Page MenuHomeFreeBSD
Files F106129431

D30260.diff
No OneTemporary
Actions

D30260.diff
View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
Index: sys/netinet/libalias/alias.h
===================================================================
--- sys/netinet/libalias/alias.h
+++ sys/netinet/libalias/alias.h
@@ -37,10 +37,10 @@
*/
#ifndef _ALIAS_H_
-#define _ALIAS_H_
+#define _ALIAS_H_
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#define LIBALIAS_BUF_SIZE 128
@@ -48,8 +48,8 @@
/*
* The kernel version of libalias does not support these features.
*/
-#define NO_FW_PUNCH
-#define NO_USE_SOCKETS
+#define NO_FW_PUNCH
+#define NO_USE_SOCKETS
#endif
/*
@@ -83,54 +83,60 @@
/* Initialization and control functions. */
struct libalias *LibAliasInit(struct libalias *);
-void LibAliasSetAddress(struct libalias *, struct in_addr _addr);
-void LibAliasSetAliasPortRange(struct libalias *la, u_short port_low, u_short port_hi);
-void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num);
-void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port);
-unsigned int LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask);
-void LibAliasUninit(struct libalias *);
+void LibAliasSetAddress(struct libalias *, struct in_addr _addr);
+void LibAliasSetAliasPortRange(struct libalias *la, u_short port_low,
+ u_short port_hi);
+void LibAliasSetFWBase(struct libalias *, unsigned int _base,
+ unsigned int _num);
+void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port);
+unsigned int LibAliasSetMode(struct libalias *, unsigned int _flags,
+ unsigned int _mask);
+void LibAliasUninit(struct libalias *);
/* Packet Handling functions. */
-int LibAliasIn (struct libalias *, void *_ptr, int _maxpacketsize);
-int LibAliasOut(struct libalias *, void *_ptr, int _maxpacketsize);
-int LibAliasOutTry(struct libalias *, void *_ptr, int _maxpacketsize, int _create);
-int LibAliasUnaliasOut(struct libalias *, void *_ptr, int _maxpacketsize);
+int LibAliasIn(struct libalias *, void *_ptr, int _maxpacketsize);
+int LibAliasOut(struct libalias *, void *_ptr, int _maxpacketsize);
+int LibAliasOutTry(struct libalias *, void *_ptr, int _maxpacketsize,
+ int _create);
+int LibAliasUnaliasOut(struct libalias *, void *_ptr, int _maxpacketsize);
/* Port and address redirection functions. */
-int LibAliasAddServer(struct libalias *, struct alias_link *_lnk,
- struct in_addr _addr, unsigned short _port);
-struct alias_link * LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr,
- struct in_addr _alias_addr);
-int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_lnk);
-void LibAliasRedirectDelete(struct libalias *, struct alias_link *_lnk);
-struct alias_link * LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr,
- unsigned short _src_port, struct in_addr _dst_addr,
- unsigned short _dst_port, struct in_addr _alias_addr,
- unsigned short _alias_port, unsigned char _proto);
-struct alias_link * LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr,
- struct in_addr _dst_addr, struct in_addr _alias_addr,
- unsigned char _proto);
+int LibAliasAddServer(struct libalias *, struct alias_link *_lnk,
+ struct in_addr _addr, unsigned short _port);
+struct alias_link *LibAliasRedirectAddr(struct libalias *,
+ struct in_addr _src_addr, struct in_addr _alias_addr);
+int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_lnk);
+void LibAliasRedirectDelete(struct libalias *, struct alias_link *_lnk);
+struct alias_link *LibAliasRedirectPort(struct libalias *,
+ struct in_addr _src_addr, unsigned short _src_port,
+ struct in_addr _dst_addr, unsigned short _dst_port,
+ struct in_addr _alias_addr, unsigned short _alias_port,
+ unsigned char _proto);
+struct alias_link *LibAliasRedirectProto(struct libalias *,
+ struct in_addr _src_addr, struct in_addr _dst_addr,
+ struct in_addr _alias_addr, unsigned char _proto);
/* Fragment Handling functions. */
-void LibAliasFragmentIn(struct libalias *, void *_ptr, void *_ptr_fragment);
-void *LibAliasGetFragment(struct libalias *, void *_ptr);
-int LibAliasSaveFragment(struct libalias *, void *_ptr);
+void LibAliasFragmentIn(struct libalias *, void *_ptr, void *_ptr_fragment);
+void *LibAliasGetFragment(struct libalias *, void *_ptr);
+int LibAliasSaveFragment(struct libalias *, void *_ptr);
/* Miscellaneous functions. */
-unsigned short LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes);
-void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr);
+unsigned short LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr,
+ int _nbytes);
+void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr);
/* Transparent proxying routines. */
-int LibAliasProxyRule(struct libalias *, const char *_cmd);
+int LibAliasProxyRule(struct libalias *, const char *_cmd);
/* Module handling API */
-int LibAliasLoadModule(char *);
-int LibAliasUnLoadAllModule(void);
-int LibAliasRefreshModules(void);
+int LibAliasLoadModule(char *);
+int LibAliasUnLoadAllModule(void);
+int LibAliasRefreshModules(void);
/* Mbuf helper function. */
-struct mbuf *m_megapullup(struct mbuf *, int);
+struct mbuf *m_megapullup(struct mbuf *, int);
/*
* Mode flags and other constants.
@@ -142,13 +148,13 @@
* If PKT_ALIAS_LOG is set, a message will be printed to /var/log/alias.log
* every time a link is created or deleted. This is useful for debugging.
*/
-#define PKT_ALIAS_LOG 0x01
+#define PKT_ALIAS_LOG 0x01
/*
* If PKT_ALIAS_DENY_INCOMING is set, then incoming connections (e.g. to ftp,
* telnet or web servers will be prevented by the aliasing mechanism.
*/
-#define PKT_ALIAS_DENY_INCOMING 0x02
+#define PKT_ALIAS_DENY_INCOMING 0x02
/*
* If PKT_ALIAS_SAME_PORTS is set, packets will be attempted sent from the
@@ -157,7 +163,7 @@
* at all). This mode bit is set by PacketAliasInit(), so it is a default
* mode of operation.
*/
-#define PKT_ALIAS_SAME_PORTS 0x04
+#define PKT_ALIAS_SAME_PORTS 0x04
/*
* If PKT_ALIAS_USE_SOCKETS is set, then when partially specified links (e.g.
@@ -168,7 +174,7 @@
* a default mode of operation.
*/
#ifndef NO_USE_SOCKETS
-#define PKT_ALIAS_USE_SOCKETS 0x08
+#define PKT_ALIAS_USE_SOCKETS 0x08
#endif
/*-
* If PKT_ALIAS_UNREGISTERED_ONLY is set, then only packets with
@@ -179,7 +185,7 @@
* 172.16.0.0 -> 172.31.255.255
* 192.168.0.0 -> 192.168.255.255
*/
-#define PKT_ALIAS_UNREGISTERED_ONLY 0x10
+#define PKT_ALIAS_UNREGISTERED_ONLY 0x10
/*
* If PKT_ALIAS_RESET_ON_ADDR_CHANGE is set, then the table of dynamic
@@ -188,19 +194,19 @@
* unchanged by this function call, then the table of dynamic aliasing links
* will be left intact. This bit is set after a call to PacketAliasInit().
*/
-#define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20
+#define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20
/*
* If PKT_ALIAS_PROXY_ONLY is set, then NAT will be disabled and only
* transparent proxying is performed.
*/
-#define PKT_ALIAS_PROXY_ONLY 0x40
+#define PKT_ALIAS_PROXY_ONLY 0x40
/*
* If PKT_ALIAS_REVERSE is set, the actions of PacketAliasIn() and
* PacketAliasOut() are reversed.
*/
-#define PKT_ALIAS_REVERSE 0x80
+#define PKT_ALIAS_REVERSE 0x80
#ifndef NO_FW_PUNCH
/*
@@ -210,14 +216,14 @@
* PacketAliasSetFWBase(). The hole will be attached to that
* particular alias_link, so when the link goes away the hole is deleted.
*/
-#define PKT_ALIAS_PUNCH_FW 0x100
+#define PKT_ALIAS_PUNCH_FW 0x100
#endif
/*
* If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching
* states in 'ipfw nat global' rule.
*/
-#define PKT_ALIAS_SKIP_GLOBAL 0x200
+#define PKT_ALIAS_SKIP_GLOBAL 0x200
/*
* Like PKT_ALIAS_UNREGISTERED_ONLY, but includes the RFC 6598
@@ -225,15 +231,15 @@
*
* 100.64.0.0 -> 100.127.255.255
*/
-#define PKT_ALIAS_UNREGISTERED_CGN 0x400
+#define PKT_ALIAS_UNREGISTERED_CGN 0x400
/* Function return codes. */
-#define PKT_ALIAS_ERROR -1
-#define PKT_ALIAS_OK 1
-#define PKT_ALIAS_IGNORED 2
-#define PKT_ALIAS_UNRESOLVED_FRAGMENT 3
-#define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4
+#define PKT_ALIAS_ERROR -1
+#define PKT_ALIAS_OK 1
+#define PKT_ALIAS_IGNORED 2
+#define PKT_ALIAS_UNRESOLVED_FRAGMENT 3
+#define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4
-#endif /* !_ALIAS_H_ */
+#endif /* !_ALIAS_H_ */
/* lint -restore */
Index: sys/netinet/libalias/alias.c
===================================================================
--- sys/netinet/libalias/alias.c
+++ sys/netinet/libalias/alias.c
@@ -118,16 +118,17 @@
#include <sys/sysctl.h>
#else
#include <sys/types.h>
-#include <stdlib.h>
-#include <stdio.h>
+
#include <ctype.h>
#include <dlfcn.h>
#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
@@ -139,6 +140,7 @@
#include <netinet/libalias/alias_mod.h>
#else
#include <err.h>
+
#include "alias.h"
#include "alias_local.h"
#include "alias_mod.h"
@@ -183,9 +185,9 @@
*/
/* Local prototypes */
-static void TcpMonitorIn(u_char, struct alias_link *);
+static void TcpMonitorIn(u_char, struct alias_link *);
-static void TcpMonitorOut(u_char, struct alias_link *);
+static void TcpMonitorOut(u_char, struct alias_link *);
static void
TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
@@ -261,25 +263,24 @@
*/
/* Local prototypes */
-static int IcmpAliasIn1(struct libalias *, struct ip *);
-static int IcmpAliasIn2(struct libalias *, struct ip *);
-static int IcmpAliasIn(struct libalias *, struct ip *);
+static int IcmpAliasIn1(struct libalias *, struct ip *);
+static int IcmpAliasIn2(struct libalias *, struct ip *);
+static int IcmpAliasIn(struct libalias *, struct ip *);
-static int IcmpAliasOut1(struct libalias *, struct ip *, int create);
-static int IcmpAliasOut2(struct libalias *, struct ip *);
-static int IcmpAliasOut(struct libalias *, struct ip *, int create);
+static int IcmpAliasOut1(struct libalias *, struct ip *, int create);
+static int IcmpAliasOut2(struct libalias *, struct ip *);
+static int IcmpAliasOut(struct libalias *, struct ip *, int create);
-static int ProtoAliasIn(struct libalias *la, struct in_addr ip_src,
- struct ip *pip, u_char ip_p, u_short *ip_sum);
-static int ProtoAliasOut(struct libalias *la, struct ip *pip,
- struct in_addr ip_dst, u_char ip_p, u_short *ip_sum,
- int create);
+static int ProtoAliasIn(struct libalias *la, struct in_addr ip_src,
+ struct ip *pip, u_char ip_p, u_short *ip_sum);
+static int ProtoAliasOut(struct libalias *la, struct ip *pip,
+ struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create);
-static int UdpAliasIn(struct libalias *, struct ip *);
-static int UdpAliasOut(struct libalias *, struct ip *, int, int create);
+static int UdpAliasIn(struct libalias *, struct ip *);
+static int UdpAliasOut(struct libalias *, struct ip *, int, int create);
-static int TcpAliasIn(struct libalias *, struct ip *);
-static int TcpAliasOut(struct libalias *, struct ip *, int, int create);
+static int TcpAliasIn(struct libalias *, struct ip *);
+static int TcpAliasOut(struct libalias *, struct ip *, int, int create);
/*
De-alias incoming echo and timestamp replies.
