la->sctpLinkCount >> 1, /* sctp counts half associations */ + la->pptpLinkCount, la->protoLinkCount, + la->fragmentIdLinkCount, la->fragmentPtrLinkCount, tot); #ifndef _KERNEL AliasLog(la->logDesc, " (sock=%u)\n", la->sockCount); #endif } } -void SctpShowAliasStats(struct libalias *la) +void +SctpShowAliasStats(struct libalias *la) { ShowAliasStats(la); } /* get random port in network byte order */ static u_short -_RandomPort(struct libalias *la) { +_RandomPort(struct libalias *la) +{ u_short port; - port = la->aliasPortLower + - arc4random_uniform(la->aliasPortLength); + port = la->aliasPortLower + arc4random_uniform(la->aliasPortLength); return ntohs(port); } @@ -214,7 +209,7 @@ * this parameter is zero or positive, it precisely specifies * the port number. GetNewPort() will return this number * without check that it is in use. - * + * * The aliasing port is automatically selected by one of * two methods below: * @@ -222,7 +217,7 @@ * a randomly selected port number. */ if (alias_port_param >= 0 && alias_port_param < 0x10000) { - lnk->alias_port = (u_short) alias_port_param; + lnk->alias_port = (u_short)alias_port_param; return (0); } if (alias_port_param != GET_ALIAS_PORT) { @@ -241,23 +236,24 @@ * this is already in use, the remainder of the * trials will be random. */ - port = (la->packetAliasMode & PKT_ALIAS_SAME_PORTS) - ? lnk->src_port - : _RandomPort(la); + port = (la->packetAliasMode & PKT_ALIAS_SAME_PORTS) ? lnk->src_port : + _RandomPort(la); /* Port number search */ for (i = 0; i < max_trials; i++, port = _RandomPort(la)) { struct group_in *grp; struct alias_link *search_result; - grp = StartPointIn(la, lnk->alias_addr, port, lnk->link_type, 0); + grp = StartPointIn(la, lnk->alias_addr, port, lnk->link_type, + 0); if (grp == NULL) break; LIST_FOREACH(search_result, &grp->full, all.in) { - if (lnk->dst_addr.s_addr == search_result->dst_addr.s_addr && + if (lnk->dst_addr.s_addr == + search_result->dst_addr.s_addr && lnk->dst_port == search_result->dst_port) - break; /* found match */ + break; /* found match */ } if (search_result == NULL) break; @@ -274,8 +270,7 @@ #ifndef NO_USE_SOCKETS if ((la->packetAliasMode & PKT_ALIAS_USE_SOCKETS) && (lnk->flags & LINK_PARTIALLY_SPECIFIED) && - ((lnk->link_type == LINK_TCP) || - (lnk->link_type == LINK_UDP))) { + ((lnk->link_type == LINK_TCP) || (lnk->link_type == LINK_UDP))) { if (!GetSocket(la, port, &lnk->sockfd, lnk->link_type)) { return (-1); } @@ -287,7 +282,7 @@ } #ifndef NO_USE_SOCKETS -static u_short +static u_short GetSocket(struct libalias *la, u_short port_net, int *sockfd, int link_type) { int err; @@ -318,9 +313,7 @@ sock_addr.sin_addr.s_addr = htonl(INADDR_ANY); sock_addr.sin_port = port_net; - err = bind(sock, - (struct sockaddr *)&sock_addr, - sizeof(sock_addr)); + err = bind(sock, (struct sockaddr *)&sock_addr, sizeof(sock_addr)); if (err == 0) { la->sockCount++; *sockfd = sock; @@ -339,14 +332,9 @@ looks for unused triplets: (dest addr, dest port, alias port). */ int -FindNewPortGroup(struct libalias *la, - struct in_addr dst_addr, - struct in_addr alias_addr, - u_short src_port, - u_short dst_port, - u_short port_count, - u_char proto, - u_char align) +FindNewPortGroup(struct libalias *la, struct in_addr dst_addr, + struct in_addr alias_addr, u_short src_port, u_short dst_port, + u_short port_count, u_char proto, u_char align) { int i, j; int max_trials; @@ -399,8 +387,8 @@ u_short port_j = ntohs(port) + j; if ((search_result = FindLinkIn(la, dst_addr, - alias_addr, dst_port, htons(port_j), - link_type, 0)) != NULL) + alias_addr, dst_port, htons(port_j), link_type, + 0)) != NULL) break; } @@ -497,15 +485,14 @@ LIST_REMOVE(lnk, all.in); /* Remove intermediate node, if empty */ - grp = StartPointIn(la, lnk->alias_addr, lnk->alias_port, lnk->link_type, 0); - if (grp != NULL && - LIST_EMPTY(&grp->full) && + grp = StartPointIn(la, lnk->alias_addr, lnk->alias_port, + lnk->link_type, 0); + if (grp != NULL && LIST_EMPTY(&grp->full) && LIST_EMPTY(&grp->partial)) { SPLAY_REMOVE(splay_in, &la->linkSplayIn, grp); free(grp); } - } - break; + } break; } /* remove from housekeeping */ @@ -642,7 +629,8 @@ if (aux_tcp == NULL) { #ifdef LIBALIAS_DEBUG fprintf(stderr, "PacketAlias/AddLink: "); - fprintf(stderr, " cannot allocate auxiliary TCP data\n"); + fprintf(stderr, + " cannot allocate auxiliary TCP data\n"); #endif free(lnk); return (NULL); @@ -657,8 +645,7 @@ aux_tcp->ack[i].active = 0; aux_tcp->fwhole = -1; lnk->data.tcp = aux_tcp; - } - break; + } break; case LINK_PPTP: la->pptpLinkCount++; break; @@ -682,7 +669,8 @@ default: { struct group_in *grp; - grp = StartPointIn(la, alias_addr, lnk->alias_port, link_type, 1); + grp = StartPointIn(la, alias_addr, lnk->alias_port, link_type, + 1); if (grp == NULL) { free(lnk); return (NULL); @@ -696,8 +684,7 @@ LIST_INSERT_HEAD(&grp->partial, lnk, all.in); else LIST_INSERT_HEAD(&grp->full, lnk, all.in); - } - break; + } break; } /* Include the element into the housekeeping list */ @@ -714,26 +701,18 @@ * chosen. If greater than zero, equal to alias port */ static struct alias_link * -ReLink(struct alias_link *old_lnk, - struct in_addr src_addr, - struct in_addr dst_addr, - struct in_addr alias_addr, - u_short src_port, - u_short dst_port, - int alias_port_param, - int link_type, - int deletePermanent) +ReLink(struct alias_link *old_lnk, struct in_addr src_addr, + struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, + u_short dst_port, int alias_port_param, int link_type, int deletePermanent) { struct alias_link *new_lnk; struct libalias *la = old_lnk->la; LIBALIAS_LOCK_ASSERT(la); - new_lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_port, dst_port, alias_port_param, - link_type); + new_lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, + dst_port, alias_port_param, link_type); #ifndef NO_FW_PUNCH - if (new_lnk != NULL && - old_lnk->link_type == LINK_TCP && + if (new_lnk != NULL && old_lnk->link_type == LINK_TCP && old_lnk->data.tcp->fwhole > 0) { PunchFWHole(new_lnk); } @@ -744,18 +723,14 @@ static struct alias_link * _SearchLinkOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short dst_port, - int link_type) { + struct in_addr dst_addr, u_short src_port, u_short dst_port, int link_type) +{ struct alias_link *lnk; - struct alias_link needle = { - .src_addr = src_addr, + struct alias_link needle = { .src_addr = src_addr, .dst_addr = dst_addr, .src_port = src_port, .dst_port = dst_port, - .link_type = link_type - }; + .link_type = link_type }; lnk = SPLAY_FIND(splay_out, &la->linkSplayOut, &needle); return (UseLink(la, lnk)); @@ -763,16 +738,14 @@ static struct alias_link * _FindLinkOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short dst_port, - int link_type, + struct in_addr dst_addr, u_short src_port, u_short dst_port, int link_type, int replace_partial_links) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = _SearchLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type); + lnk = _SearchLinkOut(la, src_addr, dst_addr, src_port, dst_port, + link_type); if (lnk != NULL || !replace_partial_links) return (lnk); @@ -784,26 +757,20 @@ lnk = _SearchLinkOut(la, src_addr, ANY_ADDR, src_port, dst_port, link_type); } - if (lnk == NULL && - (dst_port != 0 || dst_addr.s_addr != INADDR_ANY)) { + if (lnk == NULL && (dst_port != 0 || dst_addr.s_addr != INADDR_ANY)) { lnk = _SearchLinkOut(la, src_addr, ANY_ADDR, src_port, 0, link_type); } if (lnk != NULL) { - lnk = ReLink(lnk, - src_addr, dst_addr, lnk->alias_addr, - src_port, dst_port, lnk->alias_port, - link_type, 0); + lnk = ReLink(lnk, src_addr, dst_addr, lnk->alias_addr, src_port, + dst_port, lnk->alias_port, link_type, 0); } return (lnk); } static struct alias_link * FindLinkOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short dst_port, - int link_type, + struct in_addr dst_addr, u_short src_port, u_short dst_port, int link_type, int replace_partial_links) { struct alias_link *lnk; @@ -821,8 +788,8 @@ */ if (la->aliasAddress.s_addr != INADDR_ANY && src_addr.s_addr == la->aliasAddress.s_addr) { - lnk = _FindLinkOut(la, ANY_ADDR, dst_addr, src_port, dst_port, - link_type, replace_partial_links); + lnk = _FindLinkOut(la, ANY_ADDR, dst_addr, src_port, + dst_port, link_type, replace_partial_links); } } return (lnk); @@ -830,11 +797,8 @@ static struct alias_link * _FindLinkIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short dst_port, - u_short alias_port, - int link_type, - int replace_partial_links) + struct in_addr alias_addr, u_short dst_port, u_short alias_port, + int link_type, int replace_partial_links) { int flags_in; struct group_in *grp; @@ -874,7 +838,7 @@ break; case LINK_UNKNOWN_DEST_PORT: LIST_FOREACH(lnk, &grp->full, all.in) { - if(lnk->dst_addr.s_addr == dst_addr.s_addr) { + if (lnk->dst_addr.s_addr == dst_addr.s_addr) { lnk_unknown_dst_port = lnk; break; } @@ -882,7 +846,7 @@ break; case LINK_UNKNOWN_DEST_ADDR: LIST_FOREACH(lnk, &grp->full, all.in) { - if(lnk->dst_port == dst_port) { + if (lnk->dst_port == dst_port) { lnk_unknown_dst_addr = lnk; break; } @@ -895,7 +859,8 @@ if (lnk_unknown_dst_port == NULL) { LIST_FOREACH(lnk, &grp->partial, all.in) { - int flags = (flags_in | lnk->flags) & LINK_PARTIALLY_SPECIFIED; + int flags = (flags_in | lnk->flags) & + LINK_PARTIALLY_SPECIFIED; if (flags == LINK_PARTIALLY_SPECIFIED && lnk_unknown_all == NULL) @@ -912,14 +877,14 @@ } } - lnk = (lnk_unknown_dst_port != NULL) ? lnk_unknown_dst_port - : (lnk_unknown_dst_addr != NULL) ? lnk_unknown_dst_addr - : lnk_unknown_all; + lnk = (lnk_unknown_dst_port != NULL) ? lnk_unknown_dst_port : + (lnk_unknown_dst_addr != NULL) ? lnk_unknown_dst_addr : + lnk_unknown_all; if (lnk == NULL || !replace_partial_links) return (lnk); - if (lnk->server != NULL) { /* LSNAT link */ + if (lnk->server != NULL) { /* LSNAT link */ src_addr = lnk->server->addr; src_port = lnk->server->port; lnk->server = lnk->server->next; @@ -932,21 +897,16 @@ lnk->src_addr = src_addr; lnk->src_port = src_port; } else { - lnk = ReLink(lnk, - src_addr, dst_addr, alias_addr, - src_port, dst_port, alias_port, - link_type, 0); + lnk = ReLink(lnk, src_addr, dst_addr, alias_addr, src_port, + dst_port, alias_port, link_type, 0); } return (lnk); } static struct alias_link * FindLinkIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short dst_port, - u_short alias_port, - int link_type, - int replace_partial_links) + struct in_addr alias_addr, u_short dst_port, u_short alias_port, + int link_type, int replace_partial_links) { struct alias_link *lnk; @@ -963,8 +923,8 @@ */ if (la->aliasAddress.s_addr != INADDR_ANY && alias_addr.s_addr == la->aliasAddress.s_addr) { - lnk = _FindLinkIn(la, dst_addr, ANY_ADDR, dst_port, alias_port, - link_type, replace_partial_links); + lnk = _FindLinkIn(la, dst_addr, ANY_ADDR, dst_port, + alias_port, link_type, replace_partial_links); } } return (lnk); @@ -988,66 +948,56 @@ struct alias_link * FindIcmpIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short id_alias, - int create) + struct in_addr alias_addr, u_short id_alias, int create) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, dst_addr, alias_addr, - NO_DEST_PORT, id_alias, + lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, id_alias, LINK_ICMP, 0); - if (lnk == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { + if (lnk == NULL && create && + !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; target_addr = FindOriginalAddress(la, alias_addr); - lnk = AddLink(la, target_addr, dst_addr, alias_addr, - id_alias, NO_DEST_PORT, id_alias, - LINK_ICMP); + lnk = AddLink(la, target_addr, dst_addr, alias_addr, id_alias, + NO_DEST_PORT, id_alias, LINK_ICMP); } return (lnk); } struct alias_link * FindIcmpOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short id, - int create) + struct in_addr dst_addr, u_short id, int create) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkOut(la, src_addr, dst_addr, - id, NO_DEST_PORT, - LINK_ICMP, 0); + lnk = FindLinkOut(la, src_addr, dst_addr, id, NO_DEST_PORT, LINK_ICMP, + 0); if (lnk == NULL && create) { struct in_addr alias_addr; alias_addr = FindAliasAddress(la, src_addr); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - id, NO_DEST_PORT, GET_ALIAS_ID, - LINK_ICMP); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, id, + NO_DEST_PORT, GET_ALIAS_ID, LINK_ICMP); } return (lnk); } struct alias_link * FindFragmentIn1(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short ip_id) + struct in_addr alias_addr, u_short ip_id) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, dst_addr, alias_addr, - NO_DEST_PORT, ip_id, + lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID, 0); if (lnk == NULL) { - lnk = AddLink(la, ANY_ADDR, dst_addr, alias_addr, - NO_SRC_PORT, NO_DEST_PORT, ip_id, - LINK_FRAGMENT_ID); + lnk = AddLink(la, ANY_ADDR, dst_addr, alias_addr, NO_SRC_PORT, + NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID); } return (lnk); } @@ -1058,84 +1008,69 @@ struct in_addr alias_addr, u_short ip_id) { LIBALIAS_LOCK_ASSERT(la); - return FindLinkIn(la, dst_addr, alias_addr, - NO_DEST_PORT, ip_id, + return FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID, 0); } struct alias_link * -AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr, - u_short ip_id) +AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr, u_short ip_id) { LIBALIAS_LOCK_ASSERT(la); - return AddLink(la, ANY_ADDR, dst_addr, ANY_ADDR, - NO_SRC_PORT, NO_DEST_PORT, ip_id, - LINK_FRAGMENT_PTR); + return AddLink(la, ANY_ADDR, dst_addr, ANY_ADDR, NO_SRC_PORT, + NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR); } struct alias_link * -FindFragmentPtr(struct libalias *la, struct in_addr dst_addr, - u_short ip_id) +FindFragmentPtr(struct libalias *la, struct in_addr dst_addr, u_short ip_id) { LIBALIAS_LOCK_ASSERT(la); - return FindLinkIn(la, dst_addr, ANY_ADDR, - NO_DEST_PORT, ip_id, + return FindLinkIn(la, dst_addr, ANY_ADDR, NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR, 0); } struct alias_link * FindProtoIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_char proto) + struct in_addr alias_addr, u_char proto) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, dst_addr, alias_addr, - NO_DEST_PORT, 0, - proto, 1); + lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, 0, proto, 1); if (lnk == NULL && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; target_addr = FindOriginalAddress(la, alias_addr); lnk = AddLink(la, target_addr, dst_addr, alias_addr, - NO_SRC_PORT, NO_DEST_PORT, 0, - proto); + NO_SRC_PORT, NO_DEST_PORT, 0, proto); } return (lnk); } struct alias_link * FindProtoOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_char proto) + struct in_addr dst_addr, u_char proto) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkOut(la, src_addr, dst_addr, - NO_SRC_PORT, NO_DEST_PORT, + lnk = FindLinkOut(la, src_addr, dst_addr, NO_SRC_PORT, NO_DEST_PORT, proto, 1); if (lnk == NULL) { struct in_addr alias_addr; alias_addr = FindAliasAddress(la, src_addr); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - NO_SRC_PORT, NO_DEST_PORT, 0, - proto); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, + NO_DEST_PORT, 0, proto); } return (lnk); } struct alias_link * FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short dst_port, - u_short alias_port, - u_char proto, - int create) + struct in_addr alias_addr, u_short dst_port, u_short alias_port, + u_char proto, int create) { int link_type; struct alias_link *lnk; @@ -1153,27 +1088,23 @@ break; } - lnk = FindLinkIn(la, dst_addr, alias_addr, - dst_port, alias_port, + lnk = FindLinkIn(la, dst_addr, alias_addr, dst_port, alias_port, link_type, create); - if (lnk == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { + if (lnk == NULL && create && + !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; target_addr = FindOriginalAddress(la, alias_addr); - lnk = AddLink(la, target_addr, dst_addr, alias_addr, - alias_port, dst_port, alias_port, - link_type); + lnk = AddLink(la, target_addr, dst_addr, alias_addr, alias_port, + dst_port, alias_port, link_type); } return (lnk); } struct alias_link * FindUdpTcpOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short dst_port, - u_char proto, + struct in_addr dst_addr, u_short src_port, u_short dst_port, u_char proto, int create) { int link_type; @@ -1192,39 +1123,35 @@ break; } - lnk = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, create); + lnk = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, + create); if (lnk == NULL && create) { struct in_addr alias_addr; alias_addr = FindAliasAddress(la, src_addr); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_port, dst_port, GET_ALIAS_PORT, - link_type); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, + dst_port, GET_ALIAS_PORT, link_type); } return (lnk); } struct alias_link * -AddPptp(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - struct in_addr alias_addr, - u_int16_t src_call_id) +AddPptp(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, + struct in_addr alias_addr, u_int16_t src_call_id) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_call_id, 0, GET_ALIAS_PORT, - LINK_PPTP); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_call_id, 0, + GET_ALIAS_PORT, LINK_PPTP); return (lnk); } struct alias_link * FindPptpOutByCallId(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_int16_t src_call_id) + struct in_addr dst_addr, u_int16_t src_call_id) { struct alias_link *lnk; @@ -1240,8 +1167,7 @@ struct alias_link * FindPptpOutByPeerCallId(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_int16_t dst_call_id) + struct in_addr dst_addr, u_int16_t dst_call_id) { struct alias_link *lnk; @@ -1257,8 +1183,7 @@ struct alias_link * FindPptpInByCallId(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_int16_t dst_call_id) + struct in_addr alias_addr, u_int16_t dst_call_id) { struct alias_link *lnk; @@ -1275,8 +1200,7 @@ struct alias_link * FindPptpInByPeerCallId(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_int16_t alias_call_id) + struct in_addr alias_addr, u_int16_t alias_call_id) { struct alias_link *lnk; @@ -1292,10 +1216,7 @@ struct alias_link * FindRtspOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short alias_port, - u_char proto) + struct in_addr dst_addr, u_short src_port, u_short alias_port, u_char proto) { int link_type; struct alias_link *lnk; @@ -1319,9 +1240,8 @@ struct in_addr alias_addr; alias_addr = FindAliasAddress(la, src_addr); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_port, 0, alias_port, - link_type); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, 0, + alias_port, link_type); } return (lnk); } @@ -1332,18 +1252,18 @@ struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, ANY_ADDR, alias_addr, - 0, 0, LINK_ADDR, 0); + lnk = FindLinkIn(la, ANY_ADDR, alias_addr, 0, 0, LINK_ADDR, 0); if (lnk == NULL) { if (la->targetAddress.s_addr == INADDR_ANY) return (alias_addr); else if (la->targetAddress.s_addr == INADDR_NONE) return (la->aliasAddress.s_addr != INADDR_ANY) ? - la->aliasAddress : alias_addr; + la->aliasAddress : + alias_addr; else return (la->targetAddress); } else { - if (lnk->server != NULL) { /* LSNAT link */ + if (lnk->server != NULL) { /* LSNAT link */ struct in_addr src_addr; src_addr = lnk->server->addr; @@ -1351,7 +1271,8 @@ return (src_addr); } else if (lnk->src_addr.s_addr == INADDR_ANY) return (la->aliasAddress.s_addr != INADDR_ANY) ? - la->aliasAddress : alias_addr; + la->aliasAddress : + alias_addr; else return (lnk->src_addr); } @@ -1363,15 +1284,16 @@ struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkOut(la, original_addr, ANY_ADDR, - 0, 0, LINK_ADDR, 0); + lnk = FindLinkOut(la, original_addr, ANY_ADDR, 0, 0, LINK_ADDR, 0); if (lnk == NULL) { return (la->aliasAddress.s_addr != INADDR_ANY) ? - la->aliasAddress : original_addr; + la->aliasAddress : + original_addr; } else { if (lnk->alias_addr.s_addr == INADDR_ANY) return (la->aliasAddress.s_addr != INADDR_ANY) ? - la->aliasAddress : original_addr; + la->aliasAddress : + original_addr; else return (lnk->alias_addr); } @@ -1420,7 +1342,7 @@ { /* TCP input state */ switch (state) { - case ALIAS_TCP_STATE_DISCONNECTED: + case ALIAS_TCP_STATE_DISCONNECTED: if (lnk->data.tcp->state.out != ALIAS_TCP_STATE_CONNECTED) lnk->expire.time = TCP_EXPIRE_DEAD; else @@ -1445,7 +1367,7 @@ { /* TCP output state */ switch (state) { - case ALIAS_TCP_STATE_DISCONNECTED: + case ALIAS_TCP_STATE_DISCONNECTED: if (lnk->data.tcp->state.in != ALIAS_TCP_STATE_CONNECTED) lnk->expire.time = TCP_EXPIRE_DEAD; else @@ -1781,11 +1703,10 @@ packets = 0; LibAliasTime = now; } - } /* Do a cleanup for the first packets of the new second only */ if (packets < (la->udpLinkCount + la->tcpLinkCount)) { - struct alias_link * lnk = TAILQ_FIRST(&la->checkExpire); + struct alias_link *lnk = TAILQ_FIRST(&la->checkExpire); CleanupLink(la, &lnk, 0); } @@ -1802,7 +1723,8 @@ ; #else if ((la->logDesc = fopen("/var/log/alias.log", "w"))) - fprintf(la->logDesc, "PacketAlias/InitPacketAliasLog: Packet alias logging enabled.\n"); + fprintf(la->logDesc, + "PacketAlias/InitPacketAliasLog: Packet alias logging enabled.\n"); #endif else return (ENOMEM); /* log initialization failed */ @@ -1849,10 +1771,9 @@ /* Redirection from a specific public addr:port to a private addr:port */ struct alias_link * -LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, u_short src_port, - struct in_addr dst_addr, u_short dst_port, - struct in_addr alias_addr, u_short alias_port, - u_char proto) +LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, + u_short src_port, struct in_addr dst_addr, u_short dst_port, + struct in_addr alias_addr, u_short alias_port, u_char proto) { int link_type; struct alias_link *lnk; @@ -1877,16 +1798,16 @@ goto getout; } - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_port, dst_port, alias_port, - link_type); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, + alias_port, link_type); if (lnk != NULL) { lnk->flags |= LINK_PERMANENT; } #ifdef LIBALIAS_DEBUG else { - fprintf(stderr, "PacketAliasRedirectPort(): " + fprintf(stderr, + "PacketAliasRedirectPort(): " "call to AddLink() failed\n"); } #endif @@ -1898,7 +1819,8 @@ /* Add server to the pool of servers */ int -LibAliasAddServer(struct libalias *la, struct alias_link *lnk, struct in_addr addr, u_short port) +LibAliasAddServer(struct libalias *la, struct alias_link *lnk, + struct in_addr addr, u_short port) { struct server *server; int res; @@ -1947,23 +1869,21 @@ public address to a private address */ struct alias_link * LibAliasRedirectProto(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - struct in_addr alias_addr, - u_char proto) + struct in_addr dst_addr, struct in_addr alias_addr, u_char proto) { struct alias_link *lnk; LIBALIAS_LOCK(la); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - NO_SRC_PORT, NO_DEST_PORT, 0, - proto); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, + NO_DEST_PORT, 0, proto); if (lnk != NULL) { lnk->flags |= LINK_PERMANENT; } #ifdef LIBALIAS_DEBUG else { - fprintf(stderr, "PacketAliasRedirectProto(): " + fprintf(stderr, + "PacketAliasRedirectProto(): " "call to AddLink() failed\n"); } #endif @@ -1980,16 +1900,15 @@ struct alias_link *lnk; LIBALIAS_LOCK(la); - lnk = AddLink(la, src_addr, ANY_ADDR, alias_addr, - 0, 0, 0, - LINK_ADDR); + lnk = AddLink(la, src_addr, ANY_ADDR, alias_addr, 0, 0, 0, LINK_ADDR); if (lnk != NULL) { lnk->flags |= LINK_PERMANENT; } #ifdef LIBALIAS_DEBUG else { - fprintf(stderr, "PacketAliasRedirectAddr(): " + fprintf(stderr, + "PacketAliasRedirectAddr(): " "call to AddLink() failed\n"); } #endif @@ -2032,8 +1951,8 @@ LibAliasSetAddress(struct libalias *la, struct in_addr addr) { LIBALIAS_LOCK(la); - if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE - && la->aliasAddress.s_addr != addr.s_addr) + if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE && + la->aliasAddress.s_addr != addr.s_addr) CleanupAliasData(la, 0); la->aliasAddress = addr; @@ -2047,7 +1966,8 @@ LIBALIAS_LOCK(la); if (port_low) { la->aliasPortLower = port_low; - /* Add 1 to the aliasPortLength as modulo has range of 1 to n-1 */ + /* Add 1 to the aliasPortLength as modulo has range of 1 to n-1 + */ la->aliasPortLength = port_high - port_low + 1; } else { /* Set default values */ @@ -2077,7 +1997,7 @@ { if (la == NULL) { #ifdef _KERNEL -#undef malloc /* XXX: ugly */ +#undef malloc /* XXX: ugly */ la = malloc(sizeof *la, M_ALIAS, M_WAITOK | M_ZERO); #else la = calloc(sizeof *la, 1); @@ -2166,11 +2086,10 @@ /* Change mode for some operations */ unsigned int -LibAliasSetMode( - struct libalias *la, - unsigned int flags, /* Which state to bring flags to */ - unsigned int mask /* Mask of which flags to affect (use 0 to - * do a probe for flag values) */ +LibAliasSetMode(struct libalias *la, + unsigned int flags, /* Which state to bring flags to */ + unsigned int mask /* Mask of which flags to affect (use 0 to + * do a probe for flag values) */ ) { int res = -1; @@ -2211,8 +2130,9 @@ /* Firewall include files */ #include #include -#include + #include +#include /* * helper function, updates the pointer to cmd with the length @@ -2220,7 +2140,7 @@ * the new command in case it has been clobbered before. */ static ipfw_insn * -next_cmd(ipfw_insn * cmd) +next_cmd(ipfw_insn *cmd) { cmd += F_LEN(cmd); bzero(cmd, sizeof(*cmd)); @@ -2232,8 +2152,8 @@ * Existing flags are preserved. */ static ipfw_insn * -fill_cmd(ipfw_insn * cmd, enum ipfw_opcodes opcode, int size, - int flags, u_int16_t arg) +fill_cmd(ipfw_insn *cmd, enum ipfw_opcodes opcode, int size, int flags, + u_int16_t arg) { cmd->opcode = opcode; cmd->len = ((cmd->len | flags) & (F_NOT | F_OR)) | (size & F_LEN_MASK); @@ -2242,7 +2162,7 @@ } static ipfw_insn * -fill_ip(ipfw_insn * cmd1, enum ipfw_opcodes opcode, u_int32_t addr) +fill_ip(ipfw_insn *cmd1, enum ipfw_opcodes opcode, u_int32_t addr) { ipfw_insn_ip *cmd = (ipfw_insn_ip *)cmd1; @@ -2251,7 +2171,7 @@ } static ipfw_insn * -fill_one_port(ipfw_insn * cmd1, enum ipfw_opcodes opcode, u_int16_t port) +fill_one_port(ipfw_insn *cmd1, enum ipfw_opcodes opcode, u_int16_t port) { ipfw_insn_u16 *cmd = (ipfw_insn_u16 *)cmd1; @@ -2260,9 +2180,8 @@ } static int -fill_rule(void *buf, int bufsize, int rulenum, - enum ipfw_opcodes action, int proto, - struct in_addr sa, u_int16_t sp, struct in_addr da, u_int16_t dp) +fill_rule(void *buf, int bufsize, int rulenum, enum ipfw_opcodes action, + int proto, struct in_addr sa, u_int16_t sp, struct in_addr da, u_int16_t dp) { struct ip_fw *rule = (struct ip_fw *)buf; ipfw_insn *cmd = (ipfw_insn *)rule->cmd; @@ -2316,15 +2235,14 @@ PunchFWHole(struct alias_link *lnk) { struct libalias *la; - int r; /* Result code */ - struct ip_fw rule; /* On-the-fly built rule */ - int fwhole; /* Where to punch hole */ + int r; /* Result code */ + struct ip_fw rule; /* On-the-fly built rule */ + int fwhole; /* Where to punch hole */ la = lnk->la; /* Don't do anything unless we are asked to */ - if (!(la->packetAliasMode & PKT_ALIAS_PUNCH_FW) || - la->fireWallFD < 0 || + if (!(la->packetAliasMode & PKT_ALIAS_PUNCH_FW) || la->fireWallFD < 0 || lnk->link_type != LINK_TCP) return; @@ -2334,19 +2252,22 @@ /* Find empty slot */ for (fwhole = la->fireWallActiveNum; - fwhole < la->fireWallBaseNum + la->fireWallNumNums && - fw_tstfield(la, la->fireWallField, fwhole); - fwhole++); + fwhole < la->fireWallBaseNum + la->fireWallNumNums && + fw_tstfield(la, la->fireWallField, fwhole); + fwhole++) + ; if (fwhole == la->fireWallBaseNum + la->fireWallNumNums) { for (fwhole = la->fireWallBaseNum; - fwhole < la->fireWallActiveNum && - fw_tstfield(la, la->fireWallField, fwhole); - fwhole++); + fwhole < la->fireWallActiveNum && + fw_tstfield(la, la->fireWallField, fwhole); + fwhole++) + ; if (fwhole == la->fireWallActiveNum) { /* No rule point empty - we can't punch more holes. */ la->fireWallActiveNum = la->fireWallBaseNum; #ifdef LIBALIAS_DEBUG - fprintf(stderr, "libalias: Unable to create firewall hole!\n"); + fprintf(stderr, + "libalias: Unable to create firewall hole!