Index: sys/netinet/libalias/alias.h =================================================================== --- sys/netinet/libalias/alias.h +++ sys/netinet/libalias/alias.h @@ -39,10 +39,10 @@ */ #ifndef _ALIAS_H_ -#define _ALIAS_H_ +#define _ALIAS_H_ -#include #include +#include #include #define LIBALIAS_BUF_SIZE 128 @@ -50,8 +50,8 @@ /* * The kernel version of libalias does not support these features. */ -#define NO_FW_PUNCH -#define NO_USE_SOCKETS +#define NO_FW_PUNCH +#define NO_USE_SOCKETS #endif /* @@ -85,55 +85,61 @@ /* Initialization and control functions. */ struct libalias *LibAliasInit(struct libalias *); -void LibAliasSetAddress(struct libalias *, struct in_addr _addr); -void LibAliasSetAliasPortRange(struct libalias *la, u_short port_low, u_short port_hi); -void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num); -void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port); -unsigned int LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask); -void LibAliasUninit(struct libalias *); +void LibAliasSetAddress(struct libalias *, struct in_addr _addr); +void LibAliasSetAliasPortRange(struct libalias *la, u_short port_low, + u_short port_hi); +void LibAliasSetFWBase(struct libalias *, unsigned int _base, + unsigned int _num); +void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port); +unsigned int LibAliasSetMode(struct libalias *, unsigned int _flags, + unsigned int _mask); +void LibAliasUninit(struct libalias *); /* Packet Handling functions. */ -int LibAliasIn (struct libalias *, void *_ptr, int _maxpacketsize); -int LibAliasOut(struct libalias *, void *_ptr, int _maxpacketsize); -int LibAliasOutTry(struct libalias *, void *_ptr, int _maxpacketsize, int _create); -int LibAliasUnaliasOut(struct libalias *, void *_ptr, int _maxpacketsize); +int LibAliasIn(struct libalias *, void *_ptr, int _maxpacketsize); +int LibAliasOut(struct libalias *, void *_ptr, int _maxpacketsize); +int LibAliasOutTry(struct libalias *, void *_ptr, int _maxpacketsize, + int _create); +int LibAliasUnaliasOut(struct libalias *, void *_ptr, int _maxpacketsize); /* Port and address redirection functions. */ -int LibAliasAddServer(struct libalias *, struct alias_link *_lnk, - struct in_addr _addr, unsigned short _port); -struct alias_link * LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr, - struct in_addr _alias_addr); -int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_lnk); -void LibAliasRedirectDelete(struct libalias *, struct alias_link *_lnk); -struct alias_link * LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr, - unsigned short _src_port, struct in_addr _dst_addr, - unsigned short _dst_port, struct in_addr _alias_addr, - unsigned short _alias_port, unsigned char _proto); -struct alias_link * LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr, - struct in_addr _dst_addr, struct in_addr _alias_addr, - unsigned char _proto); +int LibAliasAddServer(struct libalias *, struct alias_link *_lnk, + struct in_addr _addr, unsigned short _port); +struct alias_link *LibAliasRedirectAddr(struct libalias *, + struct in_addr _src_addr, struct in_addr _alias_addr); +int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_lnk); +void LibAliasRedirectDelete(struct libalias *, struct alias_link *_lnk); +struct alias_link *LibAliasRedirectPort(struct libalias *, + struct in_addr _src_addr, unsigned short _src_port, + struct in_addr _dst_addr, unsigned short _dst_port, + struct in_addr _alias_addr, unsigned short _alias_port, + unsigned char _proto); +struct alias_link *LibAliasRedirectProto(struct libalias *, + struct in_addr _src_addr, struct in_addr _dst_addr, + struct in_addr _alias_addr, unsigned char _proto); /* Fragment Handling functions. */ -void LibAliasFragmentIn(struct libalias *, void *_ptr, void *_ptr_fragment); -void *LibAliasGetFragment(struct libalias *, void *_ptr); -int LibAliasSaveFragment(struct libalias *, void *_ptr); +void LibAliasFragmentIn(struct libalias *, void *_ptr, void *_ptr_fragment); +void *LibAliasGetFragment(struct libalias *, void *_ptr); +int LibAliasSaveFragment(struct libalias *, void *_ptr); /* Miscellaneous functions. */ -int LibAliasCheckNewLink(struct libalias *); -unsigned short LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes); -void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr); +int LibAliasCheckNewLink(struct libalias *); +unsigned short LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, + int _nbytes); +void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr); /* Transparent proxying routines. */ -int LibAliasProxyRule(struct libalias *, const char *_cmd); +int LibAliasProxyRule(struct libalias *, const char *_cmd); /* Module handling API */ -int LibAliasLoadModule(char *); -int LibAliasUnLoadAllModule(void); -int LibAliasRefreshModules(void); +int LibAliasLoadModule(char *); +int LibAliasUnLoadAllModule(void); +int LibAliasRefreshModules(void); /* Mbuf helper function. */ -struct mbuf *m_megapullup(struct mbuf *, int); +struct mbuf *m_megapullup(struct mbuf *, int); /* * Mode flags and other constants. @@ -145,13 +151,13 @@ * If PKT_ALIAS_LOG is set, a message will be printed to /var/log/alias.log * every time a link is created or deleted. This is useful for debugging. */ -#define PKT_ALIAS_LOG 0x01 +#define PKT_ALIAS_LOG 0x01 /* * If PKT_ALIAS_DENY_INCOMING is set, then incoming connections (e.g. to ftp, * telnet or web servers will be prevented by the aliasing mechanism. */ -#define PKT_ALIAS_DENY_INCOMING 0x02 +#define PKT_ALIAS_DENY_INCOMING 0x02 /* * If PKT_ALIAS_SAME_PORTS is set, packets will be attempted sent from the @@ -160,7 +166,7 @@ * at all). This mode bit is set by PacketAliasInit(), so it is a default * mode of operation. */ -#define PKT_ALIAS_SAME_PORTS 0x04 +#define PKT_ALIAS_SAME_PORTS 0x04 /* * If PKT_ALIAS_USE_SOCKETS is set, then when partially specified links (e.g. @@ -171,7 +177,7 @@ * a default mode of operation. */ #ifndef NO_USE_SOCKETS -#define PKT_ALIAS_USE_SOCKETS 0x08 +#define PKT_ALIAS_USE_SOCKETS 0x08 #endif /*- * If PKT_ALIAS_UNREGISTERED_ONLY is set, then only packets with @@ -182,7 +188,7 @@ * 172.16.0.0 -> 172.31.255.255 * 192.168.0.0 -> 192.168.255.255 */ -#define PKT_ALIAS_UNREGISTERED_ONLY 0x10 +#define PKT_ALIAS_UNREGISTERED_ONLY 0x10 /* * If PKT_ALIAS_RESET_ON_ADDR_CHANGE is set, then the table of dynamic @@ -191,19 +197,19 @@ * unchanged by this function call, then the table of dynamic aliasing links * will be left intact. This bit is set after a call to PacketAliasInit(). */ -#define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20 +#define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20 /* * If PKT_ALIAS_PROXY_ONLY is set, then NAT will be disabled and only * transparent proxying is performed. */ -#define PKT_ALIAS_PROXY_ONLY 0x40 +#define PKT_ALIAS_PROXY_ONLY 0x40 /* * If PKT_ALIAS_REVERSE is set, the actions of PacketAliasIn() and * PacketAliasOut() are reversed. */ -#define PKT_ALIAS_REVERSE 0x80 +#define PKT_ALIAS_REVERSE 0x80 #ifndef NO_FW_PUNCH /* @@ -213,14 +219,14 @@ * PacketAliasSetFWBase(). The hole will be attached to that * particular alias_link, so when the link goes away the hole is deleted. */ -#define PKT_ALIAS_PUNCH_FW 0x100 +#define PKT_ALIAS_PUNCH_FW 0x100 #endif /* * If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching * states in 'ipfw nat global' rule. */ -#define PKT_ALIAS_SKIP_GLOBAL 0x200 +#define PKT_ALIAS_SKIP_GLOBAL 0x200 /* * Like PKT_ALIAS_UNREGISTERED_ONLY, but includes the RFC 6598 @@ -228,15 +234,15 @@ * * 100.64.0.0 -> 100.127.255.255 */ -#define PKT_ALIAS_UNREGISTERED_CGN 0x400 +#define PKT_ALIAS_UNREGISTERED_CGN 0x400 /* Function return codes. */ -#define PKT_ALIAS_ERROR -1 -#define PKT_ALIAS_OK 1 -#define PKT_ALIAS_IGNORED 2 -#define PKT_ALIAS_UNRESOLVED_FRAGMENT 3 -#define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4 +#define PKT_ALIAS_ERROR -1 +#define PKT_ALIAS_OK 1 +#define PKT_ALIAS_IGNORED 2 +#define PKT_ALIAS_UNRESOLVED_FRAGMENT 3 +#define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4 -#endif /* !_ALIAS_H_ */ +#endif /* !_ALIAS_H_ */ /* lint -restore */ Index: sys/netinet/libalias/alias.c =================================================================== --- sys/netinet/libalias/alias.c +++ sys/netinet/libalias/alias.c @@ -120,16 +120,17 @@ #include #else #include -#include -#include + #include #include #include +#include +#include #include #endif -#include #include +#include #include #include #include @@ -141,6 +142,7 @@ #include #else #include + #include "alias.h" #include "alias_local.h" #include "alias_mod.h" @@ -185,9 +187,9 @@ */ /* Local prototypes */ -static void TcpMonitorIn(u_char, struct alias_link *); +static void TcpMonitorIn(u_char, struct alias_link *); -static void TcpMonitorOut(u_char, struct alias_link *); +static void TcpMonitorOut(u_char, struct alias_link *); static void TcpMonitorIn(u_char th_flags, struct alias_link *lnk) @@ -263,25 +265,24 @@ */ /* Local prototypes */ -static int IcmpAliasIn1(struct libalias *, struct ip *); -static int IcmpAliasIn2(struct libalias *, struct ip *); -static int IcmpAliasIn(struct libalias *, struct ip *); +static int IcmpAliasIn1(struct libalias *, struct ip *); +static int IcmpAliasIn2(struct libalias *, struct ip *); +static int IcmpAliasIn(struct libalias *, struct ip *); -static int IcmpAliasOut1(struct libalias *, struct ip *, int create); -static int IcmpAliasOut2(struct libalias *, struct ip *); -static int IcmpAliasOut(struct libalias *, struct ip *, int create); +static int IcmpAliasOut1(struct libalias *, struct ip *, int create); +static int IcmpAliasOut2(struct libalias *, struct ip *); +static int IcmpAliasOut(struct libalias *, struct ip *, int create); -static int ProtoAliasIn(struct libalias *la, struct in_addr ip_src, - struct ip *pip, u_char ip_p, u_short *ip_sum); -static int ProtoAliasOut(struct libalias *la, struct ip *pip, - struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, - int create); +static int ProtoAliasIn(struct libalias *la, struct in_addr ip_src, + struct ip *pip, u_char ip_p, u_short *ip_sum); +static int ProtoAliasOut(struct libalias *la, struct ip *pip, + struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create); -static int UdpAliasIn(struct libalias *, struct ip *); -static int UdpAliasOut(struct libalias *, struct ip *, int, int create); +static int UdpAliasIn(struct libalias *, struct ip *); +static int UdpAliasOut(struct libalias *, struct ip *, int, int create); -static int TcpAliasIn(struct libalias *, struct ip *); -static int TcpAliasOut(struct libalias *, struct ip *, int, int create); +static int TcpAliasIn(struct libalias *, struct ip *); +static int TcpAliasOut(struct libalias *, struct ip *, int, int create); /* De-alias incoming echo and timestamp replies. @@ -317,8 +318,8 @@ struct in_addr original_address; original_address = GetOriginalAddress(lnk); - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_dst, 2); pip->ip_dst = original_address; } @@ -349,16 +350,16 @@ ic2 = (struct icmp *)ip_next(ip); if (ip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, - ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); + lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, ud->uh_dport, + ud->uh_sport, IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, - tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); + lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, tc->th_dport, + tc->th_sport, IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { - if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); + if (ic2->icmp_type == ICMP_ECHO || + ic2->icmp_type == ICMP_TSTAMP) + lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src, + ic2->icmp_id, 0); else lnk = NULL; } else @@ -385,8 +386,8 @@ ADJUST_CHECKSUM(accumulate2, ic->icmp_cksum); /* Un-alias address in IP header */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_dst, 2); pip->ip_dst = original_address; /* Un-alias address and port number of @@ -414,8 +415,8 @@ ADJUST_CHECKSUM(accumulate2, ic->icmp_cksum); /* Un-alias address in IP header */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_dst, 2); pip->ip_dst = original_address; /* Un-alias address of original IP packet and @@ -459,8 +460,7 @@ case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - if (dlen < ICMP_ADVLENMIN || - dlen < (size_t)ICMP_ADVLEN(ic)) + if (dlen < ICMP_ADVLENMIN || dlen < (size_t)ICMP_ADVLEN(ic)) return (PKT_ALIAS_IGNORED); iresult = IcmpAliasIn2(la, pip); break; @@ -506,8 +506,8 @@ struct in_addr alias_address; alias_address = GetAliasAddress(lnk); - DifferentialChecksum(&pip->ip_sum, - &alias_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &alias_address, + &pip->ip_src, 2); pip->ip_src = alias_address; } @@ -538,16 +538,16 @@ ic2 = (struct icmp *)ip_next(ip); if (ip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, - ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); + lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, ud->uh_dport, + ud->uh_sport, IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, - tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); + lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, tc->th_dport, + tc->th_sport, IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { - if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); + if (ic2->icmp_type == ICMP_ECHO || + ic2->icmp_type == ICMP_TSTAMP) + lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src, + ic2->icmp_id, 0); else lnk = NULL; } else @@ -659,8 +659,8 @@ machine. */ static int -ProtoAliasIn(struct libalias *la, struct in_addr ip_src, - struct ip *pip, u_char ip_p, u_short *ip_sum) +ProtoAliasIn(struct libalias *la, struct in_addr ip_src, struct ip *pip, + u_char ip_p, u_short *ip_sum) { struct alias_link *lnk; @@ -676,8 +676,8 @@ original_address = GetOriginalAddress(lnk); /* Restore original IP address */ - DifferentialChecksum(ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(ip_sum, &original_address, &pip->ip_dst, + 2); pip->ip_dst = original_address; return (PKT_ALIAS_OK); @@ -691,8 +691,8 @@ the source IP address of the packet. */ static int -ProtoAliasOut(struct libalias *la, struct ip *pip, - struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create) +ProtoAliasOut(struct libalias *la, struct ip *pip, struct in_addr ip_dst, + u_char ip_p, u_short *ip_sum, int create) { struct alias_link *lnk; @@ -712,8 +712,7 @@ alias_address = GetAliasAddress(lnk); /* Change source address */ - DifferentialChecksum(ip_sum, - &alias_address, &pip->ip_src, 2); + DifferentialChecksum(ip_sum, &alias_address, &pip->ip_src, 2); pip->ip_src = alias_address; return (PKT_ALIAS_OK); @@ -738,9 +737,9 @@ if (dlen < ntohs(ud->uh_ulen)) return (PKT_ALIAS_IGNORED); - lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, - ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); + lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport, + ud->uh_dport, IPPROTO_UDP, + !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); if (lnk != NULL) { struct in_addr alias_address; struct in_addr original_address; @@ -749,15 +748,13 @@ u_short proxy_port; int accumulate; int error; - struct alias_data ad = { - .lnk = lnk, + struct alias_data ad = { .lnk = lnk, .oaddr = &original_address, .aaddr = &alias_address, .aport = &alias_port, .sport = &ud->uh_sport, .dport = &ud->uh_dport, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; alias_address = GetAliasAddress(lnk); original_address = GetOriginalAddress(lnk); @@ -802,14 +799,14 @@ ud->uh_sport = proxy_port; if (proxy_address.s_addr != 0) { - DifferentialChecksum(&pip->ip_sum, - &proxy_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &proxy_address, + &pip->ip_src, 2); pip->ip_src = proxy_address; } /* Restore original IP address */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_dst, 2); pip->ip_dst = original_address; return (PKT_ALIAS_OK); @@ -869,21 +866,18 @@ pip->ip_dst = proxy_server_address; ud->uh_dport = proxy_server_port; } - lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, - ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, create); + lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, ud->uh_sport, + ud->uh_dport, IPPROTO_UDP, create); if (lnk != NULL) { u_short alias_port; struct in_addr alias_address; - struct alias_data ad = { - .lnk = lnk, + struct alias_data ad = { .lnk = lnk, .oaddr = NULL, .aaddr = &alias_address, .aport = &alias_port, .sport = &ud->uh_sport, .dport = &ud->uh_dport, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; /* Save original destination address, if this is a proxy packet. * Also modify packet to include destination encoding. This may @@ -916,8 +910,8 @@ ud->uh_sport = alias_port; /* Change source address */ - DifferentialChecksum(&pip->ip_sum, - &alias_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &alias_address, &pip->ip_src, + 2); pip->ip_src = alias_address; return (PKT_ALIAS_OK); @@ -939,9 +933,8 @@ return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); - lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, - tc->th_sport, tc->th_dport, - IPPROTO_TCP, + lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, tc->th_sport, + tc->th_dport, IPPROTO_TCP, !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); if (lnk != NULL) { struct in_addr alias_address; @@ -957,15 +950,13 @@ * packet and not the original one looks below [*]. */ - struct alias_data ad = { - .lnk = lnk, + struct alias_data ad = { .lnk = lnk, .oaddr = NULL, .aaddr = NULL, .aport = NULL, .sport = &tc->th_sport, .dport = &tc->th_dport, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; /* Walk out chain. */ error = find_handler(IN, TCP, la, pip, &ad); @@ -1073,8 +1064,8 @@ if (create) proxy_type = ProxyCheck(la, &proxy_server_address, - &proxy_server_port, pip->ip_src, pip->ip_dst, - tc->th_dport, pip->ip_p); + &proxy_server_port, pip->ip_src, pip->ip_dst, tc->th_dport, + pip->ip_p); else proxy_type = 0; @@ -1100,24 +1091,21 @@ accumulate -= twowords(&pip->ip_dst); ADJUST_CHECKSUM(accumulate, pip->ip_sum); } - lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, - tc->th_sport, tc->th_dport, - IPPROTO_TCP, create); + lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, tc->th_sport, + tc->th_dport, IPPROTO_TCP, create); if (lnk == NULL) return (PKT_ALIAS_IGNORED); if (lnk != NULL) { u_short alias_port; struct in_addr alias_address; int accumulate; - struct alias_data ad = { - .lnk = lnk, + struct alias_data ad = { .lnk = lnk, .oaddr = NULL, .aaddr = &alias_address, .aport = &alias_port, .sport = &tc->th_sport, .dport = &tc->th_dport, - .maxpktsize = maxpacketsize - }; + .maxpktsize = maxpacketsize }; /* Save original destination address, if this is a proxy packet. * Also modify packet to include destination @@ -1186,10 +1174,9 @@ */ /* Local prototypes */ -static int FragmentIn(struct libalias *la, struct in_addr ip_src, - struct ip *pip, u_short ip_id, u_short *ip_sum); -static int FragmentOut(struct libalias *, struct ip *pip, - u_short *ip_sum); +static int FragmentIn(struct libalias *la, struct in_addr ip_src, + struct ip *pip, u_short ip_id, u_short *ip_sum); +static int FragmentOut(struct libalias *, struct ip *pip, u_short *ip_sum); static int FragmentIn(struct libalias *la, struct in_addr ip_src, struct ip *pip, @@ -1203,8 +1190,8 @@ struct in_addr original_address; GetFragmentAddr(lnk, &original_address); - DifferentialChecksum(ip_sum, - &original_address, &pip->ip_dst, 2); + DifferentialChecksum(ip_sum, &original_address, &pip->ip_dst, + 2); pip->ip_dst = original_address; return (PKT_ALIAS_OK); @@ -1219,8 +1206,7 @@ LIBALIAS_LOCK_ASSERT(la); alias_address = FindAliasAddress(la, pip->ip_src); - DifferentialChecksum(ip_sum, - &alias_address, &pip->ip_src, 2); + DifferentialChecksum(ip_sum, &alias_address, &pip->ip_src, 2); pip->ip_src = alias_address; return (PKT_ALIAS_OK); @@ -1270,7 +1256,7 @@ if (lnk != NULL) { GetFragmentPtr(lnk, &fptr); SetFragmentPtr(lnk, NULL); - SetExpire(lnk, 0); /* Deletes link */ + SetExpire(lnk, 0); /* Deletes link */ } else fptr = NULL; @@ -1280,8 +1266,8 @@ void LibAliasFragmentIn(struct libalias *la, - void *ptr, /* Points to correctly de-aliased header fragment */ - void *ptr_fragment /* fragment which must be de-aliased */ + void *ptr, /* Points to correctly de-aliased header fragment */ + void *ptr_fragment /* fragment which must be de-aliased */ ) { struct ip *pip; @@ -1292,18 +1278,15 @@ pip = (struct ip *)ptr; fpip = (struct ip *)ptr_fragment; - DifferentialChecksum(&fpip->ip_sum, - &pip->ip_dst, &fpip->ip_dst, 2); + DifferentialChecksum(&fpip->ip_sum, &pip->ip_dst, &fpip->ip_dst, 2); fpip->ip_dst = pip->ip_dst; LIBALIAS_UNLOCK(la); } /* Local prototypes */ -static int -LibAliasOutLocked(struct libalias *la, struct ip *pip, +static int LibAliasOutLocked(struct libalias *la, struct ip *pip, int maxpacketsize, int create); -static int -LibAliasInLocked(struct libalias *la, struct ip *pip, +static int LibAliasInLocked(struct libalias *la, struct ip *pip, int maxpacketsize); int @@ -1334,8 +1317,8 @@ alias_addr = pip->ip_dst; /* Defense against mangled packets */ - if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) { + if (ntohs(pip->ip_len) > maxpacketsize || + (pip->ip_hl << 2) > maxpacketsize) { iresult = PKT_ALIAS_IGNORED; goto getout; } @@ -1359,35 +1342,34 @@ #endif case IPPROTO_GRE: { int error; - struct alias_data ad = { - .lnk = NULL, + struct alias_data ad = { .lnk = NULL, .oaddr = NULL, .aaddr = NULL, .aport = NULL, .sport = NULL, .dport = NULL, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; /* Walk out chain. */ error = find_handler(IN, IP, la, pip, &ad); if (error == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasIn(la, pip->ip_src, - pip, pip->ip_p, &pip->ip_sum); + iresult = ProtoAliasIn(la, pip->ip_src, pip, + pip->ip_p, &pip->ip_sum); break; } default: - iresult = ProtoAliasIn(la, pip->ip_src, pip, - pip->ip_p, &pip->ip_sum); + iresult = ProtoAliasIn(la, pip->ip_src, pip, pip->ip_p, + &pip->ip_sum); break; } if (ntohs(pip->ip_off) & IP_MF) { struct alias_link *lnk; - lnk = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id); + lnk = FindFragmentIn1(la, pip->ip_src, alias_addr, + pip->ip_id); if (lnk != NULL) { iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT; SetFragmentAddr(lnk, pip->ip_dst); @@ -1445,10 +1427,10 @@ } static int -LibAliasOutLocked(struct libalias *la, - struct ip *pip, /* valid IP packet */ - int maxpacketsize, /* How much the packet data may grow (FTP and IRC inline changes) */ - int create /* Create new entries ? */ +LibAliasOutLocked(struct libalias *la, struct ip *pip, /* valid IP packet */ + int maxpacketsize, /* How much the packet data may grow (FTP and IRC inline + changes) */ + int create /* Create new entries ? */ ) { int iresult; @@ -1464,8 +1446,8 @@ ClearCheckNewLink(la); /* Defense against mangled packets */ - if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) { + if (ntohs(pip->ip_len) > maxpacketsize || + (pip->ip_hl << 2) > maxpacketsize) { iresult = PKT_ALIAS_IGNORED; goto getout; } @@ -1480,11 +1462,14 @@ addr = ntohl(pip->ip_src.s_addr); if (addr >= UNREG_ADDR_C_LOWER && addr <= UNREG_ADDR_C_UPPER) iclass = 3; - else if (addr >= UNREG_ADDR_B_LOWER && addr <= UNREG_ADDR_B_UPPER) + else if (addr >= UNREG_ADDR_B_LOWER && + addr <= UNREG_ADDR_B_UPPER) iclass = 2; - else if (addr >= UNREG_ADDR_A_LOWER && addr <= UNREG_ADDR_A_UPPER) + else if (addr >= UNREG_ADDR_A_LOWER && + addr <= UNREG_ADDR_A_UPPER) iclass = 1; - else if (addr >= UNREG_ADDR_CGN_LOWER && addr <= UNREG_ADDR_CGN_UPPER && + else if (addr >= UNREG_ADDR_CGN_LOWER && + addr <= UNREG_ADDR_CGN_UPPER && la->packetAliasMode & PKT_ALIAS_UNREGISTERED_CGN) iclass = 4; @@ -1513,27 +1498,25 @@ #endif case IPPROTO_GRE: { int error; - struct alias_data ad = { - .lnk = NULL, + struct alias_data ad = { .lnk = NULL, .oaddr = NULL, .aaddr = NULL, .aport = NULL, .sport = NULL, .dport = NULL, - .maxpktsize = 0 - }; + .maxpktsize = 0 }; /* Walk out chain. */ error = find_handler(OUT, IP, la, pip, &ad); if (error == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasOut(la, pip, - pip->ip_dst, pip->ip_p, &pip->ip_sum, create); + iresult = ProtoAliasOut(la, pip, pip->ip_dst, + pip->ip_p, &pip->ip_sum, create); break; } default: - iresult = ProtoAliasOut(la, pip, - pip->ip_dst, pip->ip_p, &pip->ip_sum, create); + iresult = ProtoAliasOut(la, pip, pip->ip_dst, pip->ip_p, + &pip->ip_sum, create); break; } } else { @@ -1546,9 +1529,8 @@ } int -LibAliasUnaliasOut(struct libalias *la, - void *ptr, /* valid IP packet */ - int maxpacketsize /* for error checking */ +LibAliasUnaliasOut(struct libalias *la, void *ptr, /* valid IP packet */ + int maxpacketsize /* for error checking */ ) { struct ip *pip; @@ -1562,8 +1544,8 @@ pip = (struct ip *)ptr; /* Defense against mangled packets */ - if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) + if (ntohs(pip->ip_len) > maxpacketsize || + (pip->ip_hl << 2) > maxpacketsize) goto getout; ud = (struct udphdr *)ip_next(pip); @@ -1572,13 +1554,11 @@ /* Find a link */ if (pip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, - ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); + lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, ud->uh_dport, + ud->uh_sport, IPPROTO_UDP, 0); else if (pip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, - tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); + lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, tc->th_dport, + tc->th_sport, IPPROTO_TCP, 0); else if (pip->ip_p == IPPROTO_ICMP) lnk = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0); else @@ -1609,8 +1589,8 @@ } /* Adjust IP checksum */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_src, 2); /* Un-alias source address and port number */ pip->ip_src = original_address; @@ -1636,8 +1616,8 @@ ADJUST_CHECKSUM(accumulate, ic->icmp_cksum); /* Adjust IP checksum */ - DifferentialChecksum(&pip->ip_sum, - &original_address, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &original_address, + &pip->ip_src, 2); /* Un-alias source address and port number */ pip->ip_src = original_address; @@ -1694,14 +1674,14 @@ const char *error; moduledata_t *p; - handle = dlopen (path, RTLD_LAZY); + handle = dlopen(path, RTLD_LAZY); if (!handle) { fprintf(stderr, "%s\n", dlerror()); return (EINVAL); } p = dlsym(handle, "alias_mod"); - if ((error = dlerror()) != NULL) { + if ((error = dlerror()) != NULL) { fprintf(stderr, "%s\n", dlerror()); return (EINVAL); } @@ -1718,7 +1698,7 @@ } m = dlsym(t->handle, "handlers"); - if ((error = dlerror()) != NULL) { + if ((error = dlerror()) != NULL) { fprintf(stderr, "%s\n", error); return (EINVAL); } Index: sys/netinet/libalias/alias_db.c =================================================================== --- sys/netinet/libalias/alias_db.c +++ sys/netinet/libalias/alias_db.c @@ -144,31 +144,34 @@ */ #ifdef _KERNEL -#include #include -#include #include +#include #include #include #include #include + +#include #else -#include -#include -#include #include #include + +#include +#include +#include #include #endif #include + #include #ifdef _KERNEL +#include #include #include #include -#include #else #include "alias.h" #include "alias_local.h" @@ -184,45 +187,45 @@ /* Parameters used for cleanup of expired links */ /* NOTE: ALIAS_CLEANUP_INTERVAL_SECS must be less then LINK_TABLE_OUT_SIZE */ -#define ALIAS_CLEANUP_INTERVAL_SECS 64 -#define ALIAS_CLEANUP_MAX_SPOKES (LINK_TABLE_OUT_SIZE/5) +#define ALIAS_CLEANUP_INTERVAL_SECS 64 +#define ALIAS_CLEANUP_MAX_SPOKES (LINK_TABLE_OUT_SIZE / 5) /* Timeouts (in seconds) for different link types */ -#define ICMP_EXPIRE_TIME 60 -#define UDP_EXPIRE_TIME 60 -#define PROTO_EXPIRE_TIME 60 -#define FRAGMENT_ID_EXPIRE_TIME 10 -#define FRAGMENT_PTR_EXPIRE_TIME 30 +#define ICMP_EXPIRE_TIME 60 +#define UDP_EXPIRE_TIME 60 +#define PROTO_EXPIRE_TIME 60 +#define FRAGMENT_ID_EXPIRE_TIME 10 +#define FRAGMENT_PTR_EXPIRE_TIME 30 /* TCP link expire time for different cases */ /* When the link has been used and closed - minimal grace time to allow ACKs and potential re-connect in FTP (XXX - is this allowed?) */ #ifndef TCP_EXPIRE_DEAD -#define TCP_EXPIRE_DEAD 10 +#define TCP_EXPIRE_DEAD 10 #endif /* When the link has been used and closed on one side - the other side is allowed to still send data */ #ifndef TCP_EXPIRE_SINGLEDEAD -#define TCP_EXPIRE_SINGLEDEAD 90 +#define TCP_EXPIRE_SINGLEDEAD 90 #endif /* When the link isn't yet up */ #ifndef TCP_EXPIRE_INITIAL -#define TCP_EXPIRE_INITIAL 300 +#define TCP_EXPIRE_INITIAL 300 #endif /* When the link is up */ #ifndef TCP_EXPIRE_CONNECTED -#define TCP_EXPIRE_CONNECTED 86400 +#define TCP_EXPIRE_CONNECTED 86400 #endif /* Dummy port number codes used for FindLinkIn/Out() and AddLink(). These constants can be anything except zero, which indicates an unknown port number. */ -#define NO_DEST_PORT 1 -#define NO_SRC_PORT 1 +#define NO_DEST_PORT 1 +#define NO_SRC_PORT 1 /* Dummy address used for FindLinkIn/Out() and AddLink(). The value of this variable is never used. */ @@ -257,83 +260,83 @@ /* used to save changes to ACK/sequence numbers */ struct ack_data_record { - u_long ack_old; - u_long ack_new; - int delta; - int active; + u_long ack_old; + u_long ack_new; + int delta; + int active; }; /* Information about TCP connection */ struct tcp_state { - int in; /* State for outside -> inside */ - int out; /* State for inside -> outside */ - int index; /* Index to ACK data array */ + int in; /* State for outside -> inside */ + int out; /* State for inside -> outside */ + int index; /* Index to ACK data array */ /* Indicates whether ACK and sequence numbers been modified */ - int ack_modified; + int ack_modified; }; /* Number of distinct ACK number changes * saved for a modified TCP stream */ -#define N_LINK_TCP_DATA 3 +#define N_LINK_TCP_DATA 3 struct tcp_dat { struct tcp_state state; struct ack_data_record ack[N_LINK_TCP_DATA]; /* Which firewall record is used for this hole? */ - int fwhole; + int fwhole; }; /* LSNAT server pool (circular list) */ struct server { - struct in_addr addr; - u_short port; - struct server *next; + struct in_addr addr; + u_short port; + struct server *next; }; /* Main data structure */ struct alias_link { struct libalias *la; /* Address and port information */ - struct in_addr src_addr; - struct in_addr dst_addr; - struct in_addr alias_addr; - struct in_addr proxy_addr; - u_short src_port; - u_short dst_port; - u_short alias_port; - u_short proxy_port; - struct server *server; + struct in_addr src_addr; + struct in_addr dst_addr; + struct in_addr alias_addr; + struct in_addr proxy_addr; + u_short src_port; + u_short dst_port; + u_short alias_port; + u_short proxy_port; + struct server *server; /* Type of link: TCP, UDP, ICMP, proto, frag */ - int link_type; + int link_type; /* values for link_type */ -#define LINK_ICMP IPPROTO_ICMP -#define LINK_UDP IPPROTO_UDP -#define LINK_TCP IPPROTO_TCP -#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1) -#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2) -#define LINK_ADDR (IPPROTO_MAX + 3) -#define LINK_PPTP (IPPROTO_MAX + 4) - - int flags; /* indicates special characteristics */ - int pflags; /* protocol-specific flags */ +#define LINK_ICMP IPPROTO_ICMP +#define LINK_UDP IPPROTO_UDP +#define LINK_TCP IPPROTO_TCP +#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1) +#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2) +#define LINK_ADDR (IPPROTO_MAX + 3) +#define LINK_PPTP (IPPROTO_MAX + 4) + + int flags; /* indicates special characteristics */ + int pflags; /* protocol-specific flags */ /* flag bits */ -#define LINK_UNKNOWN_DEST_PORT 0x01 -#define LINK_UNKNOWN_DEST_ADDR 0x02 -#define LINK_PERMANENT 0x04 -#define LINK_PARTIALLY_SPECIFIED 0x03 /* logical-or of first two bits */ -#define LINK_UNFIREWALLED 0x08 - - int timestamp; /* Time link was last accessed */ - int expire_time; /* Expire time for link */ +#define LINK_UNKNOWN_DEST_PORT 0x01 +#define LINK_UNKNOWN_DEST_ADDR 0x02 +#define LINK_PERMANENT 0x04 +#define LINK_PARTIALLY_SPECIFIED 0x03 /* logical-or of first two bits */ +#define LINK_UNFIREWALLED 0x08 + + int timestamp; /* Time link was last accessed */ + int expire_time; /* Expire time for link */ #ifndef NO_USE_SOCKETS - int sockfd; /* socket descriptor */ + int sockfd; /* socket descriptor */ #endif /* Linked list of pointers for input and output lookup tables */ - LIST_ENTRY (alias_link) list_out; - LIST_ENTRY (alias_link) list_in; + LIST_ENTRY(alias_link) list_out; + LIST_ENTRY(alias_link) list_in; /* Auxiliary data */ union { - char *frag_ptr; - struct in_addr frag_addr; + char *frag_ptr; + struct in_addr frag_addr; struct tcp_dat *tcp; } data; }; @@ -361,9 +364,7 @@ } } -static moduledata_t alias_mod = { - "alias", alias_mod_handler, NULL -}; +static moduledata_t alias_mod = { "alias", alias_mod_handler, NULL }; DECLARE_MODULE(alias, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); #endif @@ -382,33 +383,30 @@ */ /* Local prototypes */ -static u_int StartPointIn(struct in_addr, u_short, int); +static u_int StartPointIn(struct in_addr, u_short, int); -static u_int -StartPointOut(struct in_addr, struct in_addr, - u_short, u_short, int); +static u_int StartPointOut(struct in_addr, struct in_addr, u_short, u_short, + int); -static int SeqDiff(u_long, u_long); +static int SeqDiff(u_long, u_long); #ifndef NO_FW_PUNCH /* Firewall control */ -static void InitPunchFW(struct libalias *); -static void UninitPunchFW(struct libalias *); -static void ClearFWHole(struct alias_link *); +static void InitPunchFW(struct libalias *); +static void UninitPunchFW(struct libalias *); +static void ClearFWHole(struct alias_link *); #endif /* Log file control */ -static void ShowAliasStats(struct libalias *); -static int InitPacketAliasLog(struct libalias *); -static void UninitPacketAliasLog(struct libalias *); +static void ShowAliasStats(struct libalias *); +static int InitPacketAliasLog(struct libalias *); +static void UninitPacketAliasLog(struct libalias *); -void SctpShowAliasStats(struct libalias *la); +void SctpShowAliasStats(struct libalias *la); static u_int -StartPointIn(struct in_addr alias_addr, - u_short alias_port, - int link_type) +StartPointIn(struct in_addr alias_addr, u_short alias_port, int link_type) { u_int n; @@ -439,10 +437,10 @@ static int SeqDiff(u_long x, u_long y) { -/* Return the difference between two TCP sequence numbers - * This function is encapsulated in case there are any unusual - * arithmetic conditions that need to be considered. - */ + /* Return the difference between two TCP sequence numbers + * This function is encapsulated in case there are any unusual + * arithmetic conditions that need to be considered. + */ return (ntohl(y) - ntohl(x)); } @@ -475,30 +473,27 @@ LIBALIAS_LOCK_ASSERT(la); /* Used for debugging */ if (la->logDesc) { - int tot = la->icmpLinkCount + la->udpLinkCount + - (la->sctpLinkCount>>1) + /* sctp counts half associations */ - la->tcpLinkCount + la->pptpLinkCount + - la->protoLinkCount + la->fragmentIdLinkCount + - la->fragmentPtrLinkCount; + int tot = la->icmpLinkCount + la->udpLinkCount + + (la->sctpLinkCount >> + 1) + /* sctp counts half associations */ + la->tcpLinkCount + + la->pptpLinkCount + la->protoLinkCount + + la->fragmentIdLinkCount + la->fragmentPtrLinkCount; AliasLog(la->logDesc, "icmp=%u, udp=%u, tcp=%u, sctp=%u, pptp=%u, proto=%u, frag_id=%u frag_ptr=%u / tot=%u", - la->icmpLinkCount, - la->udpLinkCount, - la->tcpLinkCount, - la->sctpLinkCount>>1, /* sctp counts half associations */ - la->pptpLinkCount, - la->protoLinkCount, - la->fragmentIdLinkCount, - la->fragmentPtrLinkCount, - tot); + la->icmpLinkCount, la->udpLinkCount, la->tcpLinkCount, + la->sctpLinkCount >> 1, /* sctp counts half associations */ + la->pptpLinkCount, la->protoLinkCount, + la->fragmentIdLinkCount, la->fragmentPtrLinkCount, tot); #ifndef _KERNEL AliasLog(la->logDesc, " (sock=%u)\n", la->sockCount); #endif } } -void SctpShowAliasStats(struct libalias *la) +void +SctpShowAliasStats(struct libalias *la) { ShowAliasStats(la); } @@ -525,31 +520,29 @@ */ /* Local prototypes */ -static int GetNewPort(struct libalias *, struct alias_link *, int); +static int GetNewPort(struct libalias *, struct alias_link *, int); #ifndef NO_USE_SOCKETS -static u_short GetSocket(struct libalias *, u_short, int *, int); +static u_short GetSocket(struct libalias *, u_short, int *, int); #endif -static void CleanupAliasData(struct libalias *); -static void IncrementalCleanup(struct libalias *); -static void DeleteLink(struct alias_link *); +static void CleanupAliasData(struct libalias *); +static void IncrementalCleanup(struct libalias *); +static void DeleteLink(struct alias_link *); -static struct alias_link * -ReLink(struct alias_link *, - struct in_addr, struct in_addr, struct in_addr, - u_short, u_short, int, int); +static struct alias_link *ReLink(struct alias_link *, struct in_addr, + struct in_addr, struct in_addr, u_short, u_short, int, int); -static struct alias_link * -FindLinkOut(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int); +static struct alias_link *FindLinkOut(struct libalias *, struct in_addr, + struct in_addr, u_short, u_short, int, int); -static struct alias_link * -FindLinkIn(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int); +static struct alias_link *FindLinkIn(struct libalias *, struct in_addr, + struct in_addr, u_short, u_short, int, int); -#define ALIAS_PORT_BASE 0x08000 -#define ALIAS_PORT_MASK 0x07fff -#define ALIAS_PORT_MASK_EVEN 0x07ffe -#define GET_NEW_PORT_MAX_ATTEMPTS 20 +#define ALIAS_PORT_BASE 0x08000 +#define ALIAS_PORT_MASK 0x07fff +#define ALIAS_PORT_MASK_EVEN 0x07ffe +#define GET_NEW_PORT_MAX_ATTEMPTS 20 -#define FIND_EVEN_ALIAS_BASE 1 +#define FIND_EVEN_ALIAS_BASE 1 /* GetNewPort() allocates port numbers. Note that if a port number is already in use, that does not mean that it cannot be used by @@ -591,7 +584,8 @@ port_net = lnk->src_port; port_sys = ntohs(port_net); } else if (la->aliasPortLower) { - /* First trial is a random port in the aliasing range. */ + /* First trial is a random port in the aliasing range. + */ port_sys = la->aliasPortLower + (arc4random() % la->aliasPortLength); port_net = htons(port_sys); @@ -602,7 +596,7 @@ port_net = htons(port_sys); } } else if (alias_port_param >= 0 && alias_port_param < 0x10000) { - lnk->alias_port = (u_short) alias_port_param; + lnk->alias_port = (u_short)alias_port_param; return (0); } else { #ifdef LIBALIAS_DEBUG @@ -618,24 +612,24 @@ struct alias_link *search_result; search_result = FindLinkIn(la, lnk->dst_addr, lnk->alias_addr, - lnk->dst_port, port_net, - lnk->link_type, 0); + lnk->dst_port, port_net, lnk->link_type, 0); if (search_result == NULL) go_ahead = 1; - else if (!(lnk->flags & LINK_PARTIALLY_SPECIFIED) - && (search_result->flags & LINK_PARTIALLY_SPECIFIED)) + else if (!(lnk->flags & LINK_PARTIALLY_SPECIFIED) && + (search_result->flags & LINK_PARTIALLY_SPECIFIED)) go_ahead = 1; else go_ahead = 0; if (go_ahead) { #ifndef NO_USE_SOCKETS - if ((la->packetAliasMode & PKT_ALIAS_USE_SOCKETS) - && (lnk->flags & LINK_PARTIALLY_SPECIFIED) - && ((lnk->link_type == LINK_TCP) || - (lnk->link_type == LINK_UDP))) { - if (GetSocket(la, port_net, &lnk->sockfd, lnk->link_type)) { + if ((la->packetAliasMode & PKT_ALIAS_USE_SOCKETS) && + (lnk->flags & LINK_PARTIALLY_SPECIFIED) && + ((lnk->link_type == LINK_TCP) || + (lnk->link_type == LINK_UDP))) { + if (GetSocket(la, port_net, &lnk->sockfd, + lnk->link_type)) { lnk->alias_port = port_net; return (0); } @@ -667,7 +661,7 @@ } #ifndef NO_USE_SOCKETS -static u_short +static u_short GetSocket(struct libalias *la, u_short port_net, int *sockfd, int link_type) { int err; @@ -698,9 +692,7 @@ sock_addr.sin_addr.s_addr = htonl(INADDR_ANY); sock_addr.sin_port = port_net; - err = bind(sock, - (struct sockaddr *)&sock_addr, - sizeof(sock_addr)); + err = bind(sock, (struct sockaddr *)&sock_addr, sizeof(sock_addr)); if (err == 0) { la->sockCount++; *sockfd = sock; @@ -719,14 +711,9 @@ looks for unused triplets: (dest addr, dest port, alias port). */ int -FindNewPortGroup(struct libalias *la, - struct in_addr dst_addr, - struct in_addr alias_addr, - u_short src_port, - u_short dst_port, - u_short port_count, - u_char proto, - u_char align) +FindNewPortGroup(struct libalias *la, struct in_addr dst_addr, + struct in_addr alias_addr, u_short src_port, u_short dst_port, + u_short port_count, u_char proto, u_char align) { int i, j; int max_trials; @@ -780,8 +767,8 @@ for (j = 0; j < port_count; j++) if ((search_result = FindLinkIn(la, dst_addr, - alias_addr, dst_port, htons(port_sys + j), - link_type, 0)) != NULL) + alias_addr, dst_port, htons(port_sys + j), + link_type, 0)) != NULL) break; /* Found a good range, return base */ @@ -830,8 +817,8 @@ struct alias_link *lnk, *lnk_tmp; LIBALIAS_LOCK_ASSERT(la); - LIST_FOREACH_SAFE(lnk, &la->linkTableOut[la->cleanupIndex++], - list_out, lnk_tmp) { + LIST_FOREACH_SAFE (lnk, &la->linkTableOut[la->cleanupIndex++], list_out, + lnk_tmp) { if (la->timeStamp - lnk->timestamp > lnk->expire_time) DeleteLink(lnk); } @@ -957,7 +944,7 @@ lnk->expire_time = TCP_EXPIRE_INITIAL; break; case LINK_PPTP: - lnk->flags |= LINK_PERMANENT; /* no timeout. */ + lnk->flags |= LINK_PERMANENT; /* no timeout. */ break; case LINK_FRAGMENT_ID: lnk->expire_time = FRAGMENT_ID_EXPIRE_TIME; @@ -999,8 +986,10 @@ int i; la->tcpLinkCount++; - aux_tcp->state.in = ALIAS_TCP_STATE_NOT_CONNECTED; - aux_tcp->state.out = ALIAS_TCP_STATE_NOT_CONNECTED; + aux_tcp->state.in = + ALIAS_TCP_STATE_NOT_CONNECTED; + aux_tcp->state.out = + ALIAS_TCP_STATE_NOT_CONNECTED; aux_tcp->state.index = 0; aux_tcp->state.ack_modified = 0; for (i = 0; i < N_LINK_TCP_DATA; i++) @@ -1010,7 +999,8 @@ } else { #ifdef LIBALIAS_DEBUG fprintf(stderr, "PacketAlias/AddLink: "); - fprintf(stderr, " cannot allocate auxiliary TCP data\n"); + fprintf(stderr, + " cannot allocate auxiliary TCP data\n"); #endif free(lnk); return (NULL); @@ -1033,12 +1023,13 @@ } /* Set up pointers for output lookup table */ - start_point = StartPointOut(src_addr, dst_addr, - src_port, dst_port, link_type); + start_point = StartPointOut(src_addr, dst_addr, src_port, + dst_port, link_type); LIST_INSERT_HEAD(&la->linkTableOut[start_point], lnk, list_out); /* Set up pointers for input lookup table */ - start_point = StartPointIn(alias_addr, lnk->alias_port, link_type); + start_point = StartPointIn(alias_addr, lnk->alias_port, + link_type); LIST_INSERT_HEAD(&la->linkTableIn[start_point], lnk, list_in); } else { #ifdef LIBALIAS_DEBUG @@ -1057,25 +1048,18 @@ * chosen. If greater than zero, equal to alias port */ static struct alias_link * -ReLink(struct alias_link *old_lnk, - struct in_addr src_addr, - struct in_addr dst_addr, - struct in_addr alias_addr, - u_short src_port, - u_short dst_port, - int alias_port_param, - int link_type) +ReLink(struct alias_link *old_lnk, struct in_addr src_addr, + struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, + u_short dst_port, int alias_port_param, int link_type) { struct alias_link *new_lnk; struct libalias *la = old_lnk->la; LIBALIAS_LOCK_ASSERT(la); - new_lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_port, dst_port, alias_port_param, - link_type); + new_lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, + dst_port, alias_port_param, link_type); #ifndef NO_FW_PUNCH - if (new_lnk != NULL && - old_lnk->link_type == LINK_TCP && + if (new_lnk != NULL && old_lnk->link_type == LINK_TCP && old_lnk->data.tcp->fwhole > 0) { PunchFWHole(new_lnk); } @@ -1086,10 +1070,7 @@ static struct alias_link * _FindLinkOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short dst_port, - int link_type, + struct in_addr dst_addr, u_short src_port, u_short dst_port, int link_type, int replace_partial_links) { u_int i; @@ -1097,13 +1078,11 @@ LIBALIAS_LOCK_ASSERT(la); i = StartPointOut(src_addr, dst_addr, src_port, dst_port, link_type); - LIST_FOREACH(lnk, &la->linkTableOut[i], list_out) { + LIST_FOREACH (lnk, &la->linkTableOut[i], list_out) { if (lnk->dst_addr.s_addr == dst_addr.s_addr && lnk->src_addr.s_addr == src_addr.s_addr && - lnk->src_port == src_port && - lnk->dst_port == dst_port && - lnk->link_type == link_type && - lnk->server == NULL) { + lnk->src_port == src_port && lnk->dst_port == dst_port && + lnk->link_type == link_type && lnk->server == NULL) { lnk->timestamp = la->timeStamp; break; } @@ -1115,8 +1094,8 @@ lnk = _FindLinkOut(la, src_addr, dst_addr, src_port, 0, link_type, 0); if (lnk == NULL) - lnk = _FindLinkOut(la, src_addr, NO_ADDR, src_port, - dst_port, link_type, 0); + lnk = _FindLinkOut(la, src_addr, NO_ADDR, + src_port, dst_port, link_type, 0); } if (lnk == NULL && (dst_port != 0 || dst_addr.s_addr != INADDR_ANY)) { @@ -1124,10 +1103,8 @@ link_type, 0); } if (lnk != NULL) { - lnk = ReLink(lnk, - src_addr, dst_addr, lnk->alias_addr, - src_port, dst_port, lnk->alias_port, - link_type); + lnk = ReLink(lnk, src_addr, dst_addr, lnk->alias_addr, + src_port, dst_port, lnk->alias_port, link_type); } } return (lnk); @@ -1135,10 +1112,7 @@ static struct alias_link * FindLinkOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short dst_port, - int link_type, + struct in_addr dst_addr, u_short src_port, u_short dst_port, int link_type, int replace_partial_links) { struct alias_link *lnk; @@ -1156,8 +1130,8 @@ */ if (la->aliasAddress.s_addr != INADDR_ANY && src_addr.s_addr == la->aliasAddress.s_addr) { - lnk = _FindLinkOut(la, NO_ADDR, dst_addr, src_port, dst_port, - link_type, replace_partial_links); + lnk = _FindLinkOut(la, NO_ADDR, dst_addr, src_port, + dst_port, link_type, replace_partial_links); } } return (lnk); @@ -1165,11 +1139,8 @@ static struct alias_link * _FindLinkIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short dst_port, - u_short alias_port, - int link_type, - int replace_partial_links) + struct in_addr alias_addr, u_short dst_port, u_short alias_port, + int link_type, int replace_partial_links) { int flags_in; u_int start_point; @@ -1196,40 +1167,40 @@ /* Search loop */ start_point = StartPointIn(alias_addr, alias_port, link_type); - LIST_FOREACH(lnk, &la->linkTableIn[start_point], list_in) { + LIST_FOREACH (lnk, &la->linkTableIn[start_point], list_in) { int flags; flags = flags_in | lnk->flags; if (!(flags & LINK_PARTIALLY_SPECIFIED)) { - if (lnk->alias_addr.s_addr == alias_addr.s_addr - && lnk->alias_port == alias_port - && lnk->dst_addr.s_addr == dst_addr.s_addr - && lnk->dst_port == dst_port - && lnk->link_type == link_type) { + if (lnk->alias_addr.s_addr == alias_addr.s_addr && + lnk->alias_port == alias_port && + lnk->dst_addr.s_addr == dst_addr.s_addr && + lnk->dst_port == dst_port && + lnk->link_type == link_type) { lnk_fully_specified = lnk; break; } - } else if ((flags & LINK_UNKNOWN_DEST_ADDR) - && (flags & LINK_UNKNOWN_DEST_PORT)) { - if (lnk->alias_addr.s_addr == alias_addr.s_addr - && lnk->alias_port == alias_port - && lnk->link_type == link_type) { + } else if ((flags & LINK_UNKNOWN_DEST_ADDR) && + (flags & LINK_UNKNOWN_DEST_PORT)) { + if (lnk->alias_addr.s_addr == alias_addr.s_addr && + lnk->alias_port == alias_port && + lnk->link_type == link_type) { if (lnk_unknown_all == NULL) lnk_unknown_all = lnk; } } else if (flags & LINK_UNKNOWN_DEST_ADDR) { - if (lnk->alias_addr.s_addr == alias_addr.s_addr - && lnk->alias_port == alias_port - && lnk->link_type == link_type - && lnk->dst_port == dst_port) { + if (lnk->alias_addr.s_addr == alias_addr.s_addr && + lnk->alias_port == alias_port && + lnk->link_type == link_type && + lnk->dst_port == dst_port) { if (lnk_unknown_dst_addr == NULL) lnk_unknown_dst_addr = lnk; } } else if (flags & LINK_UNKNOWN_DEST_PORT) { - if (lnk->alias_addr.s_addr == alias_addr.s_addr - && lnk->alias_port == alias_port - && lnk->link_type == link_type - && lnk->dst_addr.s_addr == dst_addr.s_addr) { + if (lnk->alias_addr.s_addr == alias_addr.s_addr && + lnk->alias_port == alias_port && + lnk->link_type == link_type && + lnk->dst_addr.s_addr == dst_addr.s_addr) { if (lnk_unknown_dst_port == NULL) lnk_unknown_dst_port = lnk; } @@ -1253,7 +1224,7 @@ struct in_addr src_addr; u_short src_port; - if (lnk->server != NULL) { /* LSNAT link */ + if (lnk->server != NULL) { /* LSNAT link */ src_addr = lnk->server->addr; src_port = lnk->server->port; lnk->server = lnk->server->next; @@ -1267,21 +1238,16 @@ lnk->src_port = src_port; return (lnk); } - lnk = ReLink(lnk, - src_addr, dst_addr, alias_addr, - src_port, dst_port, alias_port, - link_type); + lnk = ReLink(lnk, src_addr, dst_addr, alias_addr, src_port, + dst_port, alias_port, link_type); } return (lnk); } static struct alias_link * FindLinkIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short dst_port, - u_short alias_port, - int link_type, - int replace_partial_links) + struct in_addr alias_addr, u_short dst_port, u_short alias_port, + int link_type, int replace_partial_links) { struct alias_link *lnk; @@ -1298,8 +1264,8 @@ */ if (la->aliasAddress.s_addr != INADDR_ANY && alias_addr.s_addr == la->aliasAddress.s_addr) { - lnk = _FindLinkIn(la, dst_addr, NO_ADDR, dst_port, alias_port, - link_type, replace_partial_links); + lnk = _FindLinkIn(la, dst_addr, NO_ADDR, dst_port, + alias_port, link_type, replace_partial_links); } } return (lnk); @@ -1323,66 +1289,56 @@ struct alias_link * FindIcmpIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short id_alias, - int create) + struct in_addr alias_addr, u_short id_alias, int create) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, dst_addr, alias_addr, - NO_DEST_PORT, id_alias, + lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, id_alias, LINK_ICMP, 0); - if (lnk == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { + if (lnk == NULL && create && + !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; target_addr = FindOriginalAddress(la, alias_addr); - lnk = AddLink(la, target_addr, dst_addr, alias_addr, - id_alias, NO_DEST_PORT, id_alias, - LINK_ICMP); + lnk = AddLink(la, target_addr, dst_addr, alias_addr, id_alias, + NO_DEST_PORT, id_alias, LINK_ICMP); } return (lnk); } struct alias_link * FindIcmpOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short id, - int create) + struct in_addr dst_addr, u_short id, int create) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkOut(la, src_addr, dst_addr, - id, NO_DEST_PORT, - LINK_ICMP, 0); + lnk = FindLinkOut(la, src_addr, dst_addr, id, NO_DEST_PORT, LINK_ICMP, + 0); if (lnk == NULL && create) { struct in_addr alias_addr; alias_addr = FindAliasAddress(la, src_addr); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - id, NO_DEST_PORT, GET_ALIAS_ID, - LINK_ICMP); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, id, + NO_DEST_PORT, GET_ALIAS_ID, LINK_ICMP); } return (lnk); } struct alias_link * FindFragmentIn1(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short ip_id) + struct in_addr alias_addr, u_short ip_id) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, dst_addr, alias_addr, - NO_DEST_PORT, ip_id, + lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID, 0); if (lnk == NULL) { - lnk = AddLink(la, NO_ADDR, dst_addr, alias_addr, - NO_SRC_PORT, NO_DEST_PORT, ip_id, - LINK_FRAGMENT_ID); + lnk = AddLink(la, NO_ADDR, dst_addr, alias_addr, NO_SRC_PORT, + NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID); } return (lnk); } @@ -1393,84 +1349,69 @@ struct in_addr alias_addr, u_short ip_id) { LIBALIAS_LOCK_ASSERT(la); - return FindLinkIn(la, dst_addr, alias_addr, - NO_DEST_PORT, ip_id, + return FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID, 0); } struct alias_link * -AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr, - u_short ip_id) +AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr, u_short ip_id) { LIBALIAS_LOCK_ASSERT(la); - return AddLink(la, NO_ADDR, dst_addr, NO_ADDR, - NO_SRC_PORT, NO_DEST_PORT, ip_id, - LINK_FRAGMENT_PTR); + return AddLink(la, NO_ADDR, dst_addr, NO_ADDR, NO_SRC_PORT, + NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR); } struct alias_link * -FindFragmentPtr(struct libalias *la, struct in_addr dst_addr, - u_short ip_id) +FindFragmentPtr(struct libalias *la, struct in_addr dst_addr, u_short ip_id) { LIBALIAS_LOCK_ASSERT(la); - return FindLinkIn(la, dst_addr, NO_ADDR, - NO_DEST_PORT, ip_id, + return FindLinkIn(la, dst_addr, NO_ADDR, NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR, 0); } struct alias_link * FindProtoIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_char proto) + struct in_addr alias_addr, u_char proto) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, dst_addr, alias_addr, - NO_DEST_PORT, 0, - proto, 1); + lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, 0, proto, 1); if (lnk == NULL && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; target_addr = FindOriginalAddress(la, alias_addr); lnk = AddLink(la, target_addr, dst_addr, alias_addr, - NO_SRC_PORT, NO_DEST_PORT, 0, - proto); + NO_SRC_PORT, NO_DEST_PORT, 0, proto); } return (lnk); } struct alias_link * FindProtoOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_char proto) + struct in_addr dst_addr, u_char proto) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkOut(la, src_addr, dst_addr, - NO_SRC_PORT, NO_DEST_PORT, + lnk = FindLinkOut(la, src_addr, dst_addr, NO_SRC_PORT, NO_DEST_PORT, proto, 1); if (lnk == NULL) { struct in_addr alias_addr; alias_addr = FindAliasAddress(la, src_addr); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - NO_SRC_PORT, NO_DEST_PORT, 0, - proto); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, + NO_DEST_PORT, 0, proto); } return (lnk); } struct alias_link * FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_short dst_port, - u_short alias_port, - u_char proto, - int create) + struct in_addr alias_addr, u_short dst_port, u_short alias_port, + u_char proto, int create) { int link_type; struct alias_link *lnk; @@ -1488,27 +1429,23 @@ break; } - lnk = FindLinkIn(la, dst_addr, alias_addr, - dst_port, alias_port, + lnk = FindLinkIn(la, dst_addr, alias_addr, dst_port, alias_port, link_type, create); - if (lnk == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { + if (lnk == NULL && create && + !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; target_addr = FindOriginalAddress(la, alias_addr); - lnk = AddLink(la, target_addr, dst_addr, alias_addr, - alias_port, dst_port, alias_port, - link_type); + lnk = AddLink(la, target_addr, dst_addr, alias_addr, alias_port, + dst_port, alias_port, link_type); } return (lnk); } struct alias_link * FindUdpTcpOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short dst_port, - u_char proto, + struct in_addr dst_addr, u_short src_port, u_short dst_port, u_char proto, int create) { int link_type; @@ -1527,46 +1464,42 @@ break; } - lnk = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, create); + lnk = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, + create); if (lnk == NULL && create) { struct in_addr alias_addr; alias_addr = FindAliasAddress(la, src_addr); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_port, dst_port, GET_ALIAS_PORT, - link_type); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, + dst_port, GET_ALIAS_PORT, link_type); } return (lnk); } struct alias_link * -AddPptp(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - struct in_addr alias_addr, - u_int16_t src_call_id) +AddPptp(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, + struct in_addr alias_addr, u_int16_t src_call_id) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_call_id, 0, GET_ALIAS_PORT, - LINK_PPTP); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_call_id, 0, + GET_ALIAS_PORT, LINK_PPTP); return (lnk); } struct alias_link * FindPptpOutByCallId(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_int16_t src_call_id) + struct in_addr dst_addr, u_int16_t src_call_id) { u_int i; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP); - LIST_FOREACH(lnk, &la->linkTableOut[i], list_out) + LIST_FOREACH (lnk, &la->linkTableOut[i], list_out) if (lnk->link_type == LINK_PPTP && lnk->src_addr.s_addr == src_addr.s_addr && lnk->dst_addr.s_addr == dst_addr.s_addr && @@ -1578,15 +1511,14 @@ struct alias_link * FindPptpOutByPeerCallId(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_int16_t dst_call_id) + struct in_addr dst_addr, u_int16_t dst_call_id) { u_int i; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP); - LIST_FOREACH(lnk, &la->linkTableOut[i], list_out) + LIST_FOREACH (lnk, &la->linkTableOut[i], list_out) if (lnk->link_type == LINK_PPTP && lnk->src_addr.s_addr == src_addr.s_addr && lnk->dst_addr.s_addr == dst_addr.s_addr && @@ -1598,15 +1530,14 @@ struct alias_link * FindPptpInByCallId(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_int16_t dst_call_id) + struct in_addr alias_addr, u_int16_t dst_call_id) { u_int i; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); i = StartPointIn(alias_addr, 0, LINK_PPTP); - LIST_FOREACH(lnk, &la->linkTableIn[i], list_in) + LIST_FOREACH (lnk, &la->linkTableIn[i], list_in) if (lnk->link_type == LINK_PPTP && lnk->dst_addr.s_addr == dst_addr.s_addr && lnk->alias_addr.s_addr == alias_addr.s_addr && @@ -1618,14 +1549,12 @@ struct alias_link * FindPptpInByPeerCallId(struct libalias *la, struct in_addr dst_addr, - struct in_addr alias_addr, - u_int16_t alias_call_id) + struct in_addr alias_addr, u_int16_t alias_call_id) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, dst_addr, alias_addr, - 0 /* any */ , alias_call_id, + lnk = FindLinkIn(la, dst_addr, alias_addr, 0 /* any */, alias_call_id, LINK_PPTP, 0); return (lnk); @@ -1633,10 +1562,7 @@ struct alias_link * FindRtspOut(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short alias_port, - u_char proto) + struct in_addr dst_addr, u_short src_port, u_short alias_port, u_char proto) { int link_type; struct alias_link *lnk; @@ -1660,9 +1586,8 @@ struct in_addr alias_addr; alias_addr = FindAliasAddress(la, src_addr); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_port, 0, alias_port, - link_type); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, 0, + alias_port, link_type); } return (lnk); } @@ -1673,19 +1598,19 @@ struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkIn(la, NO_ADDR, alias_addr, - 0, 0, LINK_ADDR, 0); + lnk = FindLinkIn(la, NO_ADDR, alias_addr, 0, 0, LINK_ADDR, 0); if (lnk == NULL) { la->newDefaultLink = 1; if (la->targetAddress.s_addr == INADDR_ANY) return (alias_addr); else if (la->targetAddress.s_addr == INADDR_NONE) return (la->aliasAddress.s_addr != INADDR_ANY) ? - la->aliasAddress : alias_addr; + la->aliasAddress : + alias_addr; else return (la->targetAddress); } else { - if (lnk->server != NULL) { /* LSNAT link */ + if (lnk->server != NULL) { /* LSNAT link */ struct in_addr src_addr; src_addr = lnk->server->addr; @@ -1693,7 +1618,8 @@ return (src_addr); } else if (lnk->src_addr.s_addr == INADDR_ANY) return (la->aliasAddress.s_addr != INADDR_ANY) ? - la->aliasAddress : alias_addr; + la->aliasAddress : + alias_addr; else return (lnk->src_addr); } @@ -1705,15 +1631,16 @@ struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - lnk = FindLinkOut(la, original_addr, NO_ADDR, - 0, 0, LINK_ADDR, 0); + lnk = FindLinkOut(la, original_addr, NO_ADDR, 0, 0, LINK_ADDR, 0); if (lnk == NULL) { return (la->aliasAddress.s_addr != INADDR_ANY) ? - la->aliasAddress : original_addr; + la->aliasAddress : + original_addr; } else { if (lnk->alias_addr.s_addr == INADDR_ANY) return (la->aliasAddress.s_addr != INADDR_ANY) ? - la->aliasAddress : original_addr; + la->aliasAddress : + original_addr; else return (lnk->alias_addr); } @@ -1762,7 +1689,7 @@ { /* TCP input state */ switch (state) { - case ALIAS_TCP_STATE_DISCONNECTED: + case ALIAS_TCP_STATE_DISCONNECTED: if (lnk->data.tcp->state.out != ALIAS_TCP_STATE_CONNECTED) lnk->expire_time = TCP_EXPIRE_DEAD; else @@ -1787,7 +1714,7 @@ { /* TCP output state */ switch (state) { - case ALIAS_TCP_STATE_DISCONNECTED: + case ALIAS_TCP_STATE_DISCONNECTED: if (lnk->data.tcp->state.in != ALIAS_TCP_STATE_CONNECTED) lnk->expire_time = TCP_EXPIRE_DEAD; else @@ -2152,7 +2079,8 @@ ; #else if ((la->logDesc = fopen("/var/log/alias.log", "w"))) - fprintf(la->logDesc, "PacketAlias/InitPacketAliasLog: Packet alias logging enabled.\n"); + fprintf(la->logDesc, + "PacketAlias/InitPacketAliasLog: Packet alias logging enabled.\n"); #endif else return (ENOMEM); /* log initialization failed */ @@ -2199,10 +2127,9 @@ /* Redirection from a specific public addr:port to a private addr:port */ struct alias_link * -LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, u_short src_port, - struct in_addr dst_addr, u_short dst_port, - struct in_addr alias_addr, u_short alias_port, - u_char proto) +LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, + u_short src_port, struct in_addr dst_addr, u_short dst_port, + struct in_addr alias_addr, u_short alias_port, u_char proto) { int link_type; struct alias_link *lnk; @@ -2227,16 +2154,16 @@ goto getout; } - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - src_port, dst_port, alias_port, - link_type); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, + alias_port, link_type); if (lnk != NULL) { lnk->flags |= LINK_PERMANENT; } #ifdef LIBALIAS_DEBUG else { - fprintf(stderr, "PacketAliasRedirectPort(): " + fprintf(stderr, + "PacketAliasRedirectPort(): " "call to AddLink() failed\n"); } #endif @@ -2248,7 +2175,8 @@ /* Add server to the pool of servers */ int -LibAliasAddServer(struct libalias *la, struct alias_link *lnk, struct in_addr addr, u_short port) +LibAliasAddServer(struct libalias *la, struct alias_link *lnk, + struct in_addr addr, u_short port) { struct server *server; int res; @@ -2288,23 +2216,21 @@ public address to a private address */ struct alias_link * LibAliasRedirectProto(struct libalias *la, struct in_addr src_addr, - struct in_addr dst_addr, - struct in_addr alias_addr, - u_char proto) + struct in_addr dst_addr, struct in_addr alias_addr, u_char proto) { struct alias_link *lnk; LIBALIAS_LOCK(la); - lnk = AddLink(la, src_addr, dst_addr, alias_addr, - NO_SRC_PORT, NO_DEST_PORT, 0, - proto); + lnk = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, + NO_DEST_PORT, 0, proto); if (lnk != NULL) { lnk->flags |= LINK_PERMANENT; } #ifdef LIBALIAS_DEBUG else { - fprintf(stderr, "PacketAliasRedirectProto(): " + fprintf(stderr, + "PacketAliasRedirectProto(): " "call to AddLink() failed\n"); } #endif @@ -2321,16 +2247,15 @@ struct alias_link *lnk; LIBALIAS_LOCK(la); - lnk = AddLink(la, src_addr, NO_ADDR, alias_addr, - 0, 0, 0, - LINK_ADDR); + lnk = AddLink(la, src_addr, NO_ADDR, alias_addr, 0, 0, 0, LINK_ADDR); if (lnk != NULL) { lnk->flags |= LINK_PERMANENT; } #ifdef LIBALIAS_DEBUG else { - fprintf(stderr, "PacketAliasRedirectAddr(): " + fprintf(stderr, + "PacketAliasRedirectAddr(): " "call to AddLink() failed\n"); } #endif @@ -2374,8 +2299,8 @@ LibAliasSetAddress(struct libalias *la, struct in_addr addr) { LIBALIAS_LOCK(la); - if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE - && la->aliasAddress.s_addr != addr.s_addr) + if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE && + la->aliasAddress.s_addr != addr.s_addr) CleanupAliasData(la); la->aliasAddress = addr; @@ -2418,7 +2343,7 @@ if (la == NULL) { #ifdef _KERNEL -#undef malloc /* XXX: ugly */ +#undef malloc /* XXX: ugly */ la = malloc(sizeof *la, M_ALIAS, M_WAITOK | M_ZERO); #else la = calloc(sizeof *la, 1); @@ -2514,11 +2439,10 @@ /* Change mode for some operations */ unsigned int -LibAliasSetMode( - struct libalias *la, - unsigned int flags, /* Which state to bring flags to */ - unsigned int mask /* Mask of which flags to affect (use 0 to - * do a probe for flag values) */ +LibAliasSetMode(struct libalias *la, + unsigned int flags, /* Which state to bring flags to */ + unsigned int mask /* Mask of which flags to affect (use 0 to + * do a probe for flag values) */ ) { int res = -1; @@ -2570,8 +2494,9 @@ /* Firewall include files */ #include #include -#include + #include +#include /* * helper function, updates the pointer to cmd with the length @@ -2579,7 +2504,7 @@ * the new command in case it has been clobbered before. */ static ipfw_insn * -next_cmd(ipfw_insn * cmd) +next_cmd(ipfw_insn *cmd) { cmd += F_LEN(cmd); bzero(cmd, sizeof(*cmd)); @@ -2591,8 +2516,8 @@ * Existing flags are preserved. */ static ipfw_insn * -fill_cmd(ipfw_insn * cmd, enum ipfw_opcodes opcode, int size, - int flags, u_int16_t arg) +fill_cmd(ipfw_insn *cmd, enum ipfw_opcodes opcode, int size, int flags, + u_int16_t arg) { cmd->opcode = opcode; cmd->len = ((cmd->len | flags) & (F_NOT | F_OR)) | (size & F_LEN_MASK); @@ -2601,7 +2526,7 @@ } static ipfw_insn * -fill_ip(ipfw_insn * cmd1, enum ipfw_opcodes opcode, u_int32_t addr) +fill_ip(ipfw_insn *cmd1, enum ipfw_opcodes opcode, u_int32_t addr) { ipfw_insn_ip *cmd = (ipfw_insn_ip *)cmd1; @@ -2610,7 +2535,7 @@ } static ipfw_insn * -fill_one_port(ipfw_insn * cmd1, enum ipfw_opcodes opcode, u_int16_t port) +fill_one_port(ipfw_insn *cmd1, enum ipfw_opcodes opcode, u_int16_t port) { ipfw_insn_u16 *cmd = (ipfw_insn_u16 *)cmd1; @@ -2619,9 +2544,8 @@ } static int -fill_rule(void *buf, int bufsize, int rulenum, - enum ipfw_opcodes action, int proto, - struct in_addr sa, u_int16_t sp, struct in_addr da, u_int16_t dp) +fill_rule(void *buf, int bufsize, int rulenum, enum ipfw_opcodes action, + int proto, struct in_addr sa, u_int16_t sp, struct in_addr da, u_int16_t dp) { struct ip_fw *rule = (struct ip_fw *)buf; ipfw_insn *cmd = (ipfw_insn *)rule->cmd; @@ -2645,17 +2569,17 @@ static void ClearAllFWHoles(struct libalias *la); -#define fw_setfield(la, field, num) \ -do { \ - (field)[(num) - la->fireWallBaseNum] = 1; \ -} /*lint -save -e717 */ while(0)/* lint -restore */ +#define fw_setfield(la, field, num) \ + do { \ + (field)[(num)-la->fireWallBaseNum] = 1; \ + } /*lint -save -e717 */ while (0) /* lint -restore */ -#define fw_clrfield(la, field, num) \ -do { \ - (field)[(num) - la->fireWallBaseNum] = 0; \ -} /*lint -save -e717 */ while(0)/* lint -restore */ +#define fw_clrfield(la, field, num) \ + do { \ + (field)[(num)-la->fireWallBaseNum] = 0; \ + } /*lint -save -e717 */ while (0) /* lint -restore */ -#define fw_tstfield(la, field, num) ((field)[(num) - la->fireWallBaseNum]) +#define fw_tstfield(la, field, num) ((field)[(num)-la->fireWallBaseNum]) static void InitPunchFW(struct libalias *la) @@ -2689,15 +2613,14 @@ PunchFWHole(struct alias_link *lnk) { struct libalias *la; - int r; /* Result code */ - struct ip_fw rule; /* On-the-fly built rule */ - int fwhole; /* Where to punch hole */ + int r; /* Result code */ + struct ip_fw rule; /* On-the-fly built rule */ + int fwhole; /* Where to punch hole */ la = lnk->la; /* Don't do anything unless we are asked to */ - if (!