@@ -315,8 +316,8 @@
struct in_addr original_address;
original_address = GetOriginalAddress(lnk);
- DifferentialChecksum(&pip->ip_sum,
- &original_address, &pip->ip_dst, 2);
+ DifferentialChecksum(&pip->ip_sum, &original_address,
+ &pip->ip_dst, 2);
pip->ip_dst = original_address;
}
@@ -347,16 +348,16 @@
ic2 = (struct icmp *)ip_next(ip);
if (ip->ip_p == IPPROTO_UDP)
- lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src,
- ud->uh_dport, ud->uh_sport,
- IPPROTO_UDP, 0);
+ lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, ud->uh_dport,
+ ud->uh_sport, IPPROTO_UDP, 0);
else if (ip->ip_p == IPPROTO_TCP)
- lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src,
- tc->th_dport, tc->th_sport,
- IPPROTO_TCP, 0);
+ lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, tc->th_dport,
+ tc->th_sport, IPPROTO_TCP, 0);
else if (ip->ip_p == IPPROTO_ICMP) {
- if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
- lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
+ if (ic2->icmp_type == ICMP_ECHO ||
+ ic2->icmp_type == ICMP_TSTAMP)
+ lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src,
+ ic2->icmp_id, 0);
else
lnk = NULL;
} else
@@ -383,8 +384,8 @@
ADJUST_CHECKSUM(accumulate2, ic->icmp_cksum);
/* Un-alias address in IP header */
- DifferentialChecksum(&pip->ip_sum,
- &original_address, &pip->ip_dst, 2);
+ DifferentialChecksum(&pip->ip_sum, &original_address,
+ &pip->ip_dst, 2);
pip->ip_dst = original_address;
/* Un-alias address and port number of
@@ -412,8 +413,8 @@
ADJUST_CHECKSUM(accumulate2, ic->icmp_cksum);
/* Un-alias address in IP header */
- DifferentialChecksum(&pip->ip_sum,
- &original_address, &pip->ip_dst, 2);
+ DifferentialChecksum(&pip->ip_sum, &original_address,
+ &pip->ip_dst, 2);
pip->ip_dst = original_address;
/* Un-alias address of original IP packet and
@@ -457,8 +458,7 @@
case ICMP_SOURCEQUENCH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
- if (dlen < ICMP_ADVLENMIN ||
- dlen < (size_t)ICMP_ADVLEN(ic))
+ if (dlen < ICMP_ADVLENMIN || dlen < (size_t)ICMP_ADVLEN(ic))
return (PKT_ALIAS_IGNORED);
iresult = IcmpAliasIn2(la, pip);
break;
@@ -504,8 +504,8 @@
struct in_addr alias_address;
alias_address = GetAliasAddress(lnk);
- DifferentialChecksum(&pip->ip_sum,
- &alias_address, &pip->ip_src, 2);
+ DifferentialChecksum(&pip->ip_sum, &alias_address,
+ &pip->ip_src, 2);
pip->ip_src = alias_address;
}
@@ -536,16 +536,16 @@
ic2 = (struct icmp *)ip_next(ip);
if (ip->ip_p == IPPROTO_UDP)
- lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src,
- ud->uh_dport, ud->uh_sport,
- IPPROTO_UDP, 0);
+ lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, ud->uh_dport,
+ ud->uh_sport, IPPROTO_UDP, 0);
else if (ip->ip_p == IPPROTO_TCP)
- lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src,
- tc->th_dport, tc->th_sport,
- IPPROTO_TCP, 0);
+ lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, tc->th_dport,
+ tc->th_sport, IPPROTO_TCP, 0);
else if (ip->ip_p == IPPROTO_ICMP) {
- if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
- lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
+ if (ic2->icmp_type == ICMP_ECHO ||
+ ic2->icmp_type == ICMP_TSTAMP)
+ lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src,
+ ic2->icmp_id, 0);
else
lnk = NULL;
} else
@@ -657,8 +657,8 @@
machine.
*/
static int
-ProtoAliasIn(struct libalias *la, struct in_addr ip_src,
- struct ip *pip, u_char ip_p, u_short *ip_sum)
+ProtoAliasIn(struct libalias *la, struct in_addr ip_src, struct ip *pip,
+ u_char ip_p, u_short *ip_sum)
{
struct alias_link *lnk;
@@ -674,8 +674,8 @@
original_address = GetOriginalAddress(lnk);
/* Restore original IP address */
- DifferentialChecksum(ip_sum,
- &original_address, &pip->ip_dst, 2);
+ DifferentialChecksum(ip_sum, &original_address, &pip->ip_dst,
+ 2);
pip->ip_dst = original_address;
return (PKT_ALIAS_OK);
@@ -689,8 +689,8 @@
the source IP address of the packet.
*/
static int
-ProtoAliasOut(struct libalias *la, struct ip *pip,
- struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create)
+ProtoAliasOut(struct libalias *la, struct ip *pip, struct in_addr ip_dst,
+ u_char ip_p, u_short *ip_sum, int create)
{
struct alias_link *lnk;
@@ -710,8 +710,7 @@
alias_address = GetAliasAddress(lnk);
/* Change source address */
- DifferentialChecksum(ip_sum,
- &alias_address, &pip->ip_src, 2);
+ DifferentialChecksum(ip_sum, &alias_address, &pip->ip_src, 2);
pip->ip_src = alias_address;
return (PKT_ALIAS_OK);
@@ -719,7 +718,7 @@
return (PKT_ALIAS_IGNORED);
}
-#define MF_ISSET(_pip) (ntohs((_pip)->ip_off) & IP_MF)
+#define MF_ISSET(_pip) (ntohs((_pip)->ip_off) & IP_MF)
#define FRAG_NO_HDR(_pip) (ntohs((_pip)->ip_off) & IP_OFFMASK)
static struct udphdr *
@@ -729,7 +728,8 @@
size_t dlen;
#ifdef _KERNEL
- KASSERT(!FRAG_NO_HDR(pip), ("header-less fragment isn't expected here"));
+ KASSERT(!FRAG_NO_HDR(pip),
+ ("header-less fragment isn't expected here"));
#endif
dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
if (dlen < sizeof(struct udphdr))
@@ -752,9 +752,9 @@
if (ud == NULL)
return (PKT_ALIAS_IGNORED);
- lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
- ud->uh_sport, ud->uh_dport,
- IPPROTO_UDP, !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY));
+ lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport,
+ ud->uh_dport, IPPROTO_UDP,
+ !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY));
if (lnk != NULL) {
struct in_addr alias_address;
struct in_addr original_address;
@@ -763,15 +763,13 @@
u_short proxy_port;
int accumulate;
int error;
- struct alias_data ad = {
- .lnk = lnk,
+ struct alias_data ad = { .lnk = lnk,
.oaddr = &original_address,
.aaddr = &alias_address,
.aport = &alias_port,
.sport = &ud->uh_sport,
.dport = &ud->uh_dport,
- .maxpktsize = 0
- };
+ .maxpktsize = 0 };
alias_address = GetAliasAddress(lnk);
original_address = GetOriginalAddress(lnk);
@@ -816,14 +814,14 @@
ud->uh_sport = proxy_port;
if (proxy_address.s_addr != 0) {
- DifferentialChecksum(&pip->ip_sum,
- &proxy_address, &pip->ip_src, 2);
+ DifferentialChecksum(&pip->ip_sum, &proxy_address,
+ &pip->ip_src, 2);
pip->ip_src = proxy_address;
}
/* Restore original IP address */
- DifferentialChecksum(&pip->ip_sum,
- &original_address, &pip->ip_dst, 2);
+ DifferentialChecksum(&pip->ip_sum, &original_address,
+ &pip->ip_dst, 2);
pip->ip_dst = original_address;
return (PKT_ALIAS_OK);
@@ -877,21 +875,18 @@
pip->ip_dst = proxy_server_address;
ud->uh_dport = proxy_server_port;
}
- lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,
- ud->uh_sport, ud->uh_dport,
- IPPROTO_UDP, create);
+ lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, ud->uh_sport,
+ ud->uh_dport, IPPROTO_UDP, create);
if (lnk != NULL) {
u_short alias_port;
struct in_addr alias_address;
- struct alias_data ad = {
- .lnk = lnk,
+ struct alias_data ad = { .lnk = lnk,
.oaddr = NULL,
.aaddr = &alias_address,
.aport = &alias_port,
.sport = &ud->uh_sport,
.dport = &ud->uh_dport,
- .maxpktsize = 0
- };
+ .maxpktsize = 0 };
/* Save original destination address, if this is a proxy packet.
* Also modify packet to include destination encoding. This may
@@ -924,8 +919,8 @@
ud->uh_sport = alias_port;
/* Change source address */
- DifferentialChecksum(&pip->ip_sum,
- &alias_address, &pip->ip_src, 2);
+ DifferentialChecksum(&pip->ip_sum, &alias_address, &pip->ip_src,
+ 2);
pip->ip_src = alias_address;
return (PKT_ALIAS_OK);
@@ -947,9 +942,8 @@
return (PKT_ALIAS_IGNORED);
tc = (struct tcphdr *)ip_next(pip);
- lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
- tc->th_sport, tc->th_dport,
- IPPROTO_TCP,
+ lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, tc->th_sport,
+ tc->th_dport, IPPROTO_TCP,
!(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY));
if (lnk != NULL) {
struct in_addr alias_address;
@@ -965,15 +959,13 @@
* packet and not the original one looks below [*].
*/
- struct alias_data ad = {
- .lnk = lnk,
+ struct alias_data ad = { .lnk = lnk,
.oaddr = NULL,
.aaddr = NULL,
.aport = NULL,
.sport = &tc->th_sport,
.dport = &tc->th_dport,
- .maxpktsize = 0
- };
+ .maxpktsize = 0 };
/* Walk out chain. */
find_handler(IN, TCP, la, pip, &ad);
@@ -1081,8 +1073,8 @@
if (create)
proxy_type = ProxyCheck(la, &proxy_server_address,
- &proxy_server_port, pip->ip_src, pip->ip_dst,
- tc->th_dport, pip->ip_p);
+ &proxy_server_port, pip->ip_src, pip->ip_dst, tc->th_dport,
+ pip->ip_p);
else
proxy_type = 0;
@@ -1108,24 +1100,21 @@
accumulate -= twowords(&pip->ip_dst);
ADJUST_CHECKSUM(accumulate, pip->ip_sum);
}
- lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,
- tc->th_sport, tc->th_dport,
- IPPROTO_TCP, create);
+ lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, tc->th_sport,
+ tc->th_dport, IPPROTO_TCP, create);
if (lnk == NULL)
return (PKT_ALIAS_IGNORED);
if (lnk != NULL) {
u_short alias_port;
struct in_addr alias_address;
int accumulate;
- struct alias_data ad = {
- .lnk = lnk,
+ struct alias_data ad = { .lnk = lnk,
.oaddr = NULL,
.aaddr = &alias_address,
.aport = &alias_port,
.sport = &tc->th_sport,
.dport = &tc->th_dport,
- .maxpktsize = maxpacketsize
- };
+ .maxpktsize = maxpacketsize };
/* Save original destination address, if this is a proxy packet.