\n"); #endif return; } @@ -2364,19 +2285,20 @@ u_int32_t rulebuf[255]; int i; - i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, - O_ACCEPT, IPPROTO_TCP, - GetOriginalAddress(lnk), ntohs(GetOriginalPort(lnk)), - GetDestAddress(lnk), ntohs(GetDestPort(lnk))); - r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); + i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, O_ACCEPT, + IPPROTO_TCP, GetOriginalAddress(lnk), + ntohs(GetOriginalPort(lnk)), GetDestAddress(lnk), + ntohs(GetDestPort(lnk))); + r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, + i); if (r) err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)"); - i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, - O_ACCEPT, IPPROTO_TCP, - GetDestAddress(lnk), ntohs(GetDestPort(lnk)), + i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, O_ACCEPT, + IPPROTO_TCP, GetDestAddress(lnk), ntohs(GetDestPort(lnk)), GetOriginalAddress(lnk), ntohs(GetOriginalPort(lnk))); - r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); + r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, + i); if (r) err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)"); } @@ -2395,15 +2317,17 @@ la = lnk->la; if (lnk->link_type == LINK_TCP) { - int fwhole = lnk->data.tcp->fwhole; /* Where is the firewall hole? */ + int fwhole = + lnk->data.tcp->fwhole; /* Where is the firewall hole? */ struct ip_fw rule; if (fwhole < 0) return; - memset(&rule, 0, sizeof rule); /* useless for ipfw2 */ + memset(&rule, 0, sizeof rule); /* useless for ipfw2 */ while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, - &fwhole, sizeof fwhole)); + &fwhole, sizeof fwhole)) + ; fw_clrfield(la, la->fireWallField, fwhole); lnk->data.tcp->fwhole = -1; } @@ -2413,17 +2337,20 @@ static void ClearAllFWHoles(struct libalias *la) { - struct ip_fw rule; /* On-the-fly built rule */ + struct ip_fw rule; /* On-the-fly built rule */ int i; if (la->fireWallFD < 0) return; memset(&rule, 0, sizeof rule); - for (i = la->fireWallBaseNum; i < la->fireWallBaseNum + la->fireWallNumNums; i++) { + for (i = la->fireWallBaseNum; + i < la->fireWallBaseNum + la->fireWallNumNums; i++) { int r = i; - while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, sizeof r)); + while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, + sizeof r)) + ; } /* XXX: third arg correct here ? /phk */ memset(la->fireWallField, 0, la->fireWallNumNums); @@ -2454,24 +2381,24 @@ * Find the address to redirect incoming packets */ struct in_addr -FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm) +FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm) { struct alias_link *lnk; struct in_addr redir; LIBALIAS_LOCK_ASSERT(la); lnk = FindLinkIn(la, sm->ip_hdr->ip_src, sm->ip_hdr->ip_dst, - sm->sctp_hdr->dest_port,sm->sctp_hdr->dest_port, LINK_SCTP, 1); + sm->sctp_hdr->dest_port, sm->sctp_hdr->dest_port, LINK_SCTP, 1); if (lnk != NULL) { /* port redirect */ return (lnk->src_addr); } else { - redir = FindOriginalAddress(la,sm->ip_hdr->ip_dst); + redir = FindOriginalAddress(la, sm->ip_hdr->ip_dst); if (redir.s_addr == la->aliasAddress.s_addr || redir.s_addr == la->targetAddress.s_addr) { /* No address found */ - lnk = FindLinkIn(la, sm->ip_hdr->ip_src, sm->ip_hdr->ip_dst, - NO_DEST_PORT, 0, LINK_SCTP, 1); + lnk = FindLinkIn(la, sm->ip_hdr->ip_src, + sm->ip_hdr->ip_dst, NO_DEST_PORT, 0, LINK_SCTP, 1); if (lnk != NULL) /* redirect proto */ return (lnk->src_addr); Index: sys/netinet/libalias/alias_dummy.c =================================================================== --- sys/netinet/libalias/alias_dummy.c +++ sys/netinet/libalias/alias_dummy.c @@ -38,13 +38,14 @@ #include #include #else -#include #include + +#include #include #endif -#include #include +#include #include #include @@ -56,8 +57,8 @@ #include "alias_mod.h" #endif -static void -AliasHandleDummy(struct libalias *la, struct ip *ip, struct alias_data *ah); +static void AliasHandleDummy(struct libalias *la, struct ip *ip, + struct alias_data *ah); static int fingerprint(struct libalias *la, struct alias_data *ah) @@ -74,8 +75,8 @@ * return an OK value. */ if (ntohs(*ah->dport) == 123 || ntohs(*ah->sport) == 456) - return (0); /* I know how to handle it. */ - return (-1); /* I don't recognize this packet. */ + return (0); /* I know how to handle it. */ + return (-1); /* I don't recognize this packet. */ } /* @@ -98,16 +99,12 @@ * ITS EXACT NAME: handlers. */ -struct proto_handler handlers [] = { - { - .pri = 666, - .dir = IN|OUT, - .proto = UDP|TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandler - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 666, + .dir = IN | OUT, + .proto = UDP | TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandler }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -132,9 +129,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_dummy", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_dummy", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_dummy, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); Index: sys/netinet/libalias/alias_ftp.c =================================================================== --- sys/netinet/libalias/alias_ftp.c +++ sys/netinet/libalias/alias_ftp.c @@ -70,20 +70,21 @@ /* Includes */ #ifdef _KERNEL #include -#include #include +#include #include #include #else +#include + #include #include -#include #include #include #endif -#include #include +#include #include #include @@ -98,11 +99,10 @@ #define FTP_CONTROL_PORT_NUMBER 21 -static void -AliasHandleFtpOut(struct libalias *, struct ip *, struct alias_link *, - int maxpacketsize); -static void -AliasHandleFtpIn(struct libalias *, struct ip *, struct alias_link *); +static void AliasHandleFtpOut(struct libalias *, struct ip *, + struct alias_link *, int maxpacketsize); +static void AliasHandleFtpIn(struct libalias *, struct ip *, + struct alias_link *); static int fingerprint_out(struct libalias *la, struct alias_data *ah) @@ -141,23 +141,17 @@ return (0); } -struct proto_handler handlers[] = { - { - .pri = 80, - .dir = OUT, - .proto = TCP, - .fingerprint = &fingerprint_out, - .protohandler = &protohandler_out - }, - { - .pri = 80, - .dir = IN, - .proto = TCP, - .fingerprint = &fingerprint_in, - .protohandler = &protohandler_in - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 80, + .dir = OUT, + .proto = TCP, + .fingerprint = &fingerprint_out, + .protohandler = &protohandler_out }, + { .pri = 80, + .dir = IN, + .proto = TCP, + .fingerprint = &fingerprint_in, + .protohandler = &protohandler_in }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -182,9 +176,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_ftp", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_ftp", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_ftp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -196,7 +188,7 @@ #define MAX_MESSAGE_SIZE 128 /* FTP protocol flags. */ -#define WAIT_CRLF 0x01 +#define WAIT_CRLF 0x01 enum ftp_message_type { FTP_PORT_COMMAND, @@ -206,11 +198,12 @@ FTP_UNKNOWN_MESSAGE }; -static int ParseFtpPortCommand(struct libalias *la, char *, int); -static int ParseFtpEprtCommand(struct libalias *la, char *, int); -static int ParseFtp227Reply(struct libalias *la, char *, int); -static int ParseFtp229Reply(struct libalias *la, char *, int); -static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int); +static int ParseFtpPortCommand(struct libalias *la, char *, int); +static int ParseFtpEprtCommand(struct libalias *la, char *, int); +static int ParseFtp227Reply(struct libalias *la, char *, int); +static int ParseFtp229Reply(struct libalias *la, char *, int); +static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, + int, int); static void AliasHandleFtpOut( @@ -244,13 +237,15 @@ ftp_message_type = FTP_UNKNOWN_MESSAGE; if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) { - /* When aliasing a client, check for the PORT/EPRT command. */ + /* When aliasing a client, check for the PORT/EPRT + * command. */ if (ParseFtpPortCommand(la, sptr, dlen)) ftp_message_type = FTP_PORT_COMMAND; else if (ParseFtpEprtCommand(la, sptr, dlen)) ftp_message_type = FTP_EPRT_COMMAND; } else { - /* When aliasing a server, check for the 227/229 reply. */ + /* When aliasing a server, check for the 227/229 reply. + */ if (ParseFtp227Reply(la, sptr, dlen)) ftp_message_type = FTP_227_REPLY; else if (ParseFtp229Reply(la, sptr, dlen)) { @@ -260,12 +255,13 @@ } if (ftp_message_type != FTP_UNKNOWN_MESSAGE) - NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type); + NewFtpMessage(la, pip, lnk, maxpacketsize, + ftp_message_type); } /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */ - if (dlen) { /* only if there's data */ - sptr = (char *)pip; /* start over at beginning */ + if (dlen) { /* only if there's data */ + sptr = (char *)pip; /* start over at beginning */ tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may have grown */ if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n') pflags &= ~WAIT_CRLF; @@ -277,8 +273,8 @@ static void AliasHandleFtpIn(struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk) /* The link to go through (aliased port) */ + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk) /* The link to go through (aliased port) */ { int hlen, tlen, dlen, pflags; char *sptr; @@ -302,7 +298,7 @@ if (dlen <= MAX_MESSAGE_SIZE && (pflags & WAIT_CRLF) == 0 && ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER && (ParseFtpPortCommand(la, sptr, dlen) != 0 || - ParseFtpEprtCommand(la, sptr, dlen) != 0)) { + ParseFtpEprtCommand(la, sptr, dlen) != 0)) { /* * Alias active mode client requesting data from server * behind NAT. We need to alias server->client connection @@ -314,15 +310,15 @@ } /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */ if (dlen) { - sptr = (char *)pip; /* start over at beginning */ - tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may - * have grown. */ + sptr = (char *)pip; /* start over at beginning */ + tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may + * have grown. */ if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n') pflags &= ~WAIT_CRLF; else pflags |= WAIT_CRLF; SetProtocolFlags(lnk, pflags); - } + } } static int @@ -417,7 +413,7 @@ return (0); addr = port = octet = 0; - delim = '|'; /* XXX gcc -Wuninitialized */ + delim = '|'; /* XXX gcc -Wuninitialized */ state = 0; for (i = 5; i < dlen; i++) { ch = sptr[i]; @@ -429,7 +425,7 @@ } break; case 1: - if (ch == '1') /* IPv4 address */ + if (ch == '1') /* IPv4 address */ state++; else return (0); @@ -578,7 +574,7 @@ return (0); port = 0; - delim = '|'; /* XXX gcc -Wuninitialized */ + delim = '|'; /* XXX gcc -Wuninitialized */ state = 0; for (i = 4; i < dlen; i++) { @@ -631,10 +627,8 @@ } static void -NewFtpMessage(struct libalias *la, struct ip *pip, - struct alias_link *lnk, - int maxpacketsize, - int ftp_message_type) +NewFtpMessage(struct libalias *la, struct ip *pip, struct alias_link *lnk, + int maxpacketsize, int ftp_message_type) { struct alias_link *ftp_lnk; @@ -695,8 +689,9 @@ if (ftp_message_type == FTP_PORT_COMMAND) { /* Generate PORT command string. */ - sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n", - a1, a2, a3, a4, p1, p2); + sprintf(stemp, + "PORT %d,%d,%d,%d,%d,%d\r\n", a1, + a2, a3, a4, p1, p2); } else { /* Generate 227 reply string. */ sprintf(stemp, @@ -711,7 +706,8 @@ break; case FTP_229_REPLY: /* Generate 229 reply string. */ - sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n", + sprintf(stemp, + "229 Entering Extended Passive Mode (|||%d|)\r\n", ntohs(alias_port)); break; } @@ -740,12 +736,9 @@ { u_short new_len; - new_len = htons(hlen + - MIN(slen, maxpacketsize - hlen)); - DifferentialChecksum(&pip->ip_sum, - &new_len, - &pip->ip_len, - 1); + new_len = htons(hlen + MIN(slen, maxpacketsize - hlen)); + DifferentialChecksum(&pip->ip_sum, &new_len, + &pip->ip_len, 1); pip->ip_len = new_len; } Index: sys/netinet/libalias/alias_irc.c =================================================================== --- sys/netinet/libalias/alias_irc.c +++ sys/netinet/libalias/alias_irc.c @@ -50,23 +50,24 @@ /* Includes */ #ifdef _KERNEL #include -#include -#include #include +#include #include +#include #include #else +#include + #include #include -#include +#include #include #include #include -#include #endif -#include #include +#include #include #include @@ -82,23 +83,22 @@ #define IRC_CONTROL_PORT_NUMBER_1 6667 #define IRC_CONTROL_PORT_NUMBER_2 6668 -#define PKTSIZE (IP_MAXPACKET + 1) +#define PKTSIZE (IP_MAXPACKET + 1) char *newpacket; /* Local defines */ #define DBprintf(a) -static void -AliasHandleIrcOut(struct libalias *, struct ip *, struct alias_link *, - int maxpacketsize); +static void AliasHandleIrcOut(struct libalias *, struct ip *, + struct alias_link *, int maxpacketsize); static int fingerprint(struct libalias *la, struct alias_data *ah) { if (ah->dport == NULL || ah->lnk == NULL || ah->maxpktsize == 0) return (-1); - if (ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_1 - || ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_2) + if (ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_1 || + ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_2) return (0); return (-1); } @@ -114,16 +114,12 @@ return (0); } -struct proto_handler handlers[] = { - { - .pri = 90, - .dir = OUT, - .proto = TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandler - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 90, + .dir = OUT, + .proto = TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandler }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -148,9 +144,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_irc", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_irc", mod_handler, NULL }; /* Kernel module definition. */ #ifdef _KERNEL @@ -161,10 +155,10 @@ static void AliasHandleIrcOut(struct libalias *la, - struct ip *pip, /* IP packet to examine */ - struct alias_link *lnk, /* Which link are we on? */ - int maxsize /* Maximum size of IP packet including - * headers */ + struct ip *pip, /* IP packet to examine */ + struct alias_link *lnk, /* Which link are we on? */ + int maxsize /* Maximum size of IP packet including + * headers */ ) { int hlen, tlen, dlen; @@ -172,7 +166,7 @@ u_short true_port; char *sptr; struct tcphdr *tc; - int i; /* Iterator through the source */ + int i; /* Iterator through the source */ /* Calculate data length of TCP packet */ tc = (struct tcphdr *)ip_next(pip); @@ -190,287 +184,288 @@ /* Place string pointer at beginning of data */ sptr = (char *)pip; sptr += hlen; - maxsize -= hlen; /* We're interested in maximum size of - * data, not packet */ + maxsize -= hlen; /* We're interested in maximum size of + * data, not packet */ /* Search for a CTCP command [Note 1] */ for (i = 0; i < dlen; i++) { if (sptr[i] == '\001') goto lFOUND_CTCP; } - return; /* No CTCP commands in */ - /* Handle CTCP commands - the buffer may have to be copied */ - lFOUND_CTCP: - { - unsigned int copyat = i; - unsigned int iCopy = 0; /* How much data have we written to - * copy-back string? */ - unsigned long org_addr; /* Original IP address */ - unsigned short org_port; /* Original source port - * address */ - - lCTCP_START: - if (i >= dlen || iCopy >= PKTSIZE) - goto lPACKET_DONE; - newpacket[iCopy++] = sptr[i++]; /* Copy the CTCP start - * character */ - /* Start of a CTCP */ - if (i + 4 >= dlen) /* Too short for DCC */ - goto lBAD_CTCP; - if (sptr[i + 0] != 'D') - goto lBAD_CTCP; - if (sptr[i + 1] != 'C') - goto lBAD_CTCP; - if (sptr[i + 2] != 'C') - goto lBAD_CTCP; - if (sptr[i + 3] != ' ') - goto lBAD_CTCP; - /* We have a DCC command - handle it! */ - i += 4; /* Skip "DCC " */ - if (iCopy + 4 > PKTSIZE) - goto lPACKET_DONE; - newpacket[iCopy++] = 'D'; - newpacket[iCopy++] = 'C'; - newpacket[iCopy++] = 'C'; - newpacket[iCopy++] = ' '; + return; /* No CTCP commands in */ +/* Handle CTCP commands - the buffer may have to be copied */ +lFOUND_CTCP: { + unsigned int copyat = i; + unsigned int iCopy = 0; /* How much data have we written to + * copy-back string? */ + unsigned long org_addr; /* Original IP address */ + unsigned short org_port; /* Original source port + * address */ + +lCTCP_START: + if (i >= dlen || iCopy >= PKTSIZE) + goto lPACKET_DONE; + newpacket[iCopy++] = sptr[i++]; /* Copy the CTCP start + * character */ + /* Start of a CTCP */ + if (i + 4 >= dlen) /* Too short for DCC */ + goto lBAD_CTCP; + if (sptr[i + 0] != 'D') + goto lBAD_CTCP; + if (sptr[i + 1] != 'C') + goto lBAD_CTCP; + if (sptr[i + 2] != 'C') + goto lBAD_CTCP; + if (sptr[i + 3] != ' ') + goto lBAD_CTCP; + /* We have a DCC command - handle it! */ + i += 4; /* Skip "DCC " */ + if (iCopy + 4 > PKTSIZE) + goto lPACKET_DONE; + newpacket[iCopy++] = 'D'; + newpacket[iCopy++] = 'C'; + newpacket[iCopy++] = 'C'; + newpacket[iCopy++] = ' '; - DBprintf(("Found DCC\n")); - /* - * Skip any extra spaces (should not occur according to - * protocol, but DCC breaks CTCP protocol anyway - */ - while (sptr[i] == ' ') { - if (++i >= dlen) { - DBprintf(("DCC packet terminated in just spaces\n")); - goto lPACKET_DONE; - } + DBprintf(("Found DCC\n")); + /* + * Skip any extra spaces (should not occur according to + * protocol, but DCC breaks CTCP protocol anyway + */ + while (sptr[i] == ' ') { + if (++i >= dlen) { + DBprintf(("DCC packet terminated in just spaces\n")); + goto lPACKET_DONE; } + } - DBprintf(("Transferring command...\n")); - while (sptr[i] != ' ') { - newpacket[iCopy++] = sptr[i]; - if (++i >= dlen || iCopy >= PKTSIZE) { - DBprintf(("DCC packet terminated during command\n")); - goto lPACKET_DONE; - } + DBprintf(("Transferring command...\n")); + while (sptr[i] != ' ') { + newpacket[iCopy++] = sptr[i]; + if (++i >= dlen || iCopy >= PKTSIZE) { + DBprintf(("DCC packet terminated during command\n")); + goto lPACKET_DONE; } - /* Copy _one_ space */ - if (i + 1 < dlen && iCopy < PKTSIZE) - newpacket[iCopy++] = sptr[i++]; + } + /* Copy _one_ space */ + if (i + 1 < dlen && iCopy < PKTSIZE) + newpacket[iCopy++] = sptr[i++]; - DBprintf(("Done command - removing spaces\n")); - /* - * Skip any extra spaces (should not occur according to - * protocol, but DCC breaks CTCP protocol anyway - */ - while (sptr[i] == ' ') { - if (++i >= dlen) { - DBprintf(("DCC packet terminated in just spaces (post-command)\n")); - goto lPACKET_DONE; - } + DBprintf(("Done command - removing spaces\n")); + /* + * Skip any extra spaces (should not occur according to + * protocol, but DCC breaks CTCP protocol anyway + */ + while (sptr[i] == ' ') { + if (++i >= dlen) { + DBprintf(( + "DCC packet terminated in just spaces (post-command)\n")); + goto lPACKET_DONE; } + } - DBprintf(("Transferring filename...\n")); - while (sptr[i] != ' ') { - newpacket[iCopy++] = sptr[i]; - if (++i >= dlen || iCopy >= PKTSIZE) { - DBprintf(("DCC packet terminated during filename\n")); - goto lPACKET_DONE; - } + DBprintf(("Transferring filename...\n")); + while (sptr[i] != ' ') { + newpacket[iCopy++] = sptr[i]; + if (++i >= dlen || iCopy >= PKTSIZE) { + DBprintf(("DCC packet terminated during filename\n")); + goto lPACKET_DONE; } - /* Copy _one_ space */ - if (i + 1 < dlen && iCopy < PKTSIZE) - newpacket[iCopy++] = sptr[i++]; + } + /* Copy _one_ space */ + if (i + 1 < dlen && iCopy < PKTSIZE) + newpacket[iCopy++] = sptr[i++]; - DBprintf(("Done filename - removing spaces\n")); - /* - * Skip any extra spaces (should not occur according to - * protocol, but DCC breaks CTCP protocol anyway - */ - while (sptr[i] == ' ') { - if (++i >= dlen) { - DBprintf(("DCC packet terminated in just spaces (post-filename)\n")); - goto lPACKET_DONE; - } + DBprintf(("Done filename - removing spaces\n")); + /* + * Skip any extra spaces (should not occur according to + * protocol, but DCC breaks CTCP protocol anyway + */ + while (sptr[i] == ' ') { + if (++i >= dlen) { + DBprintf(( + "DCC packet terminated in just spaces (post-filename)\n")); + goto lPACKET_DONE; } + } - DBprintf(("Fetching IP address\n")); - /* Fetch IP address */ - org_addr = 0; - while (i < dlen && isdigit(sptr[i])) { - if (org_addr > ULONG_MAX / 10UL) { /* Terminate on overflow */ - DBprintf(("DCC Address overflow (org_addr == 0x%08lx, next char %c\n", org_addr, sptr[i])); - goto lBAD_CTCP; - } - org_addr *= 10; - org_addr += sptr[i++] - '0'; - } - DBprintf(("Skipping space\n")); - if (i + 1 >= dlen || sptr[i] != ' ') { - DBprintf(("Overflow (%d >= %d) or bad character (%02x) terminating IP address\n", i + 1, dlen, sptr[i])); + DBprintf(("Fetching IP address\n")); + /* Fetch IP address */ + org_addr = 0; + while (i < dlen && isdigit(sptr[i])) { + if (org_addr > ULONG_MAX / 10UL) { /* Terminate on overflow */ + DBprintf(( + "DCC Address overflow (org_addr == 0x%08lx, next char %c\n", + org_addr, sptr[i])); goto lBAD_CTCP; } - /* - * Skip any extra spaces (should not occur according to - * protocol, but DCC breaks CTCP protocol anyway, so we - * might as well play it safe - */ - while (sptr[i] == ' ') { - if (++i >= dlen) { - DBprintf(("Packet failure - space overflow.\n")); - goto lPACKET_DONE; - } - } - DBprintf(("Fetching port number\n")); - /* Fetch source port */ - org_port = 0; - while (i < dlen && isdigit(sptr[i])) { - if (org_port > 6554) { /* Terminate on overflow - * (65536/10 rounded up */ - DBprintf(("DCC: port number overflow\n")); - goto lBAD_CTCP; - } - org_port *= 10; - org_port += sptr[i++] - '0'; + org_addr *= 10; + org_addr += sptr[i++] - '0'; + } + DBprintf(("Skipping space\n")); + if (i + 1 >= dlen || sptr[i] != ' ') { + DBprintf(( + "Overflow (%d >= %d) or bad character (%02x) terminating IP address\n", + i + 1, dlen, sptr[i])); + goto lBAD_CTCP; + } + /* + * Skip any extra spaces (should not occur according to + * protocol, but DCC breaks CTCP protocol anyway, so we + * might as well play it safe + */ + while (sptr[i] == ' ') { + if (++i >= dlen) { + DBprintf(("Packet failure - space overflow.\n")); + goto lPACKET_DONE; } - /* Skip illegal addresses (or early termination) */ - if (i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ')) { - DBprintf(("Bad port termination\n")); + } + DBprintf(("Fetching port number\n")); + /* Fetch source port */ + org_port = 0; + while (i < dlen && isdigit(sptr[i])) { + if (org_port > 6554) { /* Terminate on overflow + * (65536/10 rounded up */ + DBprintf(("DCC: port number overflow\n")); goto lBAD_CTCP; } - DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port)); + org_port *= 10; + org_port += sptr[i++] - '0'; + } + /* Skip illegal addresses (or early termination) */ + if (i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ')) { + DBprintf(("Bad port termination\n")); + goto lBAD_CTCP; + } + DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port)); - /* We've got the address and port - now alias it */ - { - struct alias_link *dcc_lnk; - struct in_addr destaddr; + /* We've got the address and port - now alias it */ + { + struct alias_link *dcc_lnk; + struct in_addr destaddr; - true_port = htons(org_port); - true_addr.s_addr = htonl(org_addr); - destaddr.s_addr = 0; + true_port = htons(org_port); + true_addr.s_addr = htonl(org_addr); + destaddr.s_addr = 0; - /* Sanity/Security checking */ - if (!org_addr || !org_port || - pip->ip_src.s_addr != true_addr.s_addr || - org_port < IPPORT_RESERVED) - goto lBAD_CTCP; + /* Sanity/Security checking */ + if (!org_addr || !org_port || + pip->ip_src.s_addr != true_addr.s_addr || + org_port < IPPORT_RESERVED) + goto lBAD_CTCP; - /* - * Steal the FTP_DATA_PORT - it doesn't really - * matter, and this would probably allow it through - * at least _some_ firewalls. - */ - dcc_lnk = FindUdpTcpOut(la, true_addr, destaddr, - true_port, 0, - IPPROTO_TCP, 1); - DBprintf(("Got a DCC link\n")); - if (dcc_lnk) { - struct in_addr alias_address; /* Address from aliasing */ - u_short alias_port; /* Port given by - * aliasing */ - int n; + /* + * Steal the FTP_DATA_PORT - it doesn't really + * matter, and this would probably allow it through + * at least _some_ firewalls. + */ + dcc_lnk = FindUdpTcpOut(la, true_addr, destaddr, true_port, 0, + IPPROTO_TCP, 1); + DBprintf(("Got a DCC link\n")); + if (dcc_lnk) { + struct in_addr + alias_address; /* Address from aliasing */ + u_short alias_port; /* Port given by + * aliasing */ + int n; #ifndef NO_FW_PUNCH - /* Generate firewall hole as appropriate */ - PunchFWHole(dcc_lnk); + /* Generate firewall hole as appropriate */ + PunchFWHole(dcc_lnk); #endif - alias_address = GetAliasAddress(lnk); - n = snprintf(&newpacket[iCopy], - PKTSIZE - iCopy, - "%lu ", (u_long) htonl(alias_address.s_addr)); - if (n < 0) { - DBprintf(("DCC packet construct failure.\n")); - goto lBAD_CTCP; - } - if ((iCopy += n) >= PKTSIZE) { /* Truncated/fit exactly - * - bad news */ - DBprintf(("DCC constructed packet overflow.\n")); - goto lBAD_CTCP; - } - alias_port = GetAliasPort(dcc_lnk); - n = snprintf(&newpacket[iCopy], - PKTSIZE - iCopy, - "%u", htons(alias_port)); - if (n < 0) { - DBprintf(("DCC packet construct failure.\n")); - goto lBAD_CTCP; - } - iCopy += n; - /* - * Done - truncated cases will be taken - * care of by lBAD_CTCP - */ - DBprintf(("Aliased IP %lu and port %u\n", alias_address.s_addr, (unsigned)alias_port)); + alias_address = GetAliasAddress(lnk); + n = snprintf(&newpacket[iCopy], PKTSIZE - iCopy, "%lu ", + (u_long)htonl(alias_address.s_addr)); + if (n < 0) { + DBprintf(("DCC packet construct failure.\n")); + goto lBAD_CTCP; } - } - /* - * An uninteresting CTCP - state entered right after '\001' - * has been pushed. Also used to copy the rest of a DCC, - * after IP address and port has been handled - */ - lBAD_CTCP: - for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) { - newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ - if (sptr[i] == '\001') { - goto lNORMAL_TEXT; + if ((iCopy += n) >= PKTSIZE) { /* Truncated/fit exactly + * - bad news */ + DBprintf( + ("DCC constructed packet overflow.\n")); + goto lBAD_CTCP; } - } - goto lPACKET_DONE; - /* Normal text */ - lNORMAL_TEXT: - for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) { - newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ - if (sptr[i] == '\001') { - goto lCTCP_START; + alias_port = GetAliasPort(dcc_lnk); + n = snprintf(&newpacket[iCopy], PKTSIZE - iCopy, "%u", + htons(alias_port)); + if (n < 0) { + DBprintf(("DCC packet construct failure.