(la->packetAliasMode & PKT_ALIAS_PUNCH_FW) || - la->fireWallFD < 0 || + if (!(la->packetAliasMode & PKT_ALIAS_PUNCH_FW) || la->fireWallFD < 0 || lnk->link_type != LINK_TCP) return; @@ -2707,19 +2630,22 @@ /* Find empty slot */ for (fwhole = la->fireWallActiveNum; - fwhole < la->fireWallBaseNum + la->fireWallNumNums && - fw_tstfield(la, la->fireWallField, fwhole); - fwhole++); + fwhole < la->fireWallBaseNum + la->fireWallNumNums && + fw_tstfield(la, la->fireWallField, fwhole); + fwhole++) + ; if (fwhole == la->fireWallBaseNum + la->fireWallNumNums) { for (fwhole = la->fireWallBaseNum; - fwhole < la->fireWallActiveNum && - fw_tstfield(la, la->fireWallField, fwhole); - fwhole++); + fwhole < la->fireWallActiveNum && + fw_tstfield(la, la->fireWallField, fwhole); + fwhole++) + ; if (fwhole == la->fireWallActiveNum) { /* No rule point empty - we can't punch more holes. */ la->fireWallActiveNum = la->fireWallBaseNum; #ifdef LIBALIAS_DEBUG - fprintf(stderr, "libalias: Unable to create firewall hole!\n"); + fprintf(stderr, + "libalias: Unable to create firewall hole!\n"); #endif return; } @@ -2737,19 +2663,20 @@ u_int32_t rulebuf[255]; int i; - i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, - O_ACCEPT, IPPROTO_TCP, - GetOriginalAddress(lnk), ntohs(GetOriginalPort(lnk)), - GetDestAddress(lnk), ntohs(GetDestPort(lnk))); - r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); + i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, O_ACCEPT, + IPPROTO_TCP, GetOriginalAddress(lnk), + ntohs(GetOriginalPort(lnk)), GetDestAddress(lnk), + ntohs(GetDestPort(lnk))); + r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, + i); if (r) err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)"); - i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, - O_ACCEPT, IPPROTO_TCP, - GetDestAddress(lnk), ntohs(GetDestPort(lnk)), + i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, O_ACCEPT, + IPPROTO_TCP, GetDestAddress(lnk), ntohs(GetDestPort(lnk)), GetOriginalAddress(lnk), ntohs(GetOriginalPort(lnk))); - r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); + r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, + i); if (r) err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)"); } @@ -2768,15 +2695,17 @@ la = lnk->la; if (lnk->link_type == LINK_TCP) { - int fwhole = lnk->data.tcp->fwhole; /* Where is the firewall hole? */ + int fwhole = + lnk->data.tcp->fwhole; /* Where is the firewall hole? */ struct ip_fw rule; if (fwhole < 0) return; - memset(&rule, 0, sizeof rule); /* useless for ipfw2 */ + memset(&rule, 0, sizeof rule); /* useless for ipfw2 */ while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, - &fwhole, sizeof fwhole)); + &fwhole, sizeof fwhole)) + ; fw_clrfield(la, la->fireWallField, fwhole); lnk->data.tcp->fwhole = -1; } @@ -2786,17 +2715,20 @@ static void ClearAllFWHoles(struct libalias *la) { - struct ip_fw rule; /* On-the-fly built rule */ + struct ip_fw rule; /* On-the-fly built rule */ int i; if (la->fireWallFD < 0) return; memset(&rule, 0, sizeof rule); - for (i = la->fireWallBaseNum; i < la->fireWallBaseNum + la->fireWallNumNums; i++) { + for (i = la->fireWallBaseNum; + i < la->fireWallBaseNum + la->fireWallNumNums; i++) { int r = i; - while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, sizeof r)); + while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, + sizeof r)) + ; } /* XXX: third arg correct here ? /phk */ memset(la->fireWallField, 0, la->fireWallNumNums); @@ -2827,24 +2759,24 @@ * Find the address to redirect incoming packets */ struct in_addr -FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm) +FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm) { struct alias_link *lnk; struct in_addr redir; LIBALIAS_LOCK_ASSERT(la); lnk = FindLinkIn(la, sm->ip_hdr->ip_src, sm->ip_hdr->ip_dst, - sm->sctp_hdr->dest_port,sm->sctp_hdr->dest_port, LINK_SCTP, 1); + sm->sctp_hdr->dest_port, sm->sctp_hdr->dest_port, LINK_SCTP, 1); if (lnk != NULL) { /* port redirect */ return (lnk->src_addr); } else { - redir = FindOriginalAddress(la,sm->ip_hdr->ip_dst); + redir = FindOriginalAddress(la, sm->ip_hdr->ip_dst); if (redir.s_addr == la->aliasAddress.s_addr || redir.s_addr == la->targetAddress.s_addr) { /* No address found */ - lnk = FindLinkIn(la, sm->ip_hdr->ip_src, sm->ip_hdr->ip_dst, - NO_DEST_PORT, 0, LINK_SCTP, 1); + lnk = FindLinkIn(la, sm->ip_hdr->ip_src, + sm->ip_hdr->ip_dst, NO_DEST_PORT, 0, LINK_SCTP, 1); if (lnk != NULL) /* redirect proto */ return (lnk->src_addr); Index: sys/netinet/libalias/alias_dummy.c =================================================================== --- sys/netinet/libalias/alias_dummy.c +++ sys/netinet/libalias/alias_dummy.c @@ -40,13 +40,14 @@ #include #include #else -#include #include + +#include #include #endif -#include #include +#include #include #include @@ -58,8 +59,8 @@ #include "alias_mod.h" #endif -static void -AliasHandleDummy(struct libalias *la, struct ip *ip, struct alias_data *ah); +static void AliasHandleDummy(struct libalias *la, struct ip *ip, + struct alias_data *ah); static int fingerprint(struct libalias *la, struct alias_data *ah) @@ -76,8 +77,8 @@ * return an OK value. */ if (ntohs(*ah->dport) == 123 || ntohs(*ah->sport) == 456) - return (0); /* I know how to handle it. */ - return (-1); /* I don't recognize this packet. */ + return (0); /* I know how to handle it. */ + return (-1); /* I don't recognize this packet. */ } /* @@ -100,16 +101,12 @@ * ITS EXACT NAME: handlers. */ -struct proto_handler handlers [] = { - { - .pri = 666, - .dir = IN|OUT, - .proto = UDP|TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandler - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 666, + .dir = IN | OUT, + .proto = UDP | TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandler }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -134,9 +131,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_dummy", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_dummy", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_dummy, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); Index: sys/netinet/libalias/alias_ftp.c =================================================================== --- sys/netinet/libalias/alias_ftp.c +++ sys/netinet/libalias/alias_ftp.c @@ -72,20 +72,21 @@ /* Includes */ #ifdef _KERNEL #include -#include #include +#include #include #include #else +#include + #include #include -#include #include #include #endif -#include #include +#include #include #include @@ -100,11 +101,10 @@ #define FTP_CONTROL_PORT_NUMBER 21 -static void -AliasHandleFtpOut(struct libalias *, struct ip *, struct alias_link *, - int maxpacketsize); -static void -AliasHandleFtpIn(struct libalias *, struct ip *, struct alias_link *); +static void AliasHandleFtpOut(struct libalias *, struct ip *, + struct alias_link *, int maxpacketsize); +static void AliasHandleFtpIn(struct libalias *, struct ip *, + struct alias_link *); static int fingerprint_out(struct libalias *la, struct alias_data *ah) @@ -143,23 +143,17 @@ return (0); } -struct proto_handler handlers[] = { - { - .pri = 80, - .dir = OUT, - .proto = TCP, - .fingerprint = &fingerprint_out, - .protohandler = &protohandler_out - }, - { - .pri = 80, - .dir = IN, - .proto = TCP, - .fingerprint = &fingerprint_in, - .protohandler = &protohandler_in - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 80, + .dir = OUT, + .proto = TCP, + .fingerprint = &fingerprint_out, + .protohandler = &protohandler_out }, + { .pri = 80, + .dir = IN, + .proto = TCP, + .fingerprint = &fingerprint_in, + .protohandler = &protohandler_in }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -184,9 +178,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_ftp", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_ftp", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_ftp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -195,10 +187,10 @@ #endif #define FTP_CONTROL_PORT_NUMBER 21 -#define MAX_MESSAGE_SIZE 128 +#define MAX_MESSAGE_SIZE 128 /* FTP protocol flags. */ -#define WAIT_CRLF 0x01 +#define WAIT_CRLF 0x01 enum ftp_message_type { FTP_PORT_COMMAND, @@ -208,11 +200,12 @@ FTP_UNKNOWN_MESSAGE }; -static int ParseFtpPortCommand(struct libalias *la, char *, int); -static int ParseFtpEprtCommand(struct libalias *la, char *, int); -static int ParseFtp227Reply(struct libalias *la, char *, int); -static int ParseFtp229Reply(struct libalias *la, char *, int); -static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int); +static int ParseFtpPortCommand(struct libalias *la, char *, int); +static int ParseFtpEprtCommand(struct libalias *la, char *, int); +static int ParseFtp227Reply(struct libalias *la, char *, int); +static int ParseFtp229Reply(struct libalias *la, char *, int); +static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, + int, int); static void AliasHandleFtpOut( @@ -246,13 +239,15 @@ ftp_message_type = FTP_UNKNOWN_MESSAGE; if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) { - /* When aliasing a client, check for the PORT/EPRT command. */ + /* When aliasing a client, check for the PORT/EPRT + * command. */ if (ParseFtpPortCommand(la, sptr, dlen)) ftp_message_type = FTP_PORT_COMMAND; else if (ParseFtpEprtCommand(la, sptr, dlen)) ftp_message_type = FTP_EPRT_COMMAND; } else { - /* When aliasing a server, check for the 227/229 reply. */ + /* When aliasing a server, check for the 227/229 reply. + */ if (ParseFtp227Reply(la, sptr, dlen)) ftp_message_type = FTP_227_REPLY; else if (ParseFtp229Reply(la, sptr, dlen)) { @@ -262,12 +257,13 @@ } if (ftp_message_type != FTP_UNKNOWN_MESSAGE) - NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type); + NewFtpMessage(la, pip, lnk, maxpacketsize, + ftp_message_type); } /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */ - if (dlen) { /* only if there's data */ - sptr = (char *)pip; /* start over at beginning */ + if (dlen) { /* only if there's data */ + sptr = (char *)pip; /* start over at beginning */ tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may have grown */ if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n') pflags &= ~WAIT_CRLF; @@ -279,8 +275,8 @@ static void AliasHandleFtpIn(struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk) /* The link to go through (aliased port) */ + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk) /* The link to go through (aliased port) */ { int hlen, tlen, dlen, pflags; char *sptr; @@ -304,7 +300,7 @@ if (dlen <= MAX_MESSAGE_SIZE && (pflags & WAIT_CRLF) == 0 && ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER && (ParseFtpPortCommand(la, sptr, dlen) != 0 || - ParseFtpEprtCommand(la, sptr, dlen) != 0)) { + ParseFtpEprtCommand(la, sptr, dlen) != 0)) { /* * Alias active mode client requesting data from server * behind NAT. We need to alias server->client connection @@ -316,15 +312,15 @@ } /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */ if (dlen) { - sptr = (char *)pip; /* start over at beginning */ - tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may - * have grown. */ + sptr = (char *)pip; /* start over at beginning */ + tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may + * have grown. */ if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n') pflags &= ~WAIT_CRLF; else pflags |= WAIT_CRLF; SetProtocolFlags(lnk, pflags); - } + } } static int @@ -419,7 +415,7 @@ return (0); addr = port = octet = 0; - delim = '|'; /* XXX gcc -Wuninitialized */ + delim = '|'; /* XXX gcc -Wuninitialized */ state = 0; for (i = 5; i < dlen; i++) { ch = sptr[i]; @@ -431,7 +427,7 @@ } break; case 1: - if (ch == '1') /* IPv4 address */ + if (ch == '1') /* IPv4 address */ state++; else return (0); @@ -580,7 +576,7 @@ return (0); port = 0; - delim = '|'; /* XXX gcc -Wuninitialized */ + delim = '|'; /* XXX gcc -Wuninitialized */ state = 0; for (i = 4; i < dlen; i++) { @@ -633,10 +629,8 @@ } static void -NewFtpMessage(struct libalias *la, struct ip *pip, - struct alias_link *lnk, - int maxpacketsize, - int ftp_message_type) +NewFtpMessage(struct libalias *la, struct ip *pip, struct alias_link *lnk, + int maxpacketsize, int ftp_message_type) { struct alias_link *ftp_lnk; @@ -697,8 +691,9 @@ if (ftp_message_type == FTP_PORT_COMMAND) { /* Generate PORT command string. */ - sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n", - a1, a2, a3, a4, p1, p2); + sprintf(stemp, + "PORT %d,%d,%d,%d,%d,%d\r\n", a1, + a2, a3, a4, p1, p2); } else { /* Generate 227 reply string. */ sprintf(stemp, @@ -713,7 +708,8 @@ break; case FTP_229_REPLY: /* Generate 229 reply string. */ - sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n", + sprintf(stemp, + "229 Entering Extended Passive Mode (|||%d|)\r\n", ntohs(alias_port)); break; } @@ -742,12 +738,9 @@ { u_short new_len; - new_len = htons(hlen + - MIN(slen, maxpacketsize - hlen)); - DifferentialChecksum(&pip->ip_sum, - &new_len, - &pip->ip_len, - 1); + new_len = htons(hlen + MIN(slen, maxpacketsize - hlen)); + DifferentialChecksum(&pip->ip_sum, &new_len, + &pip->ip_len, 1); pip->ip_len = new_len; } Index: sys/netinet/libalias/alias_irc.c =================================================================== --- sys/netinet/libalias/alias_irc.c +++ sys/netinet/libalias/alias_irc.c @@ -52,23 +52,24 @@ /* Includes */ #ifdef _KERNEL #include -#include -#include #include +#include #include +#include #include #else +#include + #include #include -#include +#include #include #include #include -#include #endif -#include #include +#include #include #include @@ -90,17 +91,16 @@ /* Local defines */ #define DBprintf(a) -static void -AliasHandleIrcOut(struct libalias *, struct ip *, struct alias_link *, - int maxpacketsize); +static void AliasHandleIrcOut(struct libalias *, struct ip *, + struct alias_link *, int maxpacketsize); static int fingerprint(struct libalias *la, struct alias_data *ah) { if (ah->dport == NULL || ah->lnk == NULL || ah->maxpktsize == 0) return (-1); - if (ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_1 - || ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_2) + if (ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_1 || + ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_2) return (0); return (-1); } @@ -116,16 +116,12 @@ return (0); } -struct proto_handler handlers[] = { - { - .pri = 90, - .dir = OUT, - .proto = TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandler - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 90, + .dir = OUT, + .proto = TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandler }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -150,9 +146,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_irc", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_irc", mod_handler, NULL }; /* Kernel module definition. */ #ifdef _KERNEL @@ -163,10 +157,10 @@ static void AliasHandleIrcOut(struct libalias *la, - struct ip *pip, /* IP packet to examine */ - struct alias_link *lnk, /* Which link are we on? */ - int maxsize /* Maximum size of IP packet including - * headers */ + struct ip *pip, /* IP packet to examine */ + struct alias_link *lnk, /* Which link are we on? */ + int maxsize /* Maximum size of IP packet including + * headers */ ) { int hlen, tlen, dlen; @@ -174,7 +168,7 @@ u_short true_port; char *sptr; struct tcphdr *tc; - int i; /* Iterator through the source */ + int i; /* Iterator through the source */ /* Calculate data length of TCP packet */ tc = (struct tcphdr *)ip_next(pip); @@ -192,287 +186,288 @@ /* Place string pointer at beginning of data */ sptr = (char *)pip; sptr += hlen; - maxsize -= hlen; /* We're interested in maximum size of - * data, not packet */ + maxsize -= hlen; /* We're interested in maximum size of + * data, not packet */ /* Search for a CTCP command [Note 1] */ for (i = 0; i < dlen; i++) { if (sptr[i] == '\001') goto lFOUND_CTCP; } - return; /* No CTCP commands in */ - /* Handle CTCP commands - the buffer may have to be copied */ - lFOUND_CTCP: - { - unsigned int copyat = i; - unsigned int iCopy = 0; /* How much data have we written to - * copy-back string? */ - unsigned long org_addr; /* Original IP address */ - unsigned short org_port; /* Original source port - * address */ - - lCTCP_START: - if (i >= dlen || iCopy >= PKTSIZE) - goto lPACKET_DONE; - newpacket[iCopy++] = sptr[i++]; /* Copy the CTCP start - * character */ - /* Start of a CTCP */ - if (i + 4 >= dlen) /* Too short for DCC */ - goto lBAD_CTCP; - if (sptr[i + 0] != 'D') - goto lBAD_CTCP; - if (sptr[i + 1] != 'C') - goto lBAD_CTCP; - if (sptr[i + 2] != 'C') - goto lBAD_CTCP; - if (sptr[i + 3] != ' ') - goto lBAD_CTCP; - /* We have a DCC command - handle it! */ - i += 4; /* Skip "DCC " */ - if (iCopy + 4 > PKTSIZE) - goto lPACKET_DONE; - newpacket[iCopy++] = 'D'; - newpacket[iCopy++] = 'C'; - newpacket[iCopy++] = 'C'; - newpacket[iCopy++] = ' '; + return; /* No CTCP commands in */ +/* Handle CTCP commands - the buffer may have to be copied */ +lFOUND_CTCP : { + unsigned int copyat = i; + unsigned int iCopy = 0; /* How much data have we written to + * copy-back string? */ + unsigned long org_addr; /* Original IP address */ + unsigned short org_port; /* Original source port + * address */ + +lCTCP_START: + if (i >= dlen || iCopy >= PKTSIZE) + goto lPACKET_DONE; + newpacket[iCopy++] = sptr[i++]; /* Copy the CTCP start + * character */ + /* Start of a CTCP */ + if (i + 4 >= dlen) /* Too short for DCC */ + goto lBAD_CTCP; + if (sptr[i + 0] != 'D') + goto lBAD_CTCP; + if (sptr[i + 1] != 'C') + goto lBAD_CTCP; + if (sptr[i + 2] != 'C') + goto lBAD_CTCP; + if (sptr[i + 3] != ' ') + goto lBAD_CTCP; + /* We have a DCC command - handle it! */ + i += 4; /* Skip "DCC " */ + if (iCopy + 4 > PKTSIZE) + goto lPACKET_DONE; + newpacket[iCopy++] = 'D'; + newpacket[iCopy++] = 'C'; + newpacket[iCopy++] = 'C'; + newpacket[iCopy++] = ' '; - DBprintf(("Found DCC\n")); - /* - * Skip any extra spaces (should not occur according to - * protocol, but DCC breaks CTCP protocol anyway - */ - while (sptr[i] == ' ') { - if (++i >= dlen) { - DBprintf(("DCC packet terminated in just spaces\n")); - goto lPACKET_DONE; - } + DBprintf(("Found DCC\n")); + /* + * Skip any extra spaces (should not occur according to + * protocol, but DCC breaks CTCP protocol anyway + */ + while (sptr[i] == ' ') { + if (++i >= dlen) { + DBprintf(("DCC packet terminated in just spaces\n")); + goto lPACKET_DONE; } + } - DBprintf(("Transferring command...\n")); - while (sptr[i] != ' ') { - newpacket[iCopy++] = sptr[i]; - if (++i >= dlen || iCopy >= PKTSIZE) { - DBprintf(("DCC packet terminated during command\n")); - goto lPACKET_DONE; - } + DBprintf(("Transferring command...\n")); + while (sptr[i] != ' ') { + newpacket[iCopy++] = sptr[i]; + if (++i >= dlen || iCopy >= PKTSIZE) { + DBprintf(("DCC packet terminated during command\n")); + goto lPACKET_DONE; } - /* Copy _one_ space */ - if (i + 1 < dlen && iCopy < PKTSIZE) - newpacket[iCopy++] = sptr[i++]; + } + /* Copy _one_ space */ + if (i + 1 < dlen && iCopy < PKTSIZE) + newpacket[iCopy++] = sptr[i++]; - DBprintf(("Done command - removing spaces\n")); - /* - * Skip any extra spaces (should not occur according to - * protocol, but DCC breaks CTCP protocol anyway - */ - while (sptr[i] == ' ') { - if (++i >= dlen) { - DBprintf(("DCC packet terminated in just spaces (post-command)\n")); - goto lPACKET_DONE; - } + DBprintf(("Done command - removing spaces\n")); + /* + * Skip any extra spaces (should not occur according to + * protocol, but DCC breaks CTCP protocol anyway + */ + while (sptr[i] == ' ') { + if (++i >= dlen) { + DBprintf(( + "DCC packet terminated in just spaces (post-command)\n")); + goto lPACKET_DONE; } + } - DBprintf(("Transferring filename...\n")); - while (sptr[i] != ' ') { - newpacket[iCopy++] = sptr[i]; - if (++i >= dlen || iCopy >= PKTSIZE) { - DBprintf(("DCC packet terminated during filename\n")); - goto lPACKET_DONE; - } + DBprintf(("Transferring filename...\n")); + while (sptr[i] != ' ') { + newpacket[iCopy++] = sptr[i]; + if (++i >= dlen || iCopy >= PKTSIZE) { + DBprintf(("DCC packet terminated during filename\n")); + goto lPACKET_DONE; } - /* Copy _one_ space */ - if (i + 1 < dlen && iCopy < PKTSIZE) - newpacket[iCopy++] = sptr[i++]; + } + /* Copy _one_ space */ + if (i + 1 < dlen && iCopy < PKTSIZE) + newpacket[iCopy++] = sptr[i++]; - DBprintf(("Done filename - removing spaces\n")); - /* - * Skip any extra spaces (should not occur according to - * protocol, but DCC breaks CTCP protocol anyway - */ - while (sptr[i] == ' ') { - if (++i >= dlen) { - DBprintf(("DCC packet terminated in just spaces (post-filename)\n")); - goto lPACKET_DONE; - } + DBprintf(("Done filename - removing spaces\n")); + /* + * Skip any extra spaces (should not occur according to + * protocol, but DCC breaks CTCP protocol anyway + */ + while (sptr[i] == ' ') { + if (++i >= dlen) { + DBprintf(( + "DCC packet terminated in just spaces (post-filename)\n")); + goto lPACKET_DONE; } + } - DBprintf(("Fetching IP address\n")); - /* Fetch IP address */ - org_addr = 0; - while (i < dlen && isdigit(sptr[i])) { - if (org_addr > ULONG_MAX / 10UL) { /* Terminate on overflow */ - DBprintf(("DCC Address overflow (org_addr == 0x%08lx, next char %c\n", org_addr, sptr[i])); - goto lBAD_CTCP; - } - org_addr *= 10; - org_addr += sptr[i++] - '0'; - } - DBprintf(("Skipping space\n")); - if (i + 1 >= dlen || sptr[i] != ' ') { - DBprintf(("Overflow (%d >= %d) or bad character (%02x) terminating IP address\n", i + 1, dlen, sptr[i])); + DBprintf(("Fetching IP address\n")); + /* Fetch IP address */ + org_addr = 0; + while (i < dlen && isdigit(sptr[i])) { + if (org_addr > ULONG_MAX / 10UL) { /* Terminate on overflow */ + DBprintf(( + "DCC Address overflow (org_addr == 0x%08lx, next char %c\n", + org_addr, sptr[i])); goto lBAD_CTCP; } - /* - * Skip any extra spaces (should not occur according to - * protocol, but DCC breaks CTCP protocol anyway, so we - * might as well play it safe - */ - while (sptr[i] == ' ') { - if (++i >= dlen) { - DBprintf(("Packet failure - space overflow.\n")); - goto lPACKET_DONE; - } - } - DBprintf(("Fetching port number\n")); - /* Fetch source port */ - org_port = 0; - while (i < dlen && isdigit(sptr[i])) { - if (org_port > 6554) { /* Terminate on overflow - * (65536/10 rounded up */ - DBprintf(("DCC: port number overflow\n")); - goto lBAD_CTCP; - } - org_port *= 10; - org_port += sptr[i++] - '0'; + org_addr *= 10; + org_addr += sptr[i++] - '0'; + } + DBprintf(("Skipping space\n")); + if (i + 1 >= dlen || sptr[i] != ' ') { + DBprintf(( + "Overflow (%d >= %d) or bad character (%02x) terminating IP address\n", + i + 1, dlen, sptr[i])); + goto lBAD_CTCP; + } + /* + * Skip any extra spaces (should not occur according to + * protocol, but DCC breaks CTCP protocol anyway, so we + * might as well play it safe + */ + while (sptr[i] == ' ') { + if (++i >= dlen) { + DBprintf(("Packet failure - space overflow.\n")); + goto lPACKET_DONE; } - /* Skip illegal addresses (or early termination) */ - if (i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ')) { - DBprintf(("Bad port termination\n")); + } + DBprintf(("Fetching port number\n")); + /* Fetch source port */ + org_port = 0; + while (i < dlen && isdigit(sptr[i])) { + if (org_port > 6554) { /* Terminate on overflow + * (65536/10 rounded up */ + DBprintf(("DCC: port number overflow\n")); goto lBAD_CTCP; } - DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port)); + org_port *= 10; + org_port += sptr[i++] - '0'; + } + /* Skip illegal addresses (or early termination) */ + if (i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ')) { + DBprintf(("Bad port termination\n")); + goto lBAD_CTCP; + } + DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port)); - /* We've got the address and port - now alias it */ - { - struct alias_link *dcc_lnk; - struct in_addr destaddr; + /* We've got the address and port - now alias it */ + { + struct alias_link *dcc_lnk; + struct in_addr destaddr; - true_port = htons(org_port); - true_addr.s_addr = htonl(org_addr); - destaddr.s_addr = 0; + true_port = htons(org_port); + true_addr.s_addr = htonl(org_addr); + destaddr.s_addr = 0; - /* Sanity/Security checking */ - if (!org_addr || !org_port || - pip->ip_src.s_addr != true_addr.s_addr || - org_port < IPPORT_RESERVED) - goto lBAD_CTCP; + /* Sanity/Security checking */ + if (!org_addr || !org_port || + pip->ip_src.s_addr != true_addr.s_addr || + org_port < IPPORT_RESERVED) + goto lBAD_CTCP; - /* - * Steal the FTP_DATA_PORT - it doesn't really - * matter, and this would probably allow it through - * at least _some_ firewalls. - */ - dcc_lnk = FindUdpTcpOut(la, true_addr, destaddr, - true_port, 0, - IPPROTO_TCP, 1); - DBprintf(("Got a DCC link\n")); - if (dcc_lnk) { - struct in_addr alias_address; /* Address from aliasing */ - u_short alias_port; /* Port given by - * aliasing */ - int n; + /* + * Steal the FTP_DATA_PORT - it doesn't really + * matter, and this would probably allow it through + * at least _some_ firewalls. + */ + dcc_lnk = FindUdpTcpOut(la, true_addr, destaddr, true_port, 0, + IPPROTO_TCP, 1); + DBprintf(("Got a DCC link\n")); + if (dcc_lnk) { + struct in_addr + alias_address; /* Address from aliasing */ + u_short alias_port; /* Port given by + * aliasing */ + int n; #ifndef NO_FW_PUNCH - /* Generate firewall hole as appropriate */ - PunchFWHole(dcc_lnk); + /* Generate firewall hole as appropriate */ + PunchFWHole(dcc_lnk); #endif - alias_address = GetAliasAddress(lnk); - n = snprintf(&newpacket[iCopy], - PKTSIZE - iCopy, - "%lu ", (u_long) htonl(alias_address.s_addr)); - if (n < 0) { - DBprintf(("DCC packet construct failure.\n")); - goto lBAD_CTCP; - } - if ((iCopy += n) >= PKTSIZE) { /* Truncated/fit exactly - * - bad news */ - DBprintf(("DCC constructed packet overflow.\n")); - goto lBAD_CTCP; - } - alias_port = GetAliasPort(dcc_lnk); - n = snprintf(&newpacket[iCopy], - PKTSIZE - iCopy, - "%u", htons(alias_port)); - if (n < 0) { - DBprintf(("DCC packet construct failure.\n")); - goto lBAD_CTCP; - } - iCopy += n; - /* - * Done - truncated cases will be taken - * care of by lBAD_CTCP - */ - DBprintf(("Aliased IP %lu and port %u\n", alias_address.s_addr, (unsigned)alias_port)); + alias_address = GetAliasAddress(lnk); + n = snprintf(&newpacket[iCopy], PKTSIZE - iCopy, "%lu ", + (u_long)htonl(alias_address.s_addr)); + if (n < 0) { + DBprintf(("DCC packet construct failure.\n")); + goto lBAD_CTCP; } - } - /* - * An uninteresting CTCP - state entered right after '\001' - * has been pushed. Also used to copy the rest of a DCC, - * after IP address and port has been handled - */ - lBAD_CTCP: - for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) { - newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ - if (sptr[i] == '\001') { - goto lNORMAL_TEXT; + if ((iCopy += n) >= PKTSIZE) { /* Truncated/fit exactly + * - bad news */ + DBprintf( + ("DCC constructed packet overflow.\n")); + goto lBAD_CTCP; } - } - goto lPACKET_DONE; - /* Normal text */ - lNORMAL_TEXT: - for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) { - newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ - if (sptr[i] == '\001') { - goto lCTCP_START; + alias_port = GetAliasPort(dcc_lnk); + n = snprintf(&newpacket[iCopy], PKTSIZE - iCopy, "%u", + htons(alias_port)); + if (n < 0) { + DBprintf(("DCC packet construct failure.