* Also modify packet to include destination
@@ -1194,10 +1183,9 @@
*/
/* Local prototypes */
-static int FragmentIn(struct libalias *la, struct in_addr ip_src,
- struct ip *pip, u_short ip_id, u_short *ip_sum);
-static int FragmentOut(struct libalias *, struct ip *pip,
- u_short *ip_sum);
+static int FragmentIn(struct libalias *la, struct in_addr ip_src,
+ struct ip *pip, u_short ip_id, u_short *ip_sum);
+static int FragmentOut(struct libalias *, struct ip *pip, u_short *ip_sum);
static int
FragmentIn(struct libalias *la, struct in_addr ip_src, struct ip *pip,
@@ -1211,8 +1199,8 @@
struct in_addr original_address;
GetFragmentAddr(lnk, &original_address);
- DifferentialChecksum(ip_sum,
- &original_address, &pip->ip_dst, 2);
+ DifferentialChecksum(ip_sum, &original_address, &pip->ip_dst,
+ 2);
pip->ip_dst = original_address;
return (PKT_ALIAS_OK);
@@ -1227,8 +1215,7 @@
LIBALIAS_LOCK_ASSERT(la);
alias_address = FindAliasAddress(la, pip->ip_src);
- DifferentialChecksum(ip_sum,
- &alias_address, &pip->ip_src, 2);
+ DifferentialChecksum(ip_sum, &alias_address, &pip->ip_src, 2);
pip->ip_src = alias_address;
return (PKT_ALIAS_OK);
@@ -1278,7 +1265,7 @@
if (lnk != NULL) {
GetFragmentPtr(lnk, &fptr);
SetFragmentPtr(lnk, NULL);
- SetExpire(lnk, 0); /* Deletes link */
+ SetExpire(lnk, 0); /* Deletes link */
} else
fptr = NULL;
@@ -1288,8 +1275,8 @@
void
LibAliasFragmentIn(struct libalias *la,
- void *ptr, /* Points to correctly de-aliased header fragment */
- void *ptr_fragment /* fragment which must be de-aliased */
+ void *ptr, /* Points to correctly de-aliased header fragment */
+ void *ptr_fragment /* fragment which must be de-aliased */
)
{
struct ip *pip;
@@ -1300,18 +1287,15 @@
pip = (struct ip *)ptr;
fpip = (struct ip *)ptr_fragment;
- DifferentialChecksum(&fpip->ip_sum,
- &pip->ip_dst, &fpip->ip_dst, 2);
+ DifferentialChecksum(&fpip->ip_sum, &pip->ip_dst, &fpip->ip_dst, 2);
fpip->ip_dst = pip->ip_dst;
LIBALIAS_UNLOCK(la);
}
/* Local prototypes */
-static int
-LibAliasOutLocked(struct libalias *la, struct ip *pip,
+static int LibAliasOutLocked(struct libalias *la, struct ip *pip,
int maxpacketsize, int create);
-static int
-LibAliasInLocked(struct libalias *la, struct ip *pip,
+static int LibAliasInLocked(struct libalias *la, struct ip *pip,
int maxpacketsize);
int
@@ -1341,8 +1325,8 @@
alias_addr = pip->ip_dst;
/* Defense against mangled packets */
- if (ntohs(pip->ip_len) > maxpacketsize
- || (pip->ip_hl << 2) > maxpacketsize) {
+ if (ntohs(pip->ip_len) > maxpacketsize ||
+ (pip->ip_hl << 2) > maxpacketsize) {
iresult = PKT_ALIAS_IGNORED;
goto getout;
}
@@ -1371,28 +1355,26 @@
#endif
case IPPROTO_GRE: {
int error;
- struct alias_data ad = {
- .lnk = NULL,
+ struct alias_data ad = { .lnk = NULL,
.oaddr = NULL,
.aaddr = NULL,
.aport = NULL,
.sport = NULL,
.dport = NULL,
- .maxpktsize = 0
- };
+ .maxpktsize = 0 };
/* Walk out chain. */
error = find_handler(IN, IP, la, pip, &ad);
if (error == 0)
iresult = PKT_ALIAS_OK;
else
- iresult = ProtoAliasIn(la, pip->ip_src,
- pip, pip->ip_p, &pip->ip_sum);
+ iresult = ProtoAliasIn(la, pip->ip_src, pip, pip->ip_p,
+ &pip->ip_sum);
break;
}
default:
- iresult = ProtoAliasIn(la, pip->ip_src, pip,
- pip->ip_p, &pip->ip_sum);
+ iresult = ProtoAliasIn(la, pip->ip_src, pip, pip->ip_p,
+ &pip->ip_sum);
break;
}
@@ -1453,10 +1435,10 @@
}
static int
-LibAliasOutLocked(struct libalias *la,
- struct ip *pip, /* valid IP packet */
- int maxpacketsize, /* How much the packet data may grow (FTP and IRC inline changes) */
- int create /* Create new entries ? */
+LibAliasOutLocked(struct libalias *la, struct ip *pip, /* valid IP packet */
+ int maxpacketsize, /* How much the packet data may grow (FTP and IRC inline
+ changes) */
+ int create /* Create new entries ? */
)
{
int iresult;
@@ -1471,8 +1453,8 @@
HouseKeeping(la);
/* Defense against mangled packets */
- if (ntohs(pip->ip_len) > maxpacketsize
- || (pip->ip_hl << 2) > maxpacketsize) {
+ if (ntohs(pip->ip_len) > maxpacketsize ||
+ (pip->ip_hl << 2) > maxpacketsize) {
iresult = PKT_ALIAS_IGNORED;
goto getout;
}
@@ -1487,11 +1469,14 @@
addr = ntohl(pip->ip_src.s_addr);
if (addr >= UNREG_ADDR_C_LOWER && addr <= UNREG_ADDR_C_UPPER)
iclass = 3;
- else if (addr >= UNREG_ADDR_B_LOWER && addr <= UNREG_ADDR_B_UPPER)
+ else if (addr >= UNREG_ADDR_B_LOWER &&
+ addr <= UNREG_ADDR_B_UPPER)
iclass = 2;
- else if (addr >= UNREG_ADDR_A_LOWER && addr <= UNREG_ADDR_A_UPPER)
+ else if (addr >= UNREG_ADDR_A_LOWER &&
+ addr <= UNREG_ADDR_A_UPPER)
iclass = 1;
- else if (addr >= UNREG_ADDR_CGN_LOWER && addr <= UNREG_ADDR_CGN_UPPER &&
+ else if (addr >= UNREG_ADDR_CGN_LOWER &&
+ addr <= UNREG_ADDR_CGN_UPPER &&
la->packetAliasMode & PKT_ALIAS_UNREGISTERED_CGN)
iclass = 4;
@@ -1525,27 +1510,25 @@
#endif
case IPPROTO_GRE: {
int error;
- struct alias_data ad = {
- .lnk = NULL,
+ struct alias_data ad = { .lnk = NULL,
.oaddr = NULL,
.aaddr = NULL,
.aport = NULL,
.sport = NULL,
.dport = NULL,
- .maxpktsize = 0
- };
+ .maxpktsize = 0 };
/* Walk out chain. */
error = find_handler(OUT, IP, la, pip, &ad);
if (error == 0)
iresult = PKT_ALIAS_OK;
else
- iresult = ProtoAliasOut(la, pip,
- pip->ip_dst, pip->ip_p, &pip->ip_sum, create);
+ iresult = ProtoAliasOut(la, pip, pip->ip_dst, pip->ip_p,
+ &pip->ip_sum, create);
break;
- }
+ }
default:
- iresult = ProtoAliasOut(la, pip,
- pip->ip_dst, pip->ip_p, &pip->ip_sum, create);
+ iresult = ProtoAliasOut(la, pip, pip->ip_dst, pip->ip_p,
+ &pip->ip_sum, create);
break;
}
@@ -1556,9 +1539,8 @@
}
int
-LibAliasUnaliasOut(struct libalias *la,
- void *ptr, /* valid IP packet */
- int maxpacketsize /* for error checking */
+LibAliasUnaliasOut(struct libalias *la, void *ptr, /* valid IP packet */
+ int maxpacketsize /* for error checking */
)
{
struct ip *pip;
@@ -1572,8 +1554,8 @@
pip = (struct ip *)ptr;
/* Defense against mangled packets */
- if (ntohs(pip->ip_len) > maxpacketsize
- || (pip->ip_hl << 2) > maxpacketsize)
+ if (ntohs(pip->ip_len) > maxpacketsize ||
+ (pip->ip_hl << 2) > maxpacketsize)
goto getout;
ud = (struct udphdr *)ip_next(pip);
@@ -1582,13 +1564,11 @@
/* Find a link */
if (pip->ip_p == IPPROTO_UDP)
- lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src,
- ud->uh_dport, ud->uh_sport,
- IPPROTO_UDP, 0);
+ lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, ud->uh_dport,
+ ud->uh_sport, IPPROTO_UDP, 0);
else if (pip->ip_p == IPPROTO_TCP)
- lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src,
- tc->th_dport, tc->th_sport,
- IPPROTO_TCP, 0);
+ lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, tc->th_dport,
+ tc->th_sport, IPPROTO_TCP, 0);
else if (pip->ip_p == IPPROTO_ICMP)
lnk = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0);
else
@@ -1619,8 +1599,8 @@
}
/* Adjust IP checksum */
- DifferentialChecksum(&pip->ip_sum,
- &original_address, &pip->ip_src, 2);
+ DifferentialChecksum(&pip->ip_sum, &original_address,
+ &pip->ip_src, 2);
/* Un-alias source address and port number */
pip->ip_src = original_address;
@@ -1646,8 +1626,8 @@
ADJUST_CHECKSUM(accumulate, ic->icmp_cksum);
/* Adjust IP checksum */
- DifferentialChecksum(&pip->ip_sum,
- &original_address, &pip->ip_src, 2);
+ DifferentialChecksum(&pip->ip_sum, &original_address,
+ &pip->ip_src, 2);
/* Un-alias source address and port number */
pip->ip_src = original_address;
@@ -1704,14 +1684,14 @@
const char *error;
moduledata_t *p;
- handle = dlopen (path, RTLD_LAZY);
+ handle = dlopen(path, RTLD_LAZY);
if (!handle) {
fprintf(stderr, "%s\n", dlerror());
return (EINVAL);
}
p = dlsym(handle, "alias_mod");
- if ((error = dlerror()) != NULL) {
+ if ((error = dlerror()) != NULL) {
fprintf(stderr, "%s\n", dlerror());
return (EINVAL);
}
@@ -1728,7 +1708,7 @@
}
m = dlsym(t->handle, "handlers");
- if ((error = dlerror()) != NULL) {
+ if ((error = dlerror()) != NULL) {
fprintf(stderr, "%s\n", error);
return (EINVAL);
}
Index: sys/netinet/libalias/alias_db.h
===================================================================
--- sys/netinet/libalias/alias_db.h
+++ sys/netinet/libalias/alias_db.h
@@ -143,48 +143,47 @@
#ifndef _ALIAS_DB_H_
#define _ALIAS_DB_H_
-
/*
Constants (note: constants are also defined
near relevant functions or structs)
*/
/* Timeouts (in seconds) for different link types */
-#define ICMP_EXPIRE_TIME 60
-#define UDP_EXPIRE_TIME 60
-#define PROTO_EXPIRE_TIME 60
-#define FRAGMENT_ID_EXPIRE_TIME 10
-#define FRAGMENT_PTR_EXPIRE_TIME 30
+#define ICMP_EXPIRE_TIME 60
+#define UDP_EXPIRE_TIME 60
+#define PROTO_EXPIRE_TIME 60
+#define FRAGMENT_ID_EXPIRE_TIME 10
+#define FRAGMENT_PTR_EXPIRE_TIME 30
/* TCP link expire time for different cases */
/* When the link has been used and closed - minimal grace time to
allow ACKs and potential re-connect in FTP (XXX - is this allowed?) */
#ifndef TCP_EXPIRE_DEAD
-#define TCP_EXPIRE_DEAD 10
+#define TCP_EXPIRE_DEAD 10
#endif
/* When the link has been used and closed on one side - the other side
is allowed to still send data */
#ifndef TCP_EXPIRE_SINGLEDEAD
-#define TCP_EXPIRE_SINGLEDEAD 90
+#define TCP_EXPIRE_SINGLEDEAD 90
#endif
/* When the link isn't yet up */
#ifndef TCP_EXPIRE_INITIAL
-#define TCP_EXPIRE_INITIAL 300
+#define TCP_EXPIRE_INITIAL 300
#endif
/* When the link is up */
#ifndef TCP_EXPIRE_CONNECTED
-#define TCP_EXPIRE_CONNECTED 86400
+#define TCP_EXPIRE_CONNECTED 86400
#endif
/* Dummy port number codes used for FindLinkIn/Out() and AddLink().