\n")); + goto lBAD_CTCP; } + iCopy += n; + /* + * Done - truncated cases will be taken + * care of by lBAD_CTCP + */ + DBprintf(("Aliased IP %lu and port %u\n", + alias_address.s_addr, (unsigned)alias_port)); + } + } +/* + * An uninteresting CTCP - state entered right after '\001' + * has been pushed. Also used to copy the rest of a DCC, + * after IP address and port has been handled + */ +lBAD_CTCP: + for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) { + newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ + if (sptr[i] == '\001') { + goto lNORMAL_TEXT; } - /* Handle the end of a packet */ - lPACKET_DONE: - iCopy = iCopy > maxsize - copyat ? maxsize - copyat : iCopy; - memcpy(sptr + copyat, newpacket, iCopy); - - /* Save information regarding modified seq and ack numbers */ - { - int delta; - - SetAckModified(lnk); - tc = (struct tcphdr *)ip_next(pip); - delta = GetDeltaSeqOut(tc->th_seq, lnk); - AddSeq(lnk, delta + copyat + iCopy - dlen, pip->ip_hl, - pip->ip_len, tc->th_seq, tc->th_off); + } + goto lPACKET_DONE; +/* Normal text */ +lNORMAL_TEXT: + for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) { + newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ + if (sptr[i] == '\001') { + goto lCTCP_START; } + } +/* Handle the end of a packet */ +lPACKET_DONE: + iCopy = iCopy > maxsize - copyat ? maxsize - copyat : iCopy; + memcpy(sptr + copyat, newpacket, iCopy); + + /* Save information regarding modified seq and ack numbers */ + { + int delta; - /* Revise IP header */ - { - u_short new_len; + SetAckModified(lnk); + tc = (struct tcphdr *)ip_next(pip); + delta = GetDeltaSeqOut(tc->th_seq, lnk); + AddSeq(lnk, delta + copyat + iCopy - dlen, pip->ip_hl, + pip->ip_len, tc->th_seq, tc->th_off); + } - new_len = htons(hlen + iCopy + copyat); - DifferentialChecksum(&pip->ip_sum, - &new_len, - &pip->ip_len, - 1); - pip->ip_len = new_len; - } + /* Revise IP header */ + { + u_short new_len; + + new_len = htons(hlen + iCopy + copyat); + DifferentialChecksum(&pip->ip_sum, &new_len, &pip->ip_len, 1); + pip->ip_len = new_len; + } - /* Compute TCP checksum for revised packet */ - tc->th_sum = 0; + /* Compute TCP checksum for revised packet */ + tc->th_sum = 0; #ifdef _KERNEL - tc->th_x2 = (TH_RES1 >> 8); + tc->th_x2 = (TH_RES1 >> 8); #else - tc->th_sum = TcpChecksum(pip); + tc->th_sum = TcpChecksum(pip); #endif - return; - } + return; +} } /* Notes: [Note 1] - The initial search will most often fail; it could be replaced with a 32-bit specific search. - Such a search would be done for 32-bit unsigned value V: - V ^= 0x01010101; (Search is for null bytes) - if( ((V-0x01010101)^V) & 0x80808080 ) { - (found a null bytes which was a 01 byte) + The initial search will most often fail; it could be replaced with a 32-bit + specific search. Such a search would be done for 32-bit unsigned value V: V ^= + 0x01010101; (Search is for null bytes) if( ((V-0x01010101)^V) & + 0x80808080 ) { (found a null bytes which was a 01 byte) } To assert that the processor is 32-bits, do extern int ircdccar[32]; (32 bits) Index: sys/netinet/libalias/alias_local.h =================================================================== --- sys/netinet/libalias/alias_local.h +++ sys/netinet/libalias/alias_local.h @@ -44,20 +44,20 @@ */ #ifndef _ALIAS_LOCAL_H_ -#define _ALIAS_LOCAL_H_ +#define _ALIAS_LOCAL_H_ -#include #include #include +#include #ifdef _KERNEL -#include #include #include +#include #include /* XXX: LibAliasSetTarget() uses this constant. */ -#define INADDR_NONE 0xffffffff +#define INADDR_NONE 0xffffffff #include #else @@ -65,8 +65,8 @@ #endif /* Sizes of input and output link tables */ -#define GET_ALIAS_PORT -1 -#define GET_ALIAS_ID GET_ALIAS_PORT +#define GET_ALIAS_PORT -1 +#define GET_ALIAS_ID GET_ALIAS_PORT #ifdef _KERNEL #define INET_NTOA_BUF(buf) (buf) @@ -77,78 +77,78 @@ struct proxy_entry; struct group_in { - struct in_addr alias_addr; - u_short alias_port; - int link_type; - SPLAY_ENTRY(group_in) in; - LIST_HEAD(, alias_link) full, partial; + struct in_addr alias_addr; + u_short alias_port; + int link_type; + SPLAY_ENTRY(group_in) in; + LIST_HEAD(, alias_link) full, partial; }; struct libalias { LIST_ENTRY(libalias) instancelist; /* Mode flags documented in alias.h */ - int packetAliasMode; + int packetAliasMode; /* Address written onto source field of IP packet. */ - struct in_addr aliasAddress; + struct in_addr aliasAddress; /* IP address incoming packets are sent to * if no aliasing link already exists */ - struct in_addr targetAddress; + struct in_addr targetAddress; /* Lookup table of pointers to chains of link records. * Each link record is doubly indexed into input and * output lookup tables. */ SPLAY_HEAD(splay_out, alias_link) linkSplayOut; - SPLAY_HEAD(splay_in, group_in) linkSplayIn; - LIST_HEAD (, alias_link) pptpList; + SPLAY_HEAD(splay_in, group_in) linkSplayIn; + LIST_HEAD(, alias_link) pptpList; /* HouseKeeping */ - TAILQ_HEAD (, alias_link) checkExpire; + TAILQ_HEAD(, alias_link) checkExpire; /* Link statistics */ - unsigned int icmpLinkCount; - unsigned int udpLinkCount; - unsigned int tcpLinkCount; - unsigned int pptpLinkCount; - unsigned int protoLinkCount; - unsigned int fragmentIdLinkCount; - unsigned int fragmentPtrLinkCount; - unsigned int sockCount; + unsigned int icmpLinkCount; + unsigned int udpLinkCount; + unsigned int tcpLinkCount; + unsigned int pptpLinkCount; + unsigned int protoLinkCount; + unsigned int fragmentIdLinkCount; + unsigned int fragmentPtrLinkCount; + unsigned int sockCount; /* log descriptor */ #ifdef _KERNEL - char *logDesc; + char *logDesc; #else - FILE *logDesc; + FILE *logDesc; #endif #ifndef NO_FW_PUNCH /* File descriptor to be able to control firewall. * Opened by PacketAliasSetMode on first setting * the PKT_ALIAS_PUNCH_FW flag. */ - int fireWallFD; + int fireWallFD; /* The first firewall entry free for our use */ - int fireWallBaseNum; + int fireWallBaseNum; /* How many entries can we use? */ - int fireWallNumNums; + int fireWallNumNums; /* Which entry did we last use? */ - int fireWallActiveNum; + int fireWallActiveNum; /* bool array for entries */ - char *fireWallField; + char *fireWallField; #endif /* TCP port used by the Skinny protocol. */ - unsigned int skinnyPort; + unsigned int skinnyPort; struct proxy_entry *proxyList; - struct in_addr true_addr; /* in network byte order. */ - u_short true_port; /* in host byte order. */ + struct in_addr true_addr; /* in network byte order. */ + u_short true_port; /* in host byte order. */ /* Port ranges for aliasing. */ - u_short aliasPortLower; - u_short aliasPortLength; + u_short aliasPortLower; + u_short aliasPortLength; /* * sctp code support */ /* counts associations that have progressed to UP and not yet removed */ - int sctpLinkCount; + int sctpLinkCount; #ifdef _KERNEL /* timing queue for keeping track of association timeouts */ struct sctp_nat_timer sctpNatTimer; @@ -169,10 +169,10 @@ #ifdef _KERNEL #define LIBALIAS_LOCK_INIT(l) \ mtx_init(&l->mutex, "per-instance libalias mutex", NULL, MTX_DEF) -#define LIBALIAS_LOCK_ASSERT(l) mtx_assert(&l->mutex, MA_OWNED) -#define LIBALIAS_LOCK(l) mtx_lock(&l->mutex) -#define LIBALIAS_UNLOCK(l) mtx_unlock(&l->mutex) -#define LIBALIAS_LOCK_DESTROY(l) mtx_destroy(&l->mutex) +#define LIBALIAS_LOCK_ASSERT(l) mtx_assert(&l->mutex, MA_OWNED) +#define LIBALIAS_LOCK(l) mtx_lock(&l->mutex) +#define LIBALIAS_UNLOCK(l) mtx_unlock(&l->mutex) +#define LIBALIAS_LOCK_DESTROY(l) mtx_destroy(&l->mutex) #else #define LIBALIAS_LOCK_INIT(l) #define LIBALIAS_LOCK_ASSERT(l) @@ -189,19 +189,19 @@ * subtracting out old words), and "cksum" * is the checksum value to be updated. */ -#define ADJUST_CHECKSUM(acc, cksum) \ - do { \ - acc += cksum; \ - if (acc < 0) { \ - acc = -acc; \ +#define ADJUST_CHECKSUM(acc, cksum) \ + do { \ + acc += cksum; \ + if (acc < 0) { \ + acc = -acc; \ acc = (acc >> 16) + (acc & 0xffff); \ - acc += acc >> 16; \ - cksum = (u_short) ~acc; \ - } else { \ + acc += acc >> 16; \ + cksum = (u_short)~acc; \ + } else { \ acc = (acc >> 16) + (acc & 0xffff); \ - acc += acc >> 16; \ - cksum = (u_short) acc; \ - } \ + acc += acc >> 16; \ + cksum = (u_short)acc; \ + } \ } while (0) /* Prototypes */ @@ -226,120 +226,107 @@ * should be used. */ #ifndef _KERNEL -u_short IpChecksum(struct ip *_pip); -u_short TcpChecksum(struct ip *_pip); +u_short IpChecksum(struct ip *_pip); +u_short TcpChecksum(struct ip *_pip); #endif -void -DifferentialChecksum(u_short * _cksum, void * _new, void * _old, int _n); +void DifferentialChecksum(u_short *_cksum, void *_new, void *_old, int _n); /* Internal data access */ -struct alias_link * -AddLink(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, - struct in_addr alias_addr, u_short src_port, u_short dst_port, - int alias_param, int link_type); -struct alias_link * -FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _id_alias, int _create); -struct alias_link * -FindIcmpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_short _id, int _create); -struct alias_link * -FindFragmentIn1(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _ip_id); -struct alias_link * -FindFragmentIn2(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _ip_id); -struct alias_link * -AddFragmentPtrLink(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); -struct alias_link * -FindFragmentPtr(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); -struct alias_link * -FindProtoIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_char _proto); -struct alias_link * -FindProtoOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, +struct alias_link *AddLink(struct libalias *la, struct in_addr src_addr, + struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, + u_short dst_port, int alias_param, int link_type); +struct alias_link *FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, + struct in_addr _alias_addr, u_short _id_alias, int _create); +struct alias_link *FindIcmpOut(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, u_short _id, int _create); +struct alias_link *FindFragmentIn1(struct libalias *la, + struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); +struct alias_link *FindFragmentIn2(struct libalias *la, + struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); +struct alias_link *AddFragmentPtrLink(struct libalias *la, + struct in_addr _dst_addr, u_short _ip_id); +struct alias_link *FindFragmentPtr(struct libalias *la, + struct in_addr _dst_addr, u_short _ip_id); +struct alias_link *FindProtoIn(struct libalias *la, struct in_addr _dst_addr, + struct in_addr _alias_addr, u_char _proto); +struct alias_link *FindProtoOut(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, u_char _proto); +struct alias_link *FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, + struct in_addr _alias_addr, u_short _dst_port, u_short _alias_port, + u_char _proto, int _create); +struct alias_link *FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, u_short _src_port, u_short _dst_port, + u_char _proto, int _create); +struct alias_link *AddPptp(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, struct in_addr _alias_addr, + u_int16_t _src_call_id); +struct alias_link *FindPptpOutByCallId(struct libalias *la, + struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _src_call_id); +struct alias_link *FindPptpInByCallId(struct libalias *la, + struct in_addr _dst_addr, struct in_addr _alias_addr, + u_int16_t _dst_call_id); +struct alias_link *FindPptpOutByPeerCallId(struct libalias *la, + struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _dst_call_id); +struct alias_link *FindPptpInByPeerCallId(struct libalias *la, + struct in_addr _dst_addr, struct in_addr _alias_addr, + u_int16_t _alias_call_id); +struct alias_link *FindRtspOut(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, u_short _src_port, u_short _alias_port, u_char _proto); -struct alias_link * -FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _dst_port, u_short _alias_port, u_char _proto, int _create); -struct alias_link * -FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_short _src_port, u_short _dst_port, u_char _proto, int _create); -struct alias_link * -AddPptp(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - struct in_addr _alias_addr, u_int16_t _src_call_id); -struct alias_link * -FindPptpOutByCallId(struct libalias *la, struct in_addr _src_addr, - struct in_addr _dst_addr, u_int16_t _src_call_id); -struct alias_link * -FindPptpInByCallId(struct libalias *la, struct in_addr _dst_addr, - struct in_addr _alias_addr, u_int16_t _dst_call_id); -struct alias_link * -FindPptpOutByPeerCallId(struct libalias *la, struct in_addr _src_addr, - struct in_addr _dst_addr, u_int16_t _dst_call_id); -struct alias_link * -FindPptpInByPeerCallId(struct libalias *la, struct in_addr _dst_addr, - struct in_addr _alias_addr, u_int16_t _alias_call_id); -struct alias_link * -FindRtspOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_short _src_port, u_short _alias_port, u_char _proto); -struct in_addr -FindOriginalAddress(struct libalias *la, struct in_addr _alias_addr); -struct in_addr -FindAliasAddress(struct libalias *la, struct in_addr _original_addr); -struct in_addr -FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm); +struct in_addr FindOriginalAddress(struct libalias *la, + struct in_addr _alias_addr); +struct in_addr FindAliasAddress(struct libalias *la, + struct in_addr _original_addr); +struct in_addr FindSctpRedirectAddress(struct libalias *la, + struct sctp_nat_msg *sm); /* External data access/modification */ -int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr, - struct in_addr _alias_addr, u_short _src_port, - u_short _dst_port, u_short _port_count, u_char _proto, - u_char _align); -void GetFragmentAddr(struct alias_link *_lnk, struct in_addr *_src_addr); -void SetFragmentAddr(struct alias_link *_lnk, struct in_addr _src_addr); -void GetFragmentPtr(struct alias_link *_lnk, void **_fptr); -void SetFragmentPtr(struct alias_link *_lnk, void *fptr); -void SetStateIn(struct alias_link *_lnk, int _state); -void SetStateOut(struct alias_link *_lnk, int _state); -int GetStateIn (struct alias_link *_lnk); -int GetStateOut(struct alias_link *_lnk); -struct in_addr GetOriginalAddress(struct alias_link *_lnk); -struct in_addr GetDestAddress(struct alias_link *_lnk); -struct in_addr GetAliasAddress(struct alias_link *_lnk); -struct in_addr GetDefaultAliasAddress(struct libalias *la); -void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr); -u_short GetOriginalPort(struct alias_link *_lnk); -u_short GetAliasPort(struct alias_link *_lnk); -struct in_addr GetProxyAddress(struct alias_link *_lnk); -void SetProxyAddress(struct alias_link *_lnk, struct in_addr _addr); -u_short GetProxyPort(struct alias_link *_lnk); -void SetProxyPort(struct alias_link *_lnk, u_short _port); -void SetAckModified(struct alias_link *_lnk); -int GetAckModified(struct alias_link *_lnk); -int GetDeltaAckIn(u_long, struct alias_link *_lnk); -int GetDeltaSeqOut(u_long, struct alias_link *lnk); -void AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, - u_short ip_len, u_long th_seq, u_int th_off); -void SetExpire (struct alias_link *_lnk, int _expire); -void SetProtocolFlags(struct alias_link *_lnk, int _pflags); -int GetProtocolFlags(struct alias_link *_lnk); -void SetDestCallId(struct alias_link *_lnk, u_int16_t _cid); +int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr, + struct in_addr _alias_addr, u_short _src_port, u_short _dst_port, + u_short _port_count, u_char _proto, u_char _align); +void GetFragmentAddr(struct alias_link *_lnk, struct in_addr *_src_addr); +void SetFragmentAddr(struct alias_link *_lnk, struct in_addr _src_addr); +void GetFragmentPtr(struct alias_link *_lnk, void **_fptr); +void SetFragmentPtr(struct alias_link *_lnk, void *fptr); +void SetStateIn(struct alias_link *_lnk, int _state); +void SetStateOut(struct alias_link *_lnk, int _state); +int GetStateIn(struct alias_link *_lnk); +int GetStateOut(struct alias_link *_lnk); +struct in_addr GetOriginalAddress(struct alias_link *_lnk); +struct in_addr GetDestAddress(struct alias_link *_lnk); +struct in_addr GetAliasAddress(struct alias_link *_lnk); +struct in_addr GetDefaultAliasAddress(struct libalias *la); +void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr); +u_short GetOriginalPort(struct alias_link *_lnk); +u_short GetAliasPort(struct alias_link *_lnk); +struct in_addr GetProxyAddress(struct alias_link *_lnk); +void SetProxyAddress(struct alias_link *_lnk, struct in_addr _addr); +u_short GetProxyPort(struct alias_link *_lnk); +void SetProxyPort(struct alias_link *_lnk, u_short _port); +void SetAckModified(struct alias_link *_lnk); +int GetAckModified(struct alias_link *_lnk); +int GetDeltaAckIn(u_long, struct alias_link *_lnk); +int GetDeltaSeqOut(u_long, struct alias_link *lnk); +void AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, u_short ip_len, + u_long th_seq, u_int th_off); +void SetExpire(struct alias_link *_lnk, int _expire); +void SetProtocolFlags(struct alias_link *_lnk, int _pflags); +int GetProtocolFlags(struct alias_link *_lnk); +void SetDestCallId(struct alias_link *_lnk, u_int16_t _cid); #ifndef NO_FW_PUNCH -void PunchFWHole(struct alias_link *_lnk); +void PunchFWHole(struct alias_link *_lnk); #endif /* Housekeeping function */ -void HouseKeeping(struct libalias *); +void HouseKeeping(struct libalias *); /* Transparent proxy routines */ -int -ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr, - u_short * proxy_server_port, struct in_addr src_addr, +int ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr, + u_short *proxy_server_port, struct in_addr src_addr, struct in_addr dst_addr, u_short dst_port, u_char ip_p); -void -ProxyModify(struct libalias *la, struct alias_link *_lnk, struct ip *_pip, +void ProxyModify(struct libalias *la, struct alias_link *_lnk, struct ip *_pip, int _maxpacketsize, int _proxy_type); /* Tcp specific routines */ @@ -377,4 +364,4 @@ } #endif -#endif /* !_ALIAS_LOCAL_H_ */ +#endif /* !_ALIAS_LOCAL_H_ */ Index: sys/netinet/libalias/alias_mod.h =================================================================== --- sys/netinet/libalias/alias_mod.h +++ sys/netinet/libalias/alias_mod.h @@ -40,21 +40,21 @@ /* Use kernel allocator. */ #if defined(_SYS_MALLOC_H_) #undef malloc -#define malloc(x) malloc(x, M_ALIAS, M_NOWAIT|M_ZERO) -#define calloc(n, x) mallocarray((n), (x), M_ALIAS, M_NOWAIT|M_ZERO) -#define free(x) free(x, M_ALIAS) +#define malloc(x) malloc(x, M_ALIAS, M_NOWAIT | M_ZERO) +#define calloc(n, x) mallocarray((n), (x), M_ALIAS, M_NOWAIT | M_ZERO) +#define free(x) free(x, M_ALIAS) #endif #endif /* Packet flow direction flags. */ -#define IN 0x0001 -#define OUT 0x0002 -#define NODIR 0x4000 +#define IN 0x0001 +#define OUT 0x0002 +#define NODIR 0x4000 /* Working protocol flags. */ -#define IP 0x01 -#define TCP 0x02 -#define UDP 0x04 +#define IP 0x01 +#define TCP 0x02 +#define UDP 0x04 /* * Data passed to protocol handler module, it must be filled @@ -62,12 +62,12 @@ * module is elegible to be called. */ struct alias_data { - struct alias_link *lnk; - struct in_addr *oaddr; /* Original address. */ - struct in_addr *aaddr; /* Alias address. */ - uint16_t *aport; /* Alias port. */ - uint16_t *sport, *dport; /* Source & destination port */ - uint16_t maxpktsize; /* Max packet size. */ + struct alias_link *lnk; + struct in_addr *oaddr; /* Original address. */ + struct in_addr *aaddr; /* Alias address. */ + uint16_t *aport; /* Alias port. */ + uint16_t *sport, *dport; /* Source & destination port */ + uint16_t maxpktsize; /* Max packet size. */ }; /* @@ -75,19 +75,19 @@ * a protocol handler correctly work. */ struct proto_handler { - u_int pri; /* Handler priority. */ - int16_t dir; /* Flow direction. */ - uint8_t proto; /* Working protocol. */ + u_int pri; /* Handler priority. */ + int16_t dir; /* Flow direction. */ + uint8_t proto; /* Working protocol. */ /* Fingerprint * function. */ int (*fingerprint)(struct libalias *, struct alias_data *); /* Aliasing * function. */ - int (*protohandler)(struct libalias *, struct ip *, - struct alias_data *); + int ( + *protohandler)(struct libalias *, struct ip *, struct alias_data *); TAILQ_ENTRY(proto_handler) link; }; /* End of handlers. */ -#define EOH .dir = NODIR +#define EOH .dir = NODIR /* Functions used with protocol handlers. */ int LibAliasAttachHandlers(struct proto_handler *); @@ -102,16 +102,16 @@ * module loaded. In kernel land (kld mode) we don't need to care * care about libalias modules cause it's kld to do it for us. */ -#define DLL_LEN 32 +#define DLL_LEN 32 struct dll { - char name[DLL_LEN]; /* Name of module. */ - void *handle; /* - * Ptr to shared obj obtained through - * dlopen() - use this ptr to get access - * to any symbols from a loaded module - * via dlsym(). - */ - SLIST_ENTRY(dll) next; + char name[DLL_LEN]; /* Name of module. */ + void *handle; /* + * Ptr to shared obj obtained through + * dlopen() - use this ptr to get access + * to any symbols from a loaded module + * via dlsym(). + */ + SLIST_ENTRY(dll) next; }; /* Functions used with dll module. */ @@ -139,9 +139,9 @@ * Struct for registering modules statically via SYSINIT. */ typedef struct moduledata { - const char *name; /* module name */ - modeventhand_t evhand; /* event handler */ - void *priv; /* extra data */ + const char *name; /* module name */ + modeventhand_t evhand; /* event handler */ + void *priv; /* extra data */ } moduledata_t; #endif /* !_KERNEL */ Index: sys/netinet/libalias/alias_mod.c =================================================================== --- sys/netinet/libalias/alias_mod.c +++ sys/netinet/libalias/alias_mod.c @@ -28,19 +28,20 @@ */ #include #ifdef _KERNEL -#include #include +#include #include #include #else -#include -#include #include + #include +#include +#include #endif -#include #include +#include #include #ifdef _KERNEL @@ -52,8 +53,8 @@ #endif /* Protocol and userland module handlers chains. */ -static TAILQ_HEAD(handler_chain, proto_handler) handler_chain = - TAILQ_HEAD_INITIALIZER(handler_chain); +static TAILQ_HEAD(handler_chain, + proto_handler) handler_chain = TAILQ_HEAD_INITIALIZER(handler_chain); static int attach_handler(struct proto_handler *p) @@ -61,8 +62,7 @@ struct proto_handler *b; TAILQ_FOREACH(b, &handler_chain, link) { - if ((b->pri == p->pri) && - (b->dir == p->dir) && + if ((b->pri == p->pri) && (b->dir == p->dir) && (b->proto == p->proto)) return (EEXIST); if (b->pri > p->pri) { Index: sys/netinet/libalias/alias_nbt.c =================================================================== --- sys/netinet/libalias/alias_nbt.c +++ sys/netinet/libalias/alias_nbt.c @@ -47,14 +47,15 @@ #include #include #else -#include #include + +#include #include #include #endif -#include #include +#include #include #include @@ -66,15 +67,14 @@ #include "alias_mod.h" #endif -#define NETBIOS_NS_PORT_NUMBER 137 +#define NETBIOS_NS_PORT_NUMBER 137 #define NETBIOS_DGM_PORT_NUMBER 138 -static int -AliasHandleUdpNbt(struct libalias *, struct ip *, struct alias_link *, - struct in_addr *, u_short); -static int -AliasHandleUdpNbtNS(struct libalias *, struct ip *, struct alias_link *, - struct in_addr *, u_short *, struct in_addr *, u_short *); +static int AliasHandleUdpNbt(struct libalias *, struct ip *, + struct alias_link *, struct in_addr *, u_short); +static int AliasHandleUdpNbtNS(struct libalias *, struct ip *, + struct alias_link *, struct in_addr *, u_short *, struct in_addr *, + u_short *); static int fingerprint1(struct libalias *la, struct alias_data *ah) @@ -82,8 +82,8 @@ if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL || ah->aaddr == NULL || ah->aport == NULL) return (-1); - if (ntohs(*ah->dport) == NETBIOS_DGM_PORT_NUMBER - || ntohs(*ah->sport) == NETBIOS_DGM_PORT_NUMBER) + if (ntohs(*ah->dport) == NETBIOS_DGM_PORT_NUMBER || + ntohs(*ah->sport) == NETBIOS_DGM_PORT_NUMBER) return (0); return (-1); } @@ -100,8 +100,8 @@ if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL || ah->aaddr == NULL || ah->aport == NULL) return (-1); - if (ntohs(*ah->dport) == NETBIOS_NS_PORT_NUMBER - || ntohs(*ah->sport) == NETBIOS_NS_PORT_NUMBER) + if (ntohs(*ah->dport) == NETBIOS_NS_PORT_NUMBER || + ntohs(*ah->sport) == NETBIOS_NS_PORT_NUMBER) return (0); return (-1); } @@ -109,8 +109,8 @@ static int protohandler2in(struct libalias *la, struct ip *pip, struct alias_data *ah) { - AliasHandleUdpNbtNS(la, pip, ah->lnk, ah->aaddr, ah->aport, - ah->oaddr, ah->dport); + AliasHandleUdpNbtNS(la, pip, ah->lnk, ah->aaddr, ah->aport, ah->oaddr, + ah->dport); return (0); } @@ -122,30 +122,22 @@ } /* Kernel module definition. */ -struct proto_handler handlers[] = { - { - .pri = 130, - .dir = IN|OUT, - .proto = UDP, - .fingerprint = &fingerprint1, - .protohandler = &protohandler1 - }, - { - .pri = 140, - .dir = IN, - .proto = UDP, - .fingerprint = &fingerprint2, - .protohandler = &protohandler2in - }, - { - .pri = 140, - .dir = OUT, - .proto = UDP, - .fingerprint = &fingerprint2, - .protohandler = &protohandler2out - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 130, + .dir = IN | OUT, + .proto = UDP, + .fingerprint = &fingerprint1, + .protohandler = &protohandler1 }, + { .pri = 140, + .dir = IN, + .proto = UDP, + .fingerprint = &fingerprint2, + .protohandler = &protohandler2in }, + { .pri = 140, + .dir = OUT, + .proto = UDP, + .fingerprint = &fingerprint2, + .protohandler = &protohandler2out }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -170,9 +162,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_nbt", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_nbt", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_nbt, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -181,44 +171,44 @@ #endif typedef struct { - struct in_addr oldaddr; - u_short oldport; - struct in_addr newaddr; - u_short newport; - u_short *uh_sum; + struct in_addr oldaddr; + u_short oldport; + struct in_addr newaddr; + u_short newport; + u_short *uh_sum; } NBTArguments; typedef struct { - unsigned char type; - unsigned char flags; - u_short id; - struct in_addr source_ip; - u_short source_port; - u_short len; - u_short offset; + unsigned char type; + unsigned char flags; + u_short id; + struct in_addr source_ip; + u_short source_port; + u_short len; + u_short offset; } NbtDataHeader; -#define OpQuery 0 -#define OpUnknown 4 -#define OpRegist 5 -#define OpRelease 6 -#define OpWACK 7 -#define OpRefresh 8 +#define OpQuery 0 +#define OpUnknown 4 +#define OpRegist 5 +#define OpRelease 6 +#define OpWACK 7 +#define OpRefresh 8 typedef struct { - u_short nametrid; - u_short dir:1, opcode:4, nmflags:7, rcode:4; - u_short qdcount; - u_short ancount; - u_short nscount; - u_short arcount; + u_short nametrid; + u_short dir : 1, opcode : 4, nmflags : 7, rcode : 4; + u_short qdcount; + u_short ancount; + u_short nscount; + u_short arcount; } NbtNSHeader; -#define FMT_ERR 0x1 -#define SRV_ERR 0x2 -#define IMP_ERR 0x4 -#define RFS_ERR 0x5 -#define ACT_ERR 0x6 -#define CFT_ERR 0x7 +#define FMT_ERR 0x1 +#define SRV_ERR 0x2 +#define IMP_ERR 0x4 +#define RFS_ERR 0x5 +#define ACT_ERR 0x6 +#define CFT_ERR 0x7 #ifdef LIBALIAS_DEBUG static void @@ -284,7 +274,9 @@ while (s < p) { if (compress == 1) { #ifdef LIBALIAS_DEBUG - c = (u_char) (((((*s & 0x0f) << 4) | (*(s + 1) & 0x0f)) - 0x11)); + c = (u_char)(( + (((*s & 0x0f) << 4) | (*(s + 1) & 0x0f)) - + 0x11)); if (isprint(c)) printf("%c", c); else @@ -315,21 +307,18 @@ /* * NetBios Datagram Handler (IP/UDP) */ -#define DGM_DIRECT_UNIQ 0x10 -#define DGM_DIRECT_GROUP 0x11 -#define DGM_BROADCAST 0x12 -#define DGM_ERROR 0x13 -#define DGM_QUERY 0x14 -#define DGM_POSITIVE_RES 0x15 -#define DGM_NEGATIVE_RES 0x16 +#define DGM_DIRECT_UNIQ 0x10 +#define DGM_DIRECT_GROUP 0x11 +#define DGM_BROADCAST 0x12 +#define DGM_ERROR 0x13 +#define DGM_QUERY 0x14 +#define DGM_POSITIVE_RES 0x15 +#define DGM_NEGATIVE_RES 0x16 static int -AliasHandleUdpNbt( - struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk, - struct in_addr *alias_address, - u_short alias_port) +AliasHandleUdpNbt(struct libalias *la, + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk, struct in_addr *alias_address, u_short alias_port) { struct udphdr *uh; NbtDataHeader *ndh; @@ -357,8 +346,8 @@ case DGM_DIRECT_GROUP: case DGM_BROADCAST: p = (u_char *)ndh + 14; - p = AliasHandleName(p, pmax); /* Source Name */ - p = AliasHandleName(p, pmax); /* Destination Name */ + p = AliasHandleName(p, pmax); /* Source Name */ + p = AliasHandleName(p, pmax); /* Destination Name */ break; case DGM_ERROR: p = (u_char *)ndh + 11; @@ -367,7 +356,7 @@ case DGM_POSITIVE_RES: case DGM_NEGATIVE_RES: p = (u_char *)ndh + 10; - p = AliasHandleName(p, pmax); /* Destination Name */ + p = AliasHandleName(p, pmax); /* Destination Name */ break; } if (p == NULL || (char *)p > pmax) @@ -402,20 +391,17 @@ } /* Question Section */ -#define QS_TYPE_NB 0x0020 -#define QS_TYPE_NBSTAT 0x0021 -#define QS_CLAS_IN 0x0001 +#define QS_TYPE_NB 0x0020 +#define QS_TYPE_NBSTAT 0x0021 +#define QS_CLAS_IN 0x0001 typedef struct { - u_short type; /* The type of Request */ - u_short class; /* The class of Request */ + u_short type; /* The type of Request */ + u_short class; /* The class of Request */ } NBTNsQuestion; static u_char * -AliasHandleQuestion( - u_short count, - NBTNsQuestion * q, - char *pmax, - NBTArguments * nbtarg) +AliasHandleQuestion(u_short count, NBTNsQuestion *q, char *pmax, + NBTArguments *nbtarg) { (void)nbtarg; @@ -435,7 +421,8 @@ break; default: #ifdef LIBALIAS_DEBUG - printf("\nUnknown Type on Question %0x\n", ntohs(q->type)); + printf("\nUnknown Type on Question %0x\n", + ntohs(q->type)); #endif break; } @@ -447,31 +434,28 @@ } /* Resource Record */ -#define RR_TYPE_A 0x0001 -#define RR_TYPE_NS 0x0002 -#define RR_TYPE_NULL 0x000a -#define RR_TYPE_NB 0x0020 -#define RR_TYPE_NBSTAT 0x0021 -#define RR_CLAS_IN 0x0001 -#define SizeOfNsResource 8 +#define RR_TYPE_A 0x0001 +#define RR_TYPE_NS 0x0002 +#define RR_TYPE_NULL 0x000a +#define RR_TYPE_NB 0x0020 +#define RR_TYPE_NBSTAT 0x0021 +#define RR_CLAS_IN 0x0001 +#define SizeOfNsResource 8 typedef struct { - u_short type; - u_short class; - unsigned int ttl; - u_short rdlen; + u_short type; + u_short class; + unsigned int ttl; + u_short rdlen; } NBTNsResource; -#define SizeOfNsRNB 6 +#define SizeOfNsRNB 6 typedef struct { - u_short g:1, ont:2, resv:13; - struct in_addr addr; + u_short g : 1, ont : 2, resv : 13; + struct in_addr addr; } NBTNsRNB; static u_char * -AliasHandleResourceNB( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceNB(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsRNB *nb; u_short bcount; @@ -492,8 +476,7 @@ #ifdef LIBALIAS_DEBUG printf("NB rec[%s->%s, %dbytes] ", inet_ntoa_r(nbtarg->oldaddr, INET_NTOA_BUF(oldbuf)), - inet_ntoa_r(nbtarg->newaddr, INET_NTOA_BUF(newbuf)), - bcount); + inet_ntoa_r(nbtarg->newaddr, INET_NTOA_BUF(newbuf)), bcount); #endif while (nb != NULL && bcount != 0) { if ((char *)(nb + 1) > pmax) { @@ -503,7 +486,8 @@ #ifdef LIBALIAS_DEBUG printf("<%s>", inet_ntoa_r(nb->addr, INET_NTOA_BUF(newbuf))); #endif - if (!bcmp(&nbtarg->oldaddr, &nb->addr, sizeof(struct in_addr))) { + if (!bcmp(&nbtarg->oldaddr, &nb->addr, + sizeof(struct in_addr))) { if (*nbtarg->uh_sum != 0) { int acc; u_short *sptr; @@ -535,16 +519,13 @@ return ((u_char *)nb); } -#define SizeOfResourceA 6 +#define SizeOfResourceA 6 typedef struct { - struct in_addr addr; + struct in_addr addr; } NBTNsResourceA; static u_char * -AliasHandleResourceA( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceA(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsResourceA *a; u_short bcount; @@ -579,17 +560,17 @@ int acc; u_short *sptr; - sptr = (u_short *)&(a->addr); /* Old */ + sptr = (u_short *)&(a->addr); /* Old */ acc = *sptr++; acc += *sptr; - sptr = (u_short *)&nbtarg->newaddr; /* New */ + sptr = (u_short *)&nbtarg->newaddr; /* New */ acc -= *sptr++; acc -= *sptr; ADJUST_CHECKSUM(acc, *nbtarg->uh_sum); } a->addr = nbtarg->newaddr; } - a++; /* XXXX */ + a++; /* XXXX */ bcount -= SizeOfResourceA; } if (a == NULL || (char *)(a + 1) > pmax) @@ -598,14 +579,11 @@ } typedef struct { - u_short opcode:4, flags:8, resv:4; + u_short opcode : 4, flags : 8, resv : 4; } NBTNsResourceNULL; static u_char * -AliasHandleResourceNULL( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceNULL(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsResourceNULL *n; u_short bcount; @@ -637,10 +615,7 @@ } static u_char * -AliasHandleResourceNS( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceNS(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsResourceNULL *n; u_short bcount; @@ -657,7 +632,7 @@ bcount = ntohs(q->rdlen); /* Resource Record Name Filed */ - q = (NBTNsResource *)AliasHandleName((u_char *)n, pmax); /* XXX */ + q = (NBTNsResource *)AliasHandleName((u_char *)n, pmax); /* XXX */ if (q == NULL || (char *)((u_char *)n + bcount) > pmax) return (NULL); @@ -666,14 +641,11 @@ } typedef struct { - u_short numnames; + u_short numnames; } NBTNsResourceNBSTAT; static u_char * -AliasHandleResourceNBSTAT( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceNBSTAT(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsResourceNBSTAT *n; u_short bcount; @@ -696,11 +668,8 @@ } static u_char * -AliasHandleResource( - u_short count, - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResource(u_short count, NBTNsResource *q, char *pmax, + NBTArguments *nbtarg) { while (count != 0) { /* Resource Record Name Filed */ @@ -715,31 +684,29 @@ /* Type and Class filed */ switch (ntohs(q->type)) { case RR_TYPE_NB: - q = (NBTNsResource *)AliasHandleResourceNB( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceNB(q, pmax, + nbtarg); break; case RR_TYPE_A: - q = (NBTNsResource *)AliasHandleResourceA( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceA(q, pmax, + nbtarg); break; case RR_TYPE_NS: - q = (NBTNsResource *)AliasHandleResourceNS( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceNS(q, pmax, + nbtarg); break; case RR_TYPE_NULL: - q = (NBTNsResource *)AliasHandleResourceNULL( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceNULL(q, pmax, + nbtarg); break; case RR_TYPE_NBSTAT: - q = (NBTNsResource *)AliasHandleResourceNBSTAT( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceNBSTAT(q, pmax, + nbtarg); break; default: #ifdef LIBALIAS_DEBUG - printf( - "\nUnknown Type of Resource %0x\n", - ntohs(q->type) - ); + printf("\nUnknown Type of Resource %0x\n", + ntohs(q->type)); fflush(stdout); #endif break; @@ -750,14 +717,10 @@ } static int -AliasHandleUdpNbtNS( - struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk, - struct in_addr *alias_address, - u_short *alias_port, - struct in_addr *original_address, - u_short *original_port) +AliasHandleUdpNbtNS(struct libalias *la, + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk, struct in_addr *alias_address, u_short *alias_port, + struct in_addr *original_address, u_short *original_port) { struct udphdr *uh; NbtNSHeader *nsh; @@ -786,55 +749,32 @@ #ifdef LIBALIAS_DEBUG printf(" [%s] ID=%02x, op=%01x, flag=%02x, rcode=%01x, qd=%04x" - ", an=%04x, ns=%04x, ar=%04x, [%d]-->", - nsh->dir ? "Response" : "Request", - nsh->nametrid, - nsh->opcode, - nsh->nmflags, - nsh->rcode, - ntohs(nsh->qdcount), - ntohs(nsh->ancount), - ntohs(nsh->nscount), - ntohs(nsh->arcount), - (u_char *)p - (u_char *)nsh - ); + ", an=%04x, ns=%04x, ar=%04x, [%d]-->", + nsh->dir ? "Response" : "Request", nsh->nametrid, nsh->opcode, + nsh->nmflags, nsh->rcode, ntohs(nsh->qdcount), ntohs(nsh->ancount), + ntohs(nsh->nscount), ntohs(nsh->arcount), + (u_char *)p - (u_char *)nsh); #endif /* Question Entries */ if (ntohs(nsh->qdcount) != 0) { - p = AliasHandleQuestion( - ntohs(nsh->qdcount), - (NBTNsQuestion *)p, - pmax, - &nbtarg - ); + p = AliasHandleQuestion(ntohs(nsh->qdcount), (NBTNsQuestion *)p, + pmax, &nbtarg); } /* Answer Resource Records */ if (ntohs(nsh->ancount) != 0) { - p = AliasHandleResource( - ntohs(nsh->ancount), - (NBTNsResource *)p, - pmax, - &nbtarg - ); + p = AliasHandleResource(ntohs(nsh->ancount), (NBTNsResource *)p, + pmax, &nbtarg); } /* Authority Resource Recodrs */ if (ntohs(nsh->nscount) != 0) { - p = AliasHandleResource( - ntohs(nsh->nscount), - (NBTNsResource *)p, - pmax, - &nbtarg - ); + p = AliasHandleResource(ntohs(nsh->nscount), (NBTNsResource *)p, + pmax, &nbtarg); } /* Additional Resource Recodrs */ if (ntohs(nsh->arcount) != 0) { - p = AliasHandleResource( - ntohs(nsh->arcount), - (NBTNsResource *)p, - pmax, - &nbtarg - ); + p = AliasHandleResource(ntohs(nsh->arcount), (NBTNsResource *)p, + pmax, &nbtarg); } #ifdef LIBALIAS_DEBUG PrintRcode(nsh->rcode); Index: sys/netinet/libalias/alias_pptp.c =================================================================== --- sys/netinet/libalias/alias_pptp.c +++ sys/netinet/libalias/alias_pptp.c @@ -40,13 +40,14 @@ /* Includes */ #ifdef _KERNEL #include -#include #include +#include #include #else +#include + #include #include -#include #include #endif @@ -64,25 +65,23 @@ #define PPTP_CONTROL_PORT_NUMBER 1723 -static void -AliasHandlePptpOut(struct libalias *, struct ip *, struct alias_link *); +static void AliasHandlePptpOut(struct libalias *, struct ip *, + struct alias_link *); -static void -AliasHandlePptpIn(struct libalias *, struct ip *, struct alias_link *); +static void AliasHandlePptpIn(struct libalias *, struct ip *, + struct alias_link *); -static int -AliasHandlePptpGreOut(struct libalias *, struct ip *); +static int AliasHandlePptpGreOut(struct libalias *, struct ip *); -static int -AliasHandlePptpGreIn(struct libalias *, struct ip *); +static int AliasHandlePptpGreIn(struct libalias *, struct ip *); static int fingerprint(struct libalias *la, struct alias_data *ah) { if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL) return (-1); - if (ntohs(*ah->dport) == PPTP_CONTROL_PORT_NUMBER - || ntohs(*ah->sport) == PPTP_CONTROL_PORT_NUMBER) + if (ntohs(*ah->dport) == PPTP_CONTROL_PORT_NUMBER || + ntohs(*ah->sport) == PPTP_CONTROL_PORT_NUMBER) return (0); return (-1); } @@ -125,42 +124,32 @@ } /* Kernel module definition. */ -struct proto_handler handlers[] = { - { - .pri = 200, - .dir = IN, - .proto = TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandlerin - }, - { - .pri = 210, - .dir = OUT, - .proto = TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandlerout - }, -/* - * WATCH OUT!!! these 2 handlers NEED a priority of INT_MAX (highest possible) - * cause they will ALWAYS process packets, so they must be the last one - * in chain: look fingerprintgre() above. - */ - { - .pri = INT_MAX, - .dir = IN, - .proto = IP, - .fingerprint = &fingerprintgre, - .protohandler = &protohandlergrein - }, - { - .pri = INT_MAX, - .dir = OUT, - .proto = IP, - .fingerprint = &fingerprintgre, - .protohandler = &protohandlergreout - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 200, + .dir = IN, + .proto = TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandlerin }, + { .pri = 210, + .dir = OUT, + .proto = TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandlerout }, + /* + * WATCH OUT!!! these 2 handlers NEED a priority of INT_MAX (highest + * possible) cause they will ALWAYS process packets, so they must be the + * last one in chain: look fingerprintgre() above. + */ + { .pri = INT_MAX, + .dir = IN, + .proto = IP, + .fingerprint = &fingerprintgre, + .protohandler = &protohandlergrein }, + { .pri = INT_MAX, + .dir = OUT, + .proto = IP, + .fingerprint = &fingerprintgre, + .protohandler = &protohandlergreout }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) { @@ -184,9 +173,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_pptp", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_pptp", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_pptp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -223,26 +210,26 @@ * PPTP definitions */ -struct grehdr { /* Enhanced GRE header. */ - u_int16_t gh_flags; /* Flags. */ - u_int16_t gh_protocol; /* Protocol type. */ - u_int16_t gh_length; /* Payload length. */ - u_int16_t gh_call_id; /* Call ID. */ - u_int32_t gh_seq_no; /* Sequence number (optional). */ - u_int32_t gh_ack_no; /* Acknowledgment number - * (optional). */ +struct grehdr { /* Enhanced GRE header. */ + u_int16_t gh_flags; /* Flags. */ + u_int16_t gh_protocol; /* Protocol type. */ + u_int16_t gh_length; /* Payload length. */ + u_int16_t gh_call_id; /* Call ID. */ + u_int32_t gh_seq_no; /* Sequence number (optional). */ + u_int32_t gh_ack_no; /* Acknowledgment number + * (optional). */ }; typedef struct grehdr GreHdr; /* The PPTP protocol ID used in the GRE 'proto' field. */ -#define PPTP_GRE_PROTO 0x880b +#define PPTP_GRE_PROTO 0x880b /* Bits that must be set a certain way in all PPTP/GRE packets. */ -#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO) -#define PPTP_INIT_MASK 0xef7fffff +#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO) +#define PPTP_INIT_MASK 0xef7fffff -#define PPTP_MAGIC 0x1a2b3c4d -#define PPTP_CTRL_MSG_TYPE 1 +#define PPTP_MAGIC 0x1a2b3c4d +#define PPTP_CTRL_MSG_TYPE 1 enum { PPTP_StartCtrlConnRequest = 1, @@ -264,23 +251,23 @@ /* Message structures */ struct pptpMsgHead { - u_int16_t length; /* total length */ - u_int16_t msgType;/* PPTP message type */ - u_int32_t magic; /* magic cookie */ - u_int16_t type; /* control message type */ - u_int16_t resv0; /* reserved */ + u_int16_t length; /* total length */ + u_int16_t msgType; /* PPTP message type */ + u_int32_t magic; /* magic cookie */ + u_int16_t type; /* control message type */ + u_int16_t resv0; /* reserved */ }; typedef struct pptpMsgHead *PptpMsgHead; struct pptpCodes { - u_int8_t resCode;/* Result Code */ - u_int8_t errCode;/* Error Code */ + u_int8_t resCode; /* Result Code */ + u_int8_t errCode; /* Error Code */ }; typedef struct pptpCodes *PptpCode; struct pptpCallIds { - u_int16_t cid1; /* Call ID field #1 */ - u_int16_t cid2; /* Call ID field #2 */ + u_int16_t cid1; /* Call ID field #1 */ + u_int16_t cid2; /* Call ID field #2 */ }; typedef struct pptpCallIds *PptpCallId; @@ -288,13 +275,13 @@ static void AliasHandlePptpOut(struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk) /* The PPTP control link */ + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk) /* The PPTP control link */ { struct alias_link *pptp_lnk; PptpCallId cptr; PptpCode codes; - u_int16_t ctl_type; /* control message type */ + u_int16_t ctl_type; /* control message type */ struct tcphdr *tc; /* Verify valid PPTP control message */ @@ -311,8 +298,8 @@ * Establish PPTP link for address and Call ID found in * control message. */ - pptp_lnk = AddPptp(la, GetOriginalAddress(lnk), GetDestAddress(lnk), - GetAliasAddress(lnk), cptr->cid1); + pptp_lnk = AddPptp(la, GetOriginalAddress(lnk), + GetDestAddress(lnk), GetAliasAddress(lnk), cptr->cid1); break; case PPTP_CallClearRequest: case PPTP_CallDiscNotify: @@ -360,13 +347,13 @@ static void AliasHandlePptpIn(struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk) /* The PPTP control link */ + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk) /* The PPTP control link */ { struct alias_link *pptp_lnk; PptpCallId cptr; u_int16_t *pcall_id; - u_int16_t ctl_type; /* control message type */ + u_int16_t ctl_type; /* control message type */ struct tcphdr *tc; /* Verify valid PPTP control message */ @@ -426,7 +413,8 @@ } static PptpCallId -AliasVerifyPptp(struct ip *pip, u_int16_t * ptype) /* IP packet to examine/patch */ +AliasVerifyPptp(struct ip *pip, + u_int16_t *ptype) /* IP packet to examine/patch */ { int hlen, tlen, dlen; PptpMsgHead hptr; @@ -439,7 +427,8 @@ dlen = tlen - hlen; /* Verify data length */ - if (dlen < (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds))) + if (dlen < + (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds))) return (NULL); /* Move up to PPTP message header */ @@ -455,8 +444,8 @@ /* Verify data length. */ if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) && - (dlen < (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) + - sizeof(struct pptpCodes)))) + (dlen < (int)(sizeof(struct pptpMsgHead) + + sizeof(struct pptpCallIds) + sizeof(struct pptpCodes)))) return (NULL); else return ((PptpCallId)(hptr + 1)); @@ -474,13 +463,14 @@ if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) return (-1); - lnk = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); + lnk = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, + gr->gh_call_id); if (lnk != NULL) { struct in_addr alias_addr = GetAliasAddress(lnk); /* Change source IP address. */ - DifferentialChecksum(&pip->ip_sum, - &alias_addr, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &alias_addr, &pip->ip_src, + 2); pip->ip_src = alias_addr; } return (0); @@ -498,7 +488,8 @@ if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) return (-1); - lnk = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); + lnk = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, + gr->gh_call_id); if (lnk != NULL) { struct in_addr src_addr = GetOriginalAddress(lnk); @@ -506,8 +497,7 @@ gr->gh_call_id = GetOriginalPort(lnk); /* Restore original IP address. */ - DifferentialChecksum(&pip->ip_sum, - &src_addr, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &src_addr, &pip->ip_dst, 2); pip->ip_dst = src_addr; } return (0); Index: sys/netinet/libalias/alias_proxy.c =================================================================== --- sys/netinet/libalias/alias_proxy.c +++ sys/netinet/libalias/alias_proxy.c @@ -59,10 +59,11 @@ #include #else #include + #include +#include #include #include -#include #include #endif @@ -75,8 +76,8 @@ #else #include -#include "alias.h" /* Public API functions for libalias */ -#include "alias_local.h" /* Functions used by alias*.c */ +#include "alias.h" /* Public API functions for libalias */ +#include "alias_local.h" /* Functions used by alias*.c */ #endif /* @@ -89,22 +90,22 @@ */ struct proxy_entry { struct libalias *la; -#define PROXY_TYPE_ENCODE_NONE 1 +#define PROXY_TYPE_ENCODE_NONE 1 #define PROXY_TYPE_ENCODE_TCPSTREAM 2 -#define PROXY_TYPE_ENCODE_IPHDR 3 - int rule_index; - int proxy_type; - u_char proto; - u_short proxy_port; - u_short server_port; +#define PROXY_TYPE_ENCODE_IPHDR 3 + int rule_index; + int proxy_type; + u_char proto; + u_short proxy_port; + u_short server_port; - struct in_addr server_addr; + struct in_addr server_addr; - struct in_addr src_addr; - struct in_addr src_mask; + struct in_addr src_addr; + struct in_addr src_mask; - struct in_addr dst_addr; - struct in_addr dst_mask; + struct in_addr dst_addr; + struct in_addr dst_mask; struct proxy_entry *next; struct proxy_entry *last; @@ -132,14 +133,14 @@ destination of a proxied IP packet */ -static int IpMask(int, struct in_addr *); -static int IpAddr(char *, struct in_addr *); -static int IpPort(char *, int, int *); -static void RuleAdd(struct libalias *la, struct proxy_entry *); -static void RuleDelete(struct proxy_entry *); -static int RuleNumberDelete(struct libalias *la, int); -static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int); -static void ProxyEncodeIpHeader(struct ip *, int); +static int IpMask(int, struct in_addr *); +static int IpAddr(char *, struct in_addr *); +static int IpPort(char *, int, int *); +static void RuleAdd(struct libalias *la, struct proxy_entry *); +static void RuleDelete(struct proxy_entry *); +static int RuleNumberDelete(struct libalias *la, int); +static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int); +static void ProxyEncodeIpHeader(struct ip *, int); static int IpMask(int nbits, struct in_addr *mask) @@ -174,7 +175,7 @@ n = sscanf(s, "%d", port); if (n != 1) -#ifndef _KERNEL /* XXX: we accept only numeric ports in kernel */ +#ifndef _KERNEL /* XXX: we accept only numeric ports in kernel */ { struct servent *se; @@ -282,9 +283,7 @@ } static void -ProxyEncodeTcpStream(struct alias_link *lnk, - struct ip *pip, - int maxpacketsize) +ProxyEncodeTcpStream(struct alias_link *lnk, struct ip *pip, int maxpacketsize) { int slen; char buffer[40]; @@ -375,9 +374,9 @@ static void ProxyEncodeIpHeader(struct ip *pip, int maxpacketsize) { -#define OPTION_LEN_BYTES 8 -#define OPTION_LEN_INT16 4 -#define OPTION_LEN_INT32 2 +#define OPTION_LEN_BYTES 8 +#define OPTION_LEN_INT16 4 +#define OPTION_LEN_INT32 2 _Alignas(_Alignof(u_short)) u_char option[OPTION_LEN_BYTES]; #ifdef LIBALIAS_DEBUG @@ -396,11 +395,11 @@ u_char *ptr; struct tcphdr *tc; - ptr = (u_char *) pip; + ptr = (u_char *)pip; ptr += 20; memcpy(ptr + OPTION_LEN_BYTES, ptr, ntohs(pip->ip_len) - 20); - option[0] = 0x64; /* class: 3 (reserved), option 4 */ + option[0] = 0x64; /* class: 3 (reserved), option 4 */ option[1] = OPTION_LEN_BYTES; memcpy(&option[2], (u_char *)&pip->ip_dst, 4); @@ -417,12 +416,12 @@ int accumulate; u_short *sptr; - sptr = (u_short *) option; + sptr = (u_short *)option; accumulate = 0; for (i = 0; i < OPTION_LEN_INT16; i++) accumulate -= *(sptr++); - sptr = (u_short *) pip; + sptr = (u_short *)pip; accumulate += *sptr; pip->ip_hl += OPTION_LEN_INT32; accumulate -= *sptr; @@ -453,7 +452,7 @@ int ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr, - u_short * proxy_server_port, struct in_addr src_addr, + u_short *proxy_server_port, struct in_addr src_addr, struct in_addr dst_addr, u_short dst_port, u_char ip_p) { struct proxy_entry *ptr; @@ -465,18 +464,21 @@ u_short proxy_port; proxy_port = ptr->proxy_port; - if ((dst_port == proxy_port || proxy_port == 0) - && ip_p == ptr->proto - && src_addr.s_addr != ptr->server_addr.s_addr) { + if ((dst_port == proxy_port || proxy_port == 0) && + ip_p == ptr->proto && + src_addr.s_addr != ptr->server_addr.s_addr) { struct in_addr src_addr_masked; struct in_addr dst_addr_masked; - src_addr_masked.s_addr = src_addr.s_addr & ptr->src_mask.s_addr; - dst_addr_masked.s_addr = dst_addr.s_addr & ptr->dst_mask.s_addr; + src_addr_masked.s_addr = src_addr.s_addr & + ptr->src_mask.s_addr; + dst_addr_masked.s_addr = dst_addr.s_addr & + ptr->dst_mask.s_addr; - if ((src_addr_masked.s_addr == ptr->src_addr.s_addr) - && (dst_addr_masked.s_addr == ptr->dst_addr.s_addr)) { - if ((*proxy_server_port = ptr->server_port) == 0) + if ((src_addr_masked.s_addr == ptr->src_addr.s_addr) && + (dst_addr_masked.s_addr == ptr->dst_addr.s_addr)) { + if ((*proxy_server_port = ptr->server_port) == + 0) *proxy_server_port = dst_port; *proxy_server_addr = ptr->server_addr; return (ptr->proxy_type); @@ -489,10 +491,8 @@ } void -ProxyModify(struct libalias *la, struct alias_link *lnk, - struct ip *pip, - int maxpacketsize, - int proxy_type) +ProxyModify(struct libalias *la, struct alias_link *lnk, struct ip *pip, + int maxpacketsize, int proxy_type) { LIBALIAS_LOCK_ASSERT(la); (void)la; @@ -591,15 +591,15 @@ str_server_port[0] = 0; /* Parse command string with state machine */ -#define STATE_READ_KEYWORD 0 -#define STATE_READ_TYPE 1 -#define STATE_READ_PORT 2 -#define STATE_READ_SERVER 3 -#define STATE_READ_RULE 4 -#define STATE_READ_DELETE 5 -#define STATE_READ_PROTO 6 -#define STATE_READ_SRC 7 -#define STATE_READ_DST 8 +#define STATE_READ_KEYWORD 0 +#define STATE_READ_TYPE 1 +#define STATE_READ_PORT 2 +#define STATE_READ_SERVER 3 +#define STATE_READ_RULE 4 +#define STATE_READ_DELETE 5 +#define STATE_READ_PROTO 6 +#define STATE_READ_SRC 7 +#define STATE_READ_DST 8 state = STATE_READ_KEYWORD; token = strsep(&res, " \t"); token_count = 0; @@ -691,7 +691,7 @@ state = STATE_READ_KEYWORD; break; - case STATE_READ_DELETE: { + case STATE_READ_DELETE: { int err; int rule_to_delete; Index: sys/netinet/libalias/alias_sctp.h =================================================================== --- sys/netinet/libalias/alias_sctp.h +++ sys/netinet/libalias/alias_sctp.h @@ -34,7 +34,8 @@ * with leadership and advice from Jason But * * The design is outlined in CAIA technical report number 080618A - * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in IPFW") + * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in + * IPFW") * * Development is part of the CAIA SONATA project, * proposed by Jason But and Grenville Armitage: @@ -47,70 +48,72 @@ * */ - #ifndef _ALIAS_SCTP_H_ #define _ALIAS_SCTP_H_ #include #ifdef _KERNEL +#include #include #include -#include #include -#include #include #include +#include #endif // #ifdef _KERNEL #include - #include -#include #include -#include #include +#include #include /** - * These are defined in sctp_os_bsd.h, but it can't be included due to its local file - * inclusion, so I'm defining them here. + * These are defined in sctp_os_bsd.h, but it can't be included due to its local + * file inclusion, so I'm defining them here. * */ #include /* The packed define for 64 bit platforms */ #ifndef SCTP_PACKED #define SCTP_PACKED __attribute__((packed)) -#endif //#ifndef SCTP_PACKED +#endif // #ifndef SCTP_PACKED #ifndef SCTP_UNUSED #define SCTP_UNUSED __attribute__((unused)) -#endif //#ifndef SCTP_UNUSED +#endif // #ifndef SCTP_UNUSED #include -//#include --might be needed later for mbuf stuff +// #include --might be needed later for mbuf stuff #include #ifndef _KERNEL -#include #include -#endif //#ifdef _KERNEL - -#define LINK_SCTP IPPROTO_SCTP - -#define SN_TO_LOCAL 0 /**< packet traveling from global to local */ -#define SN_TO_GLOBAL 1 /**< packet traveling from local to global */ -#define SN_TO_NODIR 99 /**< used where direction is not important */ - -#define SN_NAT_PKT 0x0000 /**< Network Address Translate packet */ -#define SN_DROP_PKT 0x0001 /**< drop packet (don't forward it) */ -#define SN_PROCESSING_ERROR 0x0003 /**< Packet processing error */ -#define SN_REPLY_ABORT 0x0010 /**< Reply with ABORT to sender (don't forward it) */ -#define SN_SEND_ABORT 0x0020 /**< Send ABORT to destination */ -#define SN_TX_ABORT 0x0030 /**< mask for transmitting abort */ -#define SN_REFLECT_ERROR 0x0100 /**< Reply with ERROR to sender on OOTB packet Tbit set */ -#define SN_REPLY_ERROR 0x0200 /**< Reply with ERROR to sender on ASCONF clash */ -#define SN_TX_ERROR 0x0300 /**< mask for transmitting error */ - -#define PKT_ALIAS_RESPOND 0x1000 /**< Signal to libalias that there is a response packet to send */ +#include +#endif // #ifdef _KERNEL + +#define LINK_SCTP IPPROTO_SCTP + +#define SN_TO_LOCAL 0 /**< packet traveling from global to local */ +#define SN_TO_GLOBAL 1 /**< packet traveling from local to global */ +#define SN_TO_NODIR 99 /**< used where direction is not important */ + +#define SN_NAT_PKT 0x0000 /**< Network Address Translate packet */ +#define SN_DROP_PKT 0x0001 /**< drop packet (don't forward it) */ +#define SN_PROCESSING_ERROR 0x0003 /**< Packet processing error */ +#define SN_REPLY_ABORT \ + 0x0010 /**< Reply with ABORT to sender (don't forward it) */ +#define SN_SEND_ABORT 0x0020 /**< Send ABORT to destination */ +#define SN_TX_ABORT 0x0030 /**< mask for transmitting abort */ +#define SN_REFLECT_ERROR \ + 0x0100 /**< Reply with ERROR to sender on OOTB packet Tbit set */ +#define SN_REPLY_ERROR 0x0200 /**< Reply with ERROR to sender on ASCONF clash \ + */ +#define SN_TX_ERROR 0x0300 /**< mask for transmitting error */ + +#define PKT_ALIAS_RESPOND \ + 0x1000 /**< Signal to libalias that there is a response packet to send \ + */ /* * Data structures */ @@ -123,38 +126,45 @@ * Information is stored in network byte order (as is libalias)*** */ struct sctp_nat_assoc { - uint32_t l_vtag; /**< local side verification tag */ - uint16_t l_port; /**< local side port number */ - uint32_t g_vtag; /**< global side verification tag */ - uint16_t g_port; /**< global side port number */ - struct in_addr l_addr; /**< local ip address */ - struct in_addr a_addr; /**< alias ip address */ - int state; /**< current state of NAT association */ - int TableRegister; /**< stores which look up tables association is registered in */ - int exp; /**< timer expiration in seconds from uptime */ - int exp_loc; /**< current location in timer_Q */ - int num_Gaddr; /**< number of global IP addresses in the list */ - LIST_HEAD(sctpGlobalAddresshead,sctp_GlobalAddress) Gaddr; /**< List of global addresses */ - LIST_ENTRY (sctp_nat_assoc) list_L; /**< Linked list of pointers for Local table*/ - LIST_ENTRY (sctp_nat_assoc) list_G; /**< Linked list of pointers for Global table */ - LIST_ENTRY (sctp_nat_assoc) timer_Q; /**< Linked list of pointers for timer Q */ - //Using libalias locking + uint32_t l_vtag; /**< local side verification tag */ + uint16_t l_port; /**< local side port number */ + uint32_t g_vtag; /**< global side verification tag */ + uint16_t g_port; /**< global side port number */ + struct in_addr l_addr; /**< local ip address */ + struct in_addr a_addr; /**< alias ip address */ + int state; /**< current state of NAT association */ + int TableRegister; /**< stores which look up tables association is + registered in */ + int exp; /**< timer expiration in seconds from uptime */ + int exp_loc; /**< current location in timer_Q */ + int num_Gaddr; /**< number of global IP addresses in the list */ + LIST_HEAD(sctpGlobalAddresshead, + sctp_GlobalAddress) Gaddr; /**< List of global addresses */ + LIST_ENTRY(sctp_nat_assoc) + list_L; /**< Linked list of pointers for Local table*/ + LIST_ENTRY(sctp_nat_assoc) + list_G; /**< Linked list of pointers for Global table */ + LIST_ENTRY(sctp_nat_assoc) + timer_Q; /**< Linked list of pointers for timer Q */ + // Using libalias locking }; struct sctp_GlobalAddress { struct in_addr g_addr; - LIST_ENTRY (sctp_GlobalAddress) list_Gaddr; /**< Linked list of pointers for Global table */ + LIST_ENTRY(sctp_GlobalAddress) + list_Gaddr; /**< Linked list of pointers for Global table */ }; /** * @brief SCTP chunk of interest * - * The only chunks whose contents are of any interest are the INIT and ASCONF_AddIP + * The only chunks whose contents are of any interest are the INIT and + * ASCONF_AddIP */ union sctpChunkOfInt { - struct sctp_init *Init; /**< Pointer to Init Chunk */ - struct sctp_init_ack *InitAck; /**< Pointer to Init Chunk */ - struct sctp_paramhdr *Asconf; /**< Pointer to ASCONF chunk */ + struct sctp_init *Init; /**< Pointer to Init Chunk */ + struct sctp_init_ack *InitAck; /**< Pointer to Init Chunk */ + struct sctp_paramhdr *Asconf; /**< Pointer to ASCONF chunk */ }; /** @@ -163,15 +173,17 @@ * Structure containing the relevant information from the SCTP message */ struct sctp_nat_msg { - uint16_t msg; /**< one of the key messages defined above */ + uint16_t msg; /**< one of the key messages defined above */ #ifdef INET6 - // struct ip6_hdr *ip_hdr; /**< pointer to ip packet header */ /*no inet6 support yet*/ + // struct ip6_hdr *ip_hdr; /**< pointer to ip packet header */ /*no + // inet6 support yet*/ #else - struct ip *ip_hdr; /**< pointer to ip packet header */ -#endif //#ifdef INET6 - struct sctphdr *sctp_hdr; /**< pointer to sctp common header */ - union sctpChunkOfInt sctpchnk; /**< union of pointers to the chunk of interest */ - int chunk_length; /**< length of chunk of interest */ + struct ip *ip_hdr; /**< pointer to ip packet header */ +#endif // #ifdef INET6 + struct sctphdr *sctp_hdr; /**< pointer to sctp common header */ + union sctpChunkOfInt + sctpchnk; /**< union of pointers to the chunk of interest */ + int chunk_length; /**< length of chunk of interest */ }; /** @@ -180,9 +192,11 @@ */ struct sctp_nat_timer { - int loc_time; /**< time in seconds for the current location in the queue */ - int cur_loc; /**< index of the current location in the circular queue */ - LIST_HEAD(sctpTimerQ,sctp_nat_assoc) *TimerQ; /**< List of associations at this position in the timer Q */ + int loc_time; /**< time in seconds for the current location in the queue + */ + int cur_loc; /**< index of the current location in the circular queue */ + LIST_HEAD(sctpTimerQ, sctp_nat_assoc) * + TimerQ; /**< List of associations at this position in the timer Q */ }; -#endif //#ifndef _ALIAS_SCTP_H +#endif // #ifndef _ALIAS_SCTP_H Index: sys/netinet/libalias/alias_sctp.c =================================================================== --- sys/netinet/libalias/alias_sctp.c +++ sys/netinet/libalias/alias_sctp.c @@ -33,7 +33,8 @@ * This software was developed by David A. Hayes and Jason But * * The design is outlined in CAIA technical report number 080618A - * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in IPFW") + * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in + * IPFW") * * Development is part of the CAIA SONATA project, * proposed by Jason But and Grenville Armitage: @@ -70,28 +71,32 @@ * - Dynamic control of hash-table size */ - #ifdef _KERNEL -#include #include -#include #include +#include #include #include #include -#include + +#include +#include + #include #include +#include #include -#include #else -#include "alias_sctp.h" +#include + +#include + #include + #include "alias.h" #include "alias_local.h" -#include -#include -#endif //#ifdef _KERNEL +#include "alias_sctp.h" +#endif // #ifdef _KERNEL /* ---------------------------------------------------------------------- * FUNCTION PROTOTYPES @@ -102,55 +107,66 @@ struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc); static int GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, uint32_t *g_vtag, int direction); -static int IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm, int direction); - -static void AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction); -static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr); -static void RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction); -static int IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm, int direction); +static int IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm, + int direction); + +static void AddGlobalIPAddresses(struct sctp_nat_msg *sm, + struct sctp_nat_assoc *assoc, int direction); +static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, + struct sctp_GlobalAddress *G_addr); +static void RmGlobalIPAddresses(struct sctp_nat_msg *sm, + struct sctp_nat_assoc *assoc, int direction); +static int IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm, + int direction); /* State Machine Functions */ -static int ProcessSctpMsg(struct libalias *la, int direction, \ +static int ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc); -static int ID_process(struct libalias *la, int direction,\ +static int ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static int INi_process(struct libalias *la, int direction,\ +static int INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static int INa_process(struct libalias *la, int direction,\ +static int INa_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static int UP_process(struct libalias *la, int direction,\ +static int UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static int CL_process(struct libalias *la, int direction,\ +static int CL_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static void TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm,\ +static void TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int sndrply, int direction); /* Hash Table Functions */ -static struct sctp_nat_assoc * -FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port); -static struct sctp_nat_assoc * -FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match); -static struct sctp_nat_assoc * -FindSctpGlobalClash(struct libalias *la, struct sctp_nat_assoc *Cassoc); -static struct sctp_nat_assoc * -FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port); -static struct sctp_nat_assoc * -FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port); - -static int AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr); -static int AddSctpAssocGlobal(struct libalias *la, struct sctp_nat_assoc *assoc); +static struct sctp_nat_assoc *FindSctpLocal(struct libalias *la, + struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, + uint16_t l_port, uint16_t g_port); +static struct sctp_nat_assoc *FindSctpGlobal(struct libalias *la, + struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, + int *partial_match); +static struct sctp_nat_assoc *FindSctpGlobalClash(struct libalias *la, + struct sctp_nat_assoc *Cassoc); +static struct sctp_nat_assoc *FindSctpLocalT(struct libalias *la, + struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port); +static struct sctp_nat_assoc *FindSctpGlobalT(struct libalias *la, + struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port); + +static int AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, + struct in_addr g_addr); +static int AddSctpAssocGlobal(struct libalias *la, + struct sctp_nat_assoc *assoc); static void RmSctpAssoc(struct libalias *la, struct sctp_nat_assoc *assoc); static void freeGlobalAddressList(struct sctp_nat_assoc *assoc); /* Timer Queue Functions */ static void sctp_AddTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc); static void sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc); -static void sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc, int newexp); +static void sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc, + int newexp); void sctp_CheckTimers(struct libalias *la); /* Logging Functions */ -static void logsctperror(char *errormsg, uint32_t vtag, int error, int direction); +static void logsctperror(char *errormsg, uint32_t vtag, int error, + int direction); static void logsctpparse(int direction, struct sctp_nat_msg *sm); static void logsctpassoc(struct sctp_nat_assoc *assoc, char *s); static void logTimerQ(struct libalias *la); @@ -185,17 +201,17 @@ static MALLOC_DEFINE(M_SCTPNAT, "sctpnat", "sctp nat dbs"); /* Use kernel allocator. */ #ifdef _SYS_MALLOC_H_ -#define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT|M_ZERO) -#define sn_calloc(n,x) mallocarray((n), (x), M_SCTPNAT, M_NOWAIT|M_ZERO) -#define sn_free(x) free(x, M_SCTPNAT) -#endif// #ifdef _SYS_MALLOC_H_ +#define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT | M_ZERO) +#define sn_calloc(n, x) mallocarray((n), (x), M_SCTPNAT, M_NOWAIT | M_ZERO) +#define sn_free(x) free(x, M_SCTPNAT) +#endif // #ifdef _SYS_MALLOC_H_ -#else //#ifdef _KERNEL -#define sn_malloc(x) malloc(x) -#define sn_calloc(n, x) calloc(n, x) -#define sn_free(x) free(x) +#else // #ifdef _KERNEL +#define sn_malloc(x) malloc(x) +#define sn_calloc(n, x) calloc(n, x) +#define sn_free(x) free(x) -#endif //#ifdef _KERNEL +#endif // #ifdef _KERNEL /** @defgroup packet_parser SCTP Packet Parsing * @@ -205,107 +221,143 @@ * - SCTP message types for storing in the sctp_nat_msg structure @{ */ -#define SN_SCTP_FIRSTCHUNK(sctphead) (struct sctp_chunkhdr *)(((char *)sctphead) + sizeof(struct sctphdr)) -/**< Returns a pointer to the first chunk in an SCTP packet given a pointer to the SCTP header */ +#define SN_SCTP_FIRSTCHUNK(sctphead) \ + (struct sctp_chunkhdr *)(((char *)sctphead) + sizeof(struct sctphdr)) +/**< Returns a pointer to the first chunk in an SCTP packet given a pointer to + * the SCTP header */ -#define SN_SCTP_NEXTCHUNK(chunkhead) (struct sctp_chunkhdr *)(((char *)chunkhead) + SCTP_SIZE32(ntohs(chunkhead->chunk_length))) -/**< Returns a pointer to the next chunk in an SCTP packet given a pointer to the current chunk */ +#define SN_SCTP_NEXTCHUNK(chunkhead) \ + (struct sctp_chunkhdr *)(((char *)chunkhead) + \ + SCTP_SIZE32(ntohs(chunkhead->chunk_length))) +/**< Returns a pointer to the next chunk in an SCTP packet given a pointer to + * the current chunk */ -#define SN_SCTP_NEXTPARAM(param) (struct sctp_paramhdr *)(((char *)param) + SCTP_SIZE32(ntohs(param->param_length))) -/**< Returns a pointer to the next parameter in an SCTP packet given a pointer to the current parameter */ +#define SN_SCTP_NEXTPARAM(param) \ + (struct sctp_paramhdr *)(((char *)param) + \ + SCTP_SIZE32(ntohs(param->param_length))) +/**< Returns a pointer to the next parameter in an SCTP packet given a pointer + * to the current parameter */ -#define SN_MIN_CHUNK_SIZE 4 /**< Smallest possible SCTP chunk size in bytes */ -#define SN_MIN_PARAM_SIZE 4 /**< Smallest possible SCTP param size in bytes */ -#define SN_VTAG_PARAM_SIZE 12 /**< Size of SCTP ASCONF vtag param in bytes */ -#define SN_ASCONFACK_PARAM_SIZE 8 /**< Size of SCTP ASCONF ACK param in bytes */ +#define SN_MIN_CHUNK_SIZE 4 /**< Smallest possible SCTP chunk size in bytes */ +#define SN_MIN_PARAM_SIZE 4 /**< Smallest possible SCTP param size in bytes */ +#define SN_VTAG_PARAM_SIZE 12 /**< Size of SCTP ASCONF vtag param in bytes */ +#define SN_ASCONFACK_PARAM_SIZE \ + 8 /**< Size of SCTP ASCONF ACK param in bytes */ /* Packet parsing return codes */ -#define SN_PARSE_OK 0 /**< Packet parsed for SCTP messages */ -#define SN_PARSE_ERROR_IPSHL 1 /**< Packet parsing error - IP and SCTP common header len */ -#define SN_PARSE_ERROR_AS_MALLOC 2 /**< Packet parsing error - assoc malloc */ -#define SN_PARSE_ERROR_CHHL 3 /**< Packet parsing error - Chunk header len */ -#define SN_PARSE_ERROR_DIR 4 /**< Packet parsing error - Direction */ -#define SN_PARSE_ERROR_VTAG 5 /**< Packet parsing error - Vtag */ -#define SN_PARSE_ERROR_CHUNK 6 /**< Packet parsing error - Chunk */ -#define SN_PARSE_ERROR_PORT 7 /**< Packet parsing error - Port=0 */ -#define SN_PARSE_ERROR_LOOKUP 8 /**< Packet parsing error - Lookup */ -#define SN_PARSE_ERROR_PARTIALLOOKUP 9 /**< Packet parsing error - partial lookup only found */ -#define SN_PARSE_ERROR_LOOKUP_ABORT 10 /**< Packet parsing error - Lookup - but abort packet */ +#define SN_PARSE_OK 0 /**< Packet parsed for SCTP messages */ +#define SN_PARSE_ERROR_IPSHL \ + 1 /**< Packet parsing error - IP and SCTP common header len */ +#define SN_PARSE_ERROR_AS_MALLOC 2 /**< Packet parsing error - assoc malloc */ +#define SN_PARSE_ERROR_CHHL 3 /**< Packet parsing error - Chunk header len */ +#define SN_PARSE_ERROR_DIR 4 /**< Packet parsing error - Direction */ +#define SN_PARSE_ERROR_VTAG 5 /**< Packet parsing error - Vtag */ +#define SN_PARSE_ERROR_CHUNK 6 /**< Packet parsing error - Chunk */ +#define SN_PARSE_ERROR_PORT 7 /**< Packet parsing error - Port=0 */ +#define SN_PARSE_ERROR_LOOKUP 8 /**< Packet parsing error - Lookup */ +#define SN_PARSE_ERROR_PARTIALLOOKUP \ + 9 /**< Packet parsing error - partial lookup only found */ +#define SN_PARSE_ERROR_LOOKUP_ABORT \ + 10 /**< Packet parsing error - Lookup - but abort packet */ /* Alias_sctp performs its processing based on a number of key messages */ -#define SN_SCTP_ABORT 0x0000 /**< a packet containing an ABORT chunk */ -#define SN_SCTP_INIT 0x0001 /**< a packet containing an INIT chunk */ -#define SN_SCTP_INITACK 0x0002 /**< a packet containing an INIT-ACK chunk */ -#define SN_SCTP_SHUTCOMP 0x0010 /**< a packet containing a SHUTDOWN-COMPLETE chunk */ -#define SN_SCTP_SHUTACK 0x0020 /**< a packet containing a SHUTDOWN-ACK chunk */ -#define SN_SCTP_ASCONF 0x0100 /**< a packet containing an ASCONF chunk */ -#define SN_SCTP_ASCONFACK 0x0200 /**< a packet containing an ASCONF-ACK chunk */ -#define SN_SCTP_OTHER 0xFFFF /**< a packet containing a chunk that is not of interest */ +#define SN_SCTP_ABORT 0x0000 /**< a packet containing an ABORT chunk */ +#define SN_SCTP_INIT 0x0001 /**< a packet containing an INIT chunk */ +#define SN_SCTP_INITACK 0x0002 /**< a packet containing an INIT-ACK chunk */ +#define SN_SCTP_SHUTCOMP \ + 0x0010 /**< a packet containing a SHUTDOWN-COMPLETE chunk */ +#define SN_SCTP_SHUTACK 0x0020 /**< a packet containing a SHUTDOWN-ACK chunk \ + */ +#define SN_SCTP_ASCONF 0x0100 /**< a packet containing an ASCONF chunk */ +#define SN_SCTP_ASCONFACK 0x0200 /**< a packet containing an ASCONF-ACK chunk \ + */ +#define SN_SCTP_OTHER \ + 0xFFFF /**< a packet containing a chunk that is not of interest */ /** @} * @defgroup state_machine SCTP NAT State Machine * * Defines the various states an association can be within the NAT @{ */ -#define SN_ID 0x0000 /**< Idle state */ -#define SN_INi 0x0010 /**< Initialising, waiting for InitAck state */ -#define SN_INa 0x0020 /**< Initialising, waiting for AddIpAck state */ -#define SN_UP 0x0100 /**< Association in UP state */ -#define SN_CL 0x1000 /**< Closing state */ -#define SN_RM 0x2000 /**< Removing state */ +#define SN_ID 0x0000 /**< Idle state */ +#define SN_INi 0x0010 /**< Initialising, waiting for InitAck state */ +#define SN_INa 0x0020 /**< Initialising, waiting for AddIpAck state */ +#define SN_UP 0x0100 /**< Association in UP state */ +#define SN_CL 0x1000 /**< Closing state */ +#define SN_RM 0x2000 /**< Removing state */ /** @} * @defgroup Logging Logging Functionality * * Define various log levels and a macro to call specified log functions only if * the current log level (sysctl_log_level) matches the specified level @{ */ -#define SN_LOG_LOW 0 -#define SN_LOG_EVENT 1 -#define SN_LOG_INFO 2 -#define SN_LOG_DETAIL 3 -#define SN_LOG_DEBUG 4 -#define SN_LOG_DEBUG_MAX 5 - -#define SN_LOG(level, action) if (sysctl_log_level >= level) { action; } /**< Perform log action ONLY if the current log level meets the specified log level */ +#define SN_LOG_LOW 0 +#define SN_LOG_EVENT 1 +#define SN_LOG_INFO 2 +#define SN_LOG_DETAIL 3 +#define SN_LOG_DEBUG 4 +#define SN_LOG_DEBUG_MAX 5 + +#define SN_LOG(level, action) \ + if (sysctl_log_level >= level) { \ + action; \ + } /**< Perform log action ONLY if the current log level meets the \ + specified log level */ /** @} * @defgroup Hash Hash Table Macros and Functions * * Defines minimum/maximum/default values for the hash table size @{ */ -#define SN_MIN_HASH_SIZE 101 /**< Minimum hash table size (set to stop users choosing stupid values) */ -#define SN_MAX_HASH_SIZE 1000001 /**< Maximum hash table size (NB must be less than max int) */ -#define SN_DEFAULT_HASH_SIZE 2003 /**< A reasonable default size for the hash tables */ - -#define SN_LOCAL_TBL 0x01 /**< assoc in local table */ -#define SN_GLOBAL_TBL 0x02 /**< assoc in global table */ -#define SN_BOTH_TBL 0x03 /**< assoc in both tables */ -#define SN_WAIT_TOLOCAL 0x10 /**< assoc waiting for TOLOCAL asconf ACK*/ -#define SN_WAIT_TOGLOBAL 0x20 /**< assoc waiting for TOLOCAL asconf ACK*/ -#define SN_NULL_TBL 0x00 /**< assoc in No table */ -#define SN_MAX_GLOBAL_ADDRESSES 100 /**< absolute maximum global address count*/ - -#define SN_ADD_OK 0 /**< Association added to the table */ -#define SN_ADD_CLASH 1 /**< Clash when trying to add the assoc. info to the table */ - -#define SN_TABLE_HASH(vtag, port, size) (((u_int) vtag + (u_int) port) % (u_int) size) /**< Calculate the hash table lookup position */ +#define SN_MIN_HASH_SIZE \ + 101 /**< Minimum hash table size (set to stop users choosing stupid \ + values) */ +#define SN_MAX_HASH_SIZE \ + 1000001 /**< Maximum hash table size (NB must be less than max int) */ +#define SN_DEFAULT_HASH_SIZE \ + 2003 /**< A reasonable default size for the hash tables */ + +#define SN_LOCAL_TBL 0x01 /**< assoc in local table */ +#define SN_GLOBAL_TBL 0x02 /**< assoc in global table */ +#define SN_BOTH_TBL 0x03 /**< assoc in both tables */ +#define SN_WAIT_TOLOCAL 0x10 /**< assoc waiting for TOLOCAL asconf ACK*/ +#define SN_WAIT_TOGLOBAL 0x20 /**< assoc waiting for TOLOCAL asconf ACK*/ +#define SN_NULL_TBL 0x00 /**< assoc in No table */ +#define SN_MAX_GLOBAL_ADDRESSES 100 /**< absolute maximum global address \ + count*/ + +#define SN_ADD_OK 0 /**< Association added to the table */ +#define SN_ADD_CLASH \ + 1 /**< Clash when trying to add the assoc. info to the table */ + +#define SN_TABLE_HASH(vtag, port, size) \ + (((u_int)vtag + (u_int)port) % \ + (u_int)size) /**< Calculate the hash table lookup position */ /** @} * @defgroup Timer Timer Queue Macros and Functions * * Timer macros set minimum/maximum timeout values and calculate timer expiry * times for the provided libalias instance @{ */ -#define SN_MIN_TIMER 1 -#define SN_MAX_TIMER 600 -#define SN_TIMER_QUEUE_SIZE SN_MAX_TIMER+2 - -#define SN_I_T(la) (LibAliasTime + sysctl_init_timer) /**< INIT State expiration time in seconds */ -#define SN_U_T(la) (LibAliasTime + sysctl_up_timer) /**< UP State expiration time in seconds */ -#define SN_C_T(la) (LibAliasTime + sysctl_shutdown_timer) /**< CL State expiration time in seconds */ -#define SN_X_T(la) (LibAliasTime + sysctl_holddown_timer) /**< Wait after a shutdown complete in seconds */ +#define SN_MIN_TIMER 1 +#define SN_MAX_TIMER 600 +#define SN_TIMER_QUEUE_SIZE SN_MAX_TIMER + 2 + +#define SN_I_T(la) \ + (LibAliasTime + \ + sysctl_init_timer) /**< INIT State expiration time in seconds */ +#define SN_U_T(la) \ + (LibAliasTime + \ + sysctl_up_timer) /**< UP State expiration time in seconds */ +#define SN_C_T(la) \ + (LibAliasTime + \ + sysctl_shutdown_timer) /**< CL State expiration time in seconds */ +#define SN_X_T(la) \ + (LibAliasTime + sysctl_holddown_timer) /**< Wait after a shutdown \ + complete in seconds */ /** @} * @defgroup sysctl SysCtl Variable and callback function declarations * - * Sysctl variables to modify NAT functionality in real-time along with associated functions - * to manage modifications to the sysctl variables @{ + * Sysctl variables to modify NAT functionality in real-time along with + * associated functions to manage modifications to the sysctl variables @{ */ /* Callbacks */ @@ -323,36 +375,65 @@ /** @brief net.inet.ip.alias.sctp.log_level */ static u_int sysctl_log_level = 0; /**< Stores the current level of logging */ /** @brief net.inet.ip.alias.sctp.init_timer */ -static u_int sysctl_init_timer = 15; /**< Seconds to hold an association in the table waiting for an INIT-ACK or AddIP-ACK */ +static u_int sysctl_init_timer = + 15; /**< Seconds to hold an association in the table waiting for an INIT-ACK + or AddIP-ACK */ /** @brief net.inet.ip.alias.sctp.up_timer */ -static u_int sysctl_up_timer = 300; /**< Seconds to hold an association in the table while no packets are transmitted */ +static u_int sysctl_up_timer = 300; /**< Seconds to hold an association in the + table while no packets are transmitted */ /** @brief net.inet.ip.alias.sctp.shutdown_timer */ -static u_int sysctl_shutdown_timer = 15; /**< Seconds to hold an association in the table waiting for a SHUTDOWN-COMPLETE */ +static u_int sysctl_shutdown_timer = + 15; /**< Seconds to hold an association in the table waiting for a + SHUTDOWN-COMPLETE */ /** @brief net.inet.ip.alias.sctp.holddown_timer */ -static u_int sysctl_holddown_timer = 0; /**< Seconds to hold an association in the table after it has been shutdown (to allow for lost SHUTDOWN-COMPLETEs) */ +static u_int sysctl_holddown_timer = + 0; /**< Seconds to hold an association in the table after it has been + shutdown (to allow for lost SHUTDOWN-COMPLETEs) */ /** @brief net.inet.ip.alias.sctp.hashtable_size */ -static u_int sysctl_hashtable_size = SN_DEFAULT_HASH_SIZE; /**< Sets the hash table size for any NEW NAT instances (existing instances retain their existing Hash Table */ +static u_int sysctl_hashtable_size = + SN_DEFAULT_HASH_SIZE; /**< Sets the hash table size for any NEW NAT + instances (existing instances retain their existing + Hash Table */ /** @brief net.inet.ip.alias.sctp.error_on_ootb */ -static u_int sysctl_error_on_ootb = 1; /**< NAT response to receipt of OOTB packet - (0 - No response, 1 - NAT will send ErrorM only to local side, - 2 - NAT will send local ErrorM and global ErrorM if there was a partial association match - 3 - NAT will send ErrorM to both local and global) */ +static u_int sysctl_error_on_ootb = + 1; /**< NAT response to receipt of OOTB packet + (0 - No response, 1 - NAT will send ErrorM only to local side, + 2 - NAT will send local ErrorM and global ErrorM if there was a + partial association match 3 - NAT will send ErrorM to both local and + global) */ /** @brief net.inet.ip.alias.sctp.accept_global_ootb_addip */ -static u_int sysctl_accept_global_ootb_addip = 0; /** 0 - enables tracking but limits the number of global IP addresses to this value) - If set to >=1 the NAT will track that many global IP addresses. This may reduce look up table conflicts, but increases processing */ - -#define SN_NO_ERROR_ON_OOTB 0 /**< Send no errorM on out of the blue packets */ -#define SN_LOCAL_ERROR_ON_OOTB 1 /**< Send only local errorM on out of the blue packets */ -#define SN_LOCALandPARTIAL_ERROR_ON_OOTB 2 /**< Send local errorM and global errorM for out of the blue packets only if partial match found */ -#define SN_ERROR_ON_OOTB 3 /**< Send errorM on out of the blue packets */ +static u_int sysctl_track_global_addresses = + 0; /**< Configures the global address tracking option within the NAT (0 - + Global tracking is disabled, > 0 - enables tracking but limits the + number of global IP addresses to this value) If set to >=1 the NAT + will track that many global IP addresses. This may reduce look up + table conflicts, but increases processing */ + +#define SN_NO_ERROR_ON_OOTB 0 /**< Send no errorM on out of the blue packets \ + */ +#define SN_LOCAL_ERROR_ON_OOTB \ + 1 /**< Send only local errorM on out of the blue packets */ +#define SN_LOCALandPARTIAL_ERROR_ON_OOTB \ + 2 /**< Send local errorM and global errorM for out of the blue packets \ + only if partial match found */ +#define SN_ERROR_ON_OOTB 3 /**< Send errorM on out of the blue packets */ #ifdef SYSCTL_NODE @@ -361,42 +442,42 @@ SYSCTL_DECL(_net_inet_ip_alias); static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp, - CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, - "SCTP NAT"); + CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, "SCTP NAT"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_log_level, 0, sysctl_chg_loglevel, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_log_level, 0, + sysctl_chg_loglevel, "IU", "Level of detail (0 - default, 1 - event, 2 - info, 3 - detail, 4 - debug, 5 - max debug)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_init_timer, 0, sysctl_chg_timer, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_init_timer, 0, + sysctl_chg_timer, "IU", "Timeout value (s) while waiting for (INIT-ACK|AddIP-ACK)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_up_timer, 0, sysctl_chg_timer, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_up_timer, 0, + sysctl_chg_timer, "IU", "Timeout value (s) to keep an association up with no traffic"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_shutdown_timer, 0, sysctl_chg_timer, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_shutdown_timer, 0, + sysctl_chg_timer, "IU", "Timeout value (s) while waiting for SHUTDOWN-COMPLETE"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_holddown_timer, 0, sysctl_chg_timer, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_holddown_timer, 0, + sysctl_chg_timer, "IU", "Hold association in table for this many seconds after receiving a SHUTDOWN-COMPLETE"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_hashtable_size, 0, sysctl_chg_hashtable_size, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_hashtable_size, 0, + sysctl_chg_hashtable_size, "IU", "Size of hash tables used for NAT lookups (100 < prime_number > 1000001)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_error_on_ootb, 0, sysctl_chg_error_on_ootb, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_error_on_ootb, 0, + sysctl_chg_error_on_ootb, "IU", "ErrorM sent on receipt of ootb packet:\n\t0 - none,\n" "\t1 - to local only,\n" "\t2 - to local and global if a partial association match,\n" "\t3 - to local and global (DoS risk)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip, CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip, "IU", + &sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip, + "IU", "NAT response to receipt of global OOTB AddIP:\n" "\t0 - No response,\n" "\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)"); @@ -407,13 +488,13 @@ "Number of chunks that should be processed if there is no current " "association found:\n\t > 0 (A high value is a DoS risk)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_chunk_proc_limit, 0, sysctl_chg_chunk_proc_limit, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_chunk_proc_limit, 0, + sysctl_chg_chunk_proc_limit, "IU", "Number of chunks that should be processed to find key chunk:\n" "\t>= initialising_chunk_proc_limit (A high value is a DoS risk)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_param_proc_limit, 0, sysctl_chg_param_proc_limit, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_param_proc_limit, 0, + sysctl_chg_param_proc_limit, "IU", "Number of parameters (in a chunk) that should be processed to find key " "parameters:\n\t> 1 (A high value is a DoS risk)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses, @@ -431,7 +512,8 @@ * Updates the variable sysctl_log_level to the provided value and ensures * it is in the valid range (SN_LOG_LOW -> SN_LOG_DEBUG) */ -int sysctl_chg_loglevel(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_loglevel(SYSCTL_HANDLER_ARGS) { u_int level = *(u_int *)arg1; int error; @@ -447,13 +529,15 @@ } /** @ingroup sysctl - * @brief sysctl callback for changing net.inet.ip.fw.sctp.(init_timer|up_timer|shutdown_timer) + * @brief sysctl callback for changing + * net.inet.ip.fw.sctp.