\n")); + goto lBAD_CTCP; } + iCopy += n; + /* + * Done - truncated cases will be taken + * care of by lBAD_CTCP + */ + DBprintf(("Aliased IP %lu and port %u\n", + alias_address.s_addr, (unsigned)alias_port)); + } + } +/* + * An uninteresting CTCP - state entered right after '\001' + * has been pushed. Also used to copy the rest of a DCC, + * after IP address and port has been handled + */ +lBAD_CTCP: + for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) { + newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ + if (sptr[i] == '\001') { + goto lNORMAL_TEXT; } - /* Handle the end of a packet */ - lPACKET_DONE: - iCopy = iCopy > maxsize - copyat ? maxsize - copyat : iCopy; - memcpy(sptr + copyat, newpacket, iCopy); - - /* Save information regarding modified seq and ack numbers */ - { - int delta; - - SetAckModified(lnk); - tc = (struct tcphdr *)ip_next(pip); - delta = GetDeltaSeqOut(tc->th_seq, lnk); - AddSeq(lnk, delta + copyat + iCopy - dlen, pip->ip_hl, - pip->ip_len, tc->th_seq, tc->th_off); + } + goto lPACKET_DONE; +/* Normal text */ +lNORMAL_TEXT: + for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) { + newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ + if (sptr[i] == '\001') { + goto lCTCP_START; } + } +/* Handle the end of a packet */ +lPACKET_DONE: + iCopy = iCopy > maxsize - copyat ? maxsize - copyat : iCopy; + memcpy(sptr + copyat, newpacket, iCopy); + + /* Save information regarding modified seq and ack numbers */ + { + int delta; - /* Revise IP header */ - { - u_short new_len; + SetAckModified(lnk); + tc = (struct tcphdr *)ip_next(pip); + delta = GetDeltaSeqOut(tc->th_seq, lnk); + AddSeq(lnk, delta + copyat + iCopy - dlen, pip->ip_hl, + pip->ip_len, tc->th_seq, tc->th_off); + } - new_len = htons(hlen + iCopy + copyat); - DifferentialChecksum(&pip->ip_sum, - &new_len, - &pip->ip_len, - 1); - pip->ip_len = new_len; - } + /* Revise IP header */ + { + u_short new_len; + + new_len = htons(hlen + iCopy + copyat); + DifferentialChecksum(&pip->ip_sum, &new_len, &pip->ip_len, 1); + pip->ip_len = new_len; + } - /* Compute TCP checksum for revised packet */ - tc->th_sum = 0; + /* Compute TCP checksum for revised packet */ + tc->th_sum = 0; #ifdef _KERNEL - tc->th_x2 = 1; + tc->th_x2 = 1; #else - tc->th_sum = TcpChecksum(pip); + tc->th_sum = TcpChecksum(pip); #endif - return; - } + return; +} } /* Notes: [Note 1] - The initial search will most often fail; it could be replaced with a 32-bit specific search. - Such a search would be done for 32-bit unsigned value V: - V ^= 0x01010101; (Search is for null bytes) - if( ((V-0x01010101)^V) & 0x80808080 ) { - (found a null bytes which was a 01 byte) + The initial search will most often fail; it could be replaced with a 32-bit + specific search. Such a search would be done for 32-bit unsigned value V: V ^= + 0x01010101; (Search is for null bytes) if( ((V-0x01010101)^V) & + 0x80808080 ) { (found a null bytes which was a 01 byte) } To assert that the processor is 32-bits, do extern int ircdccar[32]; (32 bits) Index: sys/netinet/libalias/alias_local.h =================================================================== --- sys/netinet/libalias/alias_local.h +++ sys/netinet/libalias/alias_local.h @@ -46,19 +46,19 @@ */ #ifndef _ALIAS_LOCAL_H_ -#define _ALIAS_LOCAL_H_ +#define _ALIAS_LOCAL_H_ #include #include #ifdef _KERNEL -#include #include #include +#include #include /* XXX: LibAliasSetTarget() uses this constant. */ -#define INADDR_NONE 0xffffffff +#define INADDR_NONE 0xffffffff #include #else @@ -66,11 +66,11 @@ #endif /* Sizes of input and output link tables */ -#define LINK_TABLE_OUT_SIZE 4001 -#define LINK_TABLE_IN_SIZE 4001 +#define LINK_TABLE_OUT_SIZE 4001 +#define LINK_TABLE_IN_SIZE 4001 -#define GET_ALIAS_PORT -1 -#define GET_ALIAS_ID GET_ALIAS_PORT +#define GET_ALIAS_PORT -1 +#define GET_ALIAS_ID GET_ALIAS_PORT #ifdef _KERNEL #define INET_NTOA_BUF(buf) (buf) @@ -83,77 +83,77 @@ struct libalias { LIST_ENTRY(libalias) instancelist; /* Mode flags documented in alias.h */ - int packetAliasMode; + int packetAliasMode; /* Address written onto source field of IP packet. */ - struct in_addr aliasAddress; + struct in_addr aliasAddress; /* IP address incoming packets are sent to * if no aliasing link already exists */ - struct in_addr targetAddress; + struct in_addr targetAddress; /* Lookup table of pointers to chains of link records. * Each link record is doubly indexed into input and * output lookup tables. */ - LIST_HEAD (, alias_link) linkTableOut[LINK_TABLE_OUT_SIZE]; - LIST_HEAD (, alias_link) linkTableIn[LINK_TABLE_IN_SIZE]; + LIST_HEAD(, alias_link) linkTableOut[LINK_TABLE_OUT_SIZE]; + LIST_HEAD(, alias_link) linkTableIn[LINK_TABLE_IN_SIZE]; /* Link statistics */ - int icmpLinkCount; - int udpLinkCount; - int tcpLinkCount; - int pptpLinkCount; - int protoLinkCount; - int fragmentIdLinkCount; - int fragmentPtrLinkCount; - int sockCount; + int icmpLinkCount; + int udpLinkCount; + int tcpLinkCount; + int pptpLinkCount; + int protoLinkCount; + int fragmentIdLinkCount; + int fragmentPtrLinkCount; + int sockCount; /* Index to chain of link table being inspected for old links */ - int cleanupIndex; + int cleanupIndex; /* System time in seconds for current packet */ - int timeStamp; + int timeStamp; /* Last time IncrementalCleanup() was called */ - int lastCleanupTime; + int lastCleanupTime; /* If equal to zero, DeleteLink() * will not remove permanent links */ - int deleteAllLinks; + int deleteAllLinks; /* log descriptor */ #ifdef _KERNEL - char *logDesc; + char *logDesc; #else - FILE *logDesc; + FILE *logDesc; #endif /* Indicates if a new aliasing link has been created * after a call to PacketAliasIn/Out(). */ - int newDefaultLink; + int newDefaultLink; #ifndef NO_FW_PUNCH /* File descriptor to be able to control firewall. * Opened by PacketAliasSetMode on first setting * the PKT_ALIAS_PUNCH_FW flag. */ - int fireWallFD; + int fireWallFD; /* The first firewall entry free for our use */ - int fireWallBaseNum; + int fireWallBaseNum; /* How many entries can we use? */ - int fireWallNumNums; + int fireWallNumNums; /* Which entry did we last use? */ - int fireWallActiveNum; + int fireWallActiveNum; /* bool array for entries */ - char *fireWallField; + char *fireWallField; #endif /* TCP port used by the Skinny protocol. */ - unsigned int skinnyPort; + unsigned int skinnyPort; struct proxy_entry *proxyList; - struct in_addr true_addr; /* in network byte order. */ - u_short true_port; /* in host byte order. */ + struct in_addr true_addr; /* in network byte order. */ + u_short true_port; /* in host byte order. */ /* Port ranges for aliasing. */ - u_short aliasPortLower; - u_short aliasPortLength; + u_short aliasPortLower; + u_short aliasPortLength; /* * sctp code support */ /* counts associations that have progressed to UP and not yet removed */ - int sctpLinkCount; + int sctpLinkCount; #ifdef _KERNEL /* timing queue for keeping track of association timeouts */ struct sctp_nat_timer sctpNatTimer; @@ -177,7 +177,7 @@ #define LIBALIAS_LOCK_ASSERT(l) mtx_assert(&l->mutex, MA_OWNED) #define LIBALIAS_LOCK(l) mtx_lock(&l->mutex) #define LIBALIAS_UNLOCK(l) mtx_unlock(&l->mutex) -#define LIBALIAS_LOCK_DESTROY(l) mtx_destroy(&l->mutex) +#define LIBALIAS_LOCK_DESTROY(l) mtx_destroy(&l->mutex) #else #define LIBALIAS_LOCK_INIT(l) #define LIBALIAS_LOCK_ASSERT(l) @@ -194,19 +194,19 @@ * subtracting out old words), and "cksum" * is the checksum value to be updated. */ -#define ADJUST_CHECKSUM(acc, cksum) \ - do { \ - acc += cksum; \ - if (acc < 0) { \ - acc = -acc; \ +#define ADJUST_CHECKSUM(acc, cksum) \ + do { \ + acc += cksum; \ + if (acc < 0) { \ + acc = -acc; \ acc = (acc >> 16) + (acc & 0xffff); \ - acc += acc >> 16; \ - cksum = (u_short) ~acc; \ - } else { \ + acc += acc >> 16; \ + cksum = (u_short)~acc; \ + } else { \ acc = (acc >> 16) + (acc & 0xffff); \ - acc += acc >> 16; \ - cksum = (u_short) acc; \ - } \ + acc += acc >> 16; \ + cksum = (u_short)acc; \ + } \ } while (0) /* Prototypes */ @@ -228,121 +228,108 @@ * should be used. */ #ifndef _KERNEL -u_short IpChecksum(struct ip *_pip); -u_short TcpChecksum(struct ip *_pip); +u_short IpChecksum(struct ip *_pip); +u_short TcpChecksum(struct ip *_pip); #endif -void -DifferentialChecksum(u_short * _cksum, void * _new, void * _old, int _n); +void DifferentialChecksum(u_short *_cksum, void *_new, void *_old, int _n); /* Internal data access */ -struct alias_link * -AddLink(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, - struct in_addr alias_addr, u_short src_port, u_short dst_port, - int alias_param, int link_type); -struct alias_link * -FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _id_alias, int _create); -struct alias_link * -FindIcmpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_short _id, int _create); -struct alias_link * -FindFragmentIn1(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _ip_id); -struct alias_link * -FindFragmentIn2(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _ip_id); -struct alias_link * -AddFragmentPtrLink(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); -struct alias_link * -FindFragmentPtr(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); -struct alias_link * -FindProtoIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_char _proto); -struct alias_link * -FindProtoOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, +struct alias_link *AddLink(struct libalias *la, struct in_addr src_addr, + struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, + u_short dst_port, int alias_param, int link_type); +struct alias_link *FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, + struct in_addr _alias_addr, u_short _id_alias, int _create); +struct alias_link *FindIcmpOut(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, u_short _id, int _create); +struct alias_link *FindFragmentIn1(struct libalias *la, + struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); +struct alias_link *FindFragmentIn2(struct libalias *la, + struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); +struct alias_link *AddFragmentPtrLink(struct libalias *la, + struct in_addr _dst_addr, u_short _ip_id); +struct alias_link *FindFragmentPtr(struct libalias *la, + struct in_addr _dst_addr, u_short _ip_id); +struct alias_link *FindProtoIn(struct libalias *la, struct in_addr _dst_addr, + struct in_addr _alias_addr, u_char _proto); +struct alias_link *FindProtoOut(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, u_char _proto); +struct alias_link *FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, + struct in_addr _alias_addr, u_short _dst_port, u_short _alias_port, + u_char _proto, int _create); +struct alias_link *FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, u_short _src_port, u_short _dst_port, + u_char _proto, int _create); +struct alias_link *AddPptp(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, struct in_addr _alias_addr, + u_int16_t _src_call_id); +struct alias_link *FindPptpOutByCallId(struct libalias *la, + struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _src_call_id); +struct alias_link *FindPptpInByCallId(struct libalias *la, + struct in_addr _dst_addr, struct in_addr _alias_addr, + u_int16_t _dst_call_id); +struct alias_link *FindPptpOutByPeerCallId(struct libalias *la, + struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _dst_call_id); +struct alias_link *FindPptpInByPeerCallId(struct libalias *la, + struct in_addr _dst_addr, struct in_addr _alias_addr, + u_int16_t _alias_call_id); +struct alias_link *FindRtspOut(struct libalias *la, struct in_addr _src_addr, + struct in_addr _dst_addr, u_short _src_port, u_short _alias_port, u_char _proto); -struct alias_link * -FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _dst_port, u_short _alias_port, u_char _proto, int _create); -struct alias_link * -FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_short _src_port, u_short _dst_port, u_char _proto, int _create); -struct alias_link * -AddPptp(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - struct in_addr _alias_addr, u_int16_t _src_call_id); -struct alias_link * -FindPptpOutByCallId(struct libalias *la, struct in_addr _src_addr, - struct in_addr _dst_addr, u_int16_t _src_call_id); -struct alias_link * -FindPptpInByCallId(struct libalias *la, struct in_addr _dst_addr, - struct in_addr _alias_addr, u_int16_t _dst_call_id); -struct alias_link * -FindPptpOutByPeerCallId(struct libalias *la, struct in_addr _src_addr, - struct in_addr _dst_addr, u_int16_t _dst_call_id); -struct alias_link * -FindPptpInByPeerCallId(struct libalias *la, struct in_addr _dst_addr, - struct in_addr _alias_addr, u_int16_t _alias_call_id); -struct alias_link * -FindRtspOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_short _src_port, u_short _alias_port, u_char _proto); -struct in_addr -FindOriginalAddress(struct libalias *la, struct in_addr _alias_addr); -struct in_addr -FindAliasAddress(struct libalias *la, struct in_addr _original_addr); -struct in_addr -FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm); +struct in_addr FindOriginalAddress(struct libalias *la, + struct in_addr _alias_addr); +struct in_addr FindAliasAddress(struct libalias *la, + struct in_addr _original_addr); +struct in_addr FindSctpRedirectAddress(struct libalias *la, + struct sctp_nat_msg *sm); /* External data access/modification */ -int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr, - struct in_addr _alias_addr, u_short _src_port, - u_short _dst_port, u_short _port_count, u_char _proto, - u_char _align); -void GetFragmentAddr(struct alias_link *_lnk, struct in_addr *_src_addr); -void SetFragmentAddr(struct alias_link *_lnk, struct in_addr _src_addr); -void GetFragmentPtr(struct alias_link *_lnk, void **_fptr); -void SetFragmentPtr(struct alias_link *_lnk, void *fptr); -void SetStateIn(struct alias_link *_lnk, int _state); -void SetStateOut(struct alias_link *_lnk, int _state); -int GetStateIn (struct alias_link *_lnk); -int GetStateOut(struct alias_link *_lnk); -struct in_addr GetOriginalAddress(struct alias_link *_lnk); -struct in_addr GetDestAddress(struct alias_link *_lnk); -struct in_addr GetAliasAddress(struct alias_link *_lnk); -struct in_addr GetDefaultAliasAddress(struct libalias *la); -void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr); -u_short GetOriginalPort(struct alias_link *_lnk); -u_short GetAliasPort(struct alias_link *_lnk); -struct in_addr GetProxyAddress(struct alias_link *_lnk); -void SetProxyAddress(struct alias_link *_lnk, struct in_addr _addr); -u_short GetProxyPort(struct alias_link *_lnk); -void SetProxyPort(struct alias_link *_lnk, u_short _port); -void SetAckModified(struct alias_link *_lnk); -int GetAckModified(struct alias_link *_lnk); -int GetDeltaAckIn(u_long, struct alias_link *_lnk); -int GetDeltaSeqOut(u_long, struct alias_link *lnk); -void AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, - u_short ip_len, u_long th_seq, u_int th_off); -void SetExpire (struct alias_link *_lnk, int _expire); -void ClearCheckNewLink(struct libalias *la); -void SetProtocolFlags(struct alias_link *_lnk, int _pflags); -int GetProtocolFlags(struct alias_link *_lnk); -void SetDestCallId(struct alias_link *_lnk, u_int16_t _cid); +int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr, + struct in_addr _alias_addr, u_short _src_port, u_short _dst_port, + u_short _port_count, u_char _proto, u_char _align); +void GetFragmentAddr(struct alias_link *_lnk, struct in_addr *_src_addr); +void SetFragmentAddr(struct alias_link *_lnk, struct in_addr _src_addr); +void GetFragmentPtr(struct alias_link *_lnk, void **_fptr); +void SetFragmentPtr(struct alias_link *_lnk, void *fptr); +void SetStateIn(struct alias_link *_lnk, int _state); +void SetStateOut(struct alias_link *_lnk, int _state); +int GetStateIn(struct alias_link *_lnk); +int GetStateOut(struct alias_link *_lnk); +struct in_addr GetOriginalAddress(struct alias_link *_lnk); +struct in_addr GetDestAddress(struct alias_link *_lnk); +struct in_addr GetAliasAddress(struct alias_link *_lnk); +struct in_addr GetDefaultAliasAddress(struct libalias *la); +void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr); +u_short GetOriginalPort(struct alias_link *_lnk); +u_short GetAliasPort(struct alias_link *_lnk); +struct in_addr GetProxyAddress(struct alias_link *_lnk); +void SetProxyAddress(struct alias_link *_lnk, struct in_addr _addr); +u_short GetProxyPort(struct alias_link *_lnk); +void SetProxyPort(struct alias_link *_lnk, u_short _port); +void SetAckModified(struct alias_link *_lnk); +int GetAckModified(struct alias_link *_lnk); +int GetDeltaAckIn(u_long, struct alias_link *_lnk); +int GetDeltaSeqOut(u_long, struct alias_link *lnk); +void AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, u_short ip_len, + u_long th_seq, u_int th_off); +void SetExpire(struct alias_link *_lnk, int _expire); +void ClearCheckNewLink(struct libalias *la); +void SetProtocolFlags(struct alias_link *_lnk, int _pflags); +int GetProtocolFlags(struct alias_link *_lnk); +void SetDestCallId(struct alias_link *_lnk, u_int16_t _cid); #ifndef NO_FW_PUNCH -void PunchFWHole(struct alias_link *_lnk); +void PunchFWHole(struct alias_link *_lnk); #endif /* Housekeeping function */ -void HouseKeeping(struct libalias *); +void HouseKeeping(struct libalias *); /* Transparent proxy routines */ -int -ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr, - u_short * proxy_server_port, struct in_addr src_addr, +int ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr, + u_short *proxy_server_port, struct in_addr src_addr, struct in_addr dst_addr, u_short dst_port, u_char ip_p); -void -ProxyModify(struct libalias *la, struct alias_link *_lnk, struct ip *_pip, +void ProxyModify(struct libalias *la, struct alias_link *_lnk, struct ip *_pip, int _maxpacketsize, int _proxy_type); /* Tcp specific routines */ @@ -380,4 +367,4 @@ } #endif -#endif /* !_ALIAS_LOCAL_H_ */ +#endif /* !_ALIAS_LOCAL_H_ */ Index: sys/netinet/libalias/alias_mod.h =================================================================== --- sys/netinet/libalias/alias_mod.h +++ sys/netinet/libalias/alias_mod.h @@ -42,21 +42,21 @@ /* Use kernel allocator. */ #if defined(_SYS_MALLOC_H_) #undef malloc -#define malloc(x) malloc(x, M_ALIAS, M_NOWAIT|M_ZERO) -#define calloc(n, x) mallocarray((n), (x), M_ALIAS, M_NOWAIT|M_ZERO) -#define free(x) free(x, M_ALIAS) +#define malloc(x) malloc(x, M_ALIAS, M_NOWAIT | M_ZERO) +#define calloc(n, x) mallocarray((n), (x), M_ALIAS, M_NOWAIT | M_ZERO) +#define free(x) free(x, M_ALIAS) #endif #endif /* Packet flow direction flags. */ -#define IN 0x0001 -#define OUT 0x0002 -#define NODIR 0x4000 +#define IN 0x0001 +#define OUT 0x0002 +#define NODIR 0x4000 /* Working protocol flags. */ -#define IP 0x01 -#define TCP 0x02 -#define UDP 0x04 +#define IP 0x01 +#define TCP 0x02 +#define UDP 0x04 /* * Data passed to protocol handler module, it must be filled @@ -64,12 +64,12 @@ * module is elegible to be called. */ struct alias_data { - struct alias_link *lnk; - struct in_addr *oaddr; /* Original address. */ - struct in_addr *aaddr; /* Alias address. */ - uint16_t *aport; /* Alias port. */ - uint16_t *sport, *dport; /* Source & destination port */ - uint16_t maxpktsize; /* Max packet size. */ + struct alias_link *lnk; + struct in_addr *oaddr; /* Original address. */ + struct in_addr *aaddr; /* Alias address. */ + uint16_t *aport; /* Alias port. */ + uint16_t *sport, *dport; /* Source & destination port */ + uint16_t maxpktsize; /* Max packet size. */ }; /* @@ -77,19 +77,19 @@ * a protocol handler correctly work. */ struct proto_handler { - u_int pri; /* Handler priority. */ - int16_t dir; /* Flow direction. */ - uint8_t proto; /* Working protocol. */ + u_int pri; /* Handler priority. */ + int16_t dir; /* Flow direction. */ + uint8_t proto; /* Working protocol. */ /* Fingerprint * function. */ int (*fingerprint)(struct libalias *, struct alias_data *); /* Aliasing * function. */ - int (*protohandler)(struct libalias *, struct ip *, - struct alias_data *); + int ( + *protohandler)(struct libalias *, struct ip *, struct alias_data *); TAILQ_ENTRY(proto_handler) link; }; /* End of handlers. */ -#define EOH .dir = NODIR +#define EOH .dir = NODIR /* Functions used with protocol handlers. */ int LibAliasAttachHandlers(struct proto_handler *); @@ -104,16 +104,16 @@ * module loaded. In kernel land (kld mode) we don't need to care * care about libalias modules cause it's kld to do it for us. */ -#define DLL_LEN 32 +#define DLL_LEN 32 struct dll { - char name[DLL_LEN]; /* Name of module. */ - void *handle; /* - * Ptr to shared obj obtained through - * dlopen() - use this ptr to get access - * to any symbols from a loaded module - * via dlsym(). - */ - SLIST_ENTRY(dll) next; + char name[DLL_LEN]; /* Name of module. */ + void *handle; /* + * Ptr to shared obj obtained through + * dlopen() - use this ptr to get access + * to any symbols from a loaded module + * via dlsym(). + */ + SLIST_ENTRY(dll) next; }; /* Functions used with dll module. */ @@ -141,9 +141,9 @@ * Struct for registering modules statically via SYSINIT. */ typedef struct moduledata { - const char *name; /* module name */ - modeventhand_t evhand; /* event handler */ - void *priv; /* extra data */ + const char *name; /* module name */ + modeventhand_t evhand; /* event handler */ + void *priv; /* extra data */ } moduledata_t; #endif /* !_KERNEL */ Index: sys/netinet/libalias/alias_mod.c =================================================================== --- sys/netinet/libalias/alias_mod.c +++ sys/netinet/libalias/alias_mod.c @@ -30,19 +30,20 @@ __FBSDID("$FreeBSD$"); #ifdef _KERNEL -#include #include +#include #include #include #else -#include -#include #include + #include +#include +#include #endif -#include #include +#include #include #ifdef _KERNEL @@ -54,17 +55,16 @@ #endif /* Protocol and userland module handlers chains. */ -static TAILQ_HEAD(handler_chain, proto_handler) handler_chain = - TAILQ_HEAD_INITIALIZER(handler_chain); +static TAILQ_HEAD(handler_chain, + proto_handler) handler_chain = TAILQ_HEAD_INITIALIZER(handler_chain); static int attach_handler(struct proto_handler *p) { struct proto_handler *b; - TAILQ_FOREACH(b, &handler_chain, link) { - if ((b->pri == p->pri) && - (b->dir == p->dir) && + TAILQ_FOREACH (b, &handler_chain, link) { + if ((b->pri == p->pri) && (b->dir == p->dir) && (b->proto == p->proto)) return (EEXIST); if (b->pri > p->pri) { @@ -111,7 +111,7 @@ { struct proto_handler *p; - TAILQ_FOREACH(p, &handler_chain, link) + TAILQ_FOREACH (p, &handler_chain, link) if ((p->dir & dir) && (p->proto & proto) && p->fingerprint(la, ad) == 0) return (p->protohandler(la, ip, ad)); @@ -133,7 +133,7 @@ { struct dll *b; - SLIST_FOREACH(b, &dll_chain, next) { + SLIST_FOREACH (b, &dll_chain, next) { if (!strncmp(b->name, p->name, DLL_LEN)) return (EEXIST); /* Dll name conflict. */ } @@ -149,7 +149,7 @@ b = NULL; error = NULL; - SLIST_FOREACH_SAFE(b, &dll_chain, next, b_tmp) + SLIST_FOREACH_SAFE (b, &dll_chain, next, b_tmp) if (!strncmp(b->name, p, DLL_LEN)) { SLIST_REMOVE(&dll_chain, b, dll, next); error = b; Index: sys/netinet/libalias/alias_nbt.c =================================================================== --- sys/netinet/libalias/alias_nbt.c +++ sys/netinet/libalias/alias_nbt.c @@ -49,14 +49,15 @@ #include #include #else -#include #include + +#include #include #include #endif -#include #include +#include #include #include @@ -71,12 +72,11 @@ #define NETBIOS_NS_PORT_NUMBER 137 #define NETBIOS_DGM_PORT_NUMBER 138 -static int -AliasHandleUdpNbt(struct libalias *, struct ip *, struct alias_link *, - struct in_addr *, u_short); -static int -AliasHandleUdpNbtNS(struct libalias *, struct ip *, struct alias_link *, - struct in_addr *, u_short *, struct in_addr *, u_short *); +static int AliasHandleUdpNbt(struct libalias *, struct ip *, + struct alias_link *, struct in_addr *, u_short); +static int AliasHandleUdpNbtNS(struct libalias *, struct ip *, + struct alias_link *, struct in_addr *, u_short *, struct in_addr *, + u_short *); static int fingerprint1(struct libalias *la, struct alias_data *ah) @@ -84,8 +84,8 @@ if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL || ah->aaddr == NULL || ah->aport == NULL) return (-1); - if (ntohs(*ah->dport) == NETBIOS_DGM_PORT_NUMBER - || ntohs(*ah->sport) == NETBIOS_DGM_PORT_NUMBER) + if (ntohs(*ah->dport) == NETBIOS_DGM_PORT_NUMBER || + ntohs(*ah->sport) == NETBIOS_DGM_PORT_NUMBER) return (0); return (-1); } @@ -102,8 +102,8 @@ if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL || ah->aaddr == NULL || ah->aport == NULL) return (-1); - if (ntohs(*ah->dport) == NETBIOS_NS_PORT_NUMBER - || ntohs(*ah->sport) == NETBIOS_NS_PORT_NUMBER) + if (ntohs(*ah->dport) == NETBIOS_NS_PORT_NUMBER || + ntohs(*ah->sport) == NETBIOS_NS_PORT_NUMBER) return (0); return (-1); } @@ -111,8 +111,8 @@ static int protohandler2in(struct libalias *la, struct ip *pip, struct alias_data *ah) { - AliasHandleUdpNbtNS(la, pip, ah->lnk, ah->aaddr, ah->aport, - ah->oaddr, ah->dport); + AliasHandleUdpNbtNS(la, pip, ah->lnk, ah->aaddr, ah->aport, ah->oaddr, + ah->dport); return (0); } @@ -124,30 +124,22 @@ } /* Kernel module definition. */ -struct proto_handler handlers[] = { - { - .pri = 130, - .dir = IN|OUT, - .proto = UDP, - .fingerprint = &fingerprint1, - .protohandler = &protohandler1 - }, - { - .pri = 140, - .dir = IN, - .proto = UDP, - .fingerprint = &fingerprint2, - .protohandler = &protohandler2in - }, - { - .pri = 140, - .dir = OUT, - .proto = UDP, - .fingerprint = &fingerprint2, - .protohandler = &protohandler2out - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 130, + .dir = IN | OUT, + .proto = UDP, + .fingerprint = &fingerprint1, + .protohandler = &protohandler1 }, + { .pri = 140, + .dir = IN, + .proto = UDP, + .fingerprint = &fingerprint2, + .protohandler = &protohandler2in }, + { .pri = 140, + .dir = OUT, + .proto = UDP, + .fingerprint = &fingerprint2, + .protohandler = &protohandler2out }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -172,9 +164,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_nbt", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_nbt", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_nbt, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -183,44 +173,44 @@ #endif typedef struct { - struct in_addr oldaddr; - u_short oldport; - struct in_addr newaddr; - u_short newport; - u_short *uh_sum; + struct in_addr oldaddr; + u_short oldport; + struct in_addr newaddr; + u_short newport; + u_short *uh_sum; } NBTArguments; typedef struct { - unsigned char type; - unsigned char flags; - u_short id; - struct in_addr source_ip; - u_short source_port; - u_short len; - u_short offset; + unsigned char type; + unsigned char flags; + u_short id; + struct in_addr source_ip; + u_short source_port; + u_short len; + u_short offset; } NbtDataHeader; -#define OpQuery 0 -#define OpUnknown 4 -#define OpRegist 5 -#define OpRelease 6 -#define OpWACK 7 -#define OpRefresh 8 +#define OpQuery 0 +#define OpUnknown 4 +#define OpRegist 5 +#define OpRelease 6 +#define OpWACK 7 +#define OpRefresh 8 typedef struct { - u_short nametrid; - u_short dir:1, opcode:4, nmflags:7, rcode:4; - u_short qdcount; - u_short ancount; - u_short nscount; - u_short arcount; + u_short nametrid; + u_short dir : 1, opcode : 4, nmflags : 7, rcode : 4; + u_short qdcount; + u_short ancount; + u_short nscount; + u_short arcount; } NbtNSHeader; -#define FMT_ERR 0x1 -#define SRV_ERR 0x2 -#define IMP_ERR 0x4 -#define RFS_ERR 0x5 -#define ACT_ERR 0x6 -#define CFT_ERR 0x7 +#define FMT_ERR 0x1 +#define SRV_ERR 0x2 +#define IMP_ERR 0x4 +#define RFS_ERR 0x5 +#define ACT_ERR 0x6 +#define CFT_ERR 0x7 #ifdef LIBALIAS_DEBUG static void @@ -283,7 +273,9 @@ #endif while (s < p) { if (compress == 1) { - c = (u_char) (((((*s & 0x0f) << 4) | (*(s + 1) & 0x0f)) - 0x11)); + c = (u_char)(( + (((*s & 0x0f) << 4) | (*(s + 1) & 0x0f)) - + 0x11)); #ifdef LIBALIAS_DEBUG if (isprint(c)) printf("%c", c); @@ -315,21 +307,18 @@ /* * NetBios Datagram Handler (IP/UDP) */ -#define DGM_DIRECT_UNIQ 0x10 -#define DGM_DIRECT_GROUP 0x11 -#define DGM_BROADCAST 0x12 -#define DGM_ERROR 0x13 -#define DGM_QUERY 0x14 -#define DGM_POSITIVE_RES 0x15 -#define DGM_NEGATIVE_RES 0x16 +#define DGM_DIRECT_UNIQ 0x10 +#define DGM_DIRECT_GROUP 0x11 +#define DGM_BROADCAST 0x12 +#define DGM_ERROR 0x13 +#define DGM_QUERY 0x14 +#define DGM_POSITIVE_RES 0x15 +#define DGM_NEGATIVE_RES 0x16 static int -AliasHandleUdpNbt( - struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk, - struct in_addr *alias_address, - u_short alias_port) +AliasHandleUdpNbt(struct libalias *la, + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk, struct in_addr *alias_address, u_short alias_port) { struct udphdr *uh; NbtDataHeader *ndh; @@ -357,8 +346,8 @@ case DGM_DIRECT_GROUP: case DGM_BROADCAST: p = (u_char *)ndh + 14; - p = AliasHandleName(p, pmax); /* Source Name */ - p = AliasHandleName(p, pmax); /* Destination Name */ + p = AliasHandleName(p, pmax); /* Source Name */ + p = AliasHandleName(p, pmax); /* Destination Name */ break; case DGM_ERROR: p = (u_char *)ndh + 11; @@ -367,7 +356,7 @@ case DGM_POSITIVE_RES: case DGM_NEGATIVE_RES: p = (u_char *)ndh + 10; - p = AliasHandleName(p, pmax); /* Destination Name */ + p = AliasHandleName(p, pmax); /* Destination Name */ break; } if (p == NULL || (char *)p > pmax) @@ -402,20 +391,17 @@ } /* Question Section */ -#define QS_TYPE_NB 0x0020 -#define QS_TYPE_NBSTAT 0x0021 -#define QS_CLAS_IN 0x0001 +#define QS_TYPE_NB 0x0020 +#define QS_TYPE_NBSTAT 0x0021 +#define QS_CLAS_IN 0x0001 typedef struct { - u_short type; /* The type of Request */ - u_short class; /* The class of Request */ + u_short type; /* The type of Request */ + u_short class; /* The class of Request */ } NBTNsQuestion; static u_char * -AliasHandleQuestion( - u_short count, - NBTNsQuestion * q, - char *pmax, - NBTArguments * nbtarg) +AliasHandleQuestion(u_short count, NBTNsQuestion *q, char *pmax, + NBTArguments *nbtarg) { (void)nbtarg; @@ -435,7 +421,8 @@ break; default: #ifdef LIBALIAS_DEBUG - printf("\nUnknown Type on Question %0x\n", ntohs(q->type)); + printf("\nUnknown Type on Question %0x\n", + ntohs(q->type)); #endif break; } @@ -447,31 +434,28 @@ } /* Resource Record */ -#define RR_TYPE_A 0x0001 -#define RR_TYPE_NS 0x0002 -#define RR_TYPE_NULL 0x000a -#define RR_TYPE_NB 0x0020 -#define RR_TYPE_NBSTAT 0x0021 -#define RR_CLAS_IN 0x0001 -#define SizeOfNsResource 8 +#define RR_TYPE_A 0x0001 +#define RR_TYPE_NS 0x0002 +#define RR_TYPE_NULL 0x000a +#define RR_TYPE_NB 0x0020 +#define RR_TYPE_NBSTAT 0x0021 +#define RR_CLAS_IN 0x0001 +#define SizeOfNsResource 8 typedef struct { - u_short type; - u_short class; - unsigned int ttl; - u_short rdlen; + u_short type; + u_short class; + unsigned int ttl; + u_short rdlen; } NBTNsResource; -#define SizeOfNsRNB 6 +#define SizeOfNsRNB 6 typedef struct { - u_short g:1, ont:2, resv:13; - struct in_addr addr; + u_short g : 1, ont : 2, resv : 13; + struct in_addr addr; } NBTNsRNB; static u_char * -AliasHandleResourceNB( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceNB(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsRNB *nb; u_short bcount; @@ -492,8 +476,7 @@ #ifdef LIBALIAS_DEBUG printf("NB rec[%s->%s, %dbytes] ", inet_ntoa_r(nbtarg->oldaddr, INET_NTOA_BUF(oldbuf)), - inet_ntoa_r(nbtarg->newaddr, INET_NTOA_BUF(newbuf)), - bcount); + inet_ntoa_r(nbtarg->newaddr, INET_NTOA_BUF(newbuf)), bcount); #endif while (nb != NULL && bcount != 0) { if ((char *)(nb + 1) > pmax) { @@ -503,7 +486,8 @@ #ifdef LIBALIAS_DEBUG printf("<%s>", inet_ntoa_r(nb->addr, INET_NTOA_BUF(newbuf))); #endif - if (!bcmp(&nbtarg->oldaddr, &nb->addr, sizeof(struct in_addr))) { + if (!bcmp(&nbtarg->oldaddr, &nb->addr, + sizeof(struct in_addr))) { if (*nbtarg->uh_sum != 0) { int acc; u_short *sptr; @@ -535,16 +519,13 @@ return ((u_char *)nb); } -#define SizeOfResourceA 6 +#define SizeOfResourceA 6 typedef struct { - struct in_addr addr; + struct in_addr addr; } NBTNsResourceA; static u_char * -AliasHandleResourceA( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceA(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsResourceA *a; u_short bcount; @@ -579,17 +560,17 @@ int acc; u_short *sptr; - sptr = (u_short *)&(a->addr); /* Old */ + sptr = (u_short *)&(a->addr); /* Old */ acc = *sptr++; acc += *sptr; - sptr = (u_short *)&nbtarg->newaddr; /* New */ + sptr = (u_short *)&nbtarg->newaddr; /* New */ acc -= *sptr++; acc -= *sptr; ADJUST_CHECKSUM(acc, *nbtarg->uh_sum); } a->addr = nbtarg->newaddr; } - a++; /* XXXX */ + a++; /* XXXX */ bcount -= SizeOfResourceA; } if (a == NULL || (char *)(a + 1) > pmax) @@ -598,14 +579,11 @@ } typedef struct { - u_short opcode:4, flags:8, resv:4; + u_short opcode : 4, flags : 8, resv : 4; } NBTNsResourceNULL; static u_char * -AliasHandleResourceNULL( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceNULL(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsResourceNULL *n; u_short bcount; @@ -637,10 +615,7 @@ } static u_char * -AliasHandleResourceNS( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceNS(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsResourceNULL *n; u_short bcount; @@ -657,7 +632,7 @@ bcount = ntohs(q->rdlen); /* Resource Record Name Filed */ - q = (NBTNsResource *)AliasHandleName((u_char *)n, pmax); /* XXX */ + q = (NBTNsResource *)AliasHandleName((u_char *)n, pmax); /* XXX */ if (q == NULL || (char *)((u_char *)n + bcount) > pmax) return (NULL); @@ -666,14 +641,11 @@ } typedef struct { - u_short numnames; + u_short numnames; } NBTNsResourceNBSTAT; static u_char * -AliasHandleResourceNBSTAT( - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResourceNBSTAT(NBTNsResource *q, char *pmax, NBTArguments *nbtarg) { NBTNsResourceNBSTAT *n; u_short bcount; @@ -696,11 +668,8 @@ } static u_char * -AliasHandleResource( - u_short count, - NBTNsResource *q, - char *pmax, - NBTArguments *nbtarg) +AliasHandleResource(u_short count, NBTNsResource *q, char *pmax, + NBTArguments *nbtarg) { while (count != 0) { /* Resource Record Name Filed */ @@ -715,31 +684,29 @@ /* Type and Class filed */ switch (ntohs(q->type)) { case RR_TYPE_NB: - q = (NBTNsResource *)AliasHandleResourceNB( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceNB(q, pmax, + nbtarg); break; case RR_TYPE_A: - q = (NBTNsResource *)AliasHandleResourceA( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceA(q, pmax, + nbtarg); break; case RR_TYPE_NS: - q = (NBTNsResource *)AliasHandleResourceNS( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceNS(q, pmax, + nbtarg); break; case RR_TYPE_NULL: - q = (NBTNsResource *)AliasHandleResourceNULL( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceNULL(q, pmax, + nbtarg); break; case RR_TYPE_NBSTAT: - q = (NBTNsResource *)AliasHandleResourceNBSTAT( - q, pmax, nbtarg); + q = (NBTNsResource *)AliasHandleResourceNBSTAT(q, pmax, + nbtarg); break; default: #ifdef LIBALIAS_DEBUG - printf( - "\nUnknown Type of Resource %0x\n", - ntohs(q->type) - ); + printf("\nUnknown Type of Resource %0x\n", + ntohs(q->type)); fflush(stdout); #endif break; @@ -750,14 +717,10 @@ } static int -AliasHandleUdpNbtNS( - struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk, - struct in_addr *alias_address, - u_short *alias_port, - struct in_addr *original_address, - u_short *original_port) +AliasHandleUdpNbtNS(struct libalias *la, + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk, struct in_addr *alias_address, u_short *alias_port, + struct in_addr *original_address, u_short *original_port) { struct udphdr *uh; NbtNSHeader *nsh; @@ -786,55 +749,32 @@ #ifdef LIBALIAS_DEBUG printf(" [%s] ID=%02x, op=%01x, flag=%02x, rcode=%01x, qd=%04x" - ", an=%04x, ns=%04x, ar=%04x, [%d]-->", - nsh->dir ? "Response" : "Request", - nsh->nametrid, - nsh->opcode, - nsh->nmflags, - nsh->rcode, - ntohs(nsh->qdcount), - ntohs(nsh->ancount), - ntohs(nsh->nscount), - ntohs(nsh->arcount), - (u_char *)p - (u_char *)nsh - ); + ", an=%04x, ns=%04x, ar=%04x, [%d]-->", + nsh->dir ? "Response" : "Request", nsh->nametrid, nsh->opcode, + nsh->nmflags, nsh->rcode, ntohs(nsh->qdcount), ntohs(nsh->ancount), + ntohs(nsh->nscount), ntohs(nsh->arcount), + (u_char *)p - (u_char *)nsh); #endif /* Question Entries */ if (ntohs(nsh->qdcount) != 0) { - p = AliasHandleQuestion( - ntohs(nsh->qdcount), - (NBTNsQuestion *)p, - pmax, - &nbtarg - ); + p = AliasHandleQuestion(ntohs(nsh->qdcount), (NBTNsQuestion *)p, + pmax, &nbtarg); } /* Answer Resource Records */ if (ntohs(nsh->ancount) != 0) { - p = AliasHandleResource( - ntohs(nsh->ancount), - (NBTNsResource *)p, - pmax, - &nbtarg - ); + p = AliasHandleResource(ntohs(nsh->ancount), (NBTNsResource *)p, + pmax, &nbtarg); } /* Authority Resource Recodrs */ if (ntohs(nsh->nscount) != 0) { - p = AliasHandleResource( - ntohs(nsh->nscount), - (NBTNsResource *)p, - pmax, - &nbtarg - ); + p = AliasHandleResource(ntohs(nsh->nscount), (NBTNsResource *)p, + pmax, &nbtarg); } /* Additional Resource Recodrs */ if (ntohs(nsh->arcount) != 0) { - p = AliasHandleResource( - ntohs(nsh->arcount), - (NBTNsResource *)p, - pmax, - &nbtarg - ); + p = AliasHandleResource(ntohs(nsh->arcount), (NBTNsResource *)p, + pmax, &nbtarg); } #ifdef LIBALIAS_DEBUG PrintRcode(nsh->rcode); Index: sys/netinet/libalias/alias_pptp.c =================================================================== --- sys/netinet/libalias/alias_pptp.c +++ sys/netinet/libalias/alias_pptp.c @@ -42,13 +42,14 @@ /* Includes */ #ifdef _KERNEL #include -#include #include +#include #include #else +#include + #include #include -#include #include #endif @@ -66,25 +67,23 @@ #define PPTP_CONTROL_PORT_NUMBER 1723 -static void -AliasHandlePptpOut(struct libalias *, struct ip *, struct alias_link *); +static void AliasHandlePptpOut(struct libalias *, struct ip *, + struct alias_link *); -static void -AliasHandlePptpIn(struct libalias *, struct ip *, struct alias_link *); +static void AliasHandlePptpIn(struct libalias *, struct ip *, + struct alias_link *); -static int -AliasHandlePptpGreOut(struct libalias *, struct ip *); +static int AliasHandlePptpGreOut(struct libalias *, struct ip *); -static int -AliasHandlePptpGreIn(struct libalias *, struct ip *); +static int AliasHandlePptpGreIn(struct libalias *, struct ip *); static int fingerprint(struct libalias *la, struct alias_data *ah) { if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL) return (-1); - if (ntohs(*ah->dport) == PPTP_CONTROL_PORT_NUMBER - || ntohs(*ah->sport) == PPTP_CONTROL_PORT_NUMBER) + if (ntohs(*ah->dport) == PPTP_CONTROL_PORT_NUMBER || + ntohs(*ah->sport) == PPTP_CONTROL_PORT_NUMBER) return (0); return (-1); } @@ -127,42 +126,32 @@ } /* Kernel module definition. */ -struct proto_handler handlers[] = { - { - .pri = 200, - .dir = IN, - .proto = TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandlerin - }, - { - .pri = 210, - .dir = OUT, - .proto = TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandlerout - }, -/* - * WATCH OUT!!! these 2 handlers NEED a priority of INT_MAX (highest possible) - * cause they will ALWAYS process packets, so they must be the last one - * in chain: look fingerprintgre() above. - */ - { - .pri = INT_MAX, - .dir = IN, - .proto = IP, - .fingerprint = &fingerprintgre, - .protohandler = &protohandlergrein - }, - { - .pri = INT_MAX, - .dir = OUT, - .proto = IP, - .fingerprint = &fingerprintgre, - .protohandler = &protohandlergreout - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 200, + .dir = IN, + .proto = TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandlerin }, + { .pri = 210, + .dir = OUT, + .proto = TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandlerout }, + /* + * WATCH OUT!!! these 2 handlers NEED a priority of INT_MAX (highest + * possible) cause they will ALWAYS process packets, so they must be the + * last one in chain: look fingerprintgre() above. + */ + { .pri = INT_MAX, + .dir = IN, + .proto = IP, + .fingerprint = &fingerprintgre, + .protohandler = &protohandlergrein }, + { .pri = INT_MAX, + .dir = OUT, + .proto = IP, + .fingerprint = &fingerprintgre, + .protohandler = &protohandlergreout }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) { @@ -186,9 +175,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_pptp", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_pptp", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_pptp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -225,26 +212,26 @@ * PPTP definitions */ -struct grehdr { /* Enhanced GRE header. */ - u_int16_t gh_flags; /* Flags. */ - u_int16_t gh_protocol; /* Protocol type. */ - u_int16_t gh_length; /* Payload length. */ - u_int16_t gh_call_id; /* Call ID. */ - u_int32_t gh_seq_no; /* Sequence number (optional). */ - u_int32_t gh_ack_no; /* Acknowledgment number - * (optional). */ +struct grehdr { /* Enhanced GRE header. */ + u_int16_t gh_flags; /* Flags. */ + u_int16_t gh_protocol; /* Protocol type. */ + u_int16_t gh_length; /* Payload length. */ + u_int16_t gh_call_id; /* Call ID. */ + u_int32_t gh_seq_no; /* Sequence number (optional). */ + u_int32_t gh_ack_no; /* Acknowledgment number + * (optional). */ }; typedef struct grehdr GreHdr; /* The PPTP protocol ID used in the GRE 'proto' field. */ -#define PPTP_GRE_PROTO 0x880b +#define PPTP_GRE_PROTO 0x880b /* Bits that must be set a certain way in all PPTP/GRE packets. */ -#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO) -#define PPTP_INIT_MASK 0xef7fffff +#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO) +#define PPTP_INIT_MASK 0xef7fffff -#define PPTP_MAGIC 0x1a2b3c4d -#define PPTP_CTRL_MSG_TYPE 1 +#define PPTP_MAGIC 0x1a2b3c4d +#define PPTP_CTRL_MSG_TYPE 1 enum { PPTP_StartCtrlConnRequest = 1, @@ -266,23 +253,23 @@ /* Message structures */ struct pptpMsgHead { - u_int16_t length; /* total length */ - u_int16_t msgType;/* PPTP message type */ - u_int32_t magic; /* magic cookie */ - u_int16_t type; /* control message type */ - u_int16_t resv0; /* reserved */ + u_int16_t length; /* total length */ + u_int16_t msgType; /* PPTP message type */ + u_int32_t magic; /* magic cookie */ + u_int16_t type; /* control message type */ + u_int16_t resv0; /* reserved */ }; typedef struct pptpMsgHead *PptpMsgHead; struct pptpCodes { - u_int8_t resCode;/* Result Code */ - u_int8_t errCode;/* Error Code */ + u_int8_t resCode; /* Result Code */ + u_int8_t errCode; /* Error Code */ }; typedef struct pptpCodes *PptpCode; struct pptpCallIds { - u_int16_t cid1; /* Call ID field #1 */ - u_int16_t cid2; /* Call ID field #2 */ + u_int16_t cid1; /* Call ID field #1 */ + u_int16_t cid2; /* Call ID field #2 */ }; typedef struct pptpCallIds *PptpCallId; @@ -290,13 +277,13 @@ static void AliasHandlePptpOut(struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk) /* The PPTP control link */ + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk) /* The PPTP control link */ { struct alias_link *pptp_lnk; PptpCallId cptr; PptpCode codes; - u_int16_t ctl_type; /* control message type */ + u_int16_t ctl_type; /* control message type */ struct tcphdr *tc; /* Verify valid PPTP control message */ @@ -313,8 +300,8 @@ * Establish PPTP link for address and Call ID found in * control message. */ - pptp_lnk = AddPptp(la, GetOriginalAddress(lnk), GetDestAddress(lnk), - GetAliasAddress(lnk), cptr->cid1); + pptp_lnk = AddPptp(la, GetOriginalAddress(lnk), + GetDestAddress(lnk), GetAliasAddress(lnk), cptr->cid1); break; case PPTP_CallClearRequest: case PPTP_CallDiscNotify: @@ -362,13 +349,13 @@ static void AliasHandlePptpIn(struct libalias *la, - struct ip *pip, /* IP packet to examine/patch */ - struct alias_link *lnk) /* The PPTP control link */ + struct ip *pip, /* IP packet to examine/patch */ + struct alias_link *lnk) /* The PPTP control link */ { struct alias_link *pptp_lnk; PptpCallId cptr; u_int16_t *pcall_id; - u_int16_t ctl_type; /* control message type */ + u_int16_t ctl_type; /* control message type */ struct tcphdr *tc; /* Verify valid PPTP control message */ @@ -428,7 +415,8 @@ } static PptpCallId -AliasVerifyPptp(struct ip *pip, u_int16_t * ptype) /* IP packet to examine/patch */ +AliasVerifyPptp(struct ip *pip, + u_int16_t *ptype) /* IP packet to examine/patch */ { int hlen, tlen, dlen; PptpMsgHead hptr; @@ -441,7 +429,8 @@ dlen = tlen - hlen; /* Verify data length */ - if (dlen < (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds))) + if (dlen < + (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds))) return (NULL); /* Move up to PPTP message header */ @@ -457,8 +446,8 @@ /* Verify data length. */ if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) && - (dlen < (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) + - sizeof(struct pptpCodes)))) + (dlen < (int)(sizeof(struct pptpMsgHead) + + sizeof(struct pptpCallIds) + sizeof(struct pptpCodes)))) return (NULL); else return ((PptpCallId)(hptr + 1)); @@ -476,13 +465,14 @@ if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) return (-1); - lnk = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); + lnk = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, + gr->gh_call_id); if (lnk != NULL) { struct in_addr alias_addr = GetAliasAddress(lnk); /* Change source IP address. */ - DifferentialChecksum(&pip->ip_sum, - &alias_addr, &pip->ip_src, 2); + DifferentialChecksum(&pip->ip_sum, &alias_addr, &pip->ip_src, + 2); pip->ip_src = alias_addr; } return (0); @@ -500,7 +490,8 @@ if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) return (-1); - lnk = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); + lnk = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, + gr->gh_call_id); if (lnk != NULL) { struct in_addr src_addr = GetOriginalAddress(lnk); @@ -508,8 +499,7 @@ gr->gh_call_id = GetOriginalPort(lnk); /* Restore original IP address. */ - DifferentialChecksum(&pip->ip_sum, - &src_addr, &pip->ip_dst, 2); + DifferentialChecksum(&pip->ip_sum, &src_addr, &pip->ip_dst, 2); pip->ip_dst = src_addr; } return (0); Index: sys/netinet/libalias/alias_proxy.c =================================================================== --- sys/netinet/libalias/alias_proxy.c +++ sys/netinet/libalias/alias_proxy.c @@ -61,10 +61,11 @@ #include #else #include + #include +#include #include #include -#include #include #endif @@ -77,8 +78,8 @@ #else #include -#include "alias.h" /* Public API functions for libalias */ -#include "alias_local.h" /* Functions used by alias*.c */ +#include "alias.h" /* Public API functions for libalias */ +#include "alias_local.h" /* Functions used by alias*.c */ #endif /* @@ -91,22 +92,22 @@ */ struct proxy_entry { struct libalias *la; -#define PROXY_TYPE_ENCODE_NONE 1 +#define PROXY_TYPE_ENCODE_NONE 1 #define PROXY_TYPE_ENCODE_TCPSTREAM 2 -#define PROXY_TYPE_ENCODE_IPHDR 3 - int rule_index; - int proxy_type; - u_char proto; - u_short proxy_port; - u_short server_port; +#define PROXY_TYPE_ENCODE_IPHDR 3 + int rule_index; + int proxy_type; + u_char proto; + u_short proxy_port; + u_short server_port; - struct in_addr server_addr; + struct in_addr server_addr; - struct in_addr src_addr; - struct in_addr src_mask; + struct in_addr src_addr; + struct in_addr src_mask; - struct in_addr dst_addr; - struct in_addr dst_mask; + struct in_addr dst_addr; + struct in_addr dst_mask; struct proxy_entry *next; struct proxy_entry *last; @@ -134,14 +135,14 @@ destination of a proxied IP packet */ -static int IpMask(int, struct in_addr *); -static int IpAddr(char *, struct in_addr *); -static int IpPort(char *, int, int *); -static void RuleAdd(struct libalias *la, struct proxy_entry *); -static void RuleDelete(struct proxy_entry *); -static int RuleNumberDelete(struct libalias *la, int); -static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int); -static void ProxyEncodeIpHeader(struct ip *, int); +static int IpMask(int, struct in_addr *); +static int IpAddr(char *, struct in_addr *); +static int IpPort(char *, int, int *); +static void RuleAdd(struct libalias *la, struct proxy_entry *); +static void RuleDelete(struct proxy_entry *); +static int RuleNumberDelete(struct libalias *la, int); +static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int); +static void ProxyEncodeIpHeader(struct ip *, int); static int IpMask(int nbits, struct in_addr *mask) @@ -176,7 +177,7 @@ n = sscanf(s, "%d", port); if (n != 1) -#ifndef _KERNEL /* XXX: we accept only numeric ports in kernel */ +#ifndef _KERNEL /* XXX: we accept only numeric ports in kernel */ { struct servent *se; @@ -284,9 +285,7 @@ } static void -ProxyEncodeTcpStream(struct alias_link *lnk, - struct ip *pip, - int maxpacketsize) +ProxyEncodeTcpStream(struct alias_link *lnk, struct ip *pip, int maxpacketsize) { int slen; char buffer[40]; @@ -377,9 +376,9 @@ static void ProxyEncodeIpHeader(struct ip *pip, int maxpacketsize) { -#define OPTION_LEN_BYTES 8 -#define OPTION_LEN_INT16 4 -#define OPTION_LEN_INT32 2 +#define OPTION_LEN_BYTES 8 +#define OPTION_LEN_INT16 4 +#define OPTION_LEN_INT32 2 _Alignas(_Alignof(u_short)) u_char option[OPTION_LEN_BYTES]; #ifdef LIBALIAS_DEBUG @@ -398,11 +397,11 @@ u_char *ptr; struct tcphdr *tc; - ptr = (u_char *) pip; + ptr = (u_char *)pip; ptr += 20; memcpy(ptr + OPTION_LEN_BYTES, ptr, ntohs(pip->ip_len) - 20); - option[0] = 0x64; /* class: 3 (reserved), option 4 */ + option[0] = 0x64; /* class: 3 (reserved), option 4 */ option[1] = OPTION_LEN_BYTES; memcpy(&option[2], (u_char *)&pip->ip_dst, 4); @@ -419,12 +418,12 @@ int accumulate; u_short *sptr; - sptr = (u_short *) option; + sptr = (u_short *)option; accumulate = 0; for (i = 0; i < OPTION_LEN_INT16; i++) accumulate -= *(sptr++); - sptr = (u_short *) pip; + sptr = (u_short *)pip; accumulate += *sptr; pip->ip_hl += OPTION_LEN_INT32; accumulate -= *sptr; @@ -455,7 +454,7 @@ int ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr, - u_short * proxy_server_port, struct in_addr src_addr, + u_short *proxy_server_port, struct in_addr src_addr, struct in_addr dst_addr, u_short dst_port, u_char ip_p) { struct proxy_entry *ptr; @@ -467,18 +466,21 @@ u_short proxy_port; proxy_port = ptr->proxy_port; - if ((dst_port == proxy_port || proxy_port == 0) - && ip_p == ptr->proto - && src_addr.s_addr != ptr->server_addr.s_addr) { + if ((dst_port == proxy_port || proxy_port == 0) && + ip_p == ptr->proto && + src_addr.s_addr != ptr->server_addr.s_addr) { struct in_addr src_addr_masked; struct in_addr dst_addr_masked; - src_addr_masked.s_addr = src_addr.s_addr & ptr->src_mask.s_addr; - dst_addr_masked.s_addr = dst_addr.s_addr & ptr->dst_mask.s_addr; + src_addr_masked.s_addr = src_addr.s_addr & + ptr->src_mask.s_addr; + dst_addr_masked.s_addr = dst_addr.s_addr & + ptr->dst_mask.s_addr; - if ((src_addr_masked.s_addr == ptr->src_addr.s_addr) - && (dst_addr_masked.s_addr == ptr->dst_addr.s_addr)) { - if ((*proxy_server_port = ptr->server_port) == 0) + if ((src_addr_masked.s_addr == ptr->src_addr.s_addr) && + (dst_addr_masked.s_addr == ptr->dst_addr.s_addr)) { + if ((*proxy_server_port = ptr->server_port) == + 0) *proxy_server_port = dst_port; *proxy_server_addr = ptr->server_addr; return (ptr->proxy_type); @@ -491,10 +493,8 @@ } void -ProxyModify(struct libalias *la, struct alias_link *lnk, - struct ip *pip, - int maxpacketsize, - int proxy_type) +ProxyModify(struct libalias *la, struct alias_link *lnk, struct ip *pip, + int maxpacketsize, int proxy_type) { LIBALIAS_LOCK_ASSERT(la); (void)la; @@ -593,15 +593,15 @@ str_server_port[0] = 0; /* Parse command string with state machine */ -#define STATE_READ_KEYWORD 0 -#define STATE_READ_TYPE 1 -#define STATE_READ_PORT 2 -#define STATE_READ_SERVER 3 -#define STATE_READ_RULE 4 -#define STATE_READ_DELETE 5 -#define STATE_READ_PROTO 6 -#define STATE_READ_SRC 7 -#define STATE_READ_DST 8 +#define STATE_READ_KEYWORD 0 +#define STATE_READ_TYPE 1 +#define STATE_READ_PORT 2 +#define STATE_READ_SERVER 3 +#define STATE_READ_RULE 4 +#define STATE_READ_DELETE 5 +#define STATE_READ_PROTO 6 +#define STATE_READ_SRC 7 +#define STATE_READ_DST 8 state = STATE_READ_KEYWORD; token = strsep(&res, " \t"); token_count = 0; @@ -693,7 +693,7 @@ state = STATE_READ_KEYWORD; break; - case STATE_READ_DELETE: { + case STATE_READ_DELETE: { int err; int rule_to_delete; Index: sys/netinet/libalias/alias_sctp.h =================================================================== --- sys/netinet/libalias/alias_sctp.h +++ sys/netinet/libalias/alias_sctp.h @@ -34,7 +34,8 @@ * with leadership and advice from Jason But * * The design is outlined in CAIA technical report number 080618A - * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in IPFW") + * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in + * IPFW") * * Development is part of the CAIA SONATA project, * proposed by Jason But and Grenville Armitage: @@ -54,27 +55,25 @@ #include #ifdef _KERNEL +#include #include #include -#include #include -#include #include #include +#include #endif // #ifdef _KERNEL #include - #include -#include #include -#include #include +#include #include /** - * These are defined in sctp_os_bsd.h, but it can't be included due to its local file - * inclusion, so I'm defining them here. + * These are defined in sctp_os_bsd.h, but it can't be included due to its local + * file inclusion, so I'm defining them here. * */ #include @@ -91,27 +90,32 @@ #include #ifndef _KERNEL -#include #include +#include #endif //#ifdef _KERNEL -#define LINK_SCTP IPPROTO_SCTP - -#define SN_TO_LOCAL 0 /**< packet traveling from global to local */ -#define SN_TO_GLOBAL 1 /**< packet traveling from local to global */ -#define SN_TO_NODIR 99 /**< used where direction is not important */ - -#define SN_NAT_PKT 0x0000 /**< Network Address Translate packet */ -#define SN_DROP_PKT 0x0001 /**< drop packet (don't forward it) */ -#define SN_PROCESSING_ERROR 0x0003 /**< Packet processing error */ -#define SN_REPLY_ABORT 0x0010 /**< Reply with ABORT to sender (don't forward it) */ -#define SN_SEND_ABORT 0x0020 /**< Send ABORT to destination */ -#define SN_TX_ABORT 0x0030 /**< mask for transmitting abort */ -#define SN_REFLECT_ERROR 0x0100 /**< Reply with ERROR to sender on OOTB packet Tbit set */ -#define SN_REPLY_ERROR 0x0200 /**< Reply with ERROR to sender on ASCONF clash */ -#define SN_TX_ERROR 0x0300 /**< mask for transmitting error */ - -#define PKT_ALIAS_RESPOND 0x1000 /**< Signal to libalias that there is a response packet to send */ +#define LINK_SCTP IPPROTO_SCTP + +#define SN_TO_LOCAL 0 /**< packet traveling from global to local */ +#define SN_TO_GLOBAL 1 /**< packet traveling from local to global */ +#define SN_TO_NODIR 99 /**< used where direction is not important */ + +#define SN_NAT_PKT 0x0000 /**< Network Address Translate packet */ +#define SN_DROP_PKT 0x0001 /**< drop packet (don't forward it) */ +#define SN_PROCESSING_ERROR 0x0003 /**< Packet processing error */ +#define SN_REPLY_ABORT \ + 0x0010 /**< Reply with ABORT to sender (don't forward it) */ +#define SN_SEND_ABORT 0x0020 /**< Send ABORT to destination */ +#define SN_TX_ABORT 0x0030 /**< mask for transmitting abort */ +#define SN_REFLECT_ERROR \ + 0x0100 /**< Reply with ERROR to sender on OOTB packet Tbit set */ +#define SN_REPLY_ERROR 0x0200 /**< Reply with ERROR to sender on ASCONF clash \ + */ +#define SN_TX_ERROR 0x0300 /**< mask for transmitting error */ + +#define PKT_ALIAS_RESPOND \ + 0x1000 /**< Signal to libalias that there is a response packet to send \ + */ /* * Data structures */ @@ -124,38 +128,45 @@ * Information is stored in network byte order (as is libalias)*** */ struct sctp_nat_assoc { - uint32_t l_vtag; /**< local side verification tag */ - uint16_t l_port; /**< local side port number */ - uint32_t g_vtag; /**< global side verification tag */ - uint16_t g_port; /**< global side port number */ - struct in_addr l_addr; /**< local ip address */ - struct in_addr a_addr; /**< alias ip address */ - int state; /**< current state of NAT association */ - int TableRegister; /**< stores which look up tables association is registered in */ - int exp; /**< timer expiration in seconds from uptime */ - int exp_loc; /**< current location in timer_Q */ - int num_Gaddr; /**< number of global IP addresses in the list */ - LIST_HEAD(sctpGlobalAddresshead,sctp_GlobalAddress) Gaddr; /**< List of global addresses */ - LIST_ENTRY (sctp_nat_assoc) list_L; /**< Linked list of pointers for Local table*/ - LIST_ENTRY (sctp_nat_assoc) list_G; /**< Linked list of pointers for Global table */ - LIST_ENTRY (sctp_nat_assoc) timer_Q; /**< Linked list of pointers for timer Q */ - //Using libalias locking + uint32_t l_vtag; /**< local side verification tag */ + uint16_t l_port; /**< local side port number */ + uint32_t g_vtag; /**< global side verification tag */ + uint16_t g_port; /**< global side port number */ + struct in_addr l_addr; /**< local ip address */ + struct in_addr a_addr; /**< alias ip address */ + int state; /**< current state of NAT association */ + int TableRegister; /**< stores which look up tables association is + registered in */ + int exp; /**< timer expiration in seconds from uptime */ + int exp_loc; /**< current location in timer_Q */ + int num_Gaddr; /**< number of global IP addresses in the list */ + LIST_HEAD(sctpGlobalAddresshead, + sctp_GlobalAddress) Gaddr; /**< List of global addresses */ + LIST_ENTRY(sctp_nat_assoc) + list_L; /**< Linked list of pointers for Local table*/ + LIST_ENTRY(sctp_nat_assoc) + list_G; /**< Linked list of pointers for Global table */ + LIST_ENTRY(sctp_nat_assoc) + timer_Q; /**< Linked list of pointers for timer Q */ + // Using libalias locking }; struct sctp_GlobalAddress { struct in_addr g_addr; - LIST_ENTRY (sctp_GlobalAddress) list_Gaddr; /**< Linked list of pointers for Global table */ + LIST_ENTRY(sctp_GlobalAddress) + list_Gaddr; /**< Linked list of pointers for Global table */ }; /** * @brief SCTP chunk of interest * - * The only chunks whose contents are of any interest are the INIT and ASCONF_AddIP + * The only chunks whose contents are of any interest are the INIT and + * ASCONF_AddIP */ union sctpChunkOfInt { - struct sctp_init *Init; /**< Pointer to Init Chunk */ - struct sctp_init_ack *InitAck; /**< Pointer to Init Chunk */ - struct sctp_paramhdr *Asconf; /**< Pointer to ASCONF chunk */ + struct sctp_init *Init; /**< Pointer to Init Chunk */ + struct sctp_init_ack *InitAck; /**< Pointer to Init Chunk */ + struct sctp_paramhdr *Asconf; /**< Pointer to ASCONF chunk */ }; /** @@ -164,15 +175,17 @@ * Structure containing the relevant information from the SCTP message */ struct sctp_nat_msg { - uint16_t msg; /**< one of the key messages defined above */ + uint16_t msg; /**< one of the key messages defined above */ #ifdef INET6 - // struct ip6_hdr *ip_hdr; /**< pointer to ip packet header */ /*no inet6 support yet*/ + // struct ip6_hdr *ip_hdr; /**< pointer to ip packet header */ /*no + // inet6 support yet*/ #else - struct ip *ip_hdr; /**< pointer to ip packet header */ -#endif //#ifdef INET6 - struct sctphdr *sctp_hdr; /**< pointer to sctp common header */ - union sctpChunkOfInt sctpchnk; /**< union of pointers to the chunk of interest */ - int chunk_length; /**< length of chunk of interest */ + struct ip *ip_hdr; /**< pointer to ip packet header */ +#endif //#ifdef INET6 + struct sctphdr *sctp_hdr; /**< pointer to sctp common header */ + union sctpChunkOfInt + sctpchnk; /**< union of pointers to the chunk of interest */ + int chunk_length; /**< length of chunk of interest */ }; /** @@ -181,9 +194,11 @@ */ struct sctp_nat_timer { - int loc_time; /**< time in seconds for the current location in the queue */ - int cur_loc; /**< index of the current location in the circular queue */ - LIST_HEAD(sctpTimerQ,sctp_nat_assoc) *TimerQ; /**< List of associations at this position in the timer Q */ + int loc_time; /**< time in seconds for the current location in the queue + */ + int cur_loc; /**< index of the current location in the circular queue */ + LIST_HEAD(sctpTimerQ, sctp_nat_assoc) * + TimerQ; /**< List of associations at this position in the timer Q */ }; #endif //#ifndef _ALIAS_SCTP_H Index: sys/netinet/libalias/alias_sctp.c =================================================================== --- sys/netinet/libalias/alias_sctp.c +++ sys/netinet/libalias/alias_sctp.c @@ -33,7 +33,8 @@ * This software was developed by David A. Hayes and Jason But * * The design is outlined in CAIA technical report number 080618A - * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in IPFW") + * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in + * IPFW") * * Development is part of the CAIA SONATA project, * proposed by Jason But and Grenville Armitage: @@ -73,25 +74,30 @@ /* $FreeBSD$ */ #ifdef _KERNEL -#include #include -#include #include +#include #include #include #include -#include + +#include +#include + #include #include +#include #include -#include #else -#include "alias_sctp.h" +#include + +#include + #include + #include "alias.h" #include "alias_local.h" -#include -#include +#include "alias_sctp.h" #endif //#ifdef _KERNEL /* ---------------------------------------------------------------------- @@ -103,55 +109,66 @@ struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc); static int GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, uint32_t *g_vtag, int direction); -static int IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm, int direction); - -static void AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction); -static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr); -static void RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction); -static int IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm, int direction); +static int IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm, + int direction); + +static void AddGlobalIPAddresses(struct sctp_nat_msg *sm, + struct sctp_nat_assoc *assoc, int direction); +static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, + struct sctp_GlobalAddress *G_addr); +static void RmGlobalIPAddresses(struct sctp_nat_msg *sm, + struct sctp_nat_assoc *assoc, int direction); +static int IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm, + int direction); /* State Machine Functions */ -static int ProcessSctpMsg(struct libalias *la, int direction, \ +static int ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc); -static int ID_process(struct libalias *la, int direction,\ +static int ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static int INi_process(struct libalias *la, int direction,\ +static int INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static int INa_process(struct libalias *la, int direction,\ +static int INa_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static int UP_process(struct libalias *la, int direction,\ +static int UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static int CL_process(struct libalias *la, int direction,\ +static int CL_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm); -static void TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm,\ +static void TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int sndrply, int direction); /* Hash Table Functions */ -static struct sctp_nat_assoc * -FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port); -static struct sctp_nat_assoc * -FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match); -static struct sctp_nat_assoc * -FindSctpGlobalClash(struct libalias *la, struct sctp_nat_assoc *Cassoc); -static struct sctp_nat_assoc * -FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port); -static struct sctp_nat_assoc * -FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port); - -static int AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr); -static int AddSctpAssocGlobal(struct libalias *la, struct sctp_nat_assoc *assoc); +static struct sctp_nat_assoc *FindSctpLocal(struct libalias *la, + struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, + uint16_t l_port, uint16_t g_port); +static struct sctp_nat_assoc *FindSctpGlobal(struct libalias *la, + struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, + int *partial_match); +static struct sctp_nat_assoc *FindSctpGlobalClash(struct libalias *la, + struct sctp_nat_assoc *Cassoc); +static struct sctp_nat_assoc *FindSctpLocalT(struct libalias *la, + struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port); +static struct sctp_nat_assoc *FindSctpGlobalT(struct libalias *la, + struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port); + +static int AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, + struct in_addr g_addr); +static int AddSctpAssocGlobal(struct libalias *la, + struct sctp_nat_assoc *assoc); static void RmSctpAssoc(struct libalias *la, struct sctp_nat_assoc *assoc); static void freeGlobalAddressList(struct sctp_nat_assoc *assoc); /* Timer Queue Functions */ static void sctp_AddTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc); static void sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc); -static void sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc, int newexp); +static void sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc, + int newexp); void sctp_CheckTimers(struct libalias *la); /* Logging Functions */ -static void logsctperror(char *errormsg, uint32_t vtag, int error, int direction); +static void logsctperror(char *errormsg, uint32_t vtag, int error, + int direction); static void logsctpparse(int direction, struct sctp_nat_msg *sm); static void logsctpassoc(struct sctp_nat_assoc *assoc, char *s); static void logTimerQ(struct libalias *la); @@ -186,15 +203,15 @@ static MALLOC_DEFINE(M_SCTPNAT, "sctpnat", "sctp nat dbs"); /* Use kernel allocator. */ #ifdef _SYS_MALLOC_H_ -#define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT|M_ZERO) -#define sn_calloc(n,x) mallocarray((n), (x), M_SCTPNAT, M_NOWAIT|M_ZERO) -#define sn_free(x) free(x, M_SCTPNAT) -#endif// #ifdef _SYS_MALLOC_H_ +#define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT | M_ZERO) +#define sn_calloc(n, x) mallocarray((n), (x), M_SCTPNAT, M_NOWAIT | M_ZERO) +#define sn_free(x) free(x, M_SCTPNAT) +#endif // #ifdef _SYS_MALLOC_H_ #else //#ifdef _KERNEL -#define sn_malloc(x) malloc(x) -#define sn_calloc(n, x) calloc(n, x) -#define sn_free(x) free(x) +#define sn_malloc(x) malloc(x) +#define sn_calloc(n, x) calloc(n, x) +#define sn_free(x) free(x) #endif //#ifdef _KERNEL @@ -206,88 +223,116 @@ * - SCTP message types for storing in the sctp_nat_msg structure @{ */ -#define SN_SCTP_FIRSTCHUNK(sctphead) (struct sctp_chunkhdr *)(((char *)sctphead) + sizeof(struct sctphdr)) -/**< Returns a pointer to the first chunk in an SCTP packet given a pointer to the SCTP header */ +#define SN_SCTP_FIRSTCHUNK(sctphead) \ + (struct sctp_chunkhdr *)(((char *)sctphead) + sizeof(struct sctphdr)) +/**< Returns a pointer to the first chunk in an SCTP packet given a pointer to + * the SCTP header */ -#define SN_SCTP_NEXTCHUNK(chunkhead) (struct sctp_chunkhdr *)(((char *)chunkhead) + SCTP_SIZE32(ntohs(chunkhead->chunk_length))) -/**< Returns a pointer to the next chunk in an SCTP packet given a pointer to the current chunk */ +#define SN_SCTP_NEXTCHUNK(chunkhead) \ + (struct sctp_chunkhdr *)(((char *)chunkhead) + \ + SCTP_SIZE32(ntohs(chunkhead->chunk_length))) +/**< Returns a pointer to the next chunk in an SCTP packet given a pointer to + * the current chunk */ -#define SN_SCTP_NEXTPARAM(param) (struct sctp_paramhdr *)(((char *)param) + SCTP_SIZE32(ntohs(param->param_length))) -/**< Returns a pointer to the next parameter in an SCTP packet given a pointer to the current parameter */ +#define SN_SCTP_NEXTPARAM(param) \ + (struct sctp_paramhdr *)(((char *)param) + \ + SCTP_SIZE32(ntohs(param->param_length))) +/**< Returns a pointer to the next parameter in an SCTP packet given a pointer + * to the current parameter */ -#define SN_MIN_CHUNK_SIZE 4 /**< Smallest possible SCTP chunk size in bytes */ -#define SN_MIN_PARAM_SIZE 4 /**< Smallest possible SCTP param size in bytes */ -#define SN_VTAG_PARAM_SIZE 12 /**< Size of SCTP ASCONF vtag param in bytes */ -#define SN_ASCONFACK_PARAM_SIZE 8 /**< Size of SCTP ASCONF ACK param in bytes */ +#define SN_MIN_CHUNK_SIZE 4 /**< Smallest possible SCTP chunk size in bytes */ +#define SN_MIN_PARAM_SIZE 4 /**< Smallest possible SCTP param size in bytes */ +#define SN_VTAG_PARAM_SIZE 12 /**< Size of SCTP ASCONF vtag param in bytes */ +#define SN_ASCONFACK_PARAM_SIZE \ + 8 /**< Size of SCTP ASCONF ACK param in bytes */ /* Packet parsing return codes */ -#define SN_PARSE_OK 0 /**< Packet parsed for SCTP messages */ -#define SN_PARSE_ERROR_IPSHL 1 /**< Packet parsing error - IP and SCTP common header len */ -#define SN_PARSE_ERROR_AS_MALLOC 2 /**< Packet parsing error - assoc malloc */ -#define SN_PARSE_ERROR_CHHL 3 /**< Packet parsing error - Chunk header len */ -#define SN_PARSE_ERROR_DIR 4 /**< Packet parsing error - Direction */ -#define SN_PARSE_ERROR_VTAG 5 /**< Packet parsing error - Vtag */ -#define SN_PARSE_ERROR_CHUNK 6 /**< Packet parsing error - Chunk */ -#define SN_PARSE_ERROR_PORT 7 /**< Packet parsing error - Port=0 */ -#define SN_PARSE_ERROR_LOOKUP 8 /**< Packet parsing error - Lookup */ -#define SN_PARSE_ERROR_PARTIALLOOKUP 9 /**< Packet parsing error - partial lookup only found */ -#define SN_PARSE_ERROR_LOOKUP_ABORT 10 /**< Packet parsing error - Lookup - but abort packet */ +#define SN_PARSE_OK 0 /**< Packet parsed for SCTP messages */ +#define SN_PARSE_ERROR_IPSHL \ + 1 /**< Packet parsing error - IP and SCTP common header len */ +#define SN_PARSE_ERROR_AS_MALLOC 2 /**< Packet parsing error - assoc malloc */ +#define SN_PARSE_ERROR_CHHL 3 /**< Packet parsing error - Chunk header len */ +#define SN_PARSE_ERROR_DIR 4 /**< Packet parsing error - Direction */ +#define SN_PARSE_ERROR_VTAG 5 /**< Packet parsing error - Vtag */ +#define SN_PARSE_ERROR_CHUNK 6 /**< Packet parsing error - Chunk */ +#define SN_PARSE_ERROR_PORT 7 /**< Packet parsing error - Port=0 */ +#define SN_PARSE_ERROR_LOOKUP 8 /**< Packet parsing error - Lookup */ +#define SN_PARSE_ERROR_PARTIALLOOKUP \ + 9 /**< Packet parsing error - partial lookup only found */ +#define SN_PARSE_ERROR_LOOKUP_ABORT \ + 10 /**< Packet parsing error - Lookup - but abort packet */ /* Alias_sctp performs its processing based on a number of key messages */ -#define SN_SCTP_ABORT 0x0000 /**< a packet containing an ABORT chunk */ -#define SN_SCTP_INIT 0x0001 /**< a packet containing an INIT chunk */ -#define SN_SCTP_INITACK 0x0002 /**< a packet containing an INIT-ACK chunk */ -#define SN_SCTP_SHUTCOMP 0x0010 /**< a packet containing a SHUTDOWN-COMPLETE chunk */ -#define SN_SCTP_SHUTACK 0x0020 /**< a packet containing a SHUTDOWN-ACK chunk */ -#define SN_SCTP_ASCONF 0x0100 /**< a packet containing an ASCONF chunk */ -#define SN_SCTP_ASCONFACK 0x0200 /**< a packet containing an ASCONF-ACK chunk */ -#define SN_SCTP_OTHER 0xFFFF /**< a packet containing a chunk that is not of interest */ +#define SN_SCTP_ABORT 0x0000 /**< a packet containing an ABORT chunk */ +#define SN_SCTP_INIT 0x0001 /**< a packet containing an INIT chunk */ +#define SN_SCTP_INITACK 0x0002 /**< a packet containing an INIT-ACK chunk */ +#define SN_SCTP_SHUTCOMP \ + 0x0010 /**< a packet containing a SHUTDOWN-COMPLETE chunk */ +#define SN_SCTP_SHUTACK 0x0020 /**< a packet containing a SHUTDOWN-ACK chunk \ + */ +#define SN_SCTP_ASCONF 0x0100 /**< a packet containing an ASCONF chunk */ +#define SN_SCTP_ASCONFACK 0x0200 /**< a packet containing an ASCONF-ACK chunk \ + */ +#define SN_SCTP_OTHER \ + 0xFFFF /**< a packet containing a chunk that is not of interest */ /** @} * @defgroup state_machine SCTP NAT State Machine * * Defines the various states an association can be within the NAT @{ */ -#define SN_ID 0x0000 /**< Idle state */ -#define SN_INi 0x0010 /**< Initialising, waiting for InitAck state */ -#define SN_INa 0x0020 /**< Initialising, waiting for AddIpAck state */ -#define SN_UP 0x0100 /**< Association in UP state */ -#define SN_CL 0x1000 /**< Closing state */ -#define SN_RM 0x2000 /**< Removing state */ +#define SN_ID 0x0000 /**< Idle state */ +#define SN_INi 0x0010 /**< Initialising, waiting for InitAck state */ +#define SN_INa 0x0020 /**< Initialising, waiting for AddIpAck state */ +#define SN_UP 0x0100 /**< Association in UP state */ +#define SN_CL 0x1000 /**< Closing state */ +#define SN_RM 0x2000 /**< Removing state */ /** @} * @defgroup Logging Logging Functionality * * Define various log levels and a macro to call specified log functions only if * the current log level (sysctl_log_level) matches the specified level @{ */ -#define SN_LOG_LOW 0 -#define SN_LOG_EVENT 1 -#define SN_LOG_INFO 2 -#define SN_LOG_DETAIL 3 -#define SN_LOG_DEBUG 4 -#define SN_LOG_DEBUG_MAX 5 - -#define SN_LOG(level, action) if (sysctl_log_level >= level) { action; } /**< Perform log action ONLY if the current log level meets the specified log level */ +#define SN_LOG_LOW 0 +#define SN_LOG_EVENT 1 +#define SN_LOG_INFO 2 +#define SN_LOG_DETAIL 3 +#define SN_LOG_DEBUG 4 +#define SN_LOG_DEBUG_MAX 5 + +#define SN_LOG(level, action) \ + if (sysctl_log_level >= level) { \ + action; \ + } /**< Perform log action ONLY if the current log level meets the \ + specified log level */ /** @} * @defgroup Hash Hash Table Macros and Functions * * Defines minimum/maximum/default values for the hash table size @{ */ -#define SN_MIN_HASH_SIZE 101 /**< Minimum hash table size (set to stop users choosing stupid values) */ -#define SN_MAX_HASH_SIZE 1000001 /**< Maximum hash table size (NB must be less than max int) */ -#define SN_DEFAULT_HASH_SIZE 2003 /**< A reasonable default size for the hash tables */ - -#define SN_LOCAL_TBL 0x01 /**< assoc in local table */ -#define SN_GLOBAL_TBL 0x02 /**< assoc in global table */ -#define SN_BOTH_TBL 0x03 /**< assoc in both tables */ -#define SN_WAIT_TOLOCAL 0x10 /**< assoc waiting for TOLOCAL asconf ACK*/ -#define SN_WAIT_TOGLOBAL 0x20 /**< assoc waiting for TOLOCAL asconf ACK*/ -#define SN_NULL_TBL 0x00 /**< assoc in No table */ -#define SN_MAX_GLOBAL_ADDRESSES 100 /**< absolute maximum global address count*/ - -#define SN_ADD_OK 0 /**< Association added to the table */ -#define SN_ADD_CLASH 1 /**< Clash when trying to add the assoc. info to the table */ - -#define SN_TABLE_HASH(vtag, port, size) (((u_int) vtag + (u_int) port) % (u_int) size) /**< Calculate the hash table lookup position */ +#define SN_MIN_HASH_SIZE \ + 101 /**< Minimum hash table size (set to stop users choosing stupid \ + values) */ +#define SN_MAX_HASH_SIZE \ + 1000001 /**< Maximum hash table size (NB must be less than max int) */ +#define SN_DEFAULT_HASH_SIZE \ + 2003 /**< A reasonable default size for the hash tables */ + +#define SN_LOCAL_TBL 0x01 /**< assoc in local table */ +#define SN_GLOBAL_TBL 0x02 /**< assoc in global table */ +#define SN_BOTH_TBL 0x03 /**< assoc in both tables */ +#define SN_WAIT_TOLOCAL 0x10 /**< assoc waiting for TOLOCAL asconf ACK*/ +#define SN_WAIT_TOGLOBAL 0x20 /**< assoc waiting for TOLOCAL asconf ACK*/ +#define SN_NULL_TBL 0x00 /**< assoc in No table */ +#define SN_MAX_GLOBAL_ADDRESSES 100 /**< absolute maximum global address \ + count*/ + +#define SN_ADD_OK 0 /**< Association added to the table */ +#define SN_ADD_CLASH \ + 1 /**< Clash when trying to add the assoc. info to the table */ + +#define SN_TABLE_HASH(vtag, port, size) \ + (((u_int)vtag + (u_int)port) % \ + (u_int)size) /**< Calculate the hash table lookup position */ /** @} * @defgroup Timer Timer Queue Macros and Functions * @@ -296,17 +341,25 @@ */ #define SN_MIN_TIMER 1 #define SN_MAX_TIMER 600 -#define SN_TIMER_QUEUE_SIZE SN_MAX_TIMER+2 - -#define SN_I_T(la) (la->timeStamp + sysctl_init_timer) /**< INIT State expiration time in seconds */ -#define SN_U_T(la) (la->timeStamp + sysctl_up_timer) /**< UP State expiration time in seconds */ -#define SN_C_T(la) (la->timeStamp + sysctl_shutdown_timer) /**< CL State expiration time in seconds */ -#define SN_X_T(la) (la->timeStamp + sysctl_holddown_timer) /**< Wait after a shutdown complete in seconds */ +#define SN_TIMER_QUEUE_SIZE SN_MAX_TIMER + 2 + +#define SN_I_T(la) \ + (la->timeStamp + \ + sysctl_init_timer) /**< INIT State expiration time in seconds */ +#define SN_U_T(la) \ + (la->timeStamp + \ + sysctl_up_timer) /**< UP State expiration time in seconds */ +#define SN_C_T(la) \ + (la->timeStamp + \ + sysctl_shutdown_timer) /**< CL State expiration time in seconds */ +#define SN_X_T(la) \ + (la->timeStamp + sysctl_holddown_timer) /**< Wait after a shutdown \ + complete in seconds */ /** @} * @defgroup sysctl SysCtl Variable and callback function declarations * - * Sysctl variables to modify NAT functionality in real-time along with associated functions - * to manage modifications to the sysctl variables @{ + * Sysctl variables to modify NAT functionality in real-time along with + * associated functions to manage modifications to the sysctl variables @{ */ /* Callbacks */ @@ -324,36 +377,65 @@ /** @brief net.inet.ip.alias.sctp.log_level */ static u_int sysctl_log_level = 0; /**< Stores the current level of logging */ /** @brief net.inet.ip.alias.sctp.init_timer */ -static u_int sysctl_init_timer = 15; /**< Seconds to hold an association in the table waiting for an INIT-ACK or AddIP-ACK */ +static u_int sysctl_init_timer = + 15; /**< Seconds to hold an association in the table waiting for an INIT-ACK + or AddIP-ACK */ /** @brief net.inet.ip.alias.sctp.up_timer */ -static u_int sysctl_up_timer = 300; /**< Seconds to hold an association in the table while no packets are transmitted */ +static u_int sysctl_up_timer = 300; /**< Seconds to hold an association in the + table while no packets are transmitted */ /** @brief net.inet.ip.alias.sctp.shutdown_timer */ -static u_int sysctl_shutdown_timer = 15; /**< Seconds to hold an association in the table waiting for a SHUTDOWN-COMPLETE */ +static u_int sysctl_shutdown_timer = + 15; /**< Seconds to hold an association in the table waiting for a + SHUTDOWN-COMPLETE */ /** @brief net.inet.ip.alias.sctp.holddown_timer */ -static u_int sysctl_holddown_timer = 0; /**< Seconds to hold an association in the table after it has been shutdown (to allow for lost SHUTDOWN-COMPLETEs) */ +static u_int sysctl_holddown_timer = + 0; /**< Seconds to hold an association in the table after it has been + shutdown (to allow for lost SHUTDOWN-COMPLETEs) */ /** @brief net.inet.ip.alias.sctp.hashtable_size */ -static u_int sysctl_hashtable_size = SN_DEFAULT_HASH_SIZE; /**< Sets the hash table size for any NEW NAT instances (existing instances retain their existing Hash Table */ +static u_int sysctl_hashtable_size = + SN_DEFAULT_HASH_SIZE; /**< Sets the hash table size for any NEW NAT + instances (existing instances retain their existing + Hash Table */ /** @brief net.inet.ip.alias.sctp.error_on_ootb */ -static u_int sysctl_error_on_ootb = 1; /**< NAT response to receipt of OOTB packet - (0 - No response, 1 - NAT will send ErrorM only to local side, - 2 - NAT will send local ErrorM and global ErrorM if there was a partial association match - 3 - NAT will send ErrorM to both local and global) */ +static u_int sysctl_error_on_ootb = + 1; /**< NAT response to receipt of OOTB packet + (0 - No response, 1 - NAT will send ErrorM only to local side, + 2 - NAT will send local ErrorM and global ErrorM if there was a + partial association match 3 - NAT will send ErrorM to both local and + global) */ /** @brief net.inet.ip.alias.sctp.accept_global_ootb_addip */ -static u_int sysctl_accept_global_ootb_addip = 0; /** 0 - enables tracking but limits the number of global IP addresses to this value) - If set to >=1 the NAT will track that many global IP addresses. This may reduce look up table conflicts, but increases processing */ - -#define SN_NO_ERROR_ON_OOTB 0 /**< Send no errorM on out of the blue packets */ -#define SN_LOCAL_ERROR_ON_OOTB 1 /**< Send only local errorM on out of the blue packets */ -#define SN_LOCALandPARTIAL_ERROR_ON_OOTB 2 /**< Send local errorM and global errorM for out of the blue packets only if partial match found */ -#define SN_ERROR_ON_OOTB 3 /**< Send errorM on out of the blue packets */ +static u_int sysctl_track_global_addresses = + 0; /**< Configures the global address tracking option within the NAT (0 - + Global tracking is disabled, > 0 - enables tracking but limits the + number of global IP addresses to this value) If set to >=1 the NAT + will track that many global IP addresses. This may reduce look up + table conflicts, but increases processing */ + +#define SN_NO_ERROR_ON_OOTB 0 /**< Send no errorM on out of the blue packets \ + */ +#define SN_LOCAL_ERROR_ON_OOTB \ + 1 /**< Send only local errorM on out of the blue packets */ +#define SN_LOCALandPARTIAL_ERROR_ON_OOTB \ + 2 /**< Send local errorM and global errorM for out of the blue packets \ + only if partial match found */ +#define SN_ERROR_ON_OOTB 3 /**< Send errorM on out of the blue packets */ #ifdef SYSCTL_NODE @@ -362,42 +444,42 @@ SYSCTL_DECL(_net_inet_ip_alias); static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp, - CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, - "SCTP NAT"); + CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, "SCTP NAT"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_log_level, 0, sysctl_chg_loglevel, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_log_level, 0, + sysctl_chg_loglevel, "IU", "Level of detail (0 - default, 1 - event, 2 - info, 3 - detail, 4 - debug, 5 - max debug)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_init_timer, 0, sysctl_chg_timer, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_init_timer, 0, + sysctl_chg_timer, "IU", "Timeout value (s) while waiting for (INIT-ACK|AddIP-ACK)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_up_timer, 0, sysctl_chg_timer, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_up_timer, 0, + sysctl_chg_timer, "IU", "Timeout value (s) to keep an association up with no traffic"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_shutdown_timer, 0, sysctl_chg_timer, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_shutdown_timer, 0, + sysctl_chg_timer, "IU", "Timeout value (s) while waiting for SHUTDOWN-COMPLETE"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_holddown_timer, 0, sysctl_chg_timer, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_holddown_timer, 0, + sysctl_chg_timer, "IU", "Hold association in table for this many seconds after receiving a SHUTDOWN-COMPLETE"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_hashtable_size, 0, sysctl_chg_hashtable_size, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_hashtable_size, 0, + sysctl_chg_hashtable_size, "IU", "Size of hash tables used for NAT lookups (100 < prime_number > 1000001)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_error_on_ootb, 0, sysctl_chg_error_on_ootb, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_error_on_ootb, 0, + sysctl_chg_error_on_ootb, "IU", "ErrorM sent on receipt of ootb packet:\n\t0 - none,\n" "\t1 - to local only,\n" "\t2 - to local and global if a partial association match,\n" "\t3 - to local and global (DoS risk)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip, CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip, "IU", + &sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip, + "IU", "NAT response to receipt of global OOTB AddIP:\n" "\t0 - No response,\n" "\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)"); @@ -408,13 +490,13 @@ "Number of chunks that should be processed if there is no current " "association found:\n\t > 0 (A high value is a DoS risk)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_chunk_proc_limit, 0, sysctl_chg_chunk_proc_limit, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_chunk_proc_limit, 0, + sysctl_chg_chunk_proc_limit, "IU", "Number of chunks that should be processed to find key chunk:\n" "\t>= initialising_chunk_proc_limit (A high value is a DoS risk)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit, - CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, - &sysctl_param_proc_limit, 0, sysctl_chg_param_proc_limit, "IU", + CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_param_proc_limit, 0, + sysctl_chg_param_proc_limit, "IU", "Number of parameters (in a chunk) that should be processed to find key " "parameters:\n\t> 1 (A high value is a DoS risk)"); SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses, @@ -448,7 +530,8 @@ } /** @ingroup sysctl - * @brief sysctl callback for changing net.inet.ip.fw.sctp.(init_timer|up_timer|shutdown_timer) + * @brief sysctl callback for changing + * net.inet.ip.fw.sctp.(init_timer|up_timer|shutdown_timer) * * Updates the timer-based sysctl variables. The new values are sanity-checked * to make sure that they are within the range SN_MIN_TIMER-SN_MAX_TIMER. The @@ -492,11 +575,16 @@ if (error) return (error); - size = (size < SN_MIN_HASH_SIZE) ? (SN_MIN_HASH_SIZE) : ((size > SN_MAX_HASH_SIZE) ? (SN_MAX_HASH_SIZE) : (size)); + size = (size < SN_MIN_HASH_SIZE) ? + (SN_MIN_HASH_SIZE) : + ((size > SN_MAX_HASH_SIZE) ? (SN_MAX_HASH_SIZE) : (size)); size |= 0x00000001; /* make odd */ - for (;(((size % 3) == 0) || ((size % 5) == 0) || ((size % 7) == 0) || ((size % 11) == 0)); size+=2); + for (; (((size % 3) == 0) || ((size % 5) == 0) || ((size % 7) == 0) || + ((size % 11) == 0)); + size += 2) + ; sysctl_hashtable_size = size; return (0); @@ -521,16 +609,18 @@ if (error) return (error); - sysctl_error_on_ootb = (flag > SN_ERROR_ON_OOTB) ? SN_ERROR_ON_OOTB: flag; + sysctl_error_on_ootb = (flag > SN_ERROR_ON_OOTB) ? SN_ERROR_ON_OOTB : + flag; return (0); } /** @ingroup sysctl - * @brief sysctl callback for changing net.inet.ip.alias.sctp.accept_global_ootb_addip + * @brief sysctl callback for changing + * net.inet.ip.alias.sctp.accept_global_ootb_addip * - * If set to 1 the NAT will accept ootb global addip messages for processing (Security risk) - * Default is 0, only responding to local ootb AddIP messages + * If set to 1 the NAT will accept ootb global addip messages for processing + * (Security risk) Default is 0, only responding to local ootb AddIP messages */ int sysctl_chg_accept_global_ootb_addip(SYSCTL_HANDLER_ARGS) { @@ -541,13 +631,14 @@ if (error) return (error); - sysctl_accept_global_ootb_addip = (flag == 1) ? 1: 0; + sysctl_accept_global_ootb_addip = (flag == 1) ? 1 : 0; return (0); } /** @ingroup sysctl - * @brief sysctl callback for changing net.inet.ip.alias.sctp.initialising_chunk_proc_limit + * @brief sysctl callback for changing + * net.inet.ip.alias.sctp.initialising_chunk_proc_limit * * Updates the initialising_chunk_proc_limit sysctl variable. Number of chunks * that should be processed if there is no current association found: > 0 (A @@ -562,9 +653,11 @@ if (error) return (error); - sysctl_initialising_chunk_proc_limit = (proclimit < 1) ? 1: proclimit; - sysctl_chunk_proc_limit = - (sysctl_chunk_proc_limit < sysctl_initialising_chunk_proc_limit) ? sysctl_initialising_chunk_proc_limit : sysctl_chunk_proc_limit; + sysctl_initialising_chunk_proc_limit = (proclimit < 1) ? 1 : proclimit; + sysctl_chunk_proc_limit = (sysctl_chunk_proc_limit < + sysctl_initialising_chunk_proc_limit) ? + sysctl_initialising_chunk_proc_limit : + sysctl_chunk_proc_limit; return (0); } @@ -585,8 +678,10 @@ if (error) return (error); - sysctl_chunk_proc_limit = - (proclimit < sysctl_initialising_chunk_proc_limit) ? sysctl_initialising_chunk_proc_limit : proclimit; + sysctl_chunk_proc_limit = (proclimit < + sysctl_initialising_chunk_proc_limit) ? + sysctl_initialising_chunk_proc_limit : + proclimit; return (0); } @@ -607,14 +702,14 @@ if (error) return (error); - sysctl_param_proc_limit = - (proclimit < 2) ? 2 : proclimit; + sysctl_param_proc_limit = (proclimit < 2) ? 2 : proclimit; return (0); } /** @ingroup sysctl - * @brief sysctl callback for changing net.inet.ip.alias.sctp.track_global_addresses + * @brief sysctl callback for changing + *net.inet.ip.alias.sctp.track_global_addresses * *Configures the global address tracking option within the NAT (0 - Global *tracking is disabled, > 0 - enables tracking but limits the number of global @@ -629,7 +724,10 @@ if (error) return (error); - sysctl_track_global_addresses = (num_to_track > SN_MAX_GLOBAL_ADDRESSES) ? SN_MAX_GLOBAL_ADDRESSES : num_to_track; + sysctl_track_global_addresses = (num_to_track > + SN_MAX_GLOBAL_ADDRESSES) ? + SN_MAX_GLOBAL_ADDRESSES : + num_to_track; return (0); } @@ -653,10 +751,15 @@ int i; la->sctpNatTableSize = sysctl_hashtable_size; SN_LOG(SN_LOG_EVENT, - SctpAliasLog("Initialising SCTP NAT Instance (hash_table_size:%d)\n", la->sctpNatTableSize)); - la->sctpTableLocal = sn_calloc(la->sctpNatTableSize, sizeof(struct sctpNatTableL)); - la->sctpTableGlobal = sn_calloc(la->sctpNatTableSize, sizeof(struct sctpNatTableG)); - la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct sctpTimerQ)); + SctpAliasLog( + "Initialising SCTP NAT Instance (hash_table_size:%d)\n", + la->sctpNatTableSize)); + la->sctpTableLocal = sn_calloc(la->sctpNatTableSize, + sizeof(struct sctpNatTableL)); + la->sctpTableGlobal = sn_calloc(la->sctpNatTableSize, + sizeof(struct sctpNatTableG)); + la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, + sizeof(struct sctpTimerQ)); /* Initialise hash table */ for (i = 0; i < la->sctpNatTableSize; i++) { LIST_INIT(&la->sctpTableLocal[i]); @@ -667,9 +770,10 @@ for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) LIST_INIT(&la->sctpNatTimer.TimerQ[i]); #ifdef _KERNEL - la->sctpNatTimer.loc_time=time_uptime; /* la->timeStamp is not set yet */ + la->sctpNatTimer.loc_time = + time_uptime; /* la->timeStamp is not set yet */ #else - la->sctpNatTimer.loc_time=la->timeStamp; + la->sctpNatTimer.loc_time = la->timeStamp; #endif la->sctpNatTimer.cur_loc = 0; la->sctpLinkCount = 0; @@ -691,11 +795,10 @@ AliasSctpTerm(struct libalias *la) { struct sctp_nat_assoc *assoc1, *assoc2; - int i; + int i; LIBALIAS_LOCK_ASSERT(la); - SN_LOG(SN_LOG_EVENT, - SctpAliasLog("Removing SCTP NAT Instance\n")); + SN_LOG(SN_LOG_EVENT, SctpAliasLog("Removing SCTP NAT Instance\n")); for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) { assoc1 = LIST_FIRST(&la->sctpNatTimer.TimerQ[i]); while (assoc1 != NULL) { @@ -749,51 +852,54 @@ sctp_CheckTimers(la); /* Check timers */ /* Parse the packet */ - rtnval = sctp_PktParser(la, direction, pip, &msg, &assoc); //using *char (change to mbuf when get code from paolo) + rtnval = sctp_PktParser(la, direction, pip, &msg, + &assoc); // using *char (change to mbuf when get code from paolo) switch (rtnval) { case SN_PARSE_OK: break; case SN_PARSE_ERROR_CHHL: - /* Not an error if there is a chunk length parsing error and this is a fragmented packet */ + /* Not an error if there is a chunk length parsing error and + * this is a fragmented packet */ if (ntohs(pip->ip_off) & IP_MF) { rtnval = SN_PARSE_OK; break; } SN_LOG(SN_LOG_EVENT, - logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction)); + logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, + direction)); return (PKT_ALIAS_ERROR); case SN_PARSE_ERROR_PARTIALLOOKUP: if (sysctl_error_on_ootb > SN_LOCALandPARTIAL_ERROR_ON_OOTB) { SN_LOG(SN_LOG_EVENT, - logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction)); + logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, + rtnval, direction)); return (PKT_ALIAS_ERROR); } case SN_PARSE_ERROR_LOOKUP: if (sysctl_error_on_ootb == SN_ERROR_ON_OOTB || - (sysctl_error_on_ootb == SN_LOCALandPARTIAL_ERROR_ON_OOTB && direction == SN_TO_LOCAL) || - (sysctl_error_on_ootb == SN_LOCAL_ERROR_ON_OOTB && direction == SN_TO_GLOBAL)) { - TxAbortErrorM(la, &msg, assoc, SN_REFLECT_ERROR, direction); /*NB assoc=NULL */ + (sysctl_error_on_ootb == SN_LOCALandPARTIAL_ERROR_ON_OOTB && + direction == SN_TO_LOCAL) || + (sysctl_error_on_ootb == SN_LOCAL_ERROR_ON_OOTB && + direction == SN_TO_GLOBAL)) { + TxAbortErrorM(la, &msg, assoc, SN_REFLECT_ERROR, + direction); /*NB assoc=NULL */ return (PKT_ALIAS_RESPOND); } default: SN_LOG(SN_LOG_EVENT, - logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction)); + logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, + direction)); return (PKT_ALIAS_ERROR); } - SN_LOG(SN_LOG_DETAIL, - logsctpassoc(assoc, "*"); - logsctpparse(direction, &msg); - ); + SN_LOG(SN_LOG_DETAIL, logsctpassoc(assoc, "*"); + logsctpparse(direction, &msg);); /* Process the SCTP message */ rtnval = ProcessSctpMsg(la, direction, &msg, assoc); - SN_LOG(SN_LOG_DEBUG_MAX, - logsctpassoc(assoc, "-"); - logSctpLocal(la); - logSctpGlobal(la); - ); + SN_LOG(SN_LOG_DEBUG_MAX, logsctpassoc(assoc, "-"); logSctpLocal(la); + logSctpGlobal(la);); SN_LOG(SN_LOG_DEBUG, logTimerQ(la)); switch (rtnval) { @@ -802,21 +908,29 @@ case SN_TO_LOCAL: DifferentialChecksum(&(msg.ip_hdr->ip_sum), &(assoc->l_addr), &(msg.ip_hdr->ip_dst), 2); - msg.ip_hdr->ip_dst = assoc->l_addr; /* change dst address to local address*/ + msg.ip_hdr->ip_dst = + assoc->l_addr; /* change dst address to local + address*/ break; case SN_TO_GLOBAL: DifferentialChecksum(&(msg.ip_hdr->ip_sum), - &(assoc->a_addr), &(msg.ip_hdr->ip_src), 2); - msg.ip_hdr->ip_src = assoc->a_addr; /* change src to alias addr*/ + &(assoc->a_addr), &(msg.ip_hdr->ip_src), 2); + msg.ip_hdr->ip_src = + assoc->a_addr; /* change src to alias addr*/ break; default: - rtnval = SN_DROP_PKT; /* shouldn't get here, but if it does drop packet */ - SN_LOG(SN_LOG_LOW, logsctperror("ERROR: Invalid direction", msg.sctp_hdr->v_tag, rtnval, direction)); + rtnval = SN_DROP_PKT; /* shouldn't get here, but if it + does drop packet */ + SN_LOG(SN_LOG_LOW, + logsctperror("ERROR: Invalid direction", + msg.sctp_hdr->v_tag, rtnval, direction)); break; } break; case SN_DROP_PKT: - SN_LOG(SN_LOG_DETAIL, logsctperror("SN_DROP_PKT", msg.sctp_hdr->v_tag, rtnval, direction)); + SN_LOG(SN_LOG_DETAIL, + logsctperror("SN_DROP_PKT", msg.sctp_hdr->v_tag, rtnval, + direction)); break; case SN_REPLY_ABORT: case SN_REPLY_ERROR: @@ -824,9 +938,12 @@ TxAbortErrorM(la, &msg, assoc, rtnval, direction); break; default: - // big error, remove association and go to idle and write log messages - SN_LOG(SN_LOG_LOW, logsctperror("SN_PROCESSING_ERROR", msg.sctp_hdr->v_tag, rtnval, direction)); - assoc->state = SN_RM;/* Mark for removal*/ + // big error, remove association and go to idle and write log + // messages + SN_LOG(SN_LOG_LOW, + logsctperror("SN_PROCESSING_ERROR", msg.sctp_hdr->v_tag, + rtnval, direction)); + assoc->state = SN_RM; /* Mark for removal*/ break; } @@ -873,8 +990,8 @@ * up-state is a Heartbeat packet, which is big enough to be transformed to an * ErrorM. * - * We create a temporary character array to store the packet as we are constructing - * it. We then populate the array with appropriate values based on: + * We create a temporary character array to store the packet as we are + * constructing it. We then populate the array with appropriate values based on: * - Packet type (AbortM | ErrorM) * - Initial packet direction (SN_TO_LOCAL | SN_TO_GLOBAL) * - NAT response (Send packet | Reply packet) @@ -926,24 +1043,29 @@ } static void -TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int sndrply, int direction) +TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, + struct sctp_nat_assoc *assoc, int sndrply, int direction) { - int sctp_size = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_error_cause); + int sctp_size = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + + sizeof(struct sctp_error_cause); int ip_size = sizeof(struct ip) + sctp_size; int include_error_cause = 1; char tmp_ip[ip_size]; char addrbuf[INET_ADDRSTRLEN]; - if (ntohs(sm->ip_hdr->ip_len) < ip_size) { /* short packet, cannot send error cause */ + if (ntohs(sm->ip_hdr->ip_len) < + ip_size) { /* short packet, cannot send error cause */ include_error_cause = 0; - ip_size = ip_size - sizeof(struct sctp_error_cause); - sctp_size = sctp_size - sizeof(struct sctp_error_cause); + ip_size = ip_size - sizeof(struct sctp_error_cause); + sctp_size = sctp_size - sizeof(struct sctp_error_cause); } /* Assign header pointers packet */ - struct ip* ip = (struct ip *) tmp_ip; - struct sctphdr* sctp_hdr = (struct sctphdr *) ((char *) ip + sizeof(*ip)); - struct sctp_chunkhdr* chunk_hdr = (struct sctp_chunkhdr *) ((char *) sctp_hdr + sizeof(*sctp_hdr)); - struct sctp_error_cause* error_cause = (struct sctp_error_cause *) ((char *) chunk_hdr + sizeof(*chunk_hdr)); + struct ip *ip = (struct ip *)tmp_ip; + struct sctphdr *sctp_hdr = (struct sctphdr *)((char *)ip + sizeof(*ip)); + struct sctp_chunkhdr *chunk_hdr = + (struct sctp_chunkhdr *)((char *)sctp_hdr + sizeof(*sctp_hdr)); + struct sctp_error_cause *error_cause = + (struct sctp_error_cause *)((char *)chunk_hdr + sizeof(*chunk_hdr)); /* construct ip header */ ip->ip_v = sm->ip_hdr->ip_v; @@ -955,17 +1077,23 @@ ip->ip_ttl = 255; ip->ip_p = IPPROTO_SCTP; /* - The definitions below should be removed when they make it into the SCTP stack + The definitions below should be removed when they make it into the + SCTP stack */ #define SCTP_MIDDLEBOX_FLAG 0x02 #define SCTP_NAT_TABLE_COLLISION 0x00b0 #define SCTP_MISSING_NAT 0x00b1 - chunk_hdr->chunk_type = (sndrply & SN_TX_ABORT) ? SCTP_ABORT_ASSOCIATION : SCTP_OPERATION_ERROR; + chunk_hdr->chunk_type = (sndrply & SN_TX_ABORT) ? + SCTP_ABORT_ASSOCIATION : + SCTP_OPERATION_ERROR; chunk_hdr->chunk_flags = SCTP_MIDDLEBOX_FLAG; if (include_error_cause) { - error_cause->code = htons((sndrply & SN_REFLECT_ERROR) ? SCTP_MISSING_NAT : SCTP_NAT_TABLE_COLLISION); + error_cause->code = htons((sndrply & SN_REFLECT_ERROR) ? + SCTP_MISSING_NAT : + SCTP_NAT_TABLE_COLLISION); error_cause->length = htons(sizeof(struct sctp_error_cause)); - chunk_hdr->chunk_length = htons(sizeof(*chunk_hdr) + sizeof(struct sctp_error_cause)); + chunk_hdr->chunk_length = htons( + sizeof(*chunk_hdr) + sizeof(struct sctp_error_cause)); } else { chunk_hdr->chunk_length = htons(sizeof(*chunk_hdr)); } @@ -977,7 +1105,8 @@ sctp_hdr->v_tag = sm->sctp_hdr->v_tag; break; case SN_REPLY_ERROR: - sctp_hdr->v_tag = (direction == SN_TO_LOCAL) ? assoc->g_vtag : assoc->l_vtag ; + sctp_hdr->v_tag = (direction == SN_TO_LOCAL) ? assoc->g_vtag : + assoc->l_vtag; break; case SN_SEND_ABORT: sctp_hdr->v_tag = sm->sctp_hdr->v_tag; @@ -989,8 +1118,10 @@ /* Set send/reply values */ if (sndrply == SN_SEND_ABORT) { /*pass through NAT */ - ip->ip_src = (direction == SN_TO_LOCAL) ? sm->ip_hdr->ip_src : assoc->a_addr; - ip->ip_dst = (direction == SN_TO_LOCAL) ? assoc->l_addr : sm->ip_hdr->ip_dst; + ip->ip_src = (direction == SN_TO_LOCAL) ? sm->ip_hdr->ip_src : + assoc->a_addr; + ip->ip_dst = (direction == SN_TO_LOCAL) ? assoc->l_addr : + sm->ip_hdr->ip_dst; sctp_hdr->src_port = sm->sctp_hdr->src_port; sctp_hdr->dest_port = sm->sctp_hdr->dest_port; } else { /* reply and reflect */ @@ -1005,17 +1136,19 @@ /* calculate SCTP header CRC32 */ sctp_hdr->checksum = 0; - sctp_hdr->checksum = local_sctp_finalize_crc32(calculate_crc32c(0xffffffff, (unsigned char *) sctp_hdr, sctp_size)); + sctp_hdr->checksum = local_sctp_finalize_crc32( + calculate_crc32c(0xffffffff, (unsigned char *)sctp_hdr, sctp_size)); memcpy(sm->ip_hdr, ip, ip_size); - SN_LOG(SN_LOG_EVENT,SctpAliasLog("%s %s 0x%x (->%s:%u vtag=0x%x crc=0x%x)\n", - ((sndrply == SN_SEND_ABORT) ? "Sending" : "Replying"), - ((sndrply & SN_TX_ERROR) ? "ErrorM" : "AbortM"), - (include_error_cause ? ntohs(error_cause->code) : 0), - inet_ntoa_r(ip->ip_dst, INET_NTOA_BUF(addrbuf)), - ntohs(sctp_hdr->dest_port), - ntohl(sctp_hdr->v_tag), ntohl(sctp_hdr->checksum))); + SN_LOG(SN_LOG_EVENT, + SctpAliasLog("%s %s 0x%x (->%s:%u vtag=0x%x crc=0x%x)\n", + ((sndrply == SN_SEND_ABORT) ? "Sending" : "Replying"), + ((sndrply & SN_TX_ERROR) ? "ErrorM" : "AbortM"), + (include_error_cause ? ntohs(error_cause->code) : 0), + inet_ntoa_r(ip->ip_dst, INET_NTOA_BUF(addrbuf)), + ntohs(sctp_hdr->dest_port), ntohl(sctp_hdr->v_tag), + ntohl(sctp_hdr->checksum))); } /* ---------------------------------------------------------------------- @@ -1046,7 +1179,8 @@ static int sctp_PktParser(struct libalias *la, int direction, struct ip *pip, struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc) -//sctp_PktParser(int direction, struct mbuf *ipak, int ip_hdr_len,struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc) +// sctp_PktParser(int direction, struct mbuf *ipak, int ip_hdr_len,struct +// sctp_nat_msg *sm, struct sctp_nat_assoc *assoc) { struct sctphdr *sctp_hdr; struct sctp_chunkhdr *chunk_hdr; @@ -1060,7 +1194,8 @@ // int mlen; // mlen = SCTP_HEADER_LEN(i_pak); - // mp = SCTP_HEADER_TO_CHAIN(i_pak); /* does nothing in bsd since header and chain not separate */ + // mp = SCTP_HEADER_TO_CHAIN(i_pak); /* does nothing in bsd since + // header and chain not separate */ /* * Note, that if the VTag is zero, it must be an INIT @@ -1078,22 +1213,27 @@ return (SN_PARSE_ERROR_IPSHL); /* packet not long enough*/ } - sm->sctp_hdr = sctp_hdr = (struct sctphdr *) ip_next(pip); + sm->sctp_hdr = sctp_hdr = (struct sctphdr *)ip_next(pip); bytes_left -= sizeof(struct sctphdr); - /* Check for valid ports (zero valued ports would find partially initialised associations */ + /* Check for valid ports (zero valued ports would find partially + * initialised associations */ if (sctp_hdr->src_port == 0 || sctp_hdr->dest_port == 0) return (SN_PARSE_ERROR_PORT); /* Check length of first chunk */ - if (bytes_left < SN_MIN_CHUNK_SIZE) /* malformed chunk - could cause endless loop*/ - return (SN_PARSE_ERROR_CHHL); /* packet not long enough for this chunk */ + if (bytes_left < + SN_MIN_CHUNK_SIZE) /* malformed chunk - could cause endless loop*/ + return (SN_PARSE_ERROR_CHHL); /* packet not long enough for this + chunk */ /* First chunk */ chunk_hdr = SN_SCTP_FIRSTCHUNK(sctp_hdr); chunk_length = SCTP_SIZE32(ntohs(chunk_hdr->chunk_length)); - if ((chunk_length < SN_MIN_CHUNK_SIZE) || (chunk_length > bytes_left)) /* malformed chunk - could cause endless loop*/ + if ((chunk_length < SN_MIN_CHUNK_SIZE) || + (chunk_length > + bytes_left)) /* malformed chunk - could cause endless loop*/ return (SN_PARSE_ERROR_CHHL); if ((chunk_hdr->chunk_flags & SCTP_HAD_NO_TCB) && @@ -1101,39 +1241,60 @@ (chunk_hdr->chunk_type == SCTP_SHUTDOWN_COMPLETE))) { /* T-Bit set */ if (direction == SN_TO_LOCAL) - *passoc = FindSctpGlobalT(la, pip->ip_src, sctp_hdr->v_tag, sctp_hdr->dest_port, sctp_hdr->src_port); + *passoc = FindSctpGlobalT(la, pip->ip_src, + sctp_hdr->v_tag, sctp_hdr->dest_port, + sctp_hdr->src_port); else - *passoc = FindSctpLocalT(la, pip->ip_dst, sctp_hdr->v_tag, sctp_hdr->dest_port, sctp_hdr->src_port); + *passoc = FindSctpLocalT(la, pip->ip_dst, + sctp_hdr->v_tag, sctp_hdr->dest_port, + sctp_hdr->src_port); } else { /* Proper v_tag settings */ if (direction == SN_TO_LOCAL) - *passoc = FindSctpGlobal(la, pip->ip_src, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port, &partial_match); + *passoc = FindSctpGlobal(la, pip->ip_src, + sctp_hdr->v_tag, sctp_hdr->src_port, + sctp_hdr->dest_port, &partial_match); else - *passoc = FindSctpLocal(la, pip->ip_src, pip->ip_dst, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port); + *passoc = FindSctpLocal(la, pip->ip_src, pip->ip_dst, + sctp_hdr->v_tag, sctp_hdr->src_port, + sctp_hdr->dest_port); } chunk_count = 1; /* Real packet parsing occurs below */ - sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/ - sm->chunk_length = 0; /* only care about length for key chunks */ + sm->msg = SN_SCTP_OTHER; /* Initialise to largest value*/ + sm->chunk_length = 0; /* only care about length for key chunks */ while (IS_SCTP_CONTROL(chunk_hdr)) { switch (chunk_hdr->chunk_type) { case SCTP_INITIATION: - if (chunk_length < sizeof(struct sctp_init_chunk)) /* malformed chunk*/ + if (chunk_length < + sizeof(struct sctp_init_chunk)) /* malformed chunk*/ return (SN_PARSE_ERROR_CHHL); sm->msg = SN_SCTP_INIT; - sm->sctpchnk.Init = (struct sctp_init *) ((char *) chunk_hdr + sizeof(struct sctp_chunkhdr)); + sm->sctpchnk.Init = + (struct sctp_init *)((char *)chunk_hdr + + sizeof(struct sctp_chunkhdr)); sm->chunk_length = chunk_length; /* if no existing association, create a new one */ if (*passoc == NULL) { - if (sctp_hdr->v_tag == 0) { //Init requires vtag=0 - *passoc = (struct sctp_nat_assoc *) sn_malloc(sizeof(struct sctp_nat_assoc)); - if (*passoc == NULL) {/* out of resources */ - return (SN_PARSE_ERROR_AS_MALLOC); + if (sctp_hdr->v_tag == + 0) { // Init requires vtag=0 + *passoc = (struct sctp_nat_assoc *) + sn_malloc( + sizeof(struct sctp_nat_assoc)); + if (*passoc == + NULL) { /* out of resources */ + return ( + SN_PARSE_ERROR_AS_MALLOC); } - /* Initialize association - sn_malloc initializes memory to zeros */ + /* Initialize association - sn_malloc + * initializes memory to zeros */ (*passoc)->state = SN_ID; - LIST_INIT(&((*passoc)->Gaddr)); /* always initialise to avoid memory problems */ + LIST_INIT(&( + (*passoc) + ->Gaddr)); /* always initialise + to avoid memory + problems */ (*passoc)->TableRegister = SN_NULL_TBL; return (SN_PARSE_OK); } @@ -1141,63 +1302,133 @@ } return (SN_PARSE_ERROR_LOOKUP); case SCTP_INITIATION_ACK: - if (chunk_length < sizeof(struct sctp_init_ack_chunk)) /* malformed chunk*/ + if (chunk_length < + sizeof(struct sctp_init_ack_chunk)) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); sm->msg = SN_SCTP_INITACK; - sm->sctpchnk.InitAck = (struct sctp_init_ack *) ((char *) chunk_hdr + sizeof(struct sctp_chunkhdr)); + sm->sctpchnk.InitAck = + (struct sctp_init_ack *)((char *)chunk_hdr + + sizeof(struct sctp_chunkhdr)); sm->chunk_length = chunk_length; - return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK)); - case SCTP_ABORT_ASSOCIATION: /* access only minimum sized chunk */ + return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : + (SN_PARSE_OK)); + case SCTP_ABORT_ASSOCIATION: /* access only minimum sized chunk + */ sm->msg = SN_SCTP_ABORT; sm->chunk_length = chunk_length; - return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP_ABORT) : (SN_PARSE_OK)); + return ((*passoc == NULL) ? + (SN_PARSE_ERROR_LOOKUP_ABORT) : + (SN_PARSE_OK)); case SCTP_SHUTDOWN_ACK: - if (chunk_length < sizeof(struct sctp_shutdown_ack_chunk)) /* malformed chunk*/ + if (chunk_length < + sizeof(struct sctp_shutdown_ack_chunk)) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); if (sm->msg > SN_SCTP_SHUTACK) { sm->msg = SN_SCTP_SHUTACK; sm->chunk_length = chunk_length; } break; - case SCTP_SHUTDOWN_COMPLETE: /* minimum sized chunk */ + case SCTP_SHUTDOWN_COMPLETE: /* minimum sized chunk */ if (sm->msg > SN_SCTP_SHUTCOMP) { sm->msg = SN_SCTP_SHUTCOMP; sm->chunk_length = chunk_length; } - return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK)); + return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : + (SN_PARSE_OK)); case SCTP_ASCONF: if (sm->msg > SN_SCTP_ASCONF) { - if (chunk_length < (sizeof(struct sctp_asconf_chunk) + sizeof(struct sctp_ipv4addr_param))) /* malformed chunk*/ + if (chunk_length < + (sizeof(struct sctp_asconf_chunk) + + sizeof(struct + sctp_ipv4addr_param))) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); - //leave parameter searching to later, if required - param_hdr = (struct sctp_paramhdr *) ((char *) chunk_hdr + sizeof(struct sctp_asconf_chunk)); /*compulsory IP parameter*/ - if (ntohs(param_hdr->param_type) == SCTP_IPV4_ADDRESS) { - if ((*passoc == NULL) && (direction == SN_TO_LOCAL)) { /* AddIP with no association */ - /* try look up with the ASCONF packet's alternative address */ - ipv4addr.s_addr = ((struct sctp_ipv4addr_param *) param_hdr)->addr; - *passoc = FindSctpGlobal(la, ipv4addr, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port, &partial_match); + // leave parameter searching to later, if + // required + param_hdr = + (struct sctp_paramhdr *)((char *)chunk_hdr + + sizeof(struct + sctp_asconf_chunk)); /*compulsory IP + parameter*/ + if (ntohs(param_hdr->param_type) == + SCTP_IPV4_ADDRESS) { + if ((*passoc == NULL) && + (direction == + SN_TO_LOCAL)) { /* AddIP with no + association + */ + /* try look up with the ASCONF + * packet's alternative address + */ + ipv4addr.s_addr = + ((struct sctp_ipv4addr_param + *)param_hdr) + ->addr; + *passoc = FindSctpGlobal(la, + ipv4addr, sctp_hdr->v_tag, + sctp_hdr->src_port, + sctp_hdr->dest_port, + &partial_match); } - param_hdr = (struct sctp_paramhdr *) - ((char *) param_hdr + sizeof(struct sctp_ipv4addr_param)); /*asconf's compulsory address parameter */ - sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_chunk) - sizeof(struct sctp_ipv4addr_param); /* rest of chunk */ + param_hdr = (struct sctp_paramhdr + *)((char *)param_hdr + + sizeof(struct + sctp_ipv4addr_param)); /*asconf's + compulsory + address + parameter + */ + sm->chunk_length = chunk_length - + sizeof(struct sctp_asconf_chunk) - + sizeof(struct + sctp_ipv4addr_param); /* rest of + chunk + */ } else { - if (chunk_length < (sizeof(struct sctp_asconf_chunk) + sizeof(struct sctp_ipv6addr_param))) /* malformed chunk*/ + if (chunk_length < + (sizeof(struct sctp_asconf_chunk) + + sizeof(struct + sctp_ipv6addr_param))) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); - param_hdr = (struct sctp_paramhdr *) - ((char *) param_hdr + sizeof(struct sctp_ipv6addr_param)); /*asconf's compulsory address parameter */ - sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_chunk) - sizeof(struct sctp_ipv6addr_param); /* rest of chunk */ + param_hdr = (struct sctp_paramhdr + *)((char *)param_hdr + + sizeof(struct + sctp_ipv6addr_param)); /*asconf's + compulsory + address + parameter + */ + sm->chunk_length = chunk_length - + sizeof(struct sctp_asconf_chunk) - + sizeof(struct + sctp_ipv6addr_param); /* rest of + chunk + */ } sm->msg = SN_SCTP_ASCONF; sm->sctpchnk.Asconf = param_hdr; - if (*passoc == NULL) { /* AddIP with no association */ - *passoc = (struct sctp_nat_assoc *) sn_malloc(sizeof(struct sctp_nat_assoc)); - if (*passoc == NULL) {/* out of resources */ - return (SN_PARSE_ERROR_AS_MALLOC); + if (*passoc == + NULL) { /* AddIP with no association */ + *passoc = (struct sctp_nat_assoc *) + sn_malloc( + sizeof(struct sctp_nat_assoc)); + if (*passoc == + NULL) { /* out of resources */ + return ( + SN_PARSE_ERROR_AS_MALLOC); } - /* Initialize association - sn_malloc initializes memory to zeros */ + /* Initialize association - sn_malloc + * initializes memory to zeros */ (*passoc)->state = SN_ID; - LIST_INIT(&((*passoc)->Gaddr)); /* always initialise to avoid memory problems */ + LIST_INIT(&( + (*passoc) + ->Gaddr)); /* always initialise + to avoid memory + problems */ (*passoc)->TableRegister = SN_NULL_TBL; return (SN_PARSE_OK); } @@ -1205,47 +1436,61 @@ break; case SCTP_ASCONF_ACK: if (sm->msg > SN_SCTP_ASCONFACK) { - if (chunk_length < sizeof(struct sctp_asconf_ack_chunk)) /* malformed chunk*/ + if (chunk_length < + sizeof(struct + sctp_asconf_ack_chunk)) /* malformed + chunk*/ return (SN_PARSE_ERROR_CHHL); - //leave parameter searching to later, if required - param_hdr = (struct sctp_paramhdr *) ((char *) chunk_hdr - + sizeof(struct sctp_asconf_ack_chunk)); + // leave parameter searching to later, if + // required + param_hdr = + (struct sctp_paramhdr *)((char *)chunk_hdr + + sizeof(struct sctp_asconf_ack_chunk)); sm->msg = SN_SCTP_ASCONFACK; sm->sctpchnk.Asconf = param_hdr; - sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_ack_chunk); + sm->chunk_length = chunk_length - + sizeof(struct sctp_asconf_ack_chunk); } break; default: break; /* do nothing*/ } - /* if no association is found exit - we need to find an Init or AddIP within sysctl_initialising_chunk_proc_limit */ - if ((*passoc == NULL) && (chunk_count >= sysctl_initialising_chunk_proc_limit)) + /* if no association is found exit - we need to find an Init or + * AddIP within sysctl_initialising_chunk_proc_limit */ + if ((*passoc == NULL) && + (chunk_count >= sysctl_initialising_chunk_proc_limit)) return (SN_PARSE_ERROR_LOOKUP); /* finished with this chunk, on to the next chunk*/ - bytes_left-= chunk_length; + bytes_left -= chunk_length; /* Is this the end of the packet ? */ if (bytes_left == 0) - return (*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK); + return (*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : + (SN_PARSE_OK); - /* Are there enough bytes in packet to at least retrieve length of next chunk ? */ + /* Are there enough bytes in packet to at least retrieve length + * of next chunk ? */ if (bytes_left < SN_MIN_CHUNK_SIZE) return (SN_PARSE_ERROR_CHHL); chunk_hdr = SN_SCTP_NEXTCHUNK(chunk_hdr); - /* Is the chunk long enough to not cause endless look and are there enough bytes in packet to read the chunk ? */ + /* Is the chunk long enough to not cause endless look and are + * there enough bytes in packet to read the chunk ? */ chunk_length = SCTP_SIZE32(ntohs(chunk_hdr->chunk_length)); - if ((chunk_length < SN_MIN_CHUNK_SIZE) || (chunk_length > bytes_left)) + if ((chunk_length < SN_MIN_CHUNK_SIZE) || + (chunk_length > bytes_left)) return (SN_PARSE_ERROR_CHHL); if (++chunk_count > sysctl_chunk_proc_limit) - return (SN_PARSE_OK); /* limit for processing chunks, take what we get */ + return (SN_PARSE_OK); /* limit for processing chunks, + take what we get */ } if (*passoc == NULL) - return (partial_match) ? (SN_PARSE_ERROR_PARTIALLOOKUP) : (SN_PARSE_ERROR_LOOKUP); + return (partial_match) ? (SN_PARSE_ERROR_PARTIALLOOKUP) : + (SN_PARSE_ERROR_LOOKUP); else return (SN_PARSE_OK); } @@ -1261,19 +1506,22 @@ * * @param la Pointer to the relevant libalias instance * @param sm Pointer to sctp message information - * @param l_vtag Pointer to the local vtag in the association this SCTP Message belongs to - * @param g_vtag Pointer to the local vtag in the association this SCTP Message belongs to + * @param l_vtag Pointer to the local vtag in the association this SCTP Message + * belongs to + * @param g_vtag Pointer to the local vtag in the association this SCTP Message + * belongs to * @param direction SN_TO_LOCAL | SN_TO_GLOBAL * * @return 1 - success | 0 - fail */ static int -GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, uint32_t *g_vtag, int direction) +GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, + uint32_t *g_vtag, int direction) { /* To be removed when information is in the sctp headers */ #define SCTP_VTAG_PARAM 0xC007 struct sctp_vtag_param { - struct sctp_paramhdr ph;/* type=SCTP_VTAG_PARAM */ + struct sctp_paramhdr ph; /* type=SCTP_VTAG_PARAM */ uint32_t local_vtag; uint32_t remote_vtag; } __attribute__((packed)); @@ -1289,13 +1537,15 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); bytes_left = sm->chunk_length; /* step through Asconf parameters */ - while((bytes_left >= param_size) && (bytes_left >= SN_VTAG_PARAM_SIZE)) { + while ( + (bytes_left >= param_size) && (bytes_left >= SN_VTAG_PARAM_SIZE)) { if (ntohs(param->param_type) == SCTP_VTAG_PARAM) { - vtag_param = (struct sctp_vtag_param *) param; + vtag_param = (struct sctp_vtag_param *)param; switch (direction) { - /* The Internet draft is a little ambigious as to order of these vtags. - We think it is this way around. If we are wrong, the order will need - to be changed. */ + /* The Internet draft is a little ambigious as + to order of these vtags. We think it is this + way around. If we are wrong, the order will + need to be changed. */ case SN_TO_GLOBAL: *g_vtag = vtag_param->local_vtag; *l_vtag = vtag_param->remote_vtag; @@ -1316,8 +1566,10 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded (GetAsconfVtags)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded (GetAsconfVtags)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); return (0); /* not found limit exceeded*/ } } @@ -1336,12 +1588,13 @@ * */ static void -AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction) +AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, + int direction) { struct sctp_ipv4addr_param *ipv4_param; struct sctp_paramhdr *param = NULL; struct sctp_GlobalAddress *G_Addr; - struct in_addr g_addr = {0}; + struct in_addr g_addr = { 0 }; int bytes_left = 0; int param_size; int param_count, addr_param_count = 0; @@ -1356,12 +1609,18 @@ param_count = 1; switch (sm->msg) { case SN_SCTP_INIT: - bytes_left = sm->chunk_length - sizeof(struct sctp_init_chunk); - param = (struct sctp_paramhdr *)((char *)sm->sctpchnk.Init + sizeof(struct sctp_init)); + bytes_left = sm->chunk_length - + sizeof(struct sctp_init_chunk); + param = + (struct sctp_paramhdr *)((char *)sm->sctpchnk.Init + + sizeof(struct sctp_init)); break; case SN_SCTP_INITACK: - bytes_left = sm->chunk_length - sizeof(struct sctp_init_ack_chunk); - param = (struct sctp_paramhdr *)((char *)sm->sctpchnk.InitAck + sizeof(struct sctp_init_ack)); + bytes_left = sm->chunk_length - + sizeof(struct sctp_init_ack_chunk); + param = (struct sctp_paramhdr *)((char *)sm->sctpchnk + .InitAck + + sizeof(struct sctp_init_ack)); break; case SN_SCTP_ASCONF: bytes_left = sm->chunk_length; @@ -1372,65 +1631,88 @@ if (bytes_left >= SN_MIN_PARAM_SIZE) param_size = SCTP_SIZE32(ntohs(param->param_length)); else - param_size = bytes_left+1; /* force skip loop */ - - if ((assoc->state == SN_ID) && ((sm->msg == SN_SCTP_INIT) || (bytes_left < SN_MIN_PARAM_SIZE))) {/* add pkt address */ - G_Addr = (struct sctp_GlobalAddress *) sn_malloc(sizeof(struct sctp_GlobalAddress)); - if (G_Addr == NULL) {/* out of resources */ + param_size = bytes_left + 1; /* force skip loop */ + + if ((assoc->state == SN_ID) && + ((sm->msg == SN_SCTP_INIT) || + (bytes_left < SN_MIN_PARAM_SIZE))) { /* add pkt address */ + G_Addr = (struct sctp_GlobalAddress *)sn_malloc( + sizeof(struct sctp_GlobalAddress)); + if (G_Addr == NULL) { /* out of resources */ SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: No resources for adding global address - revert to no tracking", - sm->sctp_hdr->v_tag, 0, direction)); - assoc->num_Gaddr = 0; /* don't track any more for this assoc*/ - sysctl_track_global_addresses=0; + logsctperror( + "AddGlobalIPAddress: No resources for adding global address - revert to no tracking", + sm->sctp_hdr->v_tag, 0, direction)); + assoc->num_Gaddr = + 0; /* don't track any more for this assoc*/ + sysctl_track_global_addresses = 0; return; } G_Addr->g_addr = g_addr; if (!Add_Global_Address_to_List(assoc, G_Addr)) SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: Address already in list", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); + logsctperror( + "AddGlobalIPAddress: Address already in list", + sm->sctp_hdr->v_tag, assoc->num_Gaddr, + direction)); } /* step through parameters */ - while((bytes_left >= param_size) && (bytes_left >= sizeof(struct sctp_ipv4addr_param))) { + while ((bytes_left >= param_size) && + (bytes_left >= sizeof(struct sctp_ipv4addr_param))) { if (assoc->num_Gaddr >= sysctl_track_global_addresses) { SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: Maximum Number of addresses reached", - sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction)); + logsctperror( + "AddGlobalIPAddress: Maximum Number of addresses reached", + sm->sctp_hdr->v_tag, + sysctl_track_global_addresses, direction)); return; } switch (ntohs(param->param_type)) { case SCTP_ADD_IP_ADDRESS: - /* skip to address parameter - leave param_size so bytes left will be calculated properly*/ - param = (struct sctp_paramhdr *) &((struct sctp_asconf_addrv4_param *) param)->addrp; + /* skip to address parameter - leave param_size so bytes + * left will be calculated properly*/ + param = (struct sctp_paramhdr *)&( + (struct sctp_asconf_addrv4_param *)param) + ->addrp; /* FALLTHROUGH */ case SCTP_IPV4_ADDRESS: - ipv4_param = (struct sctp_ipv4addr_param *) param; + ipv4_param = (struct sctp_ipv4addr_param *)param; /* add addresses to association */ - G_Addr = (struct sctp_GlobalAddress *) sn_malloc(sizeof(struct sctp_GlobalAddress)); - if (G_Addr == NULL) {/* out of resources */ + G_Addr = (struct sctp_GlobalAddress *)sn_malloc( + sizeof(struct sctp_GlobalAddress)); + if (G_Addr == NULL) { /* out of resources */ SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: No resources for adding global address - revert to no tracking", - sm->sctp_hdr->v_tag, 0, direction)); - assoc->num_Gaddr = 0; /* don't track any more for this assoc*/ - sysctl_track_global_addresses=0; + logsctperror( + "AddGlobalIPAddress: No resources for adding global address - revert to no tracking", + sm->sctp_hdr->v_tag, 0, direction)); + assoc->num_Gaddr = + 0; /* don't track any more for this assoc*/ + sysctl_track_global_addresses = 0; return; } /* add address */ addr_param_count++; - if ((sm->msg == SN_SCTP_ASCONF) && (ipv4_param->addr == INADDR_ANY)) { /* use packet address */ + if ((sm->msg == SN_SCTP_ASCONF) && + (ipv4_param->addr == + INADDR_ANY)) { /* use packet address */ G_Addr->g_addr = g_addr; if (!Add_Global_Address_to_List(assoc, G_Addr)) SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: Address already in list", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); - return; /*shouldn't be any other addresses if the zero address is given*/ + logsctperror( + "AddGlobalIPAddress: Address already in list", + sm->sctp_hdr->v_tag, + assoc->num_Gaddr, direction)); + return; /*shouldn't be any other addresses if + the zero address is given*/ } else { G_Addr->g_addr.s_addr = ipv4_param->addr; if (!Add_Global_Address_to_List(assoc, G_Addr)) SN_LOG(SN_LOG_EVENT, - logsctperror("AddGlobalIPAddress: Address already in list", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); + logsctperror( + "AddGlobalIPAddress: Address already in list", + sm->sctp_hdr->v_tag, + assoc->num_Gaddr, direction)); } } @@ -1442,14 +1724,17 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded (AddGlobalIPAddress)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded (AddGlobalIPAddress)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); break; /* limit exceeded*/ } } if (addr_param_count == 0) { SN_LOG(SN_LOG_DETAIL, - logsctperror("AddGlobalIPAddress: no address parameters to add", + logsctperror( + "AddGlobalIPAddress: no address parameters to add", sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); } } @@ -1468,18 +1753,21 @@ * @return 1 - success | 0 - fail */ static int -Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr) +Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, + struct sctp_GlobalAddress *G_addr) { struct sctp_GlobalAddress *iter_G_Addr = NULL, *first_G_Addr = NULL; first_G_Addr = LIST_FIRST(&(assoc->Gaddr)); if (first_G_Addr == NULL) { - LIST_INSERT_HEAD(&(assoc->Gaddr), G_addr, list_Gaddr); /* add new address to beginning of list*/ + LIST_INSERT_HEAD(&(assoc->Gaddr), G_addr, + list_Gaddr); /* add new address to beginning of list*/ } else { - LIST_FOREACH(iter_G_Addr, &(assoc->Gaddr), list_Gaddr) { + LIST_FOREACH (iter_G_Addr, &(assoc->Gaddr), list_Gaddr) { if (G_addr->g_addr.s_addr == iter_G_Addr->g_addr.s_addr) return (0); /* already exists, so don't add */ } - LIST_INSERT_AFTER(first_G_Addr, G_addr, list_Gaddr); /* add address to end of list*/ + LIST_INSERT_AFTER(first_G_Addr, G_addr, + list_Gaddr); /* add address to end of list*/ } assoc->num_Gaddr++; return (1); /* success */ @@ -1499,7 +1787,8 @@ * */ static void -RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction) +RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, + int direction) { struct sctp_asconf_addrv4_param *asconf_ipv4_param; struct sctp_paramhdr *param; @@ -1521,42 +1810,73 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); } else { SN_LOG(SN_LOG_EVENT, - logsctperror("RmGlobalIPAddress: truncated packet - cannot remove IP addresses", - sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction)); + logsctperror( + "RmGlobalIPAddress: truncated packet - cannot remove IP addresses", + sm->sctp_hdr->v_tag, sysctl_track_global_addresses, + direction)); return; } /* step through Asconf parameters */ - while((bytes_left >= param_size) && (bytes_left >= sizeof(struct sctp_ipv4addr_param))) { + while ((bytes_left >= param_size) && + (bytes_left >= sizeof(struct sctp_ipv4addr_param))) { if (ntohs(param->param_type) == SCTP_DEL_IP_ADDRESS) { - asconf_ipv4_param = (struct sctp_asconf_addrv4_param *) param; - if (asconf_ipv4_param->addrp.addr == INADDR_ANY) { /* remove all bar pkt address */ - LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) { - if (G_Addr->g_addr.s_addr != sm->ip_hdr->ip_src.s_addr) { - if (assoc->num_Gaddr > 1) { /* only delete if more than one */ - LIST_REMOVE(G_Addr, list_Gaddr); + asconf_ipv4_param = (struct sctp_asconf_addrv4_param *) + param; + if (asconf_ipv4_param->addrp.addr == + INADDR_ANY) { /* remove all bar pkt address */ + LIST_FOREACH_SAFE (G_Addr, &(assoc->Gaddr), + list_Gaddr, G_Addr_tmp) { + if (G_Addr->g_addr.s_addr != + sm->ip_hdr->ip_src.s_addr) { + if (assoc->num_Gaddr > + 1) { /* only delete if more + than one */ + LIST_REMOVE(G_Addr, + list_Gaddr); sn_free(G_Addr); assoc->num_Gaddr--; } else { SN_LOG(SN_LOG_EVENT, - logsctperror("RmGlobalIPAddress: Request to remove last IP address (didn't)", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); + logsctperror( + "RmGlobalIPAddress: Request to remove last IP address (didn't)", + sm->sctp_hdr + ->v_tag, + assoc + ->num_Gaddr, + direction)); } } } - return; /*shouldn't be any other addresses if the zero address is given*/ + return; /*shouldn't be any other addresses if + the zero address is given*/ } else { - LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) { - if (G_Addr->g_addr.s_addr == asconf_ipv4_param->addrp.addr) { - if (assoc->num_Gaddr > 1) { /* only delete if more than one */ - LIST_REMOVE(G_Addr, list_Gaddr); + LIST_FOREACH_SAFE (G_Addr, &(assoc->Gaddr), + list_Gaddr, G_Addr_tmp) { + if (G_Addr->g_addr.s_addr == + asconf_ipv4_param->addrp.addr) { + if (assoc->num_Gaddr > + 1) { /* only delete if more + than one */ + LIST_REMOVE(G_Addr, + list_Gaddr); sn_free(G_Addr); assoc->num_Gaddr--; - break; /* Since add only adds new addresses, there should be no double entries */ + break; /* Since add only + adds new + addresses, + there should + be no double + entries */ } else { SN_LOG(SN_LOG_EVENT, - logsctperror("RmGlobalIPAddress: Request to remove last IP address (didn't)", - sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction)); + logsctperror( + "RmGlobalIPAddress: Request to remove last IP address (didn't)", + sm->sctp_hdr + ->v_tag, + assoc + ->num_Gaddr, + direction)); } } } @@ -1567,8 +1887,10 @@ return; else if (bytes_left < SN_MIN_PARAM_SIZE) { SN_LOG(SN_LOG_EVENT, - logsctperror("RmGlobalIPAddress: truncated packet - may not have removed all IP addresses", - sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction)); + logsctperror( + "RmGlobalIPAddress: truncated packet - may not have removed all IP addresses", + sm->sctp_hdr->v_tag, + sysctl_track_global_addresses, direction)); return; } @@ -1576,8 +1898,10 @@ param_size = SCTP_SIZE32(ntohs(param->param_length)); if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded (RmGlobalIPAddress)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded (RmGlobalIPAddress)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); return; /* limit exceeded*/ } } @@ -1623,9 +1947,10 @@ if (bytes_left < param_size) return (0); /* not found */ /* step through Asconf parameters */ - while(bytes_left >= SN_ASCONFACK_PARAM_SIZE) { + while (bytes_left >= SN_ASCONFACK_PARAM_SIZE) { if (ntohs(param->param_type) == SCTP_SUCCESS_REPORT) - return (1); /* success - but can't match correlation IDs - should only be one */ + return (1); /* success - but can't match correlation IDs + - should only be one */ /* check others just in case */ bytes_left -= param_size; if (bytes_left >= SN_MIN_PARAM_SIZE) @@ -1639,8 +1964,10 @@ if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded (IsASCONFack)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded (IsASCONFack)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); return (0); /* not found limit exceeded*/ } } @@ -1675,7 +2002,7 @@ if (bytes_left < param_size) return (0); /* not found */ /* step through Asconf parameters */ - while(bytes_left >= SN_ASCONFACK_PARAM_SIZE) { + while (bytes_left >= SN_ASCONFACK_PARAM_SIZE) { if (ntohs(param->param_type) == SCTP_ADD_IP_ADDRESS) return (SCTP_ADD_IP_ADDRESS); else if (ntohs(param->param_type) == SCTP_DEL_IP_ADDRESS) @@ -1693,12 +2020,14 @@ if (++param_count > sysctl_param_proc_limit) { SN_LOG(SN_LOG_EVENT, - logsctperror("Parameter parse limit exceeded IsADDorDEL)", - sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction)); + logsctperror( + "Parameter parse limit exceeded IsADDorDEL)", + sm->sctp_hdr->v_tag, sysctl_param_proc_limit, + direction)); return (0); /* not found limit exceeded*/ } } - return (0); /*Neither found */ + return (0); /*Neither found */ } /* ---------------------------------------------------------------------- @@ -1725,10 +2054,12 @@ * @param sm Pointer to sctp message information * @param assoc Pointer to the association this SCTP Message belongs to * - * @return SN_DROP_PKT | SN_NAT_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR | SN_PROCESSING_ERROR + * @return SN_DROP_PKT | SN_NAT_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR | + * SN_PROCESSING_ERROR */ static int -ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc) +ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, + struct sctp_nat_assoc *assoc) { int rtnval; @@ -1736,16 +2067,16 @@ case SN_ID: /* Idle */ rtnval = ID_process(la, direction, assoc, sm); if (rtnval != SN_NAT_PKT) { - assoc->state = SN_RM;/* Mark for removal*/ + assoc->state = SN_RM; /* Mark for removal*/ } return (rtnval); case SN_INi: /* Initialising - Init */ return (INi_process(la, direction, assoc, sm)); case SN_INa: /* Initialising - AddIP */ return (INa_process(la, direction, assoc, sm)); - case SN_UP: /* Association UP */ + case SN_UP: /* Association UP */ return (UP_process(la, direction, assoc, sm)); - case SN_CL: /* Association Closing */ + case SN_CL: /* Association Closing */ return (CL_process(la, direction, assoc, sm)); } return (SN_PROCESSING_ERROR); @@ -1766,17 +2097,23 @@ * @return SN_NAT_PKT | SN_DROP_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR */ static int -ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk with ADDIP */ - if (!sysctl_accept_global_ootb_addip && (direction == SN_TO_LOCAL)) + case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk with ADDIP + */ + if (!sysctl_accept_global_ootb_addip && + (direction == SN_TO_LOCAL)) return (SN_DROP_PKT); - /* if this Asconf packet does not contain the Vtag parameters it is of no use in Idle state */ - if (!GetAsconfVtags(la, sm, &(assoc->l_vtag), &(assoc->g_vtag), direction)) + /* if this Asconf packet does not contain the Vtag parameters it + * is of no use in Idle state */ + if (!GetAsconfVtags(la, sm, &(assoc->l_vtag), &(assoc->g_vtag), + direction)) return (SN_DROP_PKT); /* FALLTHROUGH */ - case SN_SCTP_INIT: /* a packet containing an INIT chunk or an ASCONF AddIP */ + case SN_SCTP_INIT: /* a packet containing an INIT chunk or an ASCONF + AddIP */ if (sysctl_track_global_addresses) AddGlobalIPAddresses(sm, assoc, direction); switch (direction) { @@ -1787,14 +2124,19 @@ assoc->g_port = sm->sctp_hdr->dest_port; if (sm->msg == SN_SCTP_INIT) assoc->g_vtag = sm->sctpchnk.Init->initiate_tag; - if (AddSctpAssocGlobal(la, assoc)) /* DB clash: need to add dst address */ - return ((sm->msg == SN_SCTP_INIT) ? SN_REPLY_ABORT : SN_REPLY_ERROR); + if (AddSctpAssocGlobal(la, + assoc)) /* DB clash: need to add dst address */ + return ((sm->msg == SN_SCTP_INIT) ? + SN_REPLY_ABORT : + SN_REPLY_ERROR); if (sm->msg == SN_SCTP_ASCONF) { - if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_dst)) /* DB clash */ + if (AddSctpAssocLocal(la, assoc, + sm->ip_hdr->ip_dst)) /* DB clash */ return (SN_REPLY_ERROR); - assoc->TableRegister |= SN_WAIT_TOLOCAL; /* wait for tolocal ack */ + assoc->TableRegister |= + SN_WAIT_TOLOCAL; /* wait for tolocal ack */ } - break; + break; case SN_TO_LOCAL: assoc->l_addr = FindSctpRedirectAddress(la, sm); assoc->a_addr = sm->ip_hdr->ip_dst; @@ -1802,23 +2144,31 @@ assoc->g_port = sm->sctp_hdr->src_port; if (sm->msg == SN_SCTP_INIT) assoc->l_vtag = sm->sctpchnk.Init->initiate_tag; - if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_src)) /* DB clash */ - return ((sm->msg == SN_SCTP_INIT) ? SN_REPLY_ABORT : SN_REPLY_ERROR); + if (AddSctpAssocLocal(la, assoc, + sm->ip_hdr->ip_src)) /* DB clash */ + return ((sm->msg == SN_SCTP_INIT) ? + SN_REPLY_ABORT : + SN_REPLY_ERROR); if (sm->msg == SN_SCTP_ASCONF) { - if (AddSctpAssocGlobal(la, assoc)) /* DB clash: need to add src address */ + if (AddSctpAssocGlobal(la, + assoc)) /* DB clash: need to add src + address */ return (SN_REPLY_ERROR); - assoc->TableRegister |= SN_WAIT_TOGLOBAL; /* wait for toglobal ack */ + assoc->TableRegister |= + SN_WAIT_TOGLOBAL; /* wait for toglobal ack + */ } break; } assoc->state = (sm->msg == SN_SCTP_INIT) ? SN_INi : SN_INa; assoc->exp = SN_I_T(la); - sctp_AddTimeOut(la,assoc); + sctp_AddTimeOut(la, assoc); return (SN_NAT_PKT); default: /* Any other type of SCTP message is not valid in Idle */ return (SN_DROP_PKT); } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /** @ingroup state_machine @@ -1835,42 +2185,47 @@ * @return SN_NAT_PKT | SN_DROP_PKT | SN_REPLY_ABORT */ static int -INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_INIT: /* a packet containing a retransmitted INIT chunk */ + case SN_SCTP_INIT: /* a packet containing a retransmitted INIT chunk */ sctp_ResetTimeOut(la, assoc, SN_I_T(la)); return (SN_NAT_PKT); - case SN_SCTP_INITACK: /* a packet containing an INIT-ACK chunk */ + case SN_SCTP_INITACK: /* a packet containing an INIT-ACK chunk */ switch (direction) { case SN_TO_LOCAL: - if (assoc->num_Gaddr) /*If tracking global addresses for this association */ + if (assoc->num_Gaddr) /*If tracking global addresses for + this association */ AddGlobalIPAddresses(sm, assoc, direction); assoc->l_vtag = sm->sctpchnk.Init->initiate_tag; - if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_src)) { /* DB clash */ - assoc->state = SN_RM;/* Mark for removal*/ + if (AddSctpAssocLocal(la, assoc, + sm->ip_hdr->ip_src)) { /* DB clash */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_SEND_ABORT); } break; case SN_TO_GLOBAL: - assoc->l_addr = sm->ip_hdr->ip_src; // Only if not set in Init! * + assoc->l_addr = + sm->ip_hdr->ip_src; // Only if not set in Init! * assoc->g_vtag = sm->sctpchnk.Init->initiate_tag; if (AddSctpAssocGlobal(la, assoc)) { /* DB clash */ - assoc->state = SN_RM;/* Mark for removal*/ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_SEND_ABORT); } break; } - assoc->state = SN_UP;/* association established for NAT */ - sctp_ResetTimeOut(la,assoc, SN_U_T(la)); + assoc->state = SN_UP; /* association established for NAT */ + sctp_ResetTimeOut(la, assoc, SN_U_T(la)); return (SN_NAT_PKT); - case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ - assoc->state = SN_RM;/* Mark for removal*/ + case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); default: return (SN_DROP_PKT); } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /** @ingroup state_machine @@ -1887,38 +2242,45 @@ * @return SN_NAT_PKT | SN_DROP_PKT */ static int -INa_process(struct libalias *la, int direction,struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +INa_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/ - sctp_ResetTimeOut(la,assoc, SN_I_T(la)); + case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/ + sctp_ResetTimeOut(la, assoc, SN_I_T(la)); return (SN_NAT_PKT); - case SN_SCTP_ASCONFACK: /* a packet containing an ASCONF chunk with a ADDIP-ACK */ + case SN_SCTP_ASCONFACK: /* a packet containing an ASCONF chunk with a + ADDIP-ACK */ switch (direction) { case SN_TO_LOCAL: - if (!(assoc->TableRegister & SN_WAIT_TOLOCAL)) /* wrong direction */ + if (!(assoc->TableRegister & + SN_WAIT_TOLOCAL)) /* wrong direction */ return (SN_DROP_PKT); break; case SN_TO_GLOBAL: - if (!(assoc->TableRegister & SN_WAIT_TOGLOBAL)) /* wrong direction */ + if (!