These constants can be anything except zero, which indicates an
unknown port number. */
-#define NO_DEST_PORT 1
-#define NO_SRC_PORT 1
+#define NO_DEST_PORT 1
+#define NO_SRC_PORT 1
/* Matches any/unknown address in FindLinkIn/Out() and AddLink(). */
static struct in_addr const ANY_ADDR = { INADDR_ANY };
@@ -218,93 +217,93 @@
/* used to save changes to ACK/sequence numbers */
struct ack_data_record {
- u_long ack_old;
- u_long ack_new;
- int delta;
- int active;
+ u_long ack_old;
+ u_long ack_new;
+ int delta;
+ int active;
};
/* Information about TCP connection */
struct tcp_state {
- int in; /* State for outside -> inside */
- int out; /* State for inside -> outside */
- int index; /* Index to ACK data array */
+ int in; /* State for outside -> inside */
+ int out; /* State for inside -> outside */
+ int index; /* Index to ACK data array */
/* Indicates whether ACK and sequence numbers been modified */
- int ack_modified;
+ int ack_modified;
};
/* Number of distinct ACK number changes
* saved for a modified TCP stream */
-#define N_LINK_TCP_DATA 3
+#define N_LINK_TCP_DATA 3
struct tcp_dat {
struct tcp_state state;
struct ack_data_record ack[N_LINK_TCP_DATA];
/* Which firewall record is used for this hole? */
- int fwhole;
+ int fwhole;
};
/* LSNAT server pool (circular list) */
struct server {
- struct in_addr addr;
- u_short port;
- struct server *next;
+ struct in_addr addr;
+ u_short port;
+ struct server *next;
};
/* Main data structure */
struct alias_link {
struct libalias *la;
/* Address and port information */
- struct in_addr src_addr;
- struct in_addr dst_addr;
- struct in_addr alias_addr;
- struct in_addr proxy_addr;
- u_short src_port;
- u_short dst_port;
- u_short alias_port;
- u_short proxy_port;
- struct server *server;
+ struct in_addr src_addr;
+ struct in_addr dst_addr;
+ struct in_addr alias_addr;
+ struct in_addr proxy_addr;
+ u_short src_port;
+ u_short dst_port;
+ u_short alias_port;
+ u_short proxy_port;
+ struct server *server;
/* Type of link: TCP, UDP, ICMP, proto, frag */
- int link_type;
+ int link_type;
/* values for link_type */
-#define LINK_ICMP IPPROTO_ICMP
-#define LINK_UDP IPPROTO_UDP
-#define LINK_TCP IPPROTO_TCP
-#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1)
-#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2)
-#define LINK_ADDR (IPPROTO_MAX + 3)
-#define LINK_PPTP (IPPROTO_MAX + 4)
-
- int flags; /* indicates special characteristics */
- int pflags; /* protocol-specific flags */
+#define LINK_ICMP IPPROTO_ICMP
+#define LINK_UDP IPPROTO_UDP
+#define LINK_TCP IPPROTO_TCP
+#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1)
+#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2)
+#define LINK_ADDR (IPPROTO_MAX + 3)
+#define LINK_PPTP (IPPROTO_MAX + 4)
+
+ int flags; /* indicates special characteristics */
+ int pflags; /* protocol-specific flags */
/* flag bits */
-#define LINK_UNKNOWN_DEST_PORT 0x01
-#define LINK_UNKNOWN_DEST_ADDR 0x02
-#define LINK_PERMANENT 0x04
-#define LINK_PARTIALLY_SPECIFIED 0x03 /* logical-or of first two bits */
-#define LINK_UNFIREWALLED 0x08
+#define LINK_UNKNOWN_DEST_PORT 0x01
+#define LINK_UNKNOWN_DEST_ADDR 0x02
+#define LINK_PERMANENT 0x04
+#define LINK_PARTIALLY_SPECIFIED 0x03 /* logical-or of first two bits */
+#define LINK_UNFIREWALLED 0x08
- int timestamp; /* Time link was last accessed */
+ int timestamp; /* Time link was last accessed */
#ifndef NO_USE_SOCKETS
- int sockfd; /* socket descriptor */
+ int sockfd; /* socket descriptor */
#endif
/* Linked list of pointers for input and output lookup tables */
union {
struct {
SPLAY_ENTRY(alias_link) out;
- LIST_ENTRY (alias_link) in;
+ LIST_ENTRY(alias_link) in;
} all;
struct {
- LIST_ENTRY (alias_link) list;
+ LIST_ENTRY(alias_link) list;
} pptp;
};
struct {
TAILQ_ENTRY(alias_link) list;
- int time; /* Expire time for link */
+ int time; /* Expire time for link */
} expire;
/* Auxiliary data */
union {
- char *frag_ptr;
- struct in_addr frag_addr;
+ char *frag_ptr;
+ struct in_addr frag_addr;
struct tcp_dat *tcp;
} data;
};
@@ -326,50 +325,61 @@
*/
/* Local prototypes */
-static struct group_in *
-StartPointIn(struct libalias *, struct in_addr, u_short, int, int);
-static int SeqDiff(u_long, u_long);
+static struct group_in *StartPointIn(struct libalias *, struct in_addr, u_short,
+ int, int);
+static int SeqDiff(u_long, u_long);
#ifndef NO_FW_PUNCH
/* Firewall control */
-static void InitPunchFW(struct libalias *);
-static void UninitPunchFW(struct libalias *);
-static void ClearFWHole(struct alias_link *);
+static void InitPunchFW(struct libalias *);
+static void UninitPunchFW(struct libalias *);
+static void ClearFWHole(struct alias_link *);
#endif
/* Log file control */
-static void ShowAliasStats(struct libalias *);
-static int InitPacketAliasLog(struct libalias *);
-static void UninitPacketAliasLog(struct libalias *);
-
-void SctpShowAliasStats(struct libalias *la);
+static void ShowAliasStats(struct libalias *);
+static int InitPacketAliasLog(struct libalias *);
+static void UninitPacketAliasLog(struct libalias *);
+void SctpShowAliasStats(struct libalias *la);
/* Splay handling */
static inline int
-cmp_out(struct alias_link *a, struct alias_link *b) {
+cmp_out(struct alias_link *a, struct alias_link *b)
+{
int i = a->src_port - b->src_port;
- if (i != 0) return (i);
- if (a->src_addr.s_addr > b->src_addr.s_addr) return (1);
- if (a->src_addr.s_addr < b->src_addr.s_addr) return (-1);
- if (a->dst_addr.s_addr > b->dst_addr.s_addr) return (1);
- if (a->dst_addr.s_addr < b->dst_addr.s_addr) return (-1);
+ if (i != 0)
+ return (i);
+ if (a->src_addr.s_addr > b->src_addr.s_addr)
+ return (1);
+ if (a->src_addr.s_addr < b->src_addr.s_addr)
+ return (-1);
+ if (a->dst_addr.s_addr > b->dst_addr.s_addr)
+ return (1);
+ if (a->dst_addr.s_addr < b->dst_addr.s_addr)
+ return (-1);
i = a->dst_port - b->dst_port;
- if (i != 0) return (i);
+ if (i != 0)
+ return (i);
i = a->link_type - b->link_type;
return (i);
}
SPLAY_PROTOTYPE(splay_out, alias_link, all.out, cmp_out);
static inline int
-cmp_in(struct group_in *a, struct group_in *b) {
+cmp_in(struct group_in *a, struct group_in *b)
+{
int i = a->alias_port - b->alias_port;
- if (i != 0) return (i);
+ if (i != 0)
+ return (i);
i = a->link_type - b->link_type;
- if (i != 0) return (i);
- if (a->alias_addr.s_addr > b->alias_addr.s_addr) return (1);
- if (a->alias_addr.s_addr < b->alias_addr.s_addr) return (-1);
+ if (i != 0)
+ return (i);
+ if (a->alias_addr.s_addr > b->alias_addr.s_addr)
+ return (1);
+ if (a->alias_addr.s_addr < b->alias_addr.s_addr)
+ return (-1);
return (0);
}
SPLAY_PROTOTYPE(splay_in, group_in, in, cmp_in);
@@ -396,47 +406,43 @@
*/
/* Local prototypes */
-static int GetNewPort(struct libalias *, struct alias_link *, int);
+static int GetNewPort(struct libalias *, struct alias_link *, int);
#ifndef NO_USE_SOCKETS
-static u_short GetSocket(struct libalias *, u_short, int *, int);
+static u_short GetSocket(struct libalias *, u_short, int *, int);
#endif
-static void CleanupAliasData(struct libalias *, int);
-static void CleanupLink(struct libalias *, struct alias_link **, int);
-static void DeleteLink(struct alias_link **, int);
-static struct alias_link *
-UseLink(struct libalias *, struct alias_link *);
+static void CleanupAliasData(struct libalias *, int);
+static void CleanupLink(struct libalias *, struct alias_link **, int);
+static void DeleteLink(struct alias_link **, int);
+static struct alias_link *UseLink(struct libalias *, struct alias_link *);
-static struct alias_link *
-ReLink(struct alias_link *,
- struct in_addr, struct in_addr, struct in_addr,
- u_short, u_short, int, int, int);
+static struct alias_link *ReLink(struct alias_link *, struct in_addr,
+ struct in_addr, struct in_addr, u_short, u_short, int, int, int);
-static struct alias_link *
-FindLinkOut(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int);
+static struct alias_link *FindLinkOut(struct libalias *, struct in_addr,
+ struct in_addr, u_short, u_short, int, int);
-static struct alias_link *
-FindLinkIn(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int);
+static struct alias_link *FindLinkIn(struct libalias *, struct in_addr,
+ struct in_addr, u_short, u_short, int, int);
static u_short _RandomPort(struct libalias *la);
-#define GET_NEW_PORT_MAX_ATTEMPTS 20
-
+#define GET_NEW_PORT_MAX_ATTEMPTS 20
#ifndef NO_FW_PUNCH
static void ClearAllFWHoles(struct libalias *la);
-#define fw_setfield(la, field, num) \
-do { \
- (field)[(num) - la->fireWallBaseNum] = 1; \
-} /*lint -save -e717 */ while(0)/* lint -restore */
+#define fw_setfield(la, field, num) \
+ do { \
+ (field)[(num)-la->fireWallBaseNum] = 1; \
+ } /*lint -save -e717 */ while (0) /* lint -restore */
-#define fw_clrfield(la, field, num) \
-do { \
- (field)[(num) - la->fireWallBaseNum] = 0; \
-} /*lint -save -e717 */ while(0)/* lint -restore */
+#define fw_clrfield(la, field, num) \
+ do { \
+ (field)[(num)-la->fireWallBaseNum] = 0; \
+ } /*lint -save -e717 */ while (0) /* lint -restore */
-#define fw_tstfield(la, field, num) ((field)[(num) - la->fireWallBaseNum])
+#define fw_tstfield(la, field, num) ((field)[(num)-la->fireWallBaseNum])
#endif /* !NO_FW_PUNCH */
Index: sys/netinet/libalias/alias_db.c
===================================================================
--- sys/netinet/libalias/alias_db.c
+++ sys/netinet/libalias/alias_db.c
@@ -28,31 +28,34 @@
#include <sys/cdefs.h>
#ifdef _KERNEL
-#include <machine/stdarg.h>
#include <sys/param.h>
-#include <sys/kernel.h>
#include <sys/systm.h>
+#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/module.h>
#include <sys/rwlock.h>
#include <sys/syslog.h>
+
+#include <machine/stdarg.h>
#else
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
#include <sys/errno.h>
#include <sys/time.h>
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
#include <unistd.h>
#endif
#include <sys/socket.h>
+
#include <netinet/tcp.h>
#ifdef _KERNEL
+#include <net/if.h>
#include <netinet/libalias/alias.h>
#include <netinet/libalias/alias_local.h>
#include <netinet/libalias/alias_mod.h>
-#include <net/if.h>
#else
#include "alias.h"
#include "alias_local.h"
@@ -84,9 +87,7 @@
}
}
-static moduledata_t alias_mod = {
- "alias", alias_mod_handler, NULL
-};
+static moduledata_t alias_mod = { "alias", alias_mod_handler, NULL };
DECLARE_MODULE(alias, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
#endif
@@ -95,16 +96,13 @@
SPLAY_GENERATE(splay_in, group_in, in, cmp_in);
static struct group_in *
-StartPointIn(struct libalias *la,
- struct in_addr alias_addr, u_short alias_port, int link_type,
- int create)
+StartPointIn(struct libalias *la, struct in_addr alias_addr, u_short alias_port,
+ int link_type, int create)
{
struct group_in *grp;
- struct group_in needle = {
- .alias_addr = alias_addr,
+ struct group_in needle = { .alias_addr = alias_addr,
.alias_port = alias_port,
- .link_type = link_type
- };
+ .link_type = link_type };
grp = SPLAY_FIND(splay_in, &la->linkSplayIn, &needle);
if (grp != NULL || !create || (grp = malloc(sizeof(*grp))) == NULL)
@@ -121,10 +119,10 @@
static int
SeqDiff(u_long x, u_long y)
{
-/* Return the difference between two TCP sequence numbers
- * This function is encapsulated in case there are any unusual
- * arithmetic conditions that need to be considered.