(init_timer|up_timer|shutdown_timer) * * Updates the timer-based sysctl variables. The new values are sanity-checked * to make sure that they are within the range SN_MIN_TIMER-SN_MAX_TIMER. The * holddown timer is allowed to be 0 */ -int sysctl_chg_timer(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_timer(SYSCTL_HANDLER_ARGS) { u_int timer = *(u_int *)arg1; int error; @@ -482,7 +566,8 @@ * if it is prime. We approximate by checking that (2,3,5,7,11) are not factors, * incrementing the user provided value until we find a suitable number. */ -int sysctl_chg_hashtable_size(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_hashtable_size(SYSCTL_HANDLER_ARGS) { u_int size = *(u_int *)arg1; int error; @@ -491,11 +576,16 @@ if (error) return (error); - size = (size < SN_MIN_HASH_SIZE) ? (SN_MIN_HASH_SIZE) : ((size > SN_MAX_HASH_SIZE) ? (SN_MAX_HASH_SIZE) : (size)); + size = (size < SN_MIN_HASH_SIZE) ? + (SN_MIN_HASH_SIZE) : + ((size > SN_MAX_HASH_SIZE) ? (SN_MAX_HASH_SIZE) : (size)); size |= 0x00000001; /* make odd */ - for (;(((size % 3) == 0) || ((size % 5) == 0) || ((size % 7) == 0) || ((size % 11) == 0)); size+=2); + for (; (((size % 3) == 0) || ((size % 5) == 0) || ((size % 7) == 0) || + ((size % 11) == 0)); + size += 2) + ; sysctl_hashtable_size = size; return (0); @@ -511,7 +601,8 @@ * a partial association match * If set to 3, an ErrorM is sent to both local and global sides (DoS) risk. */ -int sysctl_chg_error_on_ootb(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_error_on_ootb(SYSCTL_HANDLER_ARGS) { u_int flag = *(u_int *)arg1; int error; @@ -520,18 +611,21 @@ if (error) return (error); - sysctl_error_on_ootb = (flag > SN_ERROR_ON_OOTB) ? SN_ERROR_ON_OOTB: flag; + sysctl_error_on_ootb = (flag > SN_ERROR_ON_OOTB) ? SN_ERROR_ON_OOTB : + flag; return (0); } /** @ingroup sysctl - * @brief sysctl callback for changing net.inet.ip.alias.sctp.accept_global_ootb_addip + * @brief sysctl callback for changing + * net.inet.ip.alias.sctp.accept_global_ootb_addip * - * If set to 1 the NAT will accept ootb global addip messages for processing (Security risk) - * Default is 0, only responding to local ootb AddIP messages + * If set to 1 the NAT will accept ootb global addip messages for processing + * (Security risk) Default is 0, only responding to local ootb AddIP messages */ -int sysctl_chg_accept_global_ootb_addip(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_accept_global_ootb_addip(SYSCTL_HANDLER_ARGS) { u_int flag = *(u_int *)arg1; int error; @@ -540,19 +634,21 @@ if (error) return (error); - sysctl_accept_global_ootb_addip = (flag == 1) ? 1: 0; + sysctl_accept_global_ootb_addip = (flag == 1) ? 1 : 0; return (0); } /** @ingroup sysctl - * @brief sysctl callback for changing net.inet.ip.alias.sctp.initialising_chunk_proc_limit + * @brief sysctl callback for changing + * net.inet.ip.alias.sctp.initialising_chunk_proc_limit * * Updates the initialising_chunk_proc_limit sysctl variable. Number of chunks * that should be processed if there is no current association found: > 0 (A * high value is a DoS risk) */ -int sysctl_chg_initialising_chunk_proc_limit(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_initialising_chunk_proc_limit(SYSCTL_HANDLER_ARGS) { u_int proclimit = *(u_int *)arg1; int error; @@ -561,9 +657,11 @@ if (error) return (error); - sysctl_initialising_chunk_proc_limit = (proclimit < 1) ? 1: proclimit; - sysctl_chunk_proc_limit = - (sysctl_chunk_proc_limit < sysctl_initialising_chunk_proc_limit) ? sysctl_initialising_chunk_proc_limit : sysctl_chunk_proc_limit; + sysctl_initialising_chunk_proc_limit = (proclimit < 1) ? 1 : proclimit; + sysctl_chunk_proc_limit = (sysctl_chunk_proc_limit < + sysctl_initialising_chunk_proc_limit) ? + sysctl_initialising_chunk_proc_limit : + sysctl_chunk_proc_limit; return (0); } @@ -575,7 +673,8 @@ * Number of chunks that should be processed to find key chunk: * >= initialising_chunk_proc_limit (A high value is a DoS risk) */ -int sysctl_chg_chunk_proc_limit(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_chunk_proc_limit(SYSCTL_HANDLER_ARGS) { u_int proclimit = *(u_int *)arg1; int error; @@ -584,8 +683,10 @@ if (error) return (error); - sysctl_chunk_proc_limit = - (proclimit < sysctl_initialising_chunk_proc_limit) ? sysctl_initialising_chunk_proc_limit : proclimit; + sysctl_chunk_proc_limit = (proclimit < + sysctl_initialising_chunk_proc_limit) ? + sysctl_initialising_chunk_proc_limit : + proclimit; return (0); } @@ -597,7 +698,8 @@ * Number of parameters that should be processed to find key parameters: * > 1 (A high value is a DoS risk) */ -int sysctl_chg_param_proc_limit(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_param_proc_limit(SYSCTL_HANDLER_ARGS) { u_int proclimit = *(u_int *)arg1; int error; @@ -606,20 +708,21 @@ if (error) return (error); - sysctl_param_proc_limit = - (proclimit < 2) ? 2 : proclimit; + sysctl_param_proc_limit = (proclimit < 2) ? 2 : proclimit; return (0); } /** @ingroup sysctl - * @brief sysctl callback for changing net.inet.ip.alias.sctp.track_global_addresses + * @brief sysctl callback for changing + *net.inet.ip.alias.sctp.track_global_addresses * *Configures the global address tracking option within the NAT (0 - Global *tracking is disabled, > 0 - enables tracking but limits the number of global *IP addresses to this value) */ -int sysctl_chg_track_global_addresses(SYSCTL_HANDLER_ARGS) +int +sysctl_chg_track_global_addresses(SYSCTL_HANDLER_ARGS) { u_int num_to_track = *(u_int *)arg1; int error; @@ -628,7 +731,10 @@ if (error) return (error); - sysctl_track_global_addresses = (num_to_track > SN_MAX_GLOBAL_ADDRESSES) ? SN_MAX_GLOBAL_ADDRESSES : num_to_track; + sysctl_track_global_addresses = (num_to_track > + SN_MAX_GLOBAL_ADDRESSES) ? + SN_MAX_GLOBAL_ADDRESSES : + num_to_track; return (0); } @@ -652,10 +758,15 @@ int i; la->sctpNatTableSize = sysctl_hashtable_size; SN_LOG(SN_LOG_EVENT, - SctpAliasLog("Initialising SCTP NAT Instance (hash_table_size:%d)\n", la->sctpNatTableSize)); - la->sctpTableLocal = sn_calloc(la->sctpNatTableSize, sizeof(struct sctpNatTableL)); - la->sctpTableGlobal = sn_calloc(la->sctpNatTableSize, sizeof(struct sctpNatTableG)); - la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct sctpTimerQ)); + SctpAliasLog( + "Initialising SCTP NAT Instance (hash_table_size:%d)\n", + la->sctpNatTableSize)); + la->sctpTableLocal = sn_calloc(la->sctpNatTableSize, + sizeof(struct sctpNatTableL)); + la->sctpTableGlobal = sn_calloc(la->sctpNatTableSize, + sizeof(struct sctpNatTableG)); + la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, + sizeof(struct sctpTimerQ)); /* Initialise hash table */ for (i = 0; i < la->sctpNatTableSize; i++) { LIST_INIT(&la->sctpTableLocal[i]); @@ -666,9 +777,10 @@ for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) LIST_INIT(&la->sctpNatTimer.TimerQ[i]); #ifdef _KERNEL - la->sctpNatTimer.loc_time=time_uptime; /* LibAliasTime is not set yet */ + la->sctpNatTimer.loc_time = + time_uptime; /* LibAliasTime is not set yet */ #else - la->sctpNatTimer.loc_time=LibAliasTime; + la->sctpNatTimer.loc_time = LibAliasTime; #endif la->sctpNatTimer.cur_loc = 0; la->sctpLinkCount = 0; @@ -690,11 +802,10 @@ AliasSctpTerm(struct libalias *la) { struct sctp_nat_assoc *assoc1, *assoc2; - int i; + int i; LIBALIAS_LOCK_ASSERT(la); - SN_LOG(SN_LOG_EVENT, - SctpAliasLog("Removing SCTP NAT Instance\n")); + SN_LOG(SN_LOG_EVENT, SctpAliasLog("Removing SCTP NAT Instance\n")); for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) { assoc1 = LIST_FIRST(&la->sctpNatTimer.TimerQ[i]); while (assoc1 != NULL) { @@ -748,7 +859,8 @@ sctp_CheckTimers(la); /* Check timers */ /* Parse the packet */ - rtnval = sctp_PktParser(la, direction, pip, &msg, &assoc); //using *char (change to mbuf when get code from paolo) + rtnval = sctp_PktParser(la, direction, pip, &msg, + &assoc); // using *char (change to mbuf when get code from paolo) switch (rtnval) { case SN_PARSE_OK: break; @@ -762,40 +874,41 @@ break; } SN_LOG(SN_LOG_EVENT, - logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction)); + logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, + direction)); return (PKT_ALIAS_ERROR); case SN_PARSE_ERROR_PARTIALLOOKUP: if (sysctl_error_on_ootb > SN_LOCALandPARTIAL_ERROR_ON_OOTB) { SN_LOG(SN_LOG_EVENT, - logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction)); + logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, + rtnval, direction)); return (PKT_ALIAS_ERROR); } case SN_PARSE_ERROR_LOOKUP: if (sysctl_error_on_ootb == SN_ERROR_ON_OOTB || - (sysctl_error_on_ootb == SN_LOCALandPARTIAL_ERROR_ON_OOTB && direction == SN_TO_LOCAL) || - (sysctl_error_on_ootb == SN_LOCAL_ERROR_ON_OOTB && direction == SN_TO_GLOBAL)) { - TxAbortErrorM(la, &msg, assoc, SN_REFLECT_ERROR, direction); /*NB assoc=NULL */ + (sysctl_error_on_ootb == SN_LOCALandPARTIAL_ERROR_ON_OOTB && + direction == SN_TO_LOCAL) || + (sysctl_error_on_ootb == SN_LOCAL_ERROR_ON_OOTB && + direction == SN_TO_GLOBAL)) { + TxAbortErrorM(la, &msg, assoc, SN_REFLECT_ERROR, + direction); /*NB assoc=NULL */ return (PKT_ALIAS_RESPOND); } default: SN_LOG(SN_LOG_EVENT, - logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction)); + logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, + direction)); return (PKT_ALIAS_ERROR); } - SN_LOG(SN_LOG_DETAIL, - logsctpassoc(assoc, "*"); - logsctpparse(direction, &msg); - ); + SN_LOG(SN_LOG_DETAIL, logsctpassoc(assoc, "*"); + logsctpparse(direction, &msg);); /* Process the SCTP message */ rtnval = ProcessSctpMsg(la, direction, &msg, assoc); - SN_LOG(SN_LOG_DEBUG_MAX, - logsctpassoc(assoc, "-"); - logSctpLocal(la); - logSctpGlobal(la); - ); + SN_LOG(SN_LOG_DEBUG_MAX, logsctpassoc(assoc, "-"); logSctpLocal(la); + logSctpGlobal(la);); SN_LOG(SN_LOG_DEBUG, logTimerQ(la)); switch (rtnval) { @@ -804,21 +917,29 @@ case SN_TO_LOCAL: DifferentialChecksum(&(msg.ip_hdr->ip_sum), &(assoc->l_addr), &(msg.ip_hdr->ip_dst), 2); - msg.ip_hdr->ip_dst = assoc->l_addr; /* change dst address to local address*/ + msg.ip_hdr->ip_dst = + assoc->l_addr; /* change dst address to local + address*/ break; case SN_TO_GLOBAL: DifferentialChecksum(&(msg.ip_hdr->ip_sum), - &(assoc->a_addr), &(msg.ip_hdr->ip_src), 2); - msg.ip_hdr->ip_src = assoc->a_addr; /* change src to alias addr*/ + &(assoc->a_addr), &(msg.ip_hdr->ip_src), 2); + msg.ip_hdr->ip_src = + assoc->a_addr; /* change src to alias addr*/ break; default: - rtnval = SN_DROP_PKT; /* shouldn't get here, but if it does drop packet */ - SN_LOG(SN_LOG_LOW, logsctperror("ERROR: Invalid direction", msg.sctp_hdr->v_tag, rtnval, direction)); + rtnval = SN_DROP_PKT; /* shouldn't get here, but if it + does drop packet */ + SN_LOG(SN_LOG_LOW, + logsctperror("ERROR: Invalid direction", + msg.sctp_hdr->v_tag, rtnval, direction)); break; } break; case SN_DROP_PKT: - SN_LOG(SN_LOG_DETAIL, logsctperror("SN_DROP_PKT", msg.sctp_hdr->v_tag, rtnval, direction)); + SN_LOG(SN_LOG_DETAIL, + logsctperror("SN_DROP_PKT", msg.sctp_hdr->v_tag, rtnval, + direction)); break; case SN_REPLY_ABORT: case SN_REPLY_ERROR: @@ -826,9 +947,12 @@ TxAbortErrorM(la, &msg, assoc, rtnval, direction); break; default: - // big error, remove association and go to idle and write log messages - SN_LOG(SN_LOG_LOW, logsctperror("SN_PROCESSING_ERROR", msg.sctp_hdr->v_tag, rtnval, direction)); - assoc->state = SN_RM;/* Mark for removal*/ + // big error, remove association and go to idle and write log + // messages + SN_LOG(SN_LOG_LOW, + logsctperror("SN_PROCESSING_ERROR", msg.sctp_hdr->v_tag, + rtnval, direction)); + assoc->state = SN_RM; /* Mark for removal*/ break; } @@ -875,8 +999,8 @@ * up-state is a Heartbeat packet, which is big enough to be transformed to an * ErrorM. * - * We create a temporary character array to store the packet as we are constructing - * it. We then populate the array with appropriate values based on: + * We create a temporary character array to store the packet as we are + * constructing it. We then populate the array with appropriate values based on: * - Packet type (AbortM | ErrorM) * - Initial packet direction (SN_TO_LOCAL | SN_TO_GLOBAL) * - NAT response (Send packet | Reply packet) @@ -928,24 +1052,29 @@ } static void -TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int sndrply, int direction) +TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, + struct sctp_nat_assoc *assoc, int sndrply, int direction) { - int sctp_size = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_error_cause); + int sctp_size = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + + sizeof(struct sctp_error_cause); int ip_size = sizeof(struct ip) + sctp_size; int include_error_cause = 1; char tmp_ip[ip_size]; char addrbuf[INET_ADDRSTRLEN]; - if (ntohs(sm->ip_hdr->ip_len) < ip_size) { /* short packet, cannot send error cause */ + if (ntohs(sm->ip_hdr->ip_len) < + ip_size) { /* short packet, cannot send error cause */ include_error_cause = 0; - ip_size = ip_size - sizeof(struct sctp_error_cause); - sctp_size = sctp_size - sizeof(struct sctp_error_cause); + ip_size = ip_size - sizeof(struct sctp_error_cause); + sctp_size = sctp_size - sizeof(struct sctp_error_cause); } /* Assign header pointers packet */ - struct ip* ip = (struct ip *) tmp_ip; - struct sctphdr* sctp_hdr = (struct sctphdr *) ((char *) ip + sizeof(*ip)); - struct sctp_chunkhdr* chunk_hdr = (struct sctp_chunkhdr *) ((char *) sctp_hdr + sizeof(*sctp_hdr)); - struct sctp_error_cause* error_cause = (struct sctp_error_cause *) ((char *) chunk_hdr + sizeof(*chunk_hdr)); + struct ip *ip = (struct ip *)tmp_ip; + struct sctphdr *sctp_hdr = (struct sctphdr *)((char *)ip + sizeof(*ip)); + struct sctp_chunkhdr *chunk_hdr = + (struct sctp_chunkhdr *)((char *)sctp_hdr + sizeof(*sctp_hdr)); + struct sctp_error_cause *error_cause = + (struct sctp_error_cause *)((char *)chunk_hdr + sizeof(*chunk_hdr)); /* construct ip header */ ip->ip_v = sm->ip_hdr->ip_v; @@ -957,17 +1086,23 @@ ip->ip_ttl = 255; ip->ip_p = IPPROTO_SCTP; /* - The definitions below should be removed when they make it into the SCTP stack + The definitions below should be removed when they make it into the + SCTP stack */ -#define SCTP_MIDDLEBOX_FLAG 0x02 +#define SCTP_MIDDLEBOX_FLAG 0x02 #define SCTP_NAT_TABLE_COLLISION 0x00b0 -#define SCTP_MISSING_NAT 0x00b1 - chunk_hdr->chunk_type = (sndrply & SN_TX_ABORT) ? SCTP_ABORT_ASSOCIATION : SCTP_OPERATION_ERROR; +#define SCTP_MISSING_NAT 0x00b1 + chunk_hdr->chunk_type = (sndrply & SN_TX_ABORT) ? + SCTP_ABORT_ASSOCIATION : + SCTP_OPERATION_ERROR; chunk_hdr->chunk_flags = SCTP_MIDDLEBOX_FLAG; if (include_error_cause) { - error_cause->code = htons((sndrply & SN_REFLECT_ERROR) ? SCTP_MISSING_NAT : SCTP_NAT_TABLE_COLLISION); + error_cause->code = htons((sndrply & SN_REFLECT_ERROR) ? + SCTP_MISSING_NAT : + SCTP_NAT_TABLE_COLLISION); error_cause->length = htons(sizeof(struct sctp_error_cause)); - chunk_hdr->chunk_length = htons(sizeof(*chunk_hdr) + sizeof(struct sctp_error_cause)); + chunk_hdr->chunk_length = htons( + sizeof(*chunk_hdr) + sizeof(struct sctp_error_cause)); } else { chunk_hdr->chunk_length = htons(sizeof(*chunk_hdr)); } @@ -979,7 +1114,8 @@ sctp_hdr->v_tag = sm->sctp_hdr->v_tag; break; case SN_REPLY_ERROR: - sctp_hdr->v_tag = (direction == SN_TO_LOCAL) ? assoc->g_vtag : assoc->l_vtag ; + sctp_hdr->v_tag = (direction == SN_TO_LOCAL) ? assoc->g_vtag : + assoc->l_vtag; break; case SN_SEND_ABORT: sctp_hdr->v_tag = sm->sctp_hdr->v_tag; @@ -991,8 +1127,10 @@ /* Set send/reply values */ if (sndrply == SN_SEND_ABORT) { /*pass through NAT */ - ip->ip_src = (direction == SN_TO_LOCAL) ? sm->ip_hdr->ip_src : assoc->a_addr; - ip->ip_dst = (direction == SN_TO_LOCAL) ? assoc->l_addr : sm->ip_hdr->ip_dst; + ip->ip_src = (direction == SN_TO_LOCAL) ? sm->ip_hdr->ip_src : + assoc->a_addr; + ip->ip_dst = (direction == SN_TO_LOCAL) ? assoc->l_addr : + sm->ip_hdr->ip_dst; sctp_hdr->src_port = sm->sctp_hdr->src_port; sctp_hdr->dest_port = sm->sctp_hdr->dest_port; } else { /* reply and reflect */ @@ -1007,17 +1145,19 @@ /* calculate SCTP header CRC32 */ sctp_hdr->checksum = 0; - sctp_hdr->checksum = local_sctp_finalize_crc32(calculate_crc32c(0xffffffff, (unsigned char *) sctp_hdr, sctp_size)); + sctp_hdr->checksum = local_sctp_finalize_crc32( + calculate_crc32c(0xffffffff, (unsigned char *)sctp_hdr, sctp_size)); memcpy(sm->ip_hdr, ip, ip_size); - SN_LOG(SN_LOG_EVENT,SctpAliasLog("%s %s 0x%x (->%s:%u vtag=0x%x crc=0x%x)\n", - ((sndrply == SN_SEND_ABORT) ? "Sending" : "Replying"), - ((sndrply & SN_TX_ERROR) ? "ErrorM" : "AbortM"), - (include_error_cause ? ntohs(error_cause->code) : 0), - inet_ntoa_r(ip->ip_dst, INET_NTOA_BUF(addrbuf)), - ntohs(sctp_hdr->dest_port), - ntohl(sctp_hdr->v_tag), ntohl(sctp_hdr->checksum))); + SN_LOG(SN_LOG_EVENT, + SctpAliasLog("%s %s 0x%x (->%s:%u vtag=0x%x crc=0x%x)\n", + ((sndrply == SN_SEND_ABORT) ? "Sending" : "Replying"), + ((sndrply & SN_TX_ERROR) ? "ErrorM" : "AbortM"), + (include_error_cause ? ntohs(error_cause->code) : 0), + inet_ntoa_r(ip->ip_dst, INET_NTOA_BUF(addrbuf)), + ntohs(sctp_hdr->dest_port), ntohl(sctp_hdr->v_tag), + ntohl(sctp_hdr->checksum))); } /* ---------------------------------------------------------------------- @@ -1048,7 +1188,8 @@ static int sctp_PktParser(struct libalias *la, int direction, struct ip *pip, struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc) -//sctp_PktParser(int direction, struct mbuf *ipak, int ip_hdr_len,struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc) +// sctp_PktParser(int direction, struct mbuf *ipak, int ip_hdr_len,struct +// sctp_nat_msg *sm, struct sctp_nat_assoc *assoc) { struct sctphdr *sctp_hdr; struct sctp_chunkhdr *chunk_hdr; @@ -1062,15 +1203,16 @@ // int mlen; // mlen = SCTP_HEADER_LEN(i_pak); - // mp = SCTP_HEADER_TO_CHAIN(i_pak); /* does nothing in bsd since header and chain not separate */ + // mp = SCTP_HEADER_TO_CHAIN(i_pak); /* does nothing in bsd since + // header and chain not separate */ /* * Note, that if the VTag is zero, it must be an INIT * Also, I am only interested in the content of INIT and ADDIP chunks */ - sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/ - sm->chunk_length = 0; /* only care about length for key chunks */ + sm->msg = SN_SCTP_OTHER; /* Initialise to largest value*/ + sm->chunk_length = 0; /* only care about length for key chunks */ // no mbuf stuff from Paolo yet so ... sm->ip_hdr = pip; /* remove ip header length from the bytes_left */ @@ -1082,22 +1224,27 @@ return (SN_PARSE_ERROR_IPSHL); /* packet not long enough*/ } - sm->sctp_hdr = sctp_hdr = (struct sctphdr *) ip_next(pip); + sm->sctp_hdr = sctp_hdr = (struct sctphdr *)ip_next(pip); bytes_left -= sizeof(struct sctphdr); - /* Check for valid ports (zero valued ports would find partially initialised associations */ + /* Check for valid ports (zero valued ports would find partially + * initialised associations */ if (sctp_hdr->src_port == 0 || sctp_hdr->dest_port == 0) return (SN_PARSE_ERROR_PORT); /* Check length of first chunk */ - if (bytes_left < SN_MIN_CHUNK_SIZE) /* malformed chunk - could cause endless loop*/ - return (SN_PARSE_ERROR_CHHL); /* packet not long enough for this chunk */ + if (bytes_left < + SN_MIN_CHUNK_SIZE) /* malformed chunk - could cause endless loop*/ + return (SN_PARSE_ERROR_CHHL); /* packet not long enough for this + chunk */ /* First chunk */ chunk_hdr = SN_SCTP_FIRSTCHUNK(sctp_hdr); chunk_length = SCTP_SIZE32(ntohs(chunk_hdr->chunk_length)); - if ((chunk_length < SN_MIN_CHUNK_SIZE) || (chunk_length > bytes_left)) /* malformed chunk - could cause endless loop*/ + if ((chunk_length < SN_MIN_CHUNK_SIZE) || + (chunk_length > + bytes_left)) /* malformed chunk - could cause endless loop*/ return (SN_PARSE_ERROR_CHHL); if ((chunk_hdr->chunk_flags & SCTP_HAD_NO_TCB) && @@ -1105,15 +1252,23 @@ (chunk_hdr->chunk_type == SCTP_SHUTDOWN_COMPLETE))) { /* T-Bit set */ if (direction == SN_TO_LOCAL) - *passoc = FindSctpGlobalT(la, pip->ip_src, sctp_hdr->v_tag, sctp_hdr->dest_port, sctp_hdr->src_port); + *passoc = FindSctpGlobalT(la, pip->ip_src, + sctp_hdr->v_tag, sctp_hdr->dest_port, + sctp_hdr->src_port); else - *passoc = FindSctpLocalT(la, pip->ip_dst, sctp_hdr->v_tag, sctp_hdr->dest_port, sctp_hdr->src_port); + *passoc = FindSctpLocalT(la, pip->ip_dst, + sctp_hdr->v_tag, sctp_hdr->dest_port, + sctp_hdr->src_port); } else { /* Proper v_tag settings */ if (direction == SN_TO_LOCAL) - *passoc = FindSctpGlobal(la, pip->ip_src, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port, &partial_match); + *passoc = FindSctpGlobal(la, pip->ip_src, + sctp_hdr->v_tag, sctp_hdr->src_port, + sctp_hdr->dest_port, &partial_match); else - *passoc = FindSctpLocal(la, pip->ip_src, pip->ip_dst, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port); + *passoc = FindSctpLocal(la, pip->ip_src, pip->ip_dst, + sctp_hdr->v_tag, sctp_hdr->src_port, + sctp_hdr->dest_port); } chunk_count = 1; @@ -1121,21 +1276,34 @@ while (IS_SCTP_CONTROL(chunk_hdr)) { switch (chunk_hdr->chunk_type) { case SCTP_INITIATION: - if (chunk_length < sizeof(struct sctp_init_chunk)) /* malformed chunk*/ + if (chunk_length < + sizeof(struct sctp_init_chunk)) /* malformed chunk*/ return (SN_PARSE_ERROR_CHHL); sm->msg = SN_SCTP_INIT; - sm->sctpchnk.Init = (struct sctp_init *) ((char *) chunk_hdr + sizeof(struct sctp_chunkhdr)); + sm->sctpchnk.Init = + (struct sctp_init *)((char *)chunk_hdr + + sizeof(struct sctp_chunkhdr)); sm->chunk_length = chunk_length; /* if no existing association, create a new one */ if (*passoc == NULL) { - if (sctp_hdr->v_tag == 0) { //Init requires vtag=0 - *passoc = (struct sctp_nat_assoc *) sn_malloc(sizeof(struct sctp_nat_assoc)); - if (*passoc == NULL) {/* out of resources */ - return (SN_PARSE_ERROR_AS_MALLOC); + if (sctp_hdr->v_tag == + 0) { // Init requires vtag=0 + *passoc = (struct sctp_nat_assoc *) + sn_malloc( + sizeof(struct sctp_nat_assoc)); + if (*passoc == + NULL) { /* out of resources */ + return ( + SN_PARSE_ERROR_AS_MALLOC); } - /* Initialize association - sn_malloc initializes memory to zeros */ + /* Initialize association - sn_malloc + * initializes memory to zeros */ (*passoc)->state = SN_ID; - LIST_INIT(&((*passoc)->Gaddr)); /* always initialise to avoid memory problems */ + LIST_INIT(&( + (*passoc) + ->Gaddr)); /* always initialise + to avoid memory + problems */ (*passoc)->TableRegister = SN_NULL_TBL; return (SN_PARSE_OK); } @@ -1143,63 +1311,133 @@ } return (SN_PARSE_ERROR_LOOKUP); case SCTP_INITIATION_ACK: - if (chunk_length < sizeof(struct sctp_init_ack_chunk)) /* malformed chunk*/ + if (chunk_length < + sizeof(struct sctp_init_ack_chunk)) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); sm->msg = SN_SCTP_INITACK; - sm->sctpchnk.InitAck = (struct sctp_init_ack *) ((char *) chunk_hdr + sizeof(struct sctp_chunkhdr)); + sm->sctpchnk.InitAck = + (struct sctp_init_ack *)((char *)chunk_hdr + + sizeof(struct sctp_chunkhdr)); sm->chunk_length = chunk_length; - return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK)); - case SCTP_ABORT_ASSOCIATION: /* access only minimum sized chunk */ + return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : + (SN_PARSE_OK)); + case SCTP_ABORT_ASSOCIATION: /* access only minimum sized chunk + */ sm->msg = SN_SCTP_ABORT; sm->chunk_length = chunk_length; - return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP_ABORT) : (SN_PARSE_OK)); + return ((*passoc == NULL) ? + (SN_PARSE_ERROR_LOOKUP_ABORT) : + (SN_PARSE_OK)); case SCTP_SHUTDOWN_ACK: - if (chunk_length < sizeof(struct sctp_shutdown_ack_chunk)) /* malformed chunk*/ + if (chunk_length < + sizeof(struct sctp_shutdown_ack_chunk)) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); if (sm->msg > SN_SCTP_SHUTACK) { sm->msg = SN_SCTP_SHUTACK; sm->chunk_length = chunk_length; } break; - case SCTP_SHUTDOWN_COMPLETE: /* minimum sized chunk */ + case SCTP_SHUTDOWN_COMPLETE: /* minimum sized chunk */ if (sm->msg > SN_SCTP_SHUTCOMP) { sm->msg = SN_SCTP_SHUTCOMP; sm->chunk_length = chunk_length; } - return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK)); + return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : + (SN_PARSE_OK)); case SCTP_ASCONF: if (sm->msg > SN_SCTP_ASCONF) { - if (chunk_length < (sizeof(struct sctp_asconf_chunk) + sizeof(struct sctp_ipv4addr_param))) /* malformed chunk*/ + if (chunk_length < + (sizeof(struct sctp_asconf_chunk) + + sizeof(struct + sctp_ipv4addr_param))) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); - //leave parameter searching to later, if required - param_hdr = (struct sctp_paramhdr *) ((char *) chunk_hdr + sizeof(struct sctp_asconf_chunk)); /*compulsory IP parameter*/ - if (ntohs(param_hdr->param_type) == SCTP_IPV4_ADDRESS) { - if ((*passoc == NULL) && (direction == SN_TO_LOCAL)) { /* AddIP with no association */ - /* try look up with the ASCONF packet's alternative address */ - ipv4addr.s_addr = ((struct sctp_ipv4addr_param *) param_hdr)->addr; - *passoc = FindSctpGlobal(la, ipv4addr, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port, &partial_match); + // leave parameter searching to later, if + // required + param_hdr = + (struct sctp_paramhdr *)((char *)chunk_hdr + + sizeof(struct + sctp_asconf_chunk)); /*compulsory IP + parameter*/ + if (ntohs(param_hdr->param_type) == + SCTP_IPV4_ADDRESS) { + if ((*passoc == NULL) && + (direction == + SN_TO_LOCAL)) { /* AddIP with no + association + */ + /* try look up with the ASCONF + * packet's alternative address + */ + ipv4addr.s_addr = + ((struct sctp_ipv4addr_param + *)param_hdr) + ->addr; + *passoc = FindSctpGlobal(la, + ipv4addr, sctp_hdr->v_tag, + sctp_hdr->src_port, + sctp_hdr->dest_port, + &partial_match); } - param_hdr = (struct sctp_paramhdr *) - ((char *) param_hdr + sizeof(struct sctp_ipv4addr_param)); /*asconf's compulsory address parameter */ - sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_chunk) - sizeof(struct sctp_ipv4addr_param); /* rest of chunk */ + param_hdr = (struct sctp_paramhdr + *)((char *)param_hdr + + sizeof(struct + sctp_ipv4addr_param)); /*asconf's + compulsory + address + parameter + */ + sm->chunk_length = chunk_length - + sizeof(struct sctp_asconf_chunk) - + sizeof(struct + sctp_ipv4addr_param); /* rest of + chunk + */ } else { - if (chunk_length < (sizeof(struct sctp_asconf_chunk) + sizeof(struct sctp_ipv6addr_param))) /* malformed chunk*/ + if (chunk_length < + (sizeof(struct sctp_asconf_chunk) + + sizeof(struct + sctp_ipv6addr_param))) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); - param_hdr = (struct sctp_paramhdr *) - ((char *) param_hdr + sizeof(struct sctp_ipv6addr_param)); /*asconf's compulsory address parameter */ - sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_chunk) - sizeof(struct sctp_ipv6addr_param); /* rest of chunk */ + param_hdr = (struct sctp_paramhdr + *)((char *)param_hdr + + sizeof(struct + sctp_ipv6addr_param)); /*asconf's + compulsory + address + parameter + */ + sm->chunk_length = chunk_length - + sizeof(struct sctp_asconf_chunk) - + sizeof(struct + sctp_ipv6addr_param); /* rest of + chunk + */ } sm->msg = SN_SCTP_ASCONF; sm->sctpchnk.Asconf = param_hdr; - if (*passoc == NULL) { /* AddIP with no association */ - *passoc = (struct sctp_nat_assoc *) sn_malloc(sizeof(struct sctp_nat_assoc)); - if (*passoc == NULL) {/* out of resources */ - return (SN_PARSE_ERROR_AS_MALLOC); + if (*passoc == + NULL) { /* AddIP with no association */ + *passoc = (struct sctp_nat_assoc *) + sn_malloc( + sizeof(struct sctp_nat_assoc)); + if (*passoc == + NULL) { /* out of resources */ + return ( + SN_PARSE_ERROR_AS_MALLOC); } - /* Initialize association - sn_malloc initializes memory to zeros */ + /* Initialize association - sn_malloc + * initializes memory to zeros */ (*passoc)->state = SN_ID; - LIST_INIT(&((*passoc)->Gaddr)); /* always initialise to avoid memory problems */ + LIST_INIT(&( + (*passoc) + ->Gaddr)); /* always initialise + to avoid memory + problems */ (*passoc)->TableRegister = SN_NULL_TBL; return (SN_PARSE_OK); } @@ -1207,47 +1445,61 @@ break; case SCTP_ASCONF_ACK: if (sm->msg > SN_SCTP_ASCONFACK) { - if (chunk_length < sizeof(struct sctp_asconf_ack_chunk)) /* malformed chunk*/ + if (chunk_length < + sizeof(struct + sctp_asconf_ack_chunk)) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); - //leave parameter searching to later, if required - param_hdr = (struct sctp_paramhdr *) ((char *) chunk_hdr - + sizeof(struct sctp_asconf_ack_chunk)); + // leave parameter searching to later, if + // required + param_hdr = + (struct sctp_paramhdr *)((char *)chunk_hdr + + sizeof(struct sctp_asconf_ack_chunk)); sm->msg = SN_SCTP_ASCONFACK; sm->sctpchnk.Asconf = param_hdr; - sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_ack_chunk); + sm->chunk_length = chunk_length - + sizeof(struct sctp_asconf_ack_chunk); } break; default: break; /* do nothing*/ } - /* if no association is found exit - we need to find an Init or AddIP