(assoc->TableRegister & + SN_WAIT_TOGLOBAL)) /* wrong direction */ return (SN_DROP_PKT); } - if (IsASCONFack(la,sm,direction)) { - assoc->TableRegister &= SN_BOTH_TBL; /* remove wait flags */ - assoc->state = SN_UP; /* association established for NAT */ - sctp_ResetTimeOut(la,assoc, SN_U_T(la)); + if (IsASCONFack(la, sm, direction)) { + assoc->TableRegister &= + SN_BOTH_TBL; /* remove wait flags */ + assoc->state = + SN_UP; /* association established for NAT */ + sctp_ResetTimeOut(la, assoc, SN_U_T(la)); return (SN_NAT_PKT); } else { - assoc->state = SN_RM;/* Mark for removal*/ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); } - case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ - assoc->state = SN_RM;/* Mark for removal*/ + case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); default: return (SN_DROP_PKT); } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /** @ingroup state_machine @@ -1935,19 +2297,22 @@ * @return SN_NAT_PKT | SN_DROP_PKT */ static int -UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */ + case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */ assoc->state = SN_CL; - sctp_ResetTimeOut(la,assoc, SN_C_T(la)); + sctp_ResetTimeOut(la, assoc, SN_C_T(la)); return (SN_NAT_PKT); - case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ - assoc->state = SN_RM;/* Mark for removal*/ + case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); - case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/ - if ((direction == SN_TO_LOCAL) && assoc->num_Gaddr) /*If tracking global addresses for this association & from global side */ - switch (IsADDorDEL(la,sm,direction)) { + case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/ + if ((direction == SN_TO_LOCAL) && + assoc->num_Gaddr) /*If tracking global addresses for this + association & from global side */ + switch (IsADDorDEL(la, sm, direction)) { case SCTP_ADD_IP_ADDRESS: AddGlobalIPAddresses(sm, assoc, direction); break; @@ -1957,10 +2322,11 @@ } /* fall through to default */ default: - sctp_ResetTimeOut(la,assoc, SN_U_T(la)); - return (SN_NAT_PKT); /* forward packet */ + sctp_ResetTimeOut(la, assoc, SN_U_T(la)); + return (SN_NAT_PKT); /* forward packet */ } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /** @ingroup state_machine @@ -1979,27 +2345,32 @@ * @return SN_NAT_PKT | SN_DROP_PKT */ static int -CL_process(struct libalias *la, int direction,struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm) +CL_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, + struct sctp_nat_msg *sm) { switch (sm->msg) { - case SN_SCTP_SHUTCOMP: /* a packet containing a SHUTDOWN-COMPLETE chunk */ - assoc->state = SN_CL; /* Stay in Close state until timeout */ + case SN_SCTP_SHUTCOMP: /* a packet containing a SHUTDOWN-COMPLETE chunk + */ + assoc->state = SN_CL; /* Stay in Close state until timeout */ if (sysctl_holddown_timer > 0) - sctp_ResetTimeOut(la, assoc, SN_X_T(la));/* allow to stay open for Tbit packets*/ + sctp_ResetTimeOut(la, assoc, + SN_X_T( + la)); /* allow to stay open for Tbit packets*/ else - assoc->state = SN_RM;/* Mark for removal*/ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); - case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */ - assoc->state = SN_CL; /* Stay in Close state until timeout */ + case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */ + assoc->state = SN_CL; /* Stay in Close state until timeout */ sctp_ResetTimeOut(la, assoc, SN_C_T(la)); return (SN_NAT_PKT); - case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ - assoc->state = SN_RM;/* Mark for removal*/ + case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */ + assoc->state = SN_RM; /* Mark for removal*/ return (SN_NAT_PKT); default: return (SN_DROP_PKT); } - return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */ + return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope + for the best */ } /* ---------------------------------------------------------------------- @@ -2027,7 +2398,8 @@ * @return pointer to association or NULL */ static struct sctp_nat_assoc * -FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port) +FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, + uint32_t l_vtag, uint16_t l_port, uint16_t g_port) { u_int i; struct sctp_nat_assoc *assoc = NULL; @@ -2035,12 +2407,16 @@ if (l_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(l_vtag, l_port, la->sctpNatTableSize); - LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) { - if ((assoc->l_vtag == l_vtag) && (assoc->l_port == l_port) && (assoc->g_port == g_port)\ - && (assoc->l_addr.s_addr == l_addr.s_addr)) { + LIST_FOREACH (assoc, &la->sctpTableLocal[i], list_L) { + if ((assoc->l_vtag == l_vtag) && + (assoc->l_port == l_port) && + (assoc->g_port == g_port) && + (assoc->l_addr.s_addr == l_addr.s_addr)) { if (assoc->num_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == g_addr.s_addr) + LIST_FOREACH (G_Addr, &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr.s_addr == + g_addr.s_addr) return (assoc); } } else { @@ -2072,13 +2448,22 @@ struct sctp_GlobalAddress *G_AddrC = NULL; if (Cassoc->g_vtag != 0) { /* an init packet, vtag==0 */ - i = SN_TABLE_HASH(Cassoc->g_vtag, Cassoc->g_port, la->sctpNatTableSize); - LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) { - if ((assoc->g_vtag == Cassoc->g_vtag) && (assoc->g_port == Cassoc->g_port) && (assoc->l_port == Cassoc->l_port)) { + i = SN_TABLE_HASH(Cassoc->g_vtag, Cassoc->g_port, + la->sctpNatTableSize); + LIST_FOREACH (assoc, &la->sctpTableGlobal[i], list_G) { + if ((assoc->g_vtag == Cassoc->g_vtag) && + (assoc->g_port == Cassoc->g_port) && + (assoc->l_port == Cassoc->l_port)) { if (assoc->num_Gaddr) { - LIST_FOREACH(G_AddrC, &(Cassoc->Gaddr), list_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == G_AddrC->g_addr.s_addr) + LIST_FOREACH (G_AddrC, &(Cassoc->Gaddr), + list_Gaddr) { + LIST_FOREACH (G_Addr, + &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr + .s_addr == + G_AddrC->g_addr + .s_addr) return (assoc); } } @@ -2111,7 +2496,8 @@ * @return pointer to association or NULL */ static struct sctp_nat_assoc * -FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match) +FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, + uint16_t g_port, uint16_t l_port, int *partial_match) { u_int i; struct sctp_nat_assoc *assoc = NULL; @@ -2120,12 +2506,16 @@ *partial_match = 0; if (g_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(g_vtag, g_port, la->sctpNatTableSize); - LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) { - if ((assoc->g_vtag == g_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) { + LIST_FOREACH (assoc, &la->sctpTableGlobal[i], list_G) { + if ((assoc->g_vtag == g_vtag) && + (assoc->g_port == g_port) && + (assoc->l_port == l_port)) { *partial_match = 1; if (assoc->num_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == g_addr.s_addr) + LIST_FOREACH (G_Addr, &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr.s_addr == + g_addr.s_addr) return (assoc); } } else { @@ -2138,7 +2528,8 @@ } /** @ingroup Hash - * @brief Find the SCTP association for a T-Flag message (given the global port and local vtag) + * @brief Find the SCTP association for a T-Flag message (given the global port + * and local vtag) * * Searches the local look-up table for a unique association entry matching the * provided global port and local vtag information @@ -2152,7 +2543,8 @@ * @return pointer to association or NULL */ static struct sctp_nat_assoc * -FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port) +FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, + uint16_t g_port, uint16_t l_port) { u_int i; struct sctp_nat_assoc *assoc = NULL, *lastmatch = NULL; @@ -2161,12 +2553,18 @@ if (l_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(l_vtag, g_port, la->sctpNatTableSize); - LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) { - if ((assoc->g_vtag == l_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) { + LIST_FOREACH (assoc, &la->sctpTableGlobal[i], list_G) { + if ((assoc->g_vtag == l_vtag) && + (assoc->g_port == g_port) && + (assoc->l_port == l_port)) { if (assoc->num_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == g_addr.s_addr) - return (assoc); /* full match */ + LIST_FOREACH (G_Addr, &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr.s_addr == + g_addr.s_addr) + return ( + assoc); /* full + match */ } } else { if (++cnt > 1) @@ -2176,12 +2574,14 @@ } } } - /* If there is more than one match we do not know which local address to send to */ + /* If there is more than one match we do not know which local address to + * send to */ return (cnt ? lastmatch : NULL); } /** @ingroup Hash - * @brief Find the SCTP association for a T-Flag message (given the local port and global vtag) + * @brief Find the SCTP association for a T-Flag message (given the local port + * and global vtag) * * Searches the global look-up table for a unique association entry matching the * provided local port and global vtag information @@ -2195,7 +2595,8 @@ * @return pointer to association or NULL */ static struct sctp_nat_assoc * -FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port) +FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, + uint16_t l_port, uint16_t g_port) { u_int i; struct sctp_nat_assoc *assoc = NULL; @@ -2203,11 +2604,15 @@ if (g_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(g_vtag, l_port, la->sctpNatTableSize); - LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) { - if ((assoc->l_vtag == g_vtag) && (assoc->l_port == l_port) && (assoc->g_port == g_port)) { + LIST_FOREACH (assoc, &la->sctpTableLocal[i], list_L) { + if ((assoc->l_vtag == g_vtag) && + (assoc->l_port == l_port) && + (assoc->g_port == g_port)) { if (assoc->num_Gaddr) { - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if (G_Addr->g_addr.s_addr == g_addr.s_addr) + LIST_FOREACH (G_Addr, &(assoc->Gaddr), + list_Gaddr) { + if (G_Addr->g_addr.s_addr == + g_addr.s_addr) return (assoc); } } else { @@ -2236,23 +2641,26 @@ * @return SN_ADD_OK | SN_ADD_CLASH */ static int -AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr) +AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, + struct in_addr g_addr) { struct sctp_nat_assoc *found; LIBALIAS_LOCK_ASSERT(la); - found = FindSctpLocal(la, assoc->l_addr, g_addr, assoc->l_vtag, assoc->l_port, assoc->g_port); + found = FindSctpLocal(la, assoc->l_addr, g_addr, assoc->l_vtag, + assoc->l_port, assoc->g_port); /* * Note that if a different global address initiated this Init, * ie it wasn't resent as presumed: - * - the local receiver if receiving it for the first time will establish - * an association with the new global host - * - if receiving an init from a different global address after sending a - * lost initack it will send an initack to the new global host, the first - * association attempt will then be blocked if retried. + * - the local receiver if receiving it for the first time will + * establish an association with the new global host + * - if receiving an init from a different global address after sending + * a lost initack it will send an initack to the new global host, the + * first association attempt will then be blocked if retried. */ if (found != NULL) { - if ((found->TableRegister == SN_LOCAL_TBL) && (found->g_port == assoc->g_port)) { /* resent message */ + if ((found->TableRegister == SN_LOCAL_TBL) && + (found->g_port == assoc->g_port)) { /* resent message */ RmSctpAssoc(la, found); sctp_RmTimeOut(la, found); freeGlobalAddressList(found); @@ -2261,10 +2669,11 @@ return (SN_ADD_CLASH); } - LIST_INSERT_HEAD(&la->sctpTableLocal[SN_TABLE_HASH(assoc->l_vtag, assoc->l_port, la->sctpNatTableSize)], + LIST_INSERT_HEAD(&la->sctpTableLocal[SN_TABLE_HASH(assoc->l_vtag, + assoc->l_port, la->sctpNatTableSize)], assoc, list_L); assoc->TableRegister |= SN_LOCAL_TBL; - la->sctpLinkCount++; //increment link count + la->sctpLinkCount++; // increment link count if (assoc->TableRegister == SN_BOTH_TBL) { /* libalias log -- controlled by libalias */ @@ -2311,10 +2720,11 @@ return (SN_ADD_CLASH); } - LIST_INSERT_HEAD(&la->sctpTableGlobal[SN_TABLE_HASH(assoc->g_vtag, assoc->g_port, la->sctpNatTableSize)], + LIST_INSERT_HEAD(&la->sctpTableGlobal[SN_TABLE_HASH(assoc->g_vtag, + assoc->g_port, la->sctpNatTableSize)], assoc, list_G); assoc->TableRegister |= SN_GLOBAL_TBL; - la->sctpLinkCount++; //increment link count + la->sctpLinkCount++; // increment link count if (assoc->TableRegister == SN_BOTH_TBL) { /* libalias log -- controlled by libalias */ @@ -2348,7 +2758,8 @@ if (assoc == NULL) { /* very bad, log and die*/ SN_LOG(SN_LOG_LOW, - logsctperror("ERROR: alias_sctp:RmSctpAssoc(NULL)\n", 0, 0, SN_TO_NODIR)); + logsctperror("ERROR: alias_sctp:RmSctpAssoc(NULL)\n", 0, 0, + SN_TO_NODIR)); return; } /* log if association is fully up and now closing */ @@ -2358,13 +2769,13 @@ LIBALIAS_LOCK_ASSERT(la); if (assoc->TableRegister & SN_LOCAL_TBL) { assoc->TableRegister ^= SN_LOCAL_TBL; - la->sctpLinkCount--; //decrement link count + la->sctpLinkCount--; // decrement link count LIST_REMOVE(assoc, list_L); } if (assoc->TableRegister & SN_GLOBAL_TBL) { assoc->TableRegister ^= SN_GLOBAL_TBL; - la->sctpLinkCount--; //decrement link count + la->sctpLinkCount--; // decrement link count LIST_REMOVE(assoc, list_G); } // sn_free(assoc); //Don't remove now, remove if needed later @@ -2382,9 +2793,10 @@ * * @param assoc */ -static void freeGlobalAddressList(struct sctp_nat_assoc *assoc) +static void +freeGlobalAddressList(struct sctp_nat_assoc *assoc) { - struct sctp_GlobalAddress *gaddr1=NULL,*gaddr2=NULL; + struct sctp_GlobalAddress *gaddr1 = NULL, *gaddr2 = NULL; /*free global address list*/ gaddr1 = LIST_FIRST(&(assoc->Gaddr)); while (gaddr1 != NULL) { @@ -2425,7 +2837,8 @@ { int add_loc; LIBALIAS_LOCK_ASSERT(la); - add_loc = assoc->exp - la->sctpNatTimer.loc_time + la->sctpNatTimer.cur_loc; + add_loc = assoc->exp - la->sctpNatTimer.loc_time + + la->sctpNatTimer.cur_loc; if (add_loc >= SN_TIMER_QUEUE_SIZE) add_loc -= SN_TIMER_QUEUE_SIZE; LIST_INSERT_HEAD(&la->sctpNatTimer.TimerQ[add_loc], assoc, timer_Q); @@ -2445,7 +2858,7 @@ sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc) { LIBALIAS_LOCK_ASSERT(la); - LIST_REMOVE(assoc, timer_Q);/* Note this is O(1) */ + LIST_REMOVE(assoc, timer_Q); /* Note this is O(1) */ } /** @ingroup Timer @@ -2493,18 +2906,24 @@ struct sctp_nat_assoc *assoc; LIBALIAS_LOCK_ASSERT(la); - while(la->timeStamp >= la->sctpNatTimer.loc_time) { - while (!LIST_EMPTY(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc])) { - assoc = LIST_FIRST(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc]); - //SLIST_REMOVE_HEAD(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc], timer_Q); + while (la->timeStamp >= la->sctpNatTimer.loc_time) { + while (!LIST_EMPTY( + &la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc])) { + assoc = LIST_FIRST( + &la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc]); + // SLIST_REMOVE_HEAD(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc], + // timer_Q); LIST_REMOVE(assoc, timer_Q); if (la->timeStamp >= assoc->exp) { /* state expired */ - SN_LOG(((assoc->state == SN_CL) ? (SN_LOG_DEBUG) : (SN_LOG_INFO)), - logsctperror("Timer Expired", assoc->g_vtag, assoc->state, SN_TO_NODIR)); + SN_LOG(((assoc->state == SN_CL) ? + (SN_LOG_DEBUG) : + (SN_LOG_INFO)), + logsctperror("Timer Expired", assoc->g_vtag, + assoc->state, SN_TO_NODIR)); RmSctpAssoc(la, assoc); freeGlobalAddressList(assoc); sn_free(assoc); - } else {/* state not expired, reschedule timer*/ + } else { /* state not expired, reschedule timer*/ sctp_AddTimeOut(la, assoc); } } @@ -2609,7 +3028,8 @@ * @param assoc pointer to sctp association * @param s Character that indicates the state of processing for this packet */ -static void logsctpassoc(struct sctp_nat_assoc *assoc, char *s) +static void +logsctpassoc(struct sctp_nat_assoc *assoc, char *s) { struct sctp_GlobalAddress *G_Addr = NULL; char *sp; @@ -2638,13 +3058,13 @@ sp = "***ERROR***"; break; } - SctpAliasLog("%sAssoc: %s exp=%u la=%s lv=%u lp=%u gv=%u gp=%u tbl=%d\n", - s, sp, assoc->exp, inet_ntoa_r(assoc->l_addr, addrbuf), - ntohl(assoc->l_vtag), ntohs(assoc->l_port), - ntohl(assoc->g_vtag), ntohs(assoc->g_port), - assoc->TableRegister); + SctpAliasLog( + "%sAssoc: %s exp=%u la=%s lv=%u lp=%u gv=%u gp=%u tbl=%d\n", s, sp, + assoc->exp, inet_ntoa_r(assoc->l_addr, addrbuf), + ntohl(assoc->l_vtag), ntohs(assoc->l_port), ntohl(assoc->g_vtag), + ntohs(assoc->g_port), assoc->TableRegister); /* list global addresses */ - LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { + LIST_FOREACH (G_Addr, &(assoc->Gaddr), list_Gaddr) { SctpAliasLog("\t\tga=%s\n", inet_ntoa_r(G_Addr->g_addr, addrbuf)); } @@ -2655,14 +3075,15 @@ * * @param la Pointer to the relevant libalias instance */ -static void logSctpGlobal(struct libalias *la) +static void +logSctpGlobal(struct libalias *la) { u_int i; struct sctp_nat_assoc *assoc = NULL; SctpAliasLog("G->\n"); for (i = 0; i < la->sctpNatTableSize; i++) { - LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) { + LIST_FOREACH (assoc, &la->sctpTableGlobal[i], list_G) { logsctpassoc(assoc, " "); } } @@ -2673,14 +3094,15 @@ * * @param la Pointer to the relevant libalias instance */ -static void logSctpLocal(struct libalias *la) +static void +logSctpLocal(struct libalias *la) { u_int i; struct sctp_nat_assoc *assoc = NULL; SctpAliasLog("L->\n"); for (i = 0; i < la->sctpNatTableSize; i++) { - LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) { + LIST_FOREACH (assoc, &la->sctpTableLocal[i], list_L) { logsctpassoc(assoc, " "); } } @@ -2691,7 +3113,8 @@ * * @param la Pointer to the relevant libalias instance */ -static void logTimerQ(struct libalias *la) +static void +logTimerQ(struct libalias *la) { static char buf[50]; u_int i; @@ -2699,9 +3122,9 @@ SctpAliasLog("t->\n"); for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) { - LIST_FOREACH(assoc, &la->sctpNatTimer.TimerQ[i], timer_Q) { - snprintf(buf, 50, " l=%u ",i); - //SctpAliasLog(la->logDesc," l=%d ",i); + LIST_FOREACH (assoc, &la->sctpNatTimer.TimerQ[i], timer_Q) { + snprintf(buf, 50, " l=%u ", i); + // SctpAliasLog(la->logDesc," l=%d ",i); logsctpassoc(assoc, buf); } } Index: sys/netinet/libalias/alias_skinny.c =================================================================== --- sys/netinet/libalias/alias_skinny.c +++ sys/netinet/libalias/alias_skinny.c @@ -42,8 +42,8 @@ #include #endif -#include #include +#include #include #include @@ -55,16 +55,17 @@ #include "alias_mod.h" #endif -static void -AliasHandleSkinny(struct libalias *, struct ip *, struct alias_link *); +static void AliasHandleSkinny(struct libalias *, struct ip *, + struct alias_link *); static int fingerprint(struct libalias *la, struct alias_data *ah) { if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL) return (-1); - if (la->skinnyPort != 0 && (ntohs(*ah->sport) == la->skinnyPort || - ntohs(*ah->dport) == la->skinnyPort)) + if (la->skinnyPort != 0 && + (ntohs(*ah->sport) == la->skinnyPort || + ntohs(*ah->dport) == la->skinnyPort)) return (0); return (-1); } @@ -76,16 +77,12 @@ return (0); } -struct proto_handler handlers[] = { - { - .pri = 110, - .dir = IN|OUT, - .proto = TCP, - .fingerprint = &fingerprint, - .protohandler = &protohandler - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 110, + .dir = IN | OUT, + .proto = TCP, + .fingerprint = &fingerprint, + .protohandler = &protohandler }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -110,9 +107,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_skinny", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_skinny", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_skinny, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -146,69 +141,65 @@ * * Skinny is a Cisco-proprietary protocol and is a trademark of Cisco Systems, * Inc. All rights reserved. -*/ + */ /* #define LIBALIAS_DEBUG 1 */ /* Message types that need translating */ -#define REG_MSG 0x00000001 -#define IP_PORT_MSG 0x00000002 -#define OPNRCVCH_ACK 0x00000022 -#define START_MEDIATX 0x0000008a +#define REG_MSG 0x00000001 +#define IP_PORT_MSG 0x00000002 +#define OPNRCVCH_ACK 0x00000022 +#define START_MEDIATX 0x0000008a struct skinny_header { - u_int32_t len; - u_int32_t reserved; - u_int32_t msgId; + u_int32_t len; + u_int32_t reserved; + u_int32_t msgId; }; struct RegisterMessage { - u_int32_t msgId; - char devName [16]; - u_int32_t uid; - u_int32_t instance; - u_int32_t ipAddr; - u_char devType; - u_int32_t maxStreams; + u_int32_t msgId; + char devName[16]; + u_int32_t uid; + u_int32_t instance; + u_int32_t ipAddr; + u_char devType; + u_int32_t maxStreams; }; struct IpPortMessage { - u_int32_t msgId; - u_int32_t stationIpPort; /* Note: Skinny uses 32-bit port - * numbers */ + u_int32_t msgId; + u_int32_t stationIpPort; /* Note: Skinny uses 32-bit port + * numbers */ }; struct OpenReceiveChannelAck { - u_int32_t msgId; - u_int32_t status; - u_int32_t ipAddr; - u_int32_t port; - u_int32_t passThruPartyID; + u_int32_t msgId; + u_int32_t status; + u_int32_t ipAddr; + u_int32_t port; + u_int32_t passThruPartyID; }; struct StartMediaTransmission { - u_int32_t msgId; - u_int32_t conferenceID; - u_int32_t passThruPartyID; - u_int32_t remoteIpAddr; - u_int32_t remotePort; - u_int32_t MSPacket; - u_int32_t payloadCap; - u_int32_t precedence; - u_int32_t silenceSuppression; - u_short maxFramesPerPacket; - u_int32_t G723BitRate; + u_int32_t msgId; + u_int32_t conferenceID; + u_int32_t passThruPartyID; + u_int32_t remoteIpAddr; + u_int32_t remotePort; + u_int32_t MSPacket; + u_int32_t payloadCap; + u_int32_t precedence; + u_int32_t silenceSuppression; + u_short maxFramesPerPacket; + u_int32_t G723BitRate; }; -typedef enum { - ClientToServer = 0, - ServerToClient = 1 -} ConvDirection; +typedef enum { ClientToServer = 0, ServerToClient = 1 } ConvDirection; static int alias_skinny_reg_msg(struct RegisterMessage *reg_msg, struct ip *pip, - struct tcphdr *tc, struct alias_link *lnk, - ConvDirection direction) + struct tcphdr *tc, struct alias_link *lnk, ConvDirection direction) { (void)direction; @@ -226,9 +217,8 @@ static int alias_skinny_startmedia(struct StartMediaTransmission *start_media, - struct ip *pip, struct tcphdr *tc, - struct alias_link *lnk, u_int32_t localIpAddr, - ConvDirection direction) + struct ip *pip, struct tcphdr *tc, struct alias_link *lnk, + u_int32_t localIpAddr, ConvDirection direction) { struct in_addr dst, src; @@ -250,8 +240,7 @@ static int alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip, - struct tcphdr *tc, struct alias_link *lnk, - ConvDirection direction) + struct tcphdr *tc, struct alias_link *lnk, ConvDirection direction) { (void)direction; @@ -267,9 +256,9 @@ } static int -alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opnrcvch_ack, - struct ip *pip, struct tcphdr *tc, - struct alias_link *lnk, u_int32_t * localIpAddr, +alias_skinny_opnrcvch_ack(struct libalias *la, + struct OpenReceiveChannelAck *opnrcvch_ack, struct ip *pip, + struct tcphdr *tc, struct alias_link *lnk, u_int32_t *localIpAddr, ConvDirection direction) { struct in_addr null_addr; @@ -284,8 +273,7 @@ null_addr.s_addr = INADDR_ANY; opnrcv_lnk = FindUdpTcpOut(la, pip->ip_src, null_addr, - htons((u_short) opnrcvch_ack->port), 0, - IPPROTO_UDP, 1); + htons((u_short)opnrcvch_ack->port), 0, IPPROTO_UDP, 1); opnrcvch_ack->ipAddr = (u_int32_t)GetAliasAddress(opnrcv_lnk).s_addr; opnrcvch_ack->port = (u_int32_t)ntohs(GetAliasPort(opnrcv_lnk)); @@ -387,7 +375,8 @@ "PacketAlias/Skinny: Received ipport message\n"); #endif port_mesg = (struct IpPortMessage *)&sd->msgId; - alias_skinny_port_msg(port_mesg, pip, tc, lnk, direction); + alias_skinny_port_msg(port_mesg, pip, tc, lnk, + direction); break; } case OPNRCVCH_ACK: { @@ -404,8 +393,10 @@ fprintf(stderr, "PacketAlias/Skinny: Received open rcv channel msg\n"); #endif - opnrcvchn_ack = (struct OpenReceiveChannelAck *)&sd->msgId; - alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, lnk, &lip, direction); + opnrcvchn_ack = + (struct OpenReceiveChannelAck *)&sd->msgId; + alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, + lnk, &lip, direction); break; } case START_MEDIATX: { @@ -432,8 +423,10 @@ fprintf(stderr, "PacketAlias/Skinny: Received start media trans msg\n"); #endif - startmedia_tx = (struct StartMediaTransmission *)&sd->msgId; - alias_skinny_startmedia(startmedia_tx, pip, tc, lnk, lip, direction); + startmedia_tx = + (struct StartMediaTransmission *)&sd->msgId; + alias_skinny_startmedia(startmedia_tx, pip, tc, lnk, + lip, direction); break; } default: Index: sys/netinet/libalias/alias_smedia.c =================================================================== --- sys/netinet/libalias/alias_smedia.c +++ sys/netinet/libalias/alias_smedia.c @@ -106,14 +106,15 @@ #include #include #else -#include #include + +#include #include #include #endif -#include #include +#include #include #include @@ -130,9 +131,8 @@ #define RTSP_CONTROL_PORT_NUMBER_2 7070 #define TFTP_PORT_NUMBER 69 -static void -AliasHandleRtspOut(struct libalias *, struct ip *, struct alias_link *, - int maxpacketsize); +static void AliasHandleRtspOut(struct libalias *, struct ip *, + struct alias_link *, int maxpacketsize); static int fingerprint(struct libalias *la, struct alias_data *ah) { @@ -142,10 +142,10 @@ if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL || ah->maxpktsize == 0) return (-1); - if (ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_1 - || ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_1 - || ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_2 - || ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_2) + if (ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_1 || + ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_1 || + ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_2 || + ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_2) return (0); return (-1); } @@ -154,22 +154,19 @@ protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah) { if (ntohs(*ah->dport) == TFTP_PORT_NUMBER) - FindRtspOut(la, pip->ip_src, pip->ip_dst, - *ah->sport, *ah->aport, IPPROTO_UDP); - else AliasHandleRtspOut(la, pip, ah->lnk, ah->maxpktsize); + FindRtspOut(la, pip->ip_src, pip->ip_dst, *ah->sport, + *ah->aport, IPPROTO_UDP); + else + AliasHandleRtspOut(la, pip, ah->lnk, ah->maxpktsize); return (0); } -struct proto_handler handlers[] = { - { - .pri = 100, - .dir = OUT, - .proto = TCP|UDP, - .fingerprint = &fingerprint, - .protohandler = &protohandler - }, - { EOH } -}; +struct proto_handler handlers[] = { { .pri = 100, + .dir = OUT, + .proto = TCP | UDP, + .fingerprint = &fingerprint, + .protohandler = &protohandler }, + { EOH } }; static int mod_handler(module_t mod, int type, void *data) @@ -194,9 +191,7 @@ #ifdef _KERNEL static #endif -moduledata_t alias_mod = { - "alias_smedia", mod_handler, NULL -}; + moduledata_t alias_mod = { "alias_smedia", mod_handler, NULL }; #ifdef _KERNEL DECLARE_MODULE(alias_smedia, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND); @@ -204,9 +199,9 @@ MODULE_DEPEND(alias_smedia, libalias, 1, 1, 1); #endif -#define RTSP_CONTROL_PORT_NUMBER_1 554 -#define RTSP_CONTROL_PORT_NUMBER_2 7070 -#define RTSP_PORT_GROUP 2 +#define RTSP_CONTROL_PORT_NUMBER_1 554 +#define RTSP_CONTROL_PORT_NUMBER_2 7070 +#define RTSP_PORT_GROUP 2 #define ISDIGIT(a) (((a) >= '0') && ((a) <= '9')) @@ -230,10 +225,8 @@ } static int -alias_rtsp_out(struct libalias *la, struct ip *pip, - struct alias_link *lnk, - char *data, - const char *port_str) +alias_rtsp_out(struct libalias *la, struct ip *pip, struct alias_link *lnk, + char *data, const char *port_str) { int hlen, tlen, dlen; struct tcphdr *tc; @@ -310,25 +303,35 @@ * need */ null_addr.s_addr = 0; - if (0 == (salias = FindNewPortGroup(la, null_addr, - FindAliasAddress(la, pip->ip_src), - sport, 0, - RTSP_PORT_GROUP, - IPPROTO_UDP, 1))) { + if (0 == + (salias = FindNewPortGroup(la, + null_addr, + FindAliasAddress(la, + pip->ip_src), + sport, 0, RTSP_PORT_GROUP, + IPPROTO_UDP, 1))) { #ifdef LIBALIAS_DEBUG fprintf(stderr, "PacketAlias/RTSP: Cannot find contiguous RTSP data ports\n"); #endif } else { base_alias = ntohs(salias); - for (j = 0; j < RTSP_PORT_GROUP; j++) { + for (j = 0; j < RTSP_PORT_GROUP; + j++) { /* * Establish link * to port found in * RTSP packet */ - rtsp_lnk = FindRtspOut(la, GetOriginalAddress(lnk), null_addr, - htons(base_port + j), htons(base_alias + j), + rtsp_lnk = FindRtspOut( + la, + GetOriginalAddress( + lnk), + null_addr, + htons( + base_port + j), + htons( + base_alias + j), IPPROTO_UDP); if (rtsp_lnk != NULL) { #ifndef NO_FW_PUNCH @@ -337,7 +340,8 @@ * hole in * firewall */ - PunchFWHole(rtsp_lnk); + PunchFWHole( + rtsp_lnk); #endif } else { #ifdef LIBALIAS_DEBUG @@ -348,14 +352,16 @@ } } } - ealias = htons(base_alias + (RTSP_PORT_GROUP - 1)); + ealias = htons( + base_alias + (RTSP_PORT_GROUP - 1)); } if (salias && rtsp_lnk) { pkt_updated = 1; /* Copy into IP packet */ sprintf(stemp, "%d", ntohs(salias)); - memcpy(port_newdata, stemp, strlen(stemp)); + memcpy(port_newdata, stemp, + strlen(stemp)); port_newdata += strlen(stemp); if (eport != 0) { @@ -363,8 +369,10 @@ port_newdata++; /* Copy into IP packet */ - sprintf(stemp, "%d", ntohs(ealias)); - memcpy(port_newdata, stemp, strlen(stemp)); + sprintf(stemp, "%d", + ntohs(ealias)); + memcpy(port_newdata, stemp, + strlen(stemp)); port_newdata += strlen(stemp); } *port_newdata = ';'; @@ -414,10 +422,8 @@ /* Support the protocol used by early versions of RealPlayer */ static int -alias_pna_out(struct libalias *la, struct ip *pip, - struct alias_link *lnk, - char *data, - int dlen) +alias_pna_out(struct libalias *la, struct ip *pip, struct alias_link *lnk, + char *data, int dlen) { struct alias_link *pna_links; u_short msg_id, msg_len; @@ -437,8 +443,8 @@ if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) { memcpy(&port, work, 2); - pna_links = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(lnk), - port, 0, IPPROTO_UDP, 1); + pna_links = FindUdpTcpOut(la, pip->ip_src, + GetDestAddress(lnk), port, 0, IPPROTO_UDP, 1); if (pna_links != NULL) { #ifndef NO_FW_PUNCH /* Punch hole in firewall */ @@ -464,7 +470,8 @@ } static void -AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *lnk, int maxpacketsize) +AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *lnk, + int maxpacketsize) { int hlen, tlen, dlen; struct tcphdr *tc; @@ -504,21 +511,23 @@ if (dlen >= (int)strlen(str200)) { for (parseOk = 0, i = 0; - i <= dlen - (int)strlen(str200); - i++) - if (memcmp(&data[i], str200, strlen(str200)) == 0) { + i <= dlen - (int)strlen(str200); i++) + if (memcmp(&data[i], str200, strlen(str200)) == + 0) { parseOk = 1; break; } if (parseOk) { - i += strlen(str200); /* skip string found */ - while (data[i] == ' ') /* skip blank(s) */ + i += strlen(str200); /* skip string found */ + while (data[i] == ' ') /* skip blank(s) */ i++; if ((dlen - i) >= (int)strlen(okstr)) - if (memcmp(&data[i], okstr, strlen(okstr)) == 0) - alias_rtsp_out(la, pip, lnk, data, server_port_str); + if (memcmp(&data[i], okstr, + strlen(okstr)) == 0) + alias_rtsp_out(la, pip, lnk, + data, server_port_str); } } } Index: sys/netinet/libalias/alias_util.c =================================================================== --- sys/netinet/libalias/alias_util.c +++ sys/netinet/libalias/alias_util.c @@ -49,11 +49,12 @@ #include #else #include + #include #endif -#include #include +#include #include #include @@ -72,8 +73,7 @@ * purposes); */ u_short -LibAliasInternetChecksum(struct libalias *la __unused, u_short *ptr, - int nbytes) +LibAliasInternetChecksum(struct libalias *la __unused, u_short *ptr, int nbytes) { int sum, oddbyte; @@ -99,9 +99,8 @@ u_short IpChecksum(struct ip *pip) { - return (LibAliasInternetChecksum(NULL, (u_short *)pip, - (pip->ip_hl << 2))); - + return ( + LibAliasInternetChecksum(NULL, (u_short *)pip, (pip->ip_hl << 2))); } u_short @@ -118,7 +117,7 @@ tc = (struct tcphdr *)ip_next(pip); ptr = (u_short *)tc; -/* Add up TCP header and data */ + /* Add up TCP header and data */ nbytes = ntcp; sum = 0; while (nbytes > 1) { @@ -131,7 +130,7 @@ ((u_char *)&oddbyte)[1] = 0; sum += oddbyte; } -/* "Pseudo-header" data */ + /* "Pseudo-header" data */ ptr = (void *)&pip->ip_dst; sum += *ptr++; sum += *ptr; @@ -141,14 +140,14 @@ sum += htons((u_short)ntcp); sum += htons((u_short)pip->ip_p); -/* Roll over carry bits */ + /* Roll over carry bits */ sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); -/* Return checksum */ + /* Return checksum */ return ((u_short)~sum); } -#endif /* not _KERNEL */ +#endif /* not _KERNEL */ void DifferentialChecksum(u_short *cksum, void *newp, void *oldp, int n) @@ -160,7 +159,7 @@ accumulate = *cksum; for (i = 0; i < n; i++) { - accumulate -= *new++; + accumulate -= *new ++; accumulate += *old++; }