- */
+ /* Return the difference between two TCP sequence numbers
+ * This function is encapsulated in case there are any unusual
+ * arithmetic conditions that need to be considered.
+ */
return (ntohl(y) - ntohl(x));
}
@@ -157,41 +155,38 @@
LIBALIAS_LOCK_ASSERT(la);
/* Used for debugging */
if (la->logDesc) {
- int tot = la->icmpLinkCount + la->udpLinkCount +
- (la->sctpLinkCount>>1) + /* sctp counts half associations */
- la->tcpLinkCount + la->pptpLinkCount +
- la->protoLinkCount + la->fragmentIdLinkCount +
- la->fragmentPtrLinkCount;
+ int tot = la->icmpLinkCount + la->udpLinkCount +
+ (la->sctpLinkCount >>
+ 1) + /* sctp counts half associations */
+ la->tcpLinkCount +
+ la->pptpLinkCount + la->protoLinkCount +
+ la->fragmentIdLinkCount + la->fragmentPtrLinkCount;
AliasLog(la->logDesc,
"icmp=%u, udp=%u, tcp=%u, sctp=%u, pptp=%u, proto=%u, frag_id=%u frag_ptr=%u / tot=%u",
- la->icmpLinkCount,
- la->udpLinkCount,
- la->tcpLinkCount,
- la->sctpLinkCount>>1, /* sctp counts half associations */
- la->pptpLinkCount,
- la->protoLinkCount,
- la->fragmentIdLinkCount,
- la->fragmentPtrLinkCount,
- tot);
+ la->icmpLinkCount, la->udpLinkCount, la->tcpLinkCount,
+ la->sctpLinkCount >> 1, /* sctp counts half associations */
+ la->pptpLinkCount, la->protoLinkCount,
+ la->fragmentIdLinkCount, la->fragmentPtrLinkCount, tot);
#ifndef _KERNEL
AliasLog(la->logDesc, " (sock=%u)\n", la->sockCount);
#endif
}
}
-void SctpShowAliasStats(struct libalias *la)
+void
+SctpShowAliasStats(struct libalias *la)
{
ShowAliasStats(la);
}
/* get random port in network byte order */
static u_short
-_RandomPort(struct libalias *la) {
+_RandomPort(struct libalias *la)
+{
u_short port;
- port = la->aliasPortLower +
- arc4random_uniform(la->aliasPortLength);
+ port = la->aliasPortLower + arc4random_uniform(la->aliasPortLength);
return ntohs(port);
}
@@ -214,7 +209,7 @@
* this parameter is zero or positive, it precisely specifies
* the port number. GetNewPort() will return this number
* without check that it is in use.
- *
+ *
* The aliasing port is automatically selected by one of
* two methods below:
*
@@ -222,7 +217,7 @@
* a randomly selected port number.
*/
if (alias_port_param >= 0 && alias_port_param < 0x10000) {
- lnk->alias_port = (u_short) alias_port_param;
+ lnk->alias_port = (u_short)alias_port_param;
return (0);
}
if (alias_port_param != GET_ALIAS_PORT) {
@@ -241,23 +236,24 @@
* this is already in use, the remainder of the
* trials will be random.
*/
- port = (la->packetAliasMode & PKT_ALIAS_SAME_PORTS)
- ? lnk->src_port
- : _RandomPort(la);
+ port = (la->packetAliasMode & PKT_ALIAS_SAME_PORTS) ? lnk->src_port :
+ _RandomPort(la);
/* Port number search */
for (i = 0; i < max_trials; i++, port = _RandomPort(la)) {
struct group_in *grp;
struct alias_link *search_result;
- grp = StartPointIn(la, lnk->alias_addr, port, lnk->link_type, 0);
+ grp = StartPointIn(la, lnk->alias_addr, port, lnk->link_type,
+ 0);
if (grp == NULL)
break;
LIST_FOREACH(search_result, &grp->full, all.in) {
- if (lnk->dst_addr.s_addr == search_result->dst_addr.s_addr &&
+ if (lnk->dst_addr.s_addr ==
+ search_result->dst_addr.s_addr &&
lnk->dst_port == search_result->dst_port)
- break; /* found match */
+ break; /* found match */
}
if (search_result == NULL)
break;
@@ -274,8 +270,7 @@
#ifndef NO_USE_SOCKETS
if ((la->packetAliasMode & PKT_ALIAS_USE_SOCKETS) &&
(lnk->flags & LINK_PARTIALLY_SPECIFIED) &&
- ((lnk->link_type == LINK_TCP) ||
- (lnk->link_type == LINK_UDP))) {
+ ((lnk->link_type == LINK_TCP) || (lnk->link_type == LINK_UDP))) {
if (!GetSocket(la, port, &lnk->sockfd, lnk->link_type)) {
return (-1);
}
@@ -287,7 +282,7 @@
}
#ifndef NO_USE_SOCKETS
-static u_short
+static u_short
GetSocket(struct libalias *la, u_short port_net, int *sockfd, int link_type)
{
int err;
@@ -318,9 +313,7 @@
sock_addr.sin_addr.s_addr = htonl(INADDR_ANY);
sock_addr.sin_port = port_net;
- err = bind(sock,
- (struct sockaddr *)&sock_addr,
- sizeof(sock_addr));
+ err = bind(sock, (struct sockaddr *)&sock_addr, sizeof(sock_addr));
if (err == 0) {
la->sockCount++;
*sockfd = sock;
@@ -339,14 +332,9 @@
looks for unused triplets: (dest addr, dest port, alias port). */
int
-FindNewPortGroup(struct libalias *la,
- struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short src_port,
- u_short dst_port,
- u_short port_count,
- u_char proto,
- u_char align)
+FindNewPortGroup(struct libalias *la, struct in_addr dst_addr,
+ struct in_addr alias_addr, u_short src_port, u_short dst_port,
+ u_short port_count, u_char proto, u_char align)
{
int i, j;
int max_trials;
@@ -399,8 +387,8 @@
u_short port_j = ntohs(port) + j;
if ((search_result = FindLinkIn(la, dst_addr,
- alias_addr, dst_port, htons(port_j),
- link_type, 0)) != NULL)
+ alias_addr, dst_port, htons(port_j), link_type,
+ 0)) != NULL)
break;
}
@@ -497,15 +485,14 @@
LIST_REMOVE(lnk, all.in);
/* Remove intermediate node, if empty */
- grp = StartPointIn(la, lnk->alias_addr, lnk->alias_port, lnk->link_type, 0);
- if (grp != NULL &&
- LIST_EMPTY(&grp->full) &&
+ grp = StartPointIn(la, lnk->alias_addr, lnk->alias_port,
+ lnk->link_type, 0);
+ if (grp != NULL && LIST_EMPTY(&grp->full) &&
LIST_EMPTY(&grp->partial)) {
SPLAY_REMOVE(splay_in, &la->linkSplayIn, grp);
free(grp);
}
- }
- break;
+ } break;
}
/* remove from housekeeping */
@@ -642,7 +629,8 @@
if (aux_tcp == NULL) {
#ifdef LIBALIAS_DEBUG
fprintf(stderr, "PacketAlias/AddLink: ");
- fprintf(stderr, " cannot allocate auxiliary TCP data\n");
+ fprintf(stderr,
+ " cannot allocate auxiliary TCP data\n");
#endif
free(lnk);
return (NULL);
@@ -657,8 +645,7 @@
aux_tcp->ack[i].active = 0;
aux_tcp->fwhole = -1;
lnk->data.tcp = aux_tcp;
- }
- break;
+ } break;
case LINK_PPTP:
la->pptpLinkCount++;
break;
@@ -682,7 +669,8 @@
default: {
struct group_in *grp;
- grp = StartPointIn(la, alias_addr, lnk->alias_port, link_type, 1);
+ grp = StartPointIn(la, alias_addr, lnk->alias_port, link_type,
+ 1);
if (grp == NULL) {
free(lnk);
return (NULL);
@@ -696,8 +684,7 @@
LIST_INSERT_HEAD(&grp->partial, lnk, all.in);
else
LIST_INSERT_HEAD(&grp->full, lnk, all.in);
- }
- break;
+ } break;
}
/* Include the element into the housekeeping list */
@@ -714,26 +701,18 @@
* chosen. If greater than zero, equal to alias port
*/
static struct alias_link *
-ReLink(struct alias_link *old_lnk,
- struct in_addr src_addr,
- struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short src_port,
- u_short dst_port,
- int alias_port_param,
- int link_type,
- int deletePermanent)
+ReLink(struct alias_link *old_lnk, struct in_addr src_addr,
+ struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port,
+ u_short dst_port, int alias_port_param, int link_type, int deletePermanent)
{
struct alias_link *new_lnk;
struct libalias *la = old_lnk->la;
LIBALIAS_LOCK_ASSERT(la);
- new_lnk = AddLink(la, src_addr, dst_addr, alias_addr,
- src_port, dst_port, alias_port_param,
- link_type);
+ new_lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port,
+ dst_port, alias_port_param, link_type);
#ifndef NO_FW_PUNCH
- if (new_lnk != NULL &&
- old_lnk->link_type == LINK_TCP &&
+ if (new_lnk != NULL && old_lnk->link_type == LINK_TCP &&
old_lnk->data.tcp->fwhole > 0) {
PunchFWHole(new_lnk);
}
@@ -744,18 +723,14 @@
static struct alias_link *
_SearchLinkOut(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_short src_port,
- u_short dst_port,
- int link_type) {
+ struct in_addr dst_addr, u_short src_port, u_short dst_port, int link_type)
+{
struct alias_link *lnk;
- struct alias_link needle = {
- .src_addr = src_addr,
+ struct alias_link needle = { .src_addr = src_addr,
.dst_addr = dst_addr,
.src_port = src_port,
.dst_port = dst_port,
- .link_type = link_type
- };
+ .link_type = link_type };
lnk = SPLAY_FIND(splay_out, &la->linkSplayOut, &needle);
return (UseLink(la, lnk));
@@ -763,16 +738,14 @@
static struct alias_link *
_FindLinkOut(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_short src_port,
- u_short dst_port,
- int link_type,
+ struct in_addr dst_addr, u_short src_port, u_short dst_port, int link_type,
int replace_partial_links)
{
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = _SearchLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type);
+ lnk = _SearchLinkOut(la, src_addr, dst_addr, src_port, dst_port,
+ link_type);
if (lnk != NULL || !replace_partial_links)
return (lnk);
@@ -784,26 +757,20 @@
lnk = _SearchLinkOut(la, src_addr, ANY_ADDR, src_port,
dst_port, link_type);
}
- if (lnk == NULL &&
- (dst_port != 0 || dst_addr.s_addr != INADDR_ANY)) {
+ if (lnk == NULL && (dst_port != 0 || dst_addr.s_addr != INADDR_ANY)) {
lnk = _SearchLinkOut(la, src_addr, ANY_ADDR, src_port, 0,
link_type);
}
if (lnk != NULL) {
- lnk = ReLink(lnk,
- src_addr, dst_addr, lnk->alias_addr,
- src_port, dst_port, lnk->alias_port,
- link_type, 0);
+ lnk = ReLink(lnk, src_addr, dst_addr, lnk->alias_addr, src_port,
+ dst_port, lnk->alias_port, link_type, 0);
}
return (lnk);
}
static struct alias_link *
FindLinkOut(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_short src_port,
- u_short dst_port,
- int link_type,
+ struct in_addr dst_addr, u_short src_port, u_short dst_port, int link_type,
int replace_partial_links)
{
struct alias_link *lnk;
@@ -821,8 +788,8 @@
*/
if (la->aliasAddress.s_addr != INADDR_ANY &&
src_addr.s_addr == la->aliasAddress.s_addr) {
- lnk = _FindLinkOut(la, ANY_ADDR, dst_addr, src_port, dst_port,
- link_type, replace_partial_links);
+ lnk = _FindLinkOut(la, ANY_ADDR, dst_addr, src_port,
+ dst_port, link_type, replace_partial_links);
}
}
return (lnk);
@@ -830,11 +797,8 @@
static struct alias_link *
_FindLinkIn(struct libalias *la, struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short dst_port,
- u_short alias_port,
- int link_type,
- int replace_partial_links)
+ struct in_addr alias_addr, u_short dst_port, u_short alias_port,
+ int link_type, int replace_partial_links)
{
int flags_in;
struct group_in *grp;
@@ -874,7 +838,7 @@
break;
case LINK_UNKNOWN_DEST_PORT:
LIST_FOREACH(lnk, &grp->full, all.in) {
- if(lnk->dst_addr.s_addr == dst_addr.s_addr) {
+ if (lnk->dst_addr.s_addr == dst_addr.s_addr) {
lnk_unknown_dst_port = lnk;
break;
}
@@ -882,7 +846,7 @@
break;
case LINK_UNKNOWN_DEST_ADDR:
LIST_FOREACH(lnk, &grp->full, all.in) {
- if(lnk->dst_port == dst_port) {
+ if (lnk->dst_port == dst_port) {
lnk_unknown_dst_addr = lnk;
break;
}
@@ -895,7 +859,8 @@
if (lnk_unknown_dst_port == NULL) {