within sysctl_initialising_chunk_proc_limit */ - if ((*passoc == NULL) && (chunk_count >= sysctl_initialising_chunk_proc_limit)) + /* if no association is found exit - we need to find an Init or + * AddIP within sysctl_initialising_chunk_proc_limit */ + if ((*passoc == NULL) && + (chunk_count >= sysctl_initialising_chunk_proc_limit)) return (SN_PARSE_ERROR_LOOKUP); /* finished with this chunk, on to the next chunk*/ - bytes_left-= chunk_length; + bytes_left -= chunk_length; /* Is this the end of the packet ? */ if (bytes_left == 0) - return (*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK); + return (*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : + (SN_PARSE_OK); - /* Are there enough bytes in packet to at least retrieve length of next chunk ? */ + /* Are there enough bytes in packet to at least retrieve length + * of next chunk ? */ if (bytes_left < SN_MIN_CHUNK_SIZE) return (SN_PARSE_ERROR_CHHL); chunk_hdr = SN_SCTP_NEXTCHUNK(chunk_hdr); - /* Is the chunk long enough to not cause endless look and are there enough bytes in packet to read the chunk ? */ + /* Is the chunk long enough to not cause endless look and are + * there enough bytes in packet to read the chunk ? */ chunk_length = SCTP_SIZE32(ntohs(chunk_hdr->chunk_length)); - if ((chunk_length < SN_MIN_CHUNK_SIZE) || (chunk_length > bytes_left)) + if ((chunk_length < SN_MIN_CHUNK_SIZE) || + (chunk_length > bytes_left)) return (SN_PARSE_ERROR_CHHL); if (++chunk_count > sysctl_chunk_proc_limit) - return (SN_PARSE_OK); /* limit for processing chunks, take what we get */ + return (SN_PARSE_OK); /* limit for processing chunks, + take what we get */ } if (*passoc == NULL) - return (partial_match) ? (SN_PARSE_ERROR_PARTIALLOOKUP) : (SN_PARSE_ERROR_LOOKUP); + return (partial_match) ? (SN_PARSE_ERROR_PARTIALLOOKUP) : + (SN_PARSE_ERROR_LOOKUP); else return (SN_PARSE_OK); } @@ -1263,19 +1515,22 @@ * * @param la Pointer to the relevant libalias instance * @param sm Pointer to sctp message information - * @param l_vtag Pointer to the local vtag in the association this SCTP Message belongs to - * @param g_vtag Pointer to the local vtag in the association this SCTP Message belongs to + * @param l_vtag Pointer to the local vtag in the association this SCTP Message + * belongs to + * @param g_vtag Pointer to the local vtag in the association this SCTP Message + * belongs to * @param direction SN_TO_LOCAL | SN_TO_GLOBAL * * @return 1 - success | 0 - fail */ static int -GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, uint32_t *g_vtag, int direction) +GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, + uint32_t *g_vtag, int direction) { /* To be removed when information is in the sctp headers */ #define SCTP_VTAG_PARAM 0xC007 struct sctp_vtag_param { - struct sctp_paramhdr ph;/* type=SCTP_VTAG_PARAM */ + struct sctp_paramhdr ph; /* type=SCTP_VTAG_PARAM */ uint32_t local_vtag; uint32_t remote_vtag; } __attribute__((packed)); @@ -1291,13 +1546,15 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); bytes_left = sm->chunk_length; /* step through Asconf parameters */ - while((bytes_left >= param_size) && (bytes_left >= SN_VTAG_PARAM_SIZE)) { + while ( + (bytes_left >= param_size) && (bytes_left >= SN_VTAG_PARAM_SIZE)) { if (ntohs(param->param_type) == SCTP_VTAG_PARAM) { - vtag_param = (struct sctp_vtag_param *) param; + vtag_param = (struct sctp_vtag_param *)param; switch (direction) { - /* The Internet draft is a little ambigious as to order of these vtags. - We think it is this way around. If we are wrong, the order will need - to be changed. */ + /* The Internet draft is a little ambigious as + to order of these vtags. We think it is this + way around. If we are wrong, the order will + need to be changed. */ case SN_TO_GLOBAL: *g_vtag = vtag_param->local_vtag; *l_vtag = vtag_param->remote_vtag; @@ -1318,8 +1575,10 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded (GetAsconfVtags)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded (GetAsconfVtags)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); return (0); /* not found limit exceeded*/ } } @@ -1338,12 +1597,13 @@ * */ static void -AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction) +AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, + int direction) { struct sctp_ipv4addr_param *ipv4_param; struct sctp_paramhdr *param = NULL; struct sctp_GlobalAddress *G_Addr; - struct in_addr g_addr = {0}; + struct in_addr g_addr = { 0 }; int bytes_left = 0; int param_size; int param_count, addr_param_count = 0; @@ -1358,12 +1618,18 @@ param_count = 1; switch (sm->msg) { case SN_SCTP_INIT: - bytes_left = sm->chunk_length - sizeof(struct sctp_init_chunk); - param = (struct sctp_paramhdr *)((char *)sm->sctpchnk.Init + sizeof(struct sctp_init)); + bytes_left = sm->chunk_length - + sizeof(struct sctp_init_chunk); + param = + (struct sctp_paramhdr *)((char *)sm->sctpchnk.Init + + sizeof(struct sctp_init)); break; case SN_SCTP_INITACK: - bytes_left = sm->chunk_length - sizeof(struct sctp_init_ack_chunk); - param = (struct sctp_paramhdr *)((char *)sm->sctpchnk.InitAck + sizeof(struct sctp_init_ack)); + bytes_left = sm->chunk_length - + sizeof(struct sctp_init_ack_chunk); + param = (struct sctp_paramhdr *)((char *)sm->sctpchnk + .InitAck + + sizeof(struct sctp_init_ack)); break; case SN_SCTP_ASCONF: bytes_left = sm->chunk_length; @@ -1374,65 +1640,88 @@ if (bytes_left >= SN_MIN_PARAM_SIZE) param_size = SCTP_SIZE32(ntohs(param->param_length)); else - param_size = bytes_left+1; /* force skip loop */ - - if ((assoc->state == SN_ID) && ((sm->msg == SN_SCTP_INIT) || (bytes_left < SN_MIN_PARAM_SIZE))) {/* add pkt address */ - G_Addr = (struct sctp_GlobalAddress *) sn_malloc(sizeof(struct sctp_GlobalAddress)); - if (G_Addr == NULL) {/* out of resources */ + param_size = bytes_left + 1; /* force skip loop */ + + if ((assoc->state == SN_ID) && + ((sm->msg == SN_SCTP_INIT) || + (bytes_left < SN_MIN_PARAM_SIZE))) { /* add pkt address */ + G_Addr = (struct sctp_GlobalAddress *)sn_malloc( + sizeof(struct sctp_GlobalAddress)); + if (G_Addr == NULL) { /* out of resources */ SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: No resources for adding global address - revert to no tracking", - sm->sctp_hdr->v_tag, 0, direction)); - assoc->num_Gaddr = 0; /* don't track any more for this assoc*/ - sysctl_track_global_addresses=0; + logsctperror( + "AddGlobalIPAddress: No resources for adding global address - revert to no tracking", + sm->sctp_hdr->v_tag, 0, direction)); + assoc->num_Gaddr = + 0; /* don't track any more for this assoc*/ + sysctl_track_global_addresses = 0; return; } G_Addr->g_addr = g_addr; if (!Add_Global_Address_to_List(assoc, G_Addr)) SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: Address already in list", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); + logsctperror( + "AddGlobalIPAddress: Address already in list", + sm->sctp_hdr->v_tag, assoc->num_Gaddr, + direction)); } /* step through parameters */ - while((bytes_left >= param_size) && (bytes_left >= sizeof(struct sctp_ipv4addr_param))) { + while ((bytes_left >= param_size) && + (bytes_left >= sizeof(struct sctp_ipv4addr_param))) { if (assoc->num_Gaddr >= sysctl_track_global_addresses) { SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: Maximum Number of addresses reached", - sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction)); + logsctperror( + "AddGlobalIPAddress: Maximum Number of addresses reached", + sm->sctp_hdr->v_tag, + sysctl_track_global_addresses, direction)); return; } switch (ntohs(param->param_type)) { case SCTP_ADD_IP_ADDRESS: - /* skip to address parameter - leave param_size so bytes left will be calculated properly*/ - param = (struct sctp_paramhdr *) &((struct sctp_asconf_addrv4_param *) param)->addrp; + /* skip to address parameter - leave param_size so bytes + * left will be calculated properly*/ + param = (struct sctp_paramhdr *)&( + (struct sctp_asconf_addrv4_param *)param) + ->addrp; /* FALLTHROUGH */ case SCTP_IPV4_ADDRESS: - ipv4_param = (struct sctp_ipv4addr_param *) param; + ipv4_param = (struct sctp_ipv4addr_param *)param; /* add addresses to association */ - G_Addr = (struct sctp_GlobalAddress *) sn_malloc(sizeof(struct sctp_GlobalAddress)); - if (G_Addr == NULL) {/* out of resources */ + G_Addr = (struct sctp_GlobalAddress *)sn_malloc( + sizeof(struct sctp_GlobalAddress)); + if (G_Addr == NULL) { /* out of resources */ SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: No resources for adding global address - revert to no tracking", - sm->sctp_hdr->v_tag, 0, direction)); - assoc->num_Gaddr = 0; /* don't track any more for this assoc*/ - sysctl_track_global_addresses=0; + logsctperror( + "AddGlobalIPAddress: No resources for adding global address - revert to no tracking", + sm->sctp_hdr->v_tag, 0, direction)); + assoc->num_Gaddr = + 0; /* don't track any more for this assoc*/ + sysctl_track_global_addresses = 0; return; } /* add address */ addr_param_count++; - if ((sm->msg == SN_SCTP_ASCONF) && (ipv4_param->addr == INADDR_ANY)) { /* use packet address */ + if ((sm->msg == SN_SCTP_ASCONF) && + (ipv4_param->addr == + INADDR_ANY)) { /* use packet address */ G_Addr->g_addr = g_addr; if (!Add_Global_Address_to_List(assoc, G_Addr)) SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: Address already in list", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); - return; /*shouldn't be any other addresses if the zero address is given*/ + logsctperror( + "AddGlobalIPAddress: Address already in list", + sm->sctp_hdr->v_tag, + assoc->num_Gaddr, direction)); + return; /*shouldn't be any other addresses if + the zero address is given*/ } else { G_Addr->g_addr.s_addr = ipv4_param->addr; if (!Add_Global_Address_to_List(assoc, G_Addr)) SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: Address already in list", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); + logsctperror( + "AddGlobalIPAddress: Address already in list", + sm->sctp_hdr->v_tag, + assoc->num_Gaddr, direction)); } } @@ -1444,14 +1733,17 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded (AddGlobalIPAddress)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded (AddGlobalIPAddress)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); break; /* limit exceeded*/ } } if (addr_param_count == 0) { SN_LOG(SN_LOG_DETAIL, - logsctperror("AddGlobalIPAddress: no address parameters to add", + logsctperror( + "AddGlobalIPAddress: no address parameters to add", sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); } } @@ -1470,18 +1762,21 @@ * @return 1 - success | 0 - fail */ static int -Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr) +Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, + struct sctp_GlobalAddress *G_addr) { struct sctp_GlobalAddress *iter_G_Addr = NULL, *first_G_Addr = NULL; first_G_Addr = LIST_FIRST(&(assoc->Gaddr)); if (first_G_Addr == NULL) { - LIST_INSERT_HEAD(&(assoc->Gaddr), G_addr, list_Gaddr); /* add new address to beginning of list*/ + LIST_INSERT_HEAD(&(assoc->Gaddr), G_addr, + list_Gaddr); /* add new address to beginning of list*/ } else { LIST_FOREACH(iter_G_Addr, &(assoc->Gaddr), list_Gaddr) { if (G_addr->g_addr.s_addr == iter_G_Addr->g_addr.s_addr) return (0); /* already exists, so don't add */ } - LIST_INSERT_AFTER(first_G_Addr, G_addr, list_Gaddr); /* add address to end of list*/ + LIST_INSERT_AFTER(first_G_Addr, G_addr, + list_Gaddr); /* add address to end of list*/ } assoc->num_Gaddr++; return (1); /* success */ @@ -1501,7 +1796,8 @@ * */ static void -RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction) +RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, + int direction) { struct sctp_asconf_addrv4_param *asconf_ipv4_param; struct sctp_paramhdr *param; @@ -1517,42 +1813,73 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); } else { SN_LOG(SN_LOG_EVENT, - logsctperror("RmGlobalIPAddress: truncated packet - cannot remove IP addresses", - sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction)); + logsctperror( + "RmGlobalIPAddress: truncated packet - cannot remove IP addresses", + sm->sctp_hdr->v_tag, sysctl_track_global_addresses, + direction)); return; } /* step through Asconf parameters */ - while((bytes_left >= param_size) && (bytes_left >= sizeof(struct sctp_ipv4addr_param))) { + while ((bytes_left >= param_size) && + (bytes_left >= sizeof(struct sctp_ipv4addr_param))) { if (ntohs(param->param_type) == SCTP_DEL_IP_ADDRESS) { - asconf_ipv4_param = (struct sctp_asconf_addrv4_param *) param; - if (asconf_ipv4_param->addrp.addr == INADDR_ANY) { /* remove all bar pkt address */ - LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) { - if (G_Addr->g_addr.s_addr != sm->ip_hdr->ip_src.s_addr) { - if (assoc->num_Gaddr > 1) { /* only delete if more than one */ - LIST_REMOVE(G_Addr, list_Gaddr); + asconf_ipv4_param = (struct sctp_asconf_addrv4_param *) + param; + if (asconf_ipv4_param->addrp.addr == + INADDR_ANY) { /* remove all bar pkt address */ + LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), + list_Gaddr, G_Addr_tmp) { + if (G_Addr->g_addr.s_addr != + sm->ip_hdr->ip_src.s_addr) { + if (assoc->num_Gaddr > + 1) { /* only delete if more + than one */ + LIST_REMOVE(G_Addr, + list_Gaddr); sn_free(G_Addr); assoc->num_Gaddr--; } else { SN_LOG(SN_LOG_EVENT, - logsctperror("RmGlobalIPAddress: Request to remove last IP address (didn't)", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); + logsctperror( + "RmGlobalIPAddress: Request to remove last IP address (didn't)", + sm->sctp_hdr + ->v_tag, + assoc + ->num_Gaddr, + direction)); } } } - return; /*shouldn't be any other addresses if the zero address is given*/ + return; /*shouldn't be any other addresses if + the zero address is given*/ } else { - LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) { - if (G_Addr->g_addr.s_addr == asconf_ipv4_param->addrp.addr) { - if (assoc->num_Gaddr > 1) { /* only delete if more than one */ - LIST_REMOVE(G_Addr, list_Gaddr); + LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), + list_Gaddr, G_Addr_tmp) { + if (G_Addr->g_addr.s_addr == + asconf_ipv4_param->addrp.addr) { + if (assoc->num_Gaddr > + 1) { /* only delete if more + than one */ + LIST_REMOVE(G_Addr, + list_Gaddr); sn_free(G_Addr); assoc->num_Gaddr--; - break; /* Since add only adds new addresses, there should be no double entries */ + break; /* Since add only + adds new + addresses, + there should + be no double + entries */ } else { SN_LOG(SN_LOG_EVENT, - logsctperror("RmGlobalIPAddress: Request to remove last IP address (didn't)", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); + logsctperror( + "RmGlobalIPAddress: Request to remove last IP address (didn't)", + sm->sctp_hdr + ->v_tag, + assoc + ->num_Gaddr, + direction)); } } } @@ -1563,8 +1890,10 @@ return; else if (bytes_left < SN_MIN_PARAM_SIZE) { SN_LOG(SN_LOG_EVENT, - logsctperror("RmGlobalIPAddress: truncated packet - may not have removed all IP addresses", - sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction)); + logsctperror( + "RmGlobalIPAddress: truncated packet - may not have removed all IP addresses", + sm->sctp_hdr->v_tag, + sysctl_track_global_addresses, direction)); return; } @@ -1572,8 +1901,10 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded (RmGlobalIPAddress)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded (RmGlobalIPAddress)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); return; /* limit exceeded*/ } } @@ -1619,9 +1950,10 @@ if (bytes_left < param_size) return (0); /* not found */ /* step through Asconf parameters */ - while(bytes_left >= SN_ASCONFACK_PARAM_SIZE) { + while (bytes_left >= SN_ASCONFACK_PARAM_SIZE) { if (ntohs(param->param_type) == SCTP_SUCCESS_REPORT) - return (1); /* success - but can't match correlation IDs - should only be one */ + return (1); /* success - but can't match correlation IDs + - should only be one */ /* check others just in case */ bytes_left -= param_size; if (bytes_left >= SN_MIN_PARAM_SIZE) @@ -1635,8 +1967,10 @@ if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded (IsASCONFack)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded (IsASCONFack)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); return (0); /* not found limit exceeded*/ } } @@ -1671,7 +2005,7 @@ if (bytes_left < param_size) return (0); /* not found */ /* step through Asconf parameters */ - while(bytes_left >= SN_ASCONFACK_PARAM_SIZE) { + while (bytes_left >= SN_ASCONFACK_PARAM_SIZE) { if (ntohs(param->param_type) == SCTP_ADD_IP_ADDRESS) return (SCTP_ADD_IP_ADDRESS); else if (ntohs(param->param_type) == SCTP_DEL_IP_ADDRESS) @@ -1689,12 +2023,14 @@ if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded IsADDorDEL)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded IsADDorDEL)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); return (0); /* not found limit exceeded*/ } } - return (0); /*Neither found */ + return (0); /*Neither found */ } /* ---------------------------------------------------------------------- @@ -1721,10 +2057,12 @@ * @param sm Pointer to sctp message information * @param assoc Pointer to the association this SCTP Message belongs to * - * @return SN_DROP_PKT | SN_NAT_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR | SN_PROCESSING_ERROR + * @return SN_DROP_PKT | SN_NAT_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR | + * SN_PROCESSING_ERROR */ static int -ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc) +ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, + struct sctp_nat_assoc *assoc) { int rtnval; @@ -1732,16 +2070,16 @@ case SN_ID: /* Idle */ rtnval = ID_process(la, direction, assoc, sm); if (rtnval != SN_NAT_PKT) { - assoc->state = SN_RM;/* Mark for removal*/ + assoc->state = SN_RM; /* Mark for removal*/ } return (rtnval); case SN_INi: /* Initialising - Init */ return (INi_process(la, direction, assoc, sm)); case SN_INa: /* Initialising - AddIP */ return (INa_process(la, direction, assoc, sm)); - case SN_UP: /* Association UP */ + case SN_UP: /* Association UP */ return (UP_process(la, direction, assoc, sm)); - case SN_CL: /* Association Closing */ + case SN_CL: /* Association Closing */ return (CL_process(la, direction, assoc, sm)); } return (SN_PROCESSING_ERROR); @@ -1762,17 +2100,23 @@ * @return SN_NAT_PKT | SN_DROP_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR */ static int -ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk with ADDIP */ - if (!sysctl_accept_global_ootb_addip && (direction == SN_TO_LOCAL)) + case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk with ADDIP + */ + if (!sysctl_accept_global_ootb_addip && + (direction == SN_TO_LOCAL)) return (SN_DROP_PKT); - /* if this Asconf packet does not contain the Vtag parameters it is of no use in Idle state */ - if (!GetAsconfVtags(la, sm, &(assoc->l_vtag), &(assoc->g_vtag), direction)) + /* if this Asconf packet does not contain the Vtag parameters it + * is of no use in Idle state */ + if (!GetAsconfVtags(la, sm, &(assoc->l_vtag), &(assoc->g_vtag), + direction)) return (SN_DROP_PKT); /* FALLTHROUGH */ - case SN_SCTP_INIT: /* a packet containing an INIT chunk or an ASCONF AddIP */ + case SN_SCTP_INIT: /* a packet containing an INIT chunk or an ASCONF + AddIP */ if (sysctl_track_global_addresses) AddGlobalIPAddresses(sm, assoc, direction); switch (direction) { @@ -1783,14 +2127,19 @@ assoc->g_port = sm->sctp_hdr->dest_port; if (sm->msg == SN_SCTP_INIT) assoc->g_vtag = sm->sctpchnk.Init->initiate_tag; - if (AddSctpAssocGlobal(la, assoc)) /* DB clash: need to add dst address */ - return ((sm->msg == SN_SCTP_INIT) ? SN_REPLY_ABORT : SN_REPLY_ERROR); + if (AddSctpAssocGlobal(la, + assoc)) /* DB clash: need to add dst address */ + return ((sm->msg == SN_SCTP_INIT) ? + SN_REPLY_ABORT : + SN_REPLY_ERROR); if (sm->msg == SN_SCTP_ASCONF) { - if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_dst)) /* DB clash */ + if (AddSctpAssocLocal(la, assoc, + sm->ip_hdr->ip_dst)) /* DB clash */ return (SN_REPLY_ERROR); - assoc->TableRegister |= SN_WAIT_TOLOCAL; /* wait for tolocal ack */ + assoc->TableRegister |= + SN_WAIT_TOLOCAL; /* wait for tolocal ack */ } - break; + break; case SN_TO_LOCAL: assoc->l_addr = FindSctpRedirectAddress(la, sm); assoc->a_addr = sm->ip_hdr->ip_dst; @@ -1798,23 +2147,31 @@ assoc->g_port = sm->sctp_hdr->src_port; if (sm->msg == SN_SCTP_INIT) assoc->l_vtag = sm->sctpchnk.Init->initiate_tag; - if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_src)) /* DB clash */ - return ((sm->msg == SN_SCTP_INIT) ? SN_REPLY_ABORT : SN_REPLY_ERROR); + if (AddSctpAssocLocal(la, assoc, + sm->ip_hdr->ip_src)) /* DB clash */ + return ((sm->msg == SN_SCTP_INIT) ? + SN_REPLY_ABORT : + SN_REPLY_ERROR); if (sm->msg == SN_SCTP_ASCONF) { - if (AddSctpAssocGlobal(la, assoc)) /* DB clash: need to add src address */ + if (AddSctpAssocGlobal(la, + assoc)) /* DB clash: need to add src + address */ return (SN_REPLY_ERROR); - assoc->TableRegister |= SN_WAIT_TOGLOBAL; /* wait for toglobal ack */ + assoc->TableRegister |= + SN_WAIT_TOGLOBAL; /* wait for toglobal ack + */ } break; } assoc->state = (sm->msg == SN_SCTP_INIT) ? SN_INi : SN_INa; assoc->exp = SN_I_T(la); - sctp_AddTimeOut(la,assoc); + sctp_AddTimeOut(la, assoc); return (SN_NAT_PKT); default: /* Any other type of SCTP message is not valid in Idle */ return (SN_DROP_PKT); } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /** @ingroup state_machine @@ -1831,42 +2188,47 @@ * @return SN_NAT_PKT | SN_DROP_PKT | SN_REPLY_ABORT */ static int -INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_INIT: /* a packet containing a retransmitted INIT chunk */ + case SN_SCTP_INIT: /* a packet containing a retransmitted INIT chunk */ sctp_ResetTimeOut(la, assoc, SN_I_T(la)); return (SN_NAT_PKT); - case SN_SCTP_INITACK: /* a packet containing an INIT-ACK chunk */ + case SN_SCTP_INITACK: /* a packet containing an INIT-ACK chunk */ switch (direction) { case SN_TO_LOCAL: - if (assoc->num_Gaddr) /*If tracking global addresses for this association */ + if (assoc->num_Gaddr) /*If tracking global addresses for + this association */ AddGlobalIPAddresses(sm, assoc, direction); assoc->l_vtag = sm->sctpchnk.Init->initiate_tag; - if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_src)) { /* DB clash */ - assoc->state = SN_RM;/* Mark for removal*/ + if (AddSctpAssocLocal(la, assoc, + sm->ip_hdr->ip_src)) { /* DB clash */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_SEND_ABORT); } break; case SN_TO_GLOBAL: - assoc->l_addr = sm->ip_hdr->ip_src; // Only if not set in Init! * + assoc->l_addr = + sm->ip_hdr->ip_src; // Only if not set in Init! * assoc->g_vtag = sm->sctpchnk.Init->initiate_tag; if (AddSctpAssocGlobal(la, assoc)) { /* DB clash */ - assoc->state = SN_RM;/* Mark for removal*/ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_SEND_ABORT); } break; } - assoc->state = SN_UP;/* association established for NAT */ - sctp_ResetTimeOut(la,assoc, SN_U_T(la)); + assoc->state = SN_UP; /* association established for NAT */ + sctp_ResetTimeOut(la, assoc, SN_U_T(la)); return (SN_NAT_PKT); - case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ - assoc->state = SN_RM;/* Mark for removal*/ + case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); default: return (SN_DROP_PKT); } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /** @ingroup state_machine @@ -1883,38 +2245,45 @@ * @return SN_NAT_PKT | SN_DROP_PKT */ static int -INa_process(struct libalias *la, int direction,struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +INa_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/ - sctp_ResetTimeOut(la,assoc, SN_I_T(la)); + case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/ + sctp_ResetTimeOut(la, assoc, SN_I_T(la)); return (SN_NAT_PKT); - case SN_SCTP_ASCONFACK: /* a packet containing an ASCONF chunk with a ADDIP-ACK */ + case SN_SCTP_ASCONFACK: /* a packet containing an ASCONF chunk with a + ADDIP-ACK */ switch (direction) { case SN_TO_LOCAL: - if (!(assoc->TableRegister & SN_WAIT_TOLOCAL)) /* wrong direction */ + if (!(assoc->TableRegister & + SN_WAIT_TOLOCAL)) /* wrong direction */ return (SN_DROP_PKT); break; case SN_TO_GLOBAL: - if (!(assoc->TableRegister & SN_WAIT_TOGLOBAL)) /* wrong direction */ + if (!