LIST_FOREACH(lnk, &grp->partial, all.in) {
- int flags = (flags_in | lnk->flags) & LINK_PARTIALLY_SPECIFIED;
+ int flags = (flags_in | lnk->flags) &
+ LINK_PARTIALLY_SPECIFIED;
if (flags == LINK_PARTIALLY_SPECIFIED &&
lnk_unknown_all == NULL)
@@ -912,14 +877,14 @@
}
}
- lnk = (lnk_unknown_dst_port != NULL) ? lnk_unknown_dst_port
- : (lnk_unknown_dst_addr != NULL) ? lnk_unknown_dst_addr
- : lnk_unknown_all;
+ lnk = (lnk_unknown_dst_port != NULL) ? lnk_unknown_dst_port :
+ (lnk_unknown_dst_addr != NULL) ? lnk_unknown_dst_addr :
+ lnk_unknown_all;
if (lnk == NULL || !replace_partial_links)
return (lnk);
- if (lnk->server != NULL) { /* LSNAT link */
+ if (lnk->server != NULL) { /* LSNAT link */
src_addr = lnk->server->addr;
src_port = lnk->server->port;
lnk->server = lnk->server->next;
@@ -932,21 +897,16 @@
lnk->src_addr = src_addr;
lnk->src_port = src_port;
} else {
- lnk = ReLink(lnk,
- src_addr, dst_addr, alias_addr,
- src_port, dst_port, alias_port,
- link_type, 0);
+ lnk = ReLink(lnk, src_addr, dst_addr, alias_addr, src_port,
+ dst_port, alias_port, link_type, 0);
}
return (lnk);
}
static struct alias_link *
FindLinkIn(struct libalias *la, struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short dst_port,
- u_short alias_port,
- int link_type,
- int replace_partial_links)
+ struct in_addr alias_addr, u_short dst_port, u_short alias_port,
+ int link_type, int replace_partial_links)
{
struct alias_link *lnk;
@@ -963,8 +923,8 @@
*/
if (la->aliasAddress.s_addr != INADDR_ANY &&
alias_addr.s_addr == la->aliasAddress.s_addr) {
- lnk = _FindLinkIn(la, dst_addr, ANY_ADDR, dst_port, alias_port,
- link_type, replace_partial_links);
+ lnk = _FindLinkIn(la, dst_addr, ANY_ADDR, dst_port,
+ alias_port, link_type, replace_partial_links);
}
}
return (lnk);
@@ -988,66 +948,56 @@
struct alias_link *
FindIcmpIn(struct libalias *la, struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short id_alias,
- int create)
+ struct in_addr alias_addr, u_short id_alias, int create)
{
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = FindLinkIn(la, dst_addr, alias_addr,
- NO_DEST_PORT, id_alias,
+ lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, id_alias,
LINK_ICMP, 0);
- if (lnk == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) {
+ if (lnk == NULL && create &&
+ !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) {
struct in_addr target_addr;
target_addr = FindOriginalAddress(la, alias_addr);
- lnk = AddLink(la, target_addr, dst_addr, alias_addr,
- id_alias, NO_DEST_PORT, id_alias,
- LINK_ICMP);
+ lnk = AddLink(la, target_addr, dst_addr, alias_addr, id_alias,
+ NO_DEST_PORT, id_alias, LINK_ICMP);
}
return (lnk);
}
struct alias_link *
FindIcmpOut(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_short id,
- int create)
+ struct in_addr dst_addr, u_short id, int create)
{
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = FindLinkOut(la, src_addr, dst_addr,
- id, NO_DEST_PORT,
- LINK_ICMP, 0);
+ lnk = FindLinkOut(la, src_addr, dst_addr, id, NO_DEST_PORT, LINK_ICMP,
+ 0);
if (lnk == NULL && create) {
struct in_addr alias_addr;
alias_addr = FindAliasAddress(la, src_addr);
- lnk = AddLink(la, src_addr, dst_addr, alias_addr,
- id, NO_DEST_PORT, GET_ALIAS_ID,
- LINK_ICMP);
+ lnk = AddLink(la, src_addr, dst_addr, alias_addr, id,
+ NO_DEST_PORT, GET_ALIAS_ID, LINK_ICMP);
}
return (lnk);
}
struct alias_link *
FindFragmentIn1(struct libalias *la, struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short ip_id)
+ struct in_addr alias_addr, u_short ip_id)
{
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = FindLinkIn(la, dst_addr, alias_addr,
- NO_DEST_PORT, ip_id,
+ lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id,
LINK_FRAGMENT_ID, 0);
if (lnk == NULL) {
- lnk = AddLink(la, ANY_ADDR, dst_addr, alias_addr,
- NO_SRC_PORT, NO_DEST_PORT, ip_id,
- LINK_FRAGMENT_ID);
+ lnk = AddLink(la, ANY_ADDR, dst_addr, alias_addr, NO_SRC_PORT,
+ NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID);
}
return (lnk);
}
@@ -1058,84 +1008,69 @@
struct in_addr alias_addr, u_short ip_id)
{
LIBALIAS_LOCK_ASSERT(la);
- return FindLinkIn(la, dst_addr, alias_addr,
- NO_DEST_PORT, ip_id,
+ return FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id,
LINK_FRAGMENT_ID, 0);
}
struct alias_link *
-AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr,
- u_short ip_id)
+AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr, u_short ip_id)
{
LIBALIAS_LOCK_ASSERT(la);
- return AddLink(la, ANY_ADDR, dst_addr, ANY_ADDR,
- NO_SRC_PORT, NO_DEST_PORT, ip_id,
- LINK_FRAGMENT_PTR);
+ return AddLink(la, ANY_ADDR, dst_addr, ANY_ADDR, NO_SRC_PORT,
+ NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR);
}
struct alias_link *
-FindFragmentPtr(struct libalias *la, struct in_addr dst_addr,
- u_short ip_id)
+FindFragmentPtr(struct libalias *la, struct in_addr dst_addr, u_short ip_id)
{
LIBALIAS_LOCK_ASSERT(la);
- return FindLinkIn(la, dst_addr, ANY_ADDR,
- NO_DEST_PORT, ip_id,
+ return FindLinkIn(la, dst_addr, ANY_ADDR, NO_DEST_PORT, ip_id,
LINK_FRAGMENT_PTR, 0);
}
struct alias_link *
FindProtoIn(struct libalias *la, struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_char proto)
+ struct in_addr alias_addr, u_char proto)
{
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = FindLinkIn(la, dst_addr, alias_addr,
- NO_DEST_PORT, 0,
- proto, 1);
+ lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, 0, proto, 1);
if (lnk == NULL && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) {
struct in_addr target_addr;
target_addr = FindOriginalAddress(la, alias_addr);
lnk = AddLink(la, target_addr, dst_addr, alias_addr,
- NO_SRC_PORT, NO_DEST_PORT, 0,
- proto);
+ NO_SRC_PORT, NO_DEST_PORT, 0, proto);
}
return (lnk);
}
struct alias_link *
FindProtoOut(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_char proto)
+ struct in_addr dst_addr, u_char proto)
{
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = FindLinkOut(la, src_addr, dst_addr,
- NO_SRC_PORT, NO_DEST_PORT,
+ lnk = FindLinkOut(la, src_addr, dst_addr, NO_SRC_PORT, NO_DEST_PORT,
proto, 1);
if (lnk == NULL) {
struct in_addr alias_addr;
alias_addr = FindAliasAddress(la, src_addr);
- lnk = AddLink(la, src_addr, dst_addr, alias_addr,
- NO_SRC_PORT, NO_DEST_PORT, 0,
- proto);
+ lnk = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT,
+ NO_DEST_PORT, 0, proto);
}
return (lnk);
}
struct alias_link *
FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short dst_port,
- u_short alias_port,
- u_char proto,
- int create)
+ struct in_addr alias_addr, u_short dst_port, u_short alias_port,
+ u_char proto, int create)
{
int link_type;
struct alias_link *lnk;
@@ -1153,27 +1088,23 @@
break;
}
- lnk = FindLinkIn(la, dst_addr, alias_addr,
- dst_port, alias_port,
+ lnk = FindLinkIn(la, dst_addr, alias_addr, dst_port, alias_port,
link_type, create);
- if (lnk == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) {
+ if (lnk == NULL && create &&
+ !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) {
struct in_addr target_addr;
target_addr = FindOriginalAddress(la, alias_addr);
- lnk = AddLink(la, target_addr, dst_addr, alias_addr,
- alias_port, dst_port, alias_port,
- link_type);
+ lnk = AddLink(la, target_addr, dst_addr, alias_addr, alias_port,
+ dst_port, alias_port, link_type);
}
return (lnk);
}
struct alias_link *
FindUdpTcpOut(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_short src_port,
- u_short dst_port,
- u_char proto,
+ struct in_addr dst_addr, u_short src_port, u_short dst_port, u_char proto,
int create)
{
int link_type;
@@ -1192,39 +1123,35 @@
break;
}
- lnk = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, create);
+ lnk = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type,
+ create);
if (lnk == NULL && create) {
struct in_addr alias_addr;
alias_addr = FindAliasAddress(la, src_addr);
- lnk = AddLink(la, src_addr, dst_addr, alias_addr,
- src_port, dst_port, GET_ALIAS_PORT,
- link_type);
+ lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port,
+ dst_port, GET_ALIAS_PORT, link_type);
}
return (lnk);
}
struct alias_link *
-AddPptp(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_int16_t src_call_id)
+AddPptp(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr,
+ struct in_addr alias_addr, u_int16_t src_call_id)
{
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = AddLink(la, src_addr, dst_addr, alias_addr,
- src_call_id, 0, GET_ALIAS_PORT,
- LINK_PPTP);
+ lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_call_id, 0,
+ GET_ALIAS_PORT, LINK_PPTP);
return (lnk);
}
struct alias_link *
FindPptpOutByCallId(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_int16_t src_call_id)
+ struct in_addr dst_addr, u_int16_t src_call_id)
{
struct alias_link *lnk;
@@ -1240,8 +1167,7 @@
struct alias_link *
FindPptpOutByPeerCallId(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_int16_t dst_call_id)
+ struct in_addr dst_addr, u_int16_t dst_call_id)
{
struct alias_link *lnk;
@@ -1257,8 +1183,7 @@
struct alias_link *
FindPptpInByCallId(struct libalias *la, struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_int16_t dst_call_id)
+ struct in_addr alias_addr, u_int16_t dst_call_id)
{
struct alias_link *lnk;
@@ -1275,8 +1200,7 @@
struct alias_link *
FindPptpInByPeerCallId(struct libalias *la, struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_int16_t alias_call_id)
+ struct in_addr alias_addr, u_int16_t alias_call_id)
{
struct alias_link *lnk;
@@ -1292,10 +1216,7 @@
struct alias_link *
FindRtspOut(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- u_short src_port,
- u_short alias_port,
- u_char proto)
+ struct in_addr dst_addr, u_short src_port, u_short alias_port, u_char proto)
{
int link_type;
struct alias_link *lnk;
@@ -1319,9 +1240,8 @@
struct in_addr alias_addr;
alias_addr = FindAliasAddress(la, src_addr);
- lnk = AddLink(la, src_addr, dst_addr, alias_addr,
- src_port, 0, alias_port,
- link_type);
+ lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, 0,
+ alias_port, link_type);
}
return (lnk);
}
@@ -1332,18 +1252,18 @@
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = FindLinkIn(la, ANY_ADDR, alias_addr,
- 0, 0, LINK_ADDR, 0);
+ lnk = FindLinkIn(la, ANY_ADDR, alias_addr, 0, 0, LINK_ADDR, 0);
if (lnk == NULL) {
if (la->targetAddress.s_addr == INADDR_ANY)
return (alias_addr);
else if (la->targetAddress.s_addr == INADDR_NONE)
return (la->aliasAddress.s_addr != INADDR_ANY) ?
- la->aliasAddress : alias_addr;
+ la->aliasAddress :
+ alias_addr;
else
return (la->targetAddress);
} else {
- if (lnk->server != NULL) { /* LSNAT link */
+ if (lnk->server != NULL) { /* LSNAT link */
struct in_addr src_addr;
src_addr = lnk->server->addr;
@@ -1351,7 +1271,8 @@
return (src_addr);
} else if (lnk->src_addr.s_addr == INADDR_ANY)
return (la->aliasAddress.s_addr != INADDR_ANY) ?
- la->aliasAddress : alias_addr;
+ la->aliasAddress :
+ alias_addr;
else
return (lnk->src_addr);
}
@@ -1363,15 +1284,16 @@
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- lnk = FindLinkOut(la, original_addr, ANY_ADDR,
- 0, 0, LINK_ADDR, 0);
+ lnk = FindLinkOut(la, original_addr, ANY_ADDR, 0, 0, LINK_ADDR, 0);
if (lnk == NULL) {
return (la->aliasAddress.s_addr != INADDR_ANY) ?
- la->aliasAddress : original_addr;
+ la->aliasAddress :
+ original_addr;
} else {
if (lnk->alias_addr.s_addr == INADDR_ANY)
return (la->aliasAddress.s_addr != INADDR_ANY) ?
- la->aliasAddress : original_addr;
+ la->aliasAddress :
+ original_addr;
else
return (lnk->alias_addr);
}
@@ -1420,7 +1342,7 @@
{
/* TCP input state */
switch (state) {
- case ALIAS_TCP_STATE_DISCONNECTED:
+ case ALIAS_TCP_STATE_DISCONNECTED:
if (lnk->data.tcp->state.out != ALIAS_TCP_STATE_CONNECTED)
lnk->expire.time = TCP_EXPIRE_DEAD;
else
@@ -1445,7 +1367,7 @@
{
/* TCP output state */
switch (state) {
- case ALIAS_TCP_STATE_DISCONNECTED:
+ case ALIAS_TCP_STATE_DISCONNECTED:
if (lnk->data.tcp->state.in != ALIAS_TCP_STATE_CONNECTED)
lnk->expire.time = TCP_EXPIRE_DEAD;
else
@@ -1781,11 +1703,10 @@
packets = 0;
LibAliasTime = now;
}
-
}
/* Do a cleanup for the first packets of the new second only */
if (packets < (la->udpLinkCount + la->tcpLinkCount)) {
- struct alias_link * lnk = TAILQ_FIRST(&la->checkExpire);
+ struct alias_link *lnk = TAILQ_FIRST(&la->checkExpire);
CleanupLink(la, &lnk, 0);
}
@@ -1802,7 +1723,8 @@
;
#else
if ((la->logDesc = fopen("/var/log/alias.log", "w")))
- fprintf(la->logDesc, "PacketAlias/InitPacketAliasLog: Packet alias logging enabled.\n");
+ fprintf(la->logDesc,
+ "PacketAlias/InitPacketAliasLog: Packet alias logging enabled.\n");
#endif
else
return (ENOMEM); /* log initialization failed */
@@ -1849,10 +1771,9 @@
/* Redirection from a specific public addr:port to a
private addr:port */
struct alias_link *
-LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, u_short src_port,
- struct in_addr dst_addr, u_short dst_port,
- struct in_addr alias_addr, u_short alias_port,
- u_char proto)
+LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr,
+ u_short src_port, struct in_addr dst_addr, u_short dst_port,
+ struct in_addr alias_addr, u_short alias_port, u_char proto)
{
int link_type;
struct alias_link *lnk;
@@ -1877,16 +1798,16 @@
goto getout;
}
- lnk = AddLink(la, src_addr, dst_addr, alias_addr,
- src_port, dst_port, alias_port,
- link_type);
+ lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port,
+ alias_port, link_type);
if (lnk != NULL) {
lnk->flags |= LINK_PERMANENT;
}
#ifdef LIBALIAS_DEBUG
else {
- fprintf(stderr, "PacketAliasRedirectPort(): "
+ fprintf(stderr,
+ "PacketAliasRedirectPort(): "
"call to AddLink() failed\n");
}
#endif
@@ -1898,7 +1819,8 @@
/* Add server to the pool of servers */
int
-LibAliasAddServer(struct libalias *la, struct alias_link *lnk, struct in_addr addr, u_short port)
+LibAliasAddServer(struct libalias *la, struct alias_link *lnk,
+ struct in_addr addr, u_short port)
{
struct server *server;
int res;
@@ -1947,23 +1869,21 @@
public address to a private address */
struct alias_link *
LibAliasRedirectProto(struct libalias *la, struct in_addr src_addr,
- struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_char proto)
+ struct in_addr dst_addr, struct in_addr alias_addr, u_char proto)
{
struct alias_link *lnk;
LIBALIAS_LOCK(la);
- lnk = AddLink(la, src_addr, dst_addr, alias_addr,
- NO_SRC_PORT, NO_DEST_PORT, 0,
- proto);
+ lnk = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT,
+ NO_DEST_PORT, 0, proto);
if (lnk != NULL) {
lnk->flags |= LINK_PERMANENT;
}
#ifdef LIBALIAS_DEBUG
else {
- fprintf(stderr, "PacketAliasRedirectProto(): "
+ fprintf(stderr,
+ "PacketAliasRedirectProto(): "
"call to AddLink() failed\n");
}
#endif
@@ -1980,16 +1900,15 @@
struct alias_link *lnk;
LIBALIAS_LOCK(la);
- lnk = AddLink(la, src_addr, ANY_ADDR, alias_addr,
- 0, 0, 0,
- LINK_ADDR);
+ lnk = AddLink(la, src_addr, ANY_ADDR, alias_addr, 0, 0, 0, LINK_ADDR);
if (lnk != NULL) {
lnk->flags |= LINK_PERMANENT;
}
#ifdef LIBALIAS_DEBUG
else {
- fprintf(stderr, "PacketAliasRedirectAddr(): "
+ fprintf(stderr,
+ "PacketAliasRedirectAddr(): "
"call to AddLink() failed\n");
}
#endif
@@ -2032,8 +1951,8 @@
LibAliasSetAddress(struct libalias *la, struct in_addr addr)
{
LIBALIAS_LOCK(la);
- if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE
- && la->aliasAddress.s_addr != addr.s_addr)
+ if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE &&
+ la->aliasAddress.s_addr != addr.s_addr)
CleanupAliasData(la, 0);
la->aliasAddress = addr;
@@ -2047,7 +1966,8 @@
LIBALIAS_LOCK(la);
if (port_low) {
la->aliasPortLower = port_low;
- /* Add 1 to the aliasPortLength as modulo has range of 1 to n-1 */
+ /* Add 1 to the aliasPortLength as modulo has range of 1 to n-1
+ */
la->aliasPortLength = port_high - port_low + 1;
} else {
/* Set default values */
@@ -2077,7 +1997,7 @@
{
if (la == NULL) {
#ifdef _KERNEL
-#undef malloc /* XXX: ugly */
+#undef malloc /* XXX: ugly */
la = malloc(sizeof *la, M_ALIAS, M_WAITOK | M_ZERO);
#else
la = calloc(sizeof *la, 1);
@@ -2166,11 +2086,10 @@
/* Change mode for some operations */
unsigned int
-LibAliasSetMode(
- struct libalias *la,
- unsigned int flags, /* Which state to bring flags to */
- unsigned int mask /* Mask of which flags to affect (use 0 to
- * do a probe for flag values) */
+LibAliasSetMode(struct libalias *la,
+ unsigned int flags, /* Which state to bring flags to */
+ unsigned int mask /* Mask of which flags to affect (use 0 to
+ * do a probe for flag values) */
)
{
int res = -1;
@@ -2211,8 +2130,9 @@
/* Firewall include files */
#include <net/if.h>
#include <netinet/ip_fw.h>
-#include <string.h>
+
#include <err.h>
+#include <string.h>
/*
* helper function, updates the pointer to cmd with the length
@@ -2220,7 +2140,7 @@
* the new command in case it has been clobbered before.
*/
static ipfw_insn *
-next_cmd(ipfw_insn * cmd)
+next_cmd(ipfw_insn *cmd)
{
cmd += F_LEN(cmd);
bzero(cmd, sizeof(*cmd));
@@ -2232,8 +2152,8 @@
* Existing flags are preserved.