(assoc->TableRegister & + SN_WAIT_TOGLOBAL)) /* wrong direction */ return (SN_DROP_PKT); } - if (IsASCONFack(la,sm,direction)) { - assoc->TableRegister &= SN_BOTH_TBL; /* remove wait flags */ - assoc->state = SN_UP; /* association established for NAT */ - sctp_ResetTimeOut(la,assoc, SN_U_T(la)); + if (IsASCONFack(la, sm, direction)) { + assoc->TableRegister &= + SN_BOTH_TBL; /* remove wait flags */ + assoc->state = + SN_UP; /* association established for NAT */ + sctp_ResetTimeOut(la, assoc, SN_U_T(la)); return (SN_NAT_PKT); } else { - assoc->state = SN_RM;/* Mark for removal*/ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); } - case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ - assoc->state = SN_RM;/* Mark for removal*/ + case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); default: return (SN_DROP_PKT); } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /** @ingroup state_machine @@ -1931,19 +2300,22 @@ * @return SN_NAT_PKT | SN_DROP_PKT */ static int -UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */ + case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */ assoc->state = SN_CL; - sctp_ResetTimeOut(la,assoc, SN_C_T(la)); + sctp_ResetTimeOut(la, assoc, SN_C_T(la)); return (SN_NAT_PKT); - case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ - assoc->state = SN_RM;/* Mark for removal*/ + case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); - case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/ - if ((direction == SN_TO_LOCAL) && assoc->num_Gaddr) /*If tracking global addresses for this association & from global side */ - switch (IsADDorDEL(la,sm,direction)) { + case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/ + if ((direction == SN_TO_LOCAL) && + assoc->num_Gaddr) /*If tracking global addresses for this + association & from global side */ + switch (IsADDorDEL(la, sm, direction)) { case SCTP_ADD_IP_ADDRESS: AddGlobalIPAddresses(sm, assoc, direction); break; @@ -1953,10 +2325,11 @@ } /* FALLTHROUGH */ default: - sctp_ResetTimeOut(la,assoc, SN_U_T(la)); - return (SN_NAT_PKT); /* forward packet */ + sctp_ResetTimeOut(la, assoc, SN_U_T(la)); + return (SN_NAT_PKT); /* forward packet */ } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /** @ingroup state_machine @@ -1975,27 +2348,32 @@ * @return SN_NAT_PKT | SN_DROP_PKT */ static int -CL_process(struct libalias *la, int direction,struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +CL_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_SHUTCOMP: /* a packet containing a SHUTDOWN-COMPLETE chunk */ - assoc->state = SN_CL; /* Stay in Close state until timeout */ + case SN_SCTP_SHUTCOMP: /* a packet containing a SHUTDOWN-COMPLETE chunk + */ + assoc->state = SN_CL; /* Stay in Close state until timeout */ if (sysctl_holddown_timer > 0) - sctp_ResetTimeOut(la, assoc, SN_X_T(la));/* allow to stay open for Tbit packets*/ + sctp_ResetTimeOut(la, assoc, + SN_X_T( + la)); /* allow to stay open for Tbit packets*/ else - assoc->state = SN_RM;/* Mark for removal*/ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); - case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */ - assoc->state = SN_CL; /* Stay in Close state until timeout */ + case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */ + assoc->state = SN_CL; /* Stay in Close state until timeout */ sctp_ResetTimeOut(la, assoc, SN_C_T(la)); return (SN_NAT_PKT); - case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ - assoc->state = SN_RM;/* Mark for removal*/ + case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); default: return (SN_DROP_PKT); } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /* ---------------------------------------------------------------------- @@ -2023,7 +2401,8 @@ * @return pointer to association or NULL */ static struct sctp_nat_assoc * -FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port) +FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, + uint32_t l_vtag, uint16_t l_port, uint16_t g_port) { u_int i; struct sctp_nat_assoc *assoc = NULL; @@ -2032,11 +2411,15 @@ if (l_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(l_vtag, l_port, la->sctpNatTableSize); LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) { - if ((assoc->l_vtag == l_vtag) && (assoc->l_port == l_port) && (assoc->g_port == g_port)\ - && (assoc->l_addr.s_addr == l_addr.s_addr)) { + if ((assoc->l_vtag == l_vtag) && + (assoc->l_port == l_port) && + (assoc->g_port == g_port) && + (assoc->l_addr.s_addr == l_addr.s_addr)) { if (assoc->num_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == g_addr.s_addr) + LIST_FOREACH(G_Addr, &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr.s_addr == + g_addr.s_addr) return (assoc); } } else { @@ -2068,13 +2451,22 @@ struct sctp_GlobalAddress *G_AddrC = NULL; if (Cassoc->g_vtag != 0) { /* an init packet, vtag==0 */ - i = SN_TABLE_HASH(Cassoc->g_vtag, Cassoc->g_port, la->sctpNatTableSize); + i = SN_TABLE_HASH(Cassoc->g_vtag, Cassoc->g_port, + la->sctpNatTableSize); LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) { - if ((assoc->g_vtag == Cassoc->g_vtag) && (assoc->g_port == Cassoc->g_port) && (assoc->l_port == Cassoc->l_port)) { + if ((assoc->g_vtag == Cassoc->g_vtag) && + (assoc->g_port == Cassoc->g_port) && + (assoc->l_port == Cassoc->l_port)) { if (assoc->num_Gaddr) { - LIST_FOREACH(G_AddrC, &(Cassoc->Gaddr), list_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == G_AddrC->g_addr.s_addr) + LIST_FOREACH(G_AddrC, &(Cassoc->Gaddr), + list_Gaddr) { + LIST_FOREACH(G_Addr, + &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr + .s_addr == + G_AddrC->g_addr + .s_addr) return (assoc); } } @@ -2107,7 +2499,8 @@ * @return pointer to association or NULL */ static struct sctp_nat_assoc * -FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match) +FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, + uint16_t g_port, uint16_t l_port, int *partial_match) { u_int i; struct sctp_nat_assoc *assoc = NULL; @@ -2117,11 +2510,15 @@ if (g_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(g_vtag, g_port, la->sctpNatTableSize); LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) { - if ((assoc->g_vtag == g_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) { + if ((assoc->g_vtag == g_vtag) && + (assoc->g_port == g_port) && + (assoc->l_port == l_port)) { *partial_match = 1; if (assoc->num_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == g_addr.s_addr) + LIST_FOREACH(G_Addr, &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr.s_addr == + g_addr.s_addr) return (assoc); } } else { @@ -2134,7 +2531,8 @@ } /** @ingroup Hash - * @brief Find the SCTP association for a T-Flag message (given the global port and local vtag) + * @brief Find the SCTP association for a T-Flag message (given the global port + * and local vtag) * * Searches the local look-up table for a unique association entry matching the * provided global port and local vtag information @@ -2148,7 +2546,8 @@ * @return pointer to association or NULL */ static struct sctp_nat_assoc * -FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port) +FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, + uint16_t g_port, uint16_t l_port) { u_int i; struct sctp_nat_assoc *assoc = NULL, *lastmatch = NULL; @@ -2158,11 +2557,17 @@ if (l_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(l_vtag, g_port, la->sctpNatTableSize); LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) { - if ((assoc->g_vtag == l_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) { + if ((assoc->g_vtag == l_vtag) && + (assoc->g_port == g_port) && + (assoc->l_port == l_port)) { if (assoc->num_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == g_addr.s_addr) - return (assoc); /* full match */ + LIST_FOREACH(G_Addr, &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr.s_addr == + g_addr.s_addr) + return ( + assoc); /* full + match */ } } else { if (++cnt > 1) @@ -2172,12 +2577,14 @@ } } } - /* If there is more than one match we do not know which local address to send to */ + /* If there is more than one match we do not know which local address to + * send to */ return (cnt ? lastmatch : NULL); } /** @ingroup Hash - * @brief Find the SCTP association for a T-Flag message (given the local port and global vtag) + * @brief Find the SCTP association for a T-Flag message (given the local port + * and global vtag) * * Searches the global look-up table for a unique association entry matching the * provided local port and global vtag information @@ -2191,7 +2598,8 @@ * @return pointer to association or NULL */ static struct sctp_nat_assoc * -FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port) +FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, + uint16_t l_port, uint16_t g_port) { u_int i; struct sctp_nat_assoc *assoc = NULL; @@ -2200,10 +2608,14 @@ if (g_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(g_vtag, l_port, la->sctpNatTableSize); LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) { - if ((assoc->l_vtag == g_vtag) && (assoc->l_port == l_port) && (assoc->g_port == g_port)) { + if ((assoc->l_vtag == g_vtag) && + (assoc->l_port == l_port) && + (assoc->g_port == g_port)) { if (assoc->num_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == g_addr.s_addr) + LIST_FOREACH(G_Addr, &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr.s_addr == + g_addr.s_addr) return (assoc); } } else { @@ -2232,23 +2644,26 @@ * @return SN_ADD_OK | SN_ADD_CLASH */ static int -AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr) +AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, + struct in_addr g_addr) { struct sctp_nat_assoc *found; LIBALIAS_LOCK_ASSERT(la); - found = FindSctpLocal(la, assoc->l_addr, g_addr, assoc->l_vtag, assoc->l_port, assoc->g_port); + found = FindSctpLocal(la, assoc->l_addr, g_addr, assoc->l_vtag, + assoc->l_port, assoc->g_port); /* * Note that if a different global address initiated this Init, * ie it wasn't resent as presumed: - * - the local receiver if receiving it for the first time will establish - * an association with the new global host - * - if receiving an init from a different global address after sending a - * lost initack it will send an initack to the new global host, the first - * association attempt will then be blocked if retried. + * - the local receiver if receiving it for the first time will + * establish an association with the new global host + * - if receiving an init from a different global address after sending + * a lost initack it will send an initack to the new global host, the + * first association attempt will then be blocked if retried. */ if (found != NULL) { - if ((found->TableRegister == SN_LOCAL_TBL) && (found->g_port == assoc->g_port)) { /* resent message */ + if ((found->TableRegister == SN_LOCAL_TBL) && + (found->g_port == assoc->g_port)) { /* resent message */ RmSctpAssoc(la, found); sctp_RmTimeOut(la, found); freeGlobalAddressList(found); @@ -2257,10 +2672,11 @@ return (SN_ADD_CLASH); } - LIST_INSERT_HEAD(&la->sctpTableLocal[SN_TABLE_HASH(assoc->l_vtag, assoc->l_port, la->sctpNatTableSize)], + LIST_INSERT_HEAD(&la->sctpTableLocal[SN_TABLE_HASH(assoc->l_vtag, + assoc->l_port, la->sctpNatTableSize)], assoc, list_L); assoc->TableRegister |= SN_LOCAL_TBL; - la->sctpLinkCount++; //increment link count + la->sctpLinkCount++; // increment link count if (assoc->TableRegister == SN_BOTH_TBL) { /* libalias log -- controlled by libalias */ @@ -2307,10 +2723,11 @@ return (SN_ADD_CLASH); } - LIST_INSERT_HEAD(&la->sctpTableGlobal[SN_TABLE_HASH(assoc->g_vtag, assoc->g_port, la->sctpNatTableSize)], + LIST_INSERT_HEAD(&la->sctpTableGlobal[SN_TABLE_HASH(assoc->g_vtag, + assoc->g_port, la->sctpNatTableSize)], assoc, list_G); assoc->TableRegister |= SN_GLOBAL_TBL; - la->sctpLinkCount++; //increment link count + la->sctpLinkCount++; // increment link count if (assoc->TableRegister == SN_BOTH_TBL) { /* libalias log -- controlled by libalias */ @@ -2344,7 +2761,8 @@ if (assoc == NULL) { /* very bad, log and die*/ SN_LOG(SN_LOG_LOW, - logsctperror("ERROR: alias_sctp:RmSctpAssoc(NULL)\n", 0, 0, SN_TO_NODIR)); + logsctperror("ERROR: alias_sctp:RmSctpAssoc(NULL)\n", 0, 0, + SN_TO_NODIR)); return; } /* log if association is fully up and now closing */ @@ -2354,13 +2772,13 @@ LIBALIAS_LOCK_ASSERT(la); if (assoc->TableRegister & SN_LOCAL_TBL) { assoc->TableRegister ^= SN_LOCAL_TBL; - la->sctpLinkCount--; //decrement link count + la->sctpLinkCount--; // decrement link count LIST_REMOVE(assoc, list_L); } if (assoc->TableRegister & SN_GLOBAL_TBL) { assoc->TableRegister ^= SN_GLOBAL_TBL; - la->sctpLinkCount--; //decrement link count + la->sctpLinkCount--; // decrement link count LIST_REMOVE(assoc, list_G); } // sn_free(assoc); //Don't remove now, remove if needed later @@ -2378,9 +2796,10 @@ * * @param assoc */ -static void freeGlobalAddressList(struct sctp_nat_assoc *assoc) +static void +freeGlobalAddressList(struct sctp_nat_assoc *assoc) { - struct sctp_GlobalAddress *gaddr1=NULL,*gaddr2=NULL; + struct sctp_GlobalAddress *gaddr1 = NULL, *gaddr2 = NULL; /*free global address list*/ gaddr1 = LIST_FIRST(&(assoc->Gaddr)); while (gaddr1 != NULL) { @@ -2421,7 +2840,8 @@ { int add_loc; LIBALIAS_LOCK_ASSERT(la); - add_loc = assoc->exp - la->sctpNatTimer.loc_time + la->sctpNatTimer.cur_loc; + add_loc = assoc->exp - la->sctpNatTimer.loc_time + + la->sctpNatTimer.cur_loc; if (add_loc >= SN_TIMER_QUEUE_SIZE) add_loc -= SN_TIMER_QUEUE_SIZE; LIST_INSERT_HEAD(&la->sctpNatTimer.TimerQ[add_loc], assoc, timer_Q); @@ -2441,7 +2861,7 @@ sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc) { LIBALIAS_LOCK_ASSERT(la); - LIST_REMOVE(assoc, timer_Q);/* Note this is O(1) */ + LIST_REMOVE(assoc, timer_Q); /* Note this is O(1) */ } /** @ingroup Timer @@ -2489,18 +2909,24 @@ struct sctp_nat_assoc *assoc; LIBALIAS_LOCK_ASSERT(la); - while(LibAliasTime >= la->sctpNatTimer.loc_time) { - while (!LIST_EMPTY(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc])) { - assoc = LIST_FIRST(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc]); - //SLIST_REMOVE_HEAD(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc], timer_Q); + while (LibAliasTime >= la->sctpNatTimer.loc_time) { + while (!LIST_EMPTY( + &la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc])) { + assoc = LIST_FIRST( + &la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc]); + // SLIST_REMOVE_HEAD(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc], + // timer_Q); LIST_REMOVE(assoc, timer_Q); if (LibAliasTime >= assoc->exp) { /* state expired */ - SN_LOG(((assoc->state == SN_CL) ? (SN_LOG_DEBUG) : (SN_LOG_INFO)), - logsctperror("Timer Expired", assoc->g_vtag, assoc->state, SN_TO_NODIR)); + SN_LOG(((assoc->state == SN_CL) ? + (SN_LOG_DEBUG) : + (SN_LOG_INFO)), + logsctperror("Timer Expired", assoc->g_vtag, + assoc->state, SN_TO_NODIR)); RmSctpAssoc(la, assoc); freeGlobalAddressList(assoc); sn_free(assoc); - } else {/* state not expired, reschedule timer*/ + } else { /* state not expired, reschedule timer*/ sctp_AddTimeOut(la, assoc); } } @@ -2605,7 +3031,8 @@ * @param assoc pointer to sctp association * @param s Character that indicates the state of processing for this packet */ -static void logsctpassoc(struct sctp_nat_assoc *assoc, char *s) +static void +logsctpassoc(struct sctp_nat_assoc *assoc, char *s) { struct sctp_GlobalAddress *G_Addr = NULL; char *sp; @@ -2634,11 +3061,11 @@ sp = "***ERROR***"; break; } - SctpAliasLog("%sAssoc: %s exp=%u la=%s lv=%u lp=%u gv=%u gp=%u tbl=%d\n", - s, sp, assoc->exp, inet_ntoa_r(assoc->l_addr, addrbuf), - ntohl(assoc->l_vtag), ntohs(assoc->l_port), - ntohl(assoc->g_vtag), ntohs(assoc->g_port), - assoc->TableRegister); + SctpAliasLog( + "%sAssoc: %s exp=%u la=%s lv=%u lp=%u gv=%u gp=%u tbl=%d\n", s, sp, + assoc->exp, inet_ntoa_r(assoc->l_addr, addrbuf), + ntohl(assoc->l_vtag), ntohs(assoc->l_port), ntohl(assoc->g_vtag), + ntohs(assoc->g_port), assoc->TableRegister); /* list global addresses */ LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { SctpAliasLog("\t\tga=%s\n", @@ -2651,7 +3078,8 @@ * * @param la Pointer to the relevant libalias instance */ -static void logSctpGlobal(struct libalias *la) +static void +logSctpGlobal(struct libalias *la) { u_int i; struct sctp_nat_assoc *assoc = NULL; @@ -2669,7 +3097,8 @@ * * @param la Pointer to the relevant libalias instance */ -static void logSctpLocal(struct libalias *la) +static void +logSctpLocal(struct libalias *la) { u_int i; struct sctp_nat_assoc *assoc = NULL; @@ -2687,7 +3116,8 @@ * * @param la Pointer to the relevant libalias instance */ -static void logTimerQ(struct libalias *la) +static void +logTimerQ(struct libalias *la) { static char buf[50]; u_int i; @@ -2696,8 +3126,8 @@ SctpAliasLog("t->\n"); for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) { LIST_FOREACH(assoc, &la->sctpNatTimer.TimerQ[i], timer_Q) { - snprintf(buf, 50, " l=%u ",i); - //SctpAliasLog(la->logDesc," l=%d ",i); + snprintf(buf, 50, " l=%u ", i); + // SctpAliasLog(la->logDesc," l=%d ",i); logsctpassoc(assoc, buf); } } Index: sys/netinet/libalias/alias_skinny.c =================================================================== --- sys/netinet/libalias/alias_skinny.c +++ sys/netinet/libalias/alias_skinny.c @@ -40,8 +40,8 @@ #include #endif -#include #include +#include #include #include @@ -53,16 +53,17 @@ #include "alias_mod.h" #endif -static void -AliasHandleSkinny(struct libalias *, struct ip *, struct alias_link *); +static void AliasHandleSkinny(struct libalias *, struct ip *, + struct alias_link *); static int fingerprint(struct libalias *la, struct alias_data *ah) { if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL) return (-1); - if (la->skinnyPort != 0 && (ntohs(*ah->sport) == la->skinnyPort || - ntohs(*ah->dport) == la->skinnyPort)) + if (la->skinnyPort != 0 && + (ntohs(*ah->sport) == la->skinnyPort || + ntohs(*ah->dport) == la->skinnyPort)) return (0); return (-1); } @@ -74,16 +75,12 @@ return (0); } -struct proto_handler handlers[] = { - { - .pri = 110, - .dir = IN|OUT, - .proto = TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandler - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 110, + .dir = IN | OUT, + .proto = TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandler }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -108,9 +105,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_skinny", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_skinny", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_skinny, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -144,69 +139,65 @@ * * Skinny is a Cisco-proprietary protocol and is a trademark of Cisco Systems, * Inc. All rights reserved. -*/ + */ /* #define LIBALIAS_DEBUG 1 */ /* Message types that need translating */ -#define REG_MSG 0x00000001 -#define IP_PORT_MSG 0x00000002 -#define OPNRCVCH_ACK 0x00000022 -#define START_MEDIATX 0x0000008a +#define REG_MSG 0x00000001 +#define IP_PORT_MSG 0x00000002 +#define OPNRCVCH_ACK 0x00000022 +#define START_MEDIATX 0x0000008a struct skinny_header { - u_int32_t len; - u_int32_t reserved; - u_int32_t msgId; + u_int32_t len; + u_int32_t reserved; + u_int32_t msgId; }; struct RegisterMessage { - u_int32_t msgId; - char devName [16]; - u_int32_t uid; - u_int32_t instance; - u_int32_t ipAddr; - u_char devType; - u_int32_t maxStreams; + u_int32_t msgId; + char devName[16]; + u_int32_t uid; + u_int32_t instance; + u_int32_t ipAddr; + u_char devType; + u_int32_t maxStreams; }; struct IpPortMessage { - u_int32_t msgId; - u_int32_t stationIpPort; /* Note: Skinny uses 32-bit port - * numbers */ + u_int32_t msgId; + u_int32_t stationIpPort; /* Note: Skinny uses 32-bit port + * numbers */ }; struct OpenReceiveChannelAck { - u_int32_t msgId; - u_int32_t status; - u_int32_t ipAddr; - u_int32_t port; - u_int32_t passThruPartyID; + u_int32_t msgId; + u_int32_t status; + u_int32_t ipAddr; + u_int32_t port; + u_int32_t passThruPartyID; }; struct StartMediaTransmission { - u_int32_t msgId; - u_int32_t conferenceID; - u_int32_t passThruPartyID; - u_int32_t remoteIpAddr; - u_int32_t remotePort; - u_int32_t MSPacket; - u_int32_t payloadCap; - u_int32_t precedence; - u_int32_t silenceSuppression; - u_short maxFramesPerPacket; - u_int32_t G723BitRate; + u_int32_t msgId; + u_int32_t conferenceID; + u_int32_t passThruPartyID; + u_int32_t remoteIpAddr; + u_int32_t remotePort; + u_int32_t MSPacket; + u_int32_t payloadCap; + u_int32_t precedence; + u_int32_t silenceSuppression; + u_short maxFramesPerPacket; + u_int32_t G723BitRate; }; -typedef enum { - ClientToServer = 0, - ServerToClient = 1 -} ConvDirection; +typedef enum { ClientToServer = 0, ServerToClient = 1 } ConvDirection; static int alias_skinny_reg_msg(struct RegisterMessage *reg_msg, struct ip *pip, - struct tcphdr *tc, struct alias_link *lnk, - ConvDirection direction) + struct tcphdr *tc, struct alias_link *lnk, ConvDirection direction) { (void)direction; @@ -224,9 +215,8 @@ static int alias_skinny_startmedia(struct StartMediaTransmission *start_media, - struct ip *pip, struct tcphdr *tc, - struct alias_link *lnk, u_int32_t localIpAddr, - ConvDirection direction) + struct ip *pip, struct tcphdr *tc, struct alias_link *lnk, + u_int32_t localIpAddr, ConvDirection direction) { struct in_addr dst __unused, src __unused; @@ -248,8 +238,7 @@ static int alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip, - struct tcphdr *tc, struct alias_link *lnk, - ConvDirection direction) + struct tcphdr *tc, struct alias_link *lnk, ConvDirection direction) { (void)direction; @@ -265,9 +254,9 @@ } static int -alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opnrcvch_ack, - struct ip *pip, struct tcphdr *tc, - struct alias_link *lnk, u_int32_t * localIpAddr, +alias_skinny_opnrcvch_ack(struct libalias *la, + struct OpenReceiveChannelAck *opnrcvch_ack, struct ip *pip, + struct tcphdr *tc, struct alias_link *lnk, u_int32_t *localIpAddr, ConvDirection direction) { struct in_addr null_addr; @@ -280,8 +269,7 @@ null_addr.s_addr = INADDR_ANY; opnrcv_lnk = FindUdpTcpOut(la, pip->ip_src, null_addr, - htons((u_short) opnrcvch_ack->port), 0, - IPPROTO_UDP, 1); + htons((u_short)opnrcvch_ack->port), 0, IPPROTO_UDP, 1); opnrcvch_ack->ipAddr = (u_int32_t)GetAliasAddress(opnrcv_lnk).s_addr; opnrcvch_ack->port = (u_int32_t)ntohs(GetAliasPort(opnrcv_lnk)); @@ -383,7 +371,8 @@ "PacketAlias/Skinny: Received ipport message\n"); #endif port_mesg = (struct IpPortMessage *)&sd->msgId; - alias_skinny_port_msg(port_mesg, pip, tc, lnk, direction); + alias_skinny_port_msg(port_mesg, pip, tc, lnk, + direction); break; } case OPNRCVCH_ACK: { @@ -400,8 +389,10 @@ fprintf(stderr, "PacketAlias/Skinny: Received open rcv channel msg\n"); #endif - opnrcvchn_ack = (struct OpenReceiveChannelAck *)&sd->msgId; - alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, lnk, &lip, direction); + opnrcvchn_ack = + (struct OpenReceiveChannelAck *)&sd->msgId; + alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, + lnk, &lip, direction); break; } case START_MEDIATX: { @@ -428,8 +419,10 @@ fprintf(stderr, "PacketAlias/Skinny: Received start media trans msg\n"); #endif - startmedia_tx = (struct StartMediaTransmission *)&sd->msgId; - alias_skinny_startmedia(startmedia_tx, pip, tc, lnk, lip, direction); + startmedia_tx = + (struct StartMediaTransmission *)&sd->msgId; + alias_skinny_startmedia(startmedia_tx, pip, tc, lnk, + lip, direction); break; } default: Index: sys/netinet/libalias/alias_smedia.c =================================================================== --- sys/netinet/libalias/alias_smedia.c +++ sys/netinet/libalias/alias_smedia.c @@ -104,14 +104,15 @@ #include #include #else -#include #include + +#include #include #include #endif -#include #include +#include #include #include @@ -126,11 +127,10 @@ #define RTSP_CONTROL_PORT_NUMBER_1 554 #define RTSP_CONTROL_PORT_NUMBER_2 7070 -#define TFTP_PORT_NUMBER 69 +#define TFTP_PORT_NUMBER 69 -static void -AliasHandleRtspOut(struct libalias *, struct ip *, struct alias_link *, - int maxpacketsize); +static void AliasHandleRtspOut(struct libalias *, struct ip *, + struct alias_link *, int maxpacketsize); static int fingerprint(struct libalias *la, struct alias_data *ah) { @@ -140,10 +140,10 @@ if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL || ah->maxpktsize == 0) return (-1); - if (ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_1 - || ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_1 - || ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_2 - || ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_2) + if (ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_1 || + ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_1 || + ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_2 || + ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_2) return (0); return (-1); } @@ -152,22 +152,19 @@ protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah) { if (ntohs(*ah->dport) == TFTP_PORT_NUMBER) - FindRtspOut(la, pip->ip_src, pip->ip_dst, - *ah->sport, *ah->aport, IPPROTO_UDP); - else AliasHandleRtspOut(la, pip, ah->lnk, ah->maxpktsize); + FindRtspOut(la, pip->ip_src, pip->ip_dst, *ah->sport, + *ah->aport, IPPROTO_UDP); + else + AliasHandleRtspOut(la, pip, ah->lnk, ah->maxpktsize); return (0); } -struct proto_handler handlers[] = { - { - .pri = 100, - .dir = OUT, - .proto = TCP|UDP, - .fingerprint = &fingerprint, - .protohandler = &protohandler - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 100, + .dir = OUT, + .proto = TCP | UDP, + .fingerprint = &fingerprint, + .protohandler = &protohandler }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -192,9 +189,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_smedia", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_smedia", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_smedia, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -202,11 +197,11 @@ MODULE_DEPEND(alias_smedia, libalias, 1, 1, 1); #endif -#define RTSP_CONTROL_PORT_NUMBER_1 554 -#define RTSP_CONTROL_PORT_NUMBER_2 7070 -#define RTSP_PORT_GROUP 2 +#define RTSP_CONTROL_PORT_NUMBER_1 554 +#define RTSP_CONTROL_PORT_NUMBER_2 7070 +#define RTSP_PORT_GROUP 2 -#define ISDIGIT(a) (((a) >= '0') && ((a) <= '9')) +#define ISDIGIT(a) (((a) >= '0') && ((a) <= '9')) static int search_string(char *data, int dlen, const char *search_str) @@ -228,10 +223,8 @@ } static int -alias_rtsp_out(struct libalias *la, struct ip *pip, - struct alias_link *lnk, - char *data, - const char *port_str) +alias_rtsp_out(struct libalias *la, struct ip *pip, struct alias_link *lnk, + char *data, const char *port_str) { int hlen, tlen, dlen; struct tcphdr *tc; @@ -308,25 +301,35 @@ * need */ null_addr.s_addr = 0; - if (0 == (salias = FindNewPortGroup(la, null_addr, - FindAliasAddress(la, pip->ip_src), - sport, 0, - RTSP_PORT_GROUP, - IPPROTO_UDP, 1))) { + if (0 == + (salias = FindNewPortGroup(la, + null_addr, + FindAliasAddress(la, + pip->ip_src), + sport, 0, RTSP_PORT_GROUP, + IPPROTO_UDP, 1))) { #ifdef LIBALIAS_DEBUG fprintf(stderr, "PacketAlias/RTSP: Cannot find contiguous RTSP data ports\n"); #endif } else { base_alias = ntohs(salias); - for (j = 0; j < RTSP_PORT_GROUP; j++) { + for (j = 0; j < RTSP_PORT_GROUP; + j++) { /* * Establish link * to port found in * RTSP packet */ - rtsp_lnk = FindRtspOut(la, GetOriginalAddress(lnk), null_addr, - htons(base_port + j), htons(base_alias + j), + rtsp_lnk = FindRtspOut( + la, + GetOriginalAddress( + lnk), + null_addr, + htons( + base_port + j), + htons( + base_alias + j), IPPROTO_UDP); if (rtsp_lnk != NULL) { #ifndef NO_FW_PUNCH @@ -335,7 +338,8 @@ * hole in * firewall */ - PunchFWHole(rtsp_lnk); + PunchFWHole( + rtsp_lnk); #endif } else { #ifdef LIBALIAS_DEBUG @@ -346,14 +350,16 @@ } } } - ealias = htons(base_alias + (RTSP_PORT_GROUP - 1)); + ealias = htons( + base_alias + (RTSP_PORT_GROUP - 1)); } if (salias && rtsp_lnk) { pkt_updated = 1; /* Copy into IP packet */ sprintf(stemp, "%d", ntohs(salias)); - memcpy(port_newdata, stemp, strlen(stemp)); + memcpy(port_newdata, stemp, + strlen(stemp)); port_newdata += strlen(stemp); if (eport != 0) { @@ -361,8 +367,10 @@ port_newdata++; /* Copy into IP packet */ - sprintf(stemp, "%d", ntohs(ealias)); - memcpy(port_newdata, stemp, strlen(stemp)); + sprintf(stemp, "%d", + ntohs(ealias)); + memcpy(port_newdata, stemp, + strlen(stemp)); port_newdata += strlen(stemp); } *port_newdata = ';'; @@ -412,10 +420,8 @@ /* Support the protocol used by early versions of RealPlayer */ static int -alias_pna_out(struct libalias *la, struct ip *pip, - struct alias_link *lnk, - char *data, - int dlen) +alias_pna_out(struct libalias *la, struct ip *pip, struct alias_link *lnk, + char *data, int dlen) { struct alias_link *pna_links; u_short msg_id, msg_len; @@ -435,8 +441,8 @@ if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) { memcpy(&port, work, 2); - pna_links = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(lnk), - port, 0, IPPROTO_UDP, 1); + pna_links = FindUdpTcpOut(la, pip->ip_src, + GetDestAddress(lnk), port, 0, IPPROTO_UDP, 1); if (pna_links != NULL) { #ifndef NO_FW_PUNCH /* Punch hole in firewall */ @@ -462,7 +468,8 @@ } static void -AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *lnk, int maxpacketsize) +AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *lnk, + int maxpacketsize) { int hlen, tlen, dlen; struct tcphdr *tc; @@ -502,21 +509,23 @@ if (dlen >= (int)strlen(str200)) { for (parseOk = 0, i = 0; - i <= dlen - (int)strlen(str200); - i++) - if (memcmp(&data[i], str200, strlen(str200)) == 0) { + i <= dlen - (int)strlen(str200); i++) + if (memcmp(&data[i], str200, strlen(str200)) == + 0) { parseOk = 1; break; } if (parseOk) { - i += strlen(str200); /* skip string found */ - while (data[i] == ' ') /* skip blank(s) */ + i += strlen(str200); /* skip string found */ + while (data[i] == ' ') /* skip blank(s) */ i++; if ((dlen - i) >= (int)strlen(okstr)) - if (memcmp(&data[i], okstr, strlen(okstr)) == 0) - alias_rtsp_out(la, pip, lnk, data, server_port_str); + if (memcmp(&data[i], okstr, + strlen(okstr)) == 0) + alias_rtsp_out(la, pip, lnk, + data, server_port_str); } } } Index: sys/netinet/libalias/alias_util.c =================================================================== --- sys/netinet/libalias/alias_util.c +++ sys/netinet/libalias/alias_util.c @@ -47,11 +47,12 @@ #include #else #include + #include #endif -#include #include +#include #include #include @@ -70,8 +71,7 @@ * purposes); */ u_short -LibAliasInternetChecksum(struct libalias *la __unused, u_short *ptr, - int nbytes) +LibAliasInternetChecksum(struct libalias *la __unused, u_short *ptr, int nbytes) { int sum, oddbyte; @@ -97,9 +97,8 @@ u_short IpChecksum(struct ip *pip) { - return (LibAliasInternetChecksum(NULL, (u_short *)pip, - (pip->ip_hl << 2))); - + return ( + LibAliasInternetChecksum(NULL, (u_short *)pip, (pip->ip_hl << 2))); } u_short @@ -116,7 +115,7 @@ tc = (struct tcphdr *)ip_next(pip); ptr = (u_short *)tc; -/* Add up TCP header and data */ + /* Add up TCP header and data */ nbytes = ntcp; sum = 0; while (nbytes > 1) { @@ -129,7 +128,7 @@ ((u_char *)&oddbyte)[1] = 0; sum += oddbyte; } -/* "Pseudo-header" data */ + /* "Pseudo-header" data */ ptr = (void *)&pip->ip_dst; sum += *ptr++; sum += *ptr; @@ -139,14 +138,14 @@ sum += htons((u_short)ntcp); sum += htons((u_short)pip->ip_p); -/* Roll over carry bits */ + /* Roll over carry bits */ sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); -/* Return checksum */ + /* Return checksum */ return ((u_short)~sum); } -#endif /* not _KERNEL */ +#endif /* not _KERNEL */ void DifferentialChecksum(u_short *cksum, void *newp, void *oldp, int n) @@ -158,7 +157,7 @@ accumulate = *cksum; for (i = 0; i < n; i++) { - accumulate -= *new++; + accumulate -= *new ++; accumulate += *old++; }