*/
static ipfw_insn *
-fill_cmd(ipfw_insn * cmd, enum ipfw_opcodes opcode, int size,
- int flags, u_int16_t arg)
+fill_cmd(ipfw_insn *cmd, enum ipfw_opcodes opcode, int size, int flags,
+ u_int16_t arg)
{
cmd->opcode = opcode;
cmd->len = ((cmd->len | flags) & (F_NOT | F_OR)) | (size & F_LEN_MASK);
@@ -2242,7 +2162,7 @@
}
static ipfw_insn *
-fill_ip(ipfw_insn * cmd1, enum ipfw_opcodes opcode, u_int32_t addr)
+fill_ip(ipfw_insn *cmd1, enum ipfw_opcodes opcode, u_int32_t addr)
{
ipfw_insn_ip *cmd = (ipfw_insn_ip *)cmd1;
@@ -2251,7 +2171,7 @@
}
static ipfw_insn *
-fill_one_port(ipfw_insn * cmd1, enum ipfw_opcodes opcode, u_int16_t port)
+fill_one_port(ipfw_insn *cmd1, enum ipfw_opcodes opcode, u_int16_t port)
{
ipfw_insn_u16 *cmd = (ipfw_insn_u16 *)cmd1;
@@ -2260,9 +2180,8 @@
}
static int
-fill_rule(void *buf, int bufsize, int rulenum,
- enum ipfw_opcodes action, int proto,
- struct in_addr sa, u_int16_t sp, struct in_addr da, u_int16_t dp)
+fill_rule(void *buf, int bufsize, int rulenum, enum ipfw_opcodes action,
+ int proto, struct in_addr sa, u_int16_t sp, struct in_addr da, u_int16_t dp)
{
struct ip_fw *rule = (struct ip_fw *)buf;
ipfw_insn *cmd = (ipfw_insn *)rule->cmd;
@@ -2316,15 +2235,14 @@
PunchFWHole(struct alias_link *lnk)
{
struct libalias *la;
- int r; /* Result code */
- struct ip_fw rule; /* On-the-fly built rule */
- int fwhole; /* Where to punch hole */
+ int r; /* Result code */
+ struct ip_fw rule; /* On-the-fly built rule */
+ int fwhole; /* Where to punch hole */
la = lnk->la;
/* Don't do anything unless we are asked to */
- if (!(la->packetAliasMode & PKT_ALIAS_PUNCH_FW) ||
- la->fireWallFD < 0 ||
+ if (!(la->packetAliasMode & PKT_ALIAS_PUNCH_FW) || la->fireWallFD < 0 ||
lnk->link_type != LINK_TCP)
return;
@@ -2334,19 +2252,22 @@
/* Find empty slot */
for (fwhole = la->fireWallActiveNum;
- fwhole < la->fireWallBaseNum + la->fireWallNumNums &&
- fw_tstfield(la, la->fireWallField, fwhole);
- fwhole++);
+ fwhole < la->fireWallBaseNum + la->fireWallNumNums &&
+ fw_tstfield(la, la->fireWallField, fwhole);
+ fwhole++)
+ ;
if (fwhole == la->fireWallBaseNum + la->fireWallNumNums) {
for (fwhole = la->fireWallBaseNum;
- fwhole < la->fireWallActiveNum &&
- fw_tstfield(la, la->fireWallField, fwhole);
- fwhole++);
+ fwhole < la->fireWallActiveNum &&
+ fw_tstfield(la, la->fireWallField, fwhole);
+ fwhole++)
+ ;
if (fwhole == la->fireWallActiveNum) {
/* No rule point empty - we can't punch more holes. */
la->fireWallActiveNum = la->fireWallBaseNum;
#ifdef LIBALIAS_DEBUG
- fprintf(stderr, "libalias: Unable to create firewall hole!\n");
+ fprintf(stderr,
+ "libalias: Unable to create firewall hole!\n");
#endif
return;
}
@@ -2364,19 +2285,20 @@
u_int32_t rulebuf[255];
int i;
- i = fill_rule(rulebuf, sizeof(rulebuf), fwhole,
- O_ACCEPT, IPPROTO_TCP,
- GetOriginalAddress(lnk), ntohs(GetOriginalPort(lnk)),
- GetDestAddress(lnk), ntohs(GetDestPort(lnk)));
- r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i);
+ i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, O_ACCEPT,
+ IPPROTO_TCP, GetOriginalAddress(lnk),
+ ntohs(GetOriginalPort(lnk)), GetDestAddress(lnk),
+ ntohs(GetDestPort(lnk)));
+ r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf,
+ i);
if (r)
err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)");
- i = fill_rule(rulebuf, sizeof(rulebuf), fwhole,
- O_ACCEPT, IPPROTO_TCP,
- GetDestAddress(lnk), ntohs(GetDestPort(lnk)),
+ i = fill_rule(rulebuf, sizeof(rulebuf), fwhole, O_ACCEPT,
+ IPPROTO_TCP, GetDestAddress(lnk), ntohs(GetDestPort(lnk)),
GetOriginalAddress(lnk), ntohs(GetOriginalPort(lnk)));
- r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i);
+ r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf,
+ i);
if (r)
err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)");
}
@@ -2395,15 +2317,17 @@
la = lnk->la;
if (lnk->link_type == LINK_TCP) {
- int fwhole = lnk->data.tcp->fwhole; /* Where is the firewall hole? */
+ int fwhole =
+ lnk->data.tcp->fwhole; /* Where is the firewall hole? */
struct ip_fw rule;
if (fwhole < 0)
return;
- memset(&rule, 0, sizeof rule); /* useless for ipfw2 */
+ memset(&rule, 0, sizeof rule); /* useless for ipfw2 */
while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL,
- &fwhole, sizeof fwhole));
+ &fwhole, sizeof fwhole))
+ ;
fw_clrfield(la, la->fireWallField, fwhole);
lnk->data.tcp->fwhole = -1;
}
@@ -2413,17 +2337,20 @@
static void
ClearAllFWHoles(struct libalias *la)
{
- struct ip_fw rule; /* On-the-fly built rule */
+ struct ip_fw rule; /* On-the-fly built rule */
int i;
if (la->fireWallFD < 0)
return;
memset(&rule, 0, sizeof rule);
- for (i = la->fireWallBaseNum; i < la->fireWallBaseNum + la->fireWallNumNums; i++) {
+ for (i = la->fireWallBaseNum;
+ i < la->fireWallBaseNum + la->fireWallNumNums; i++) {
int r = i;
- while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, sizeof r));
+ while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r,
+ sizeof r))
+ ;
}
/* XXX: third arg correct here ? /phk */
memset(la->fireWallField, 0, la->fireWallNumNums);
@@ -2454,24 +2381,24 @@
* Find the address to redirect incoming packets
*/
struct in_addr
-FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm)
+FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm)
{
struct alias_link *lnk;
struct in_addr redir;
LIBALIAS_LOCK_ASSERT(la);
lnk = FindLinkIn(la, sm->ip_hdr->ip_src, sm->ip_hdr->ip_dst,
- sm->sctp_hdr->dest_port,sm->sctp_hdr->dest_port, LINK_SCTP, 1);
+ sm->sctp_hdr->dest_port, sm->sctp_hdr->dest_port, LINK_SCTP, 1);
if (lnk != NULL) {
/* port redirect */
return (lnk->src_addr);
} else {
- redir = FindOriginalAddress(la,sm->ip_hdr->ip_dst);
+ redir = FindOriginalAddress(la, sm->ip_hdr->ip_dst);
if (redir.s_addr == la->aliasAddress.s_addr ||
redir.s_addr == la->targetAddress.s_addr) {
/* No address found */
- lnk = FindLinkIn(la, sm->ip_hdr->ip_src, sm->ip_hdr->ip_dst,
- NO_DEST_PORT, 0, LINK_SCTP, 1);
+ lnk = FindLinkIn(la, sm->ip_hdr->ip_src,
+ sm->ip_hdr->ip_dst, NO_DEST_PORT, 0, LINK_SCTP, 1);
if (lnk != NULL)
/* redirect proto */
return (lnk->src_addr);
Index: sys/netinet/libalias/alias_dummy.c
===================================================================
--- sys/netinet/libalias/alias_dummy.c
+++ sys/netinet/libalias/alias_dummy.c
@@ -38,13 +38,14 @@
#include <sys/kernel.h>
#include <sys/module.h>
#else
-#include <errno.h>
#include <sys/types.h>
+
+#include <errno.h>
#include <stdio.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
@@ -56,8 +57,8 @@
#include "alias_mod.h"
#endif
-static void
-AliasHandleDummy(struct libalias *la, struct ip *ip, struct alias_data *ah);
+static void AliasHandleDummy(struct libalias *la, struct ip *ip,
+ struct alias_data *ah);
static int
fingerprint(struct libalias *la, struct alias_data *ah)
@@ -74,8 +75,8 @@
* return an OK value.
*/
if (ntohs(*ah->dport) == 123 || ntohs(*ah->sport) == 456)
- return (0); /* I know how to handle it. */
- return (-1); /* I don't recognize this packet. */
+ return (0); /* I know how to handle it. */
+ return (-1); /* I don't recognize this packet. */
}
/*
@@ -98,16 +99,12 @@
* ITS EXACT NAME: handlers.
*/
-struct proto_handler handlers [] = {
- {
- .pri = 666,
- .dir = IN|OUT,
- .proto = UDP|TCP,
- .fingerprint = &fingerprint,
- .protohandler = &protohandler
- },
- { EOH }
-};
+struct proto_handler handlers[] = { { .pri = 666,
+ .dir = IN | OUT,
+ .proto = UDP | TCP,
+ .fingerprint = &fingerprint,
+ .protohandler = &protohandler },
+ { EOH } };
static int
mod_handler(module_t mod, int type, void *data)
@@ -132,9 +129,7 @@
#ifdef _KERNEL
static
#endif
-moduledata_t alias_mod = {
- "alias_dummy", mod_handler, NULL
-};
+ moduledata_t alias_mod = { "alias_dummy", mod_handler, NULL };
#ifdef _KERNEL
DECLARE_MODULE(alias_dummy, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
Index: sys/netinet/libalias/alias_ftp.c
===================================================================
--- sys/netinet/libalias/alias_ftp.c
+++ sys/netinet/libalias/alias_ftp.c
@@ -70,20 +70,21 @@
/* Includes */
#ifdef _KERNEL
#include <sys/param.h>
-#include <sys/ctype.h>
#include <sys/systm.h>
+#include <sys/ctype.h>
#include <sys/kernel.h>
#include <sys/module.h>
#else
+#include <sys/types.h>
+
#include <ctype.h>
#include <errno.h>
-#include <sys/types.h>
#include <stdio.h>
#include <string.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
@@ -98,11 +99,10 @@
#define FTP_CONTROL_PORT_NUMBER 21
-static void
-AliasHandleFtpOut(struct libalias *, struct ip *, struct alias_link *,
- int maxpacketsize);
-static void
-AliasHandleFtpIn(struct libalias *, struct ip *, struct alias_link *);
+static void AliasHandleFtpOut(struct libalias *, struct ip *,
+ struct alias_link *, int maxpacketsize);
+static void AliasHandleFtpIn(struct libalias *, struct ip *,
+ struct alias_link *);
static int
fingerprint_out(struct libalias *la, struct alias_data *ah)
@@ -141,23 +141,17 @@
return (0);
}
-struct proto_handler handlers[] = {
- {
- .pri = 80,
- .dir = OUT,
- .proto = TCP,
- .fingerprint = &fingerprint_out,
- .protohandler = &protohandler_out
- },
- {
- .pri = 80,
- .dir = IN,
- .proto = TCP,
- .fingerprint = &fingerprint_in,
- .protohandler = &protohandler_in
- },
- { EOH }
-};
+struct proto_handler handlers[] = { { .pri = 80,
+ .dir = OUT,
+ .proto = TCP,
+ .fingerprint = &fingerprint_out,
+ .protohandler = &protohandler_out },
+ { .pri = 80,
+ .dir = IN,
+ .proto = TCP,
+ .fingerprint = &fingerprint_in,
+ .protohandler = &protohandler_in },
+ { EOH } };
static int
mod_handler(module_t mod, int type, void *data)
@@ -182,9 +176,7 @@
#ifdef _KERNEL
static
#endif
-moduledata_t alias_mod = {
- "alias_ftp", mod_handler, NULL
-};
+ moduledata_t alias_mod = { "alias_ftp", mod_handler, NULL };
#ifdef _KERNEL
DECLARE_MODULE(alias_ftp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
@@ -196,7 +188,7 @@
#define MAX_MESSAGE_SIZE 128
/* FTP protocol flags. */
-#define WAIT_CRLF 0x01
+#define WAIT_CRLF 0x01
enum ftp_message_type {
FTP_PORT_COMMAND,
@@ -206,11 +198,12 @@
FTP_UNKNOWN_MESSAGE
};
-static int ParseFtpPortCommand(struct libalias *la, char *, int);
-static int ParseFtpEprtCommand(struct libalias *la, char *, int);
-static int ParseFtp227Reply(struct libalias *la, char *, int);
-static int ParseFtp229Reply(struct libalias *la, char *, int);
-static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
+static int ParseFtpPortCommand(struct libalias *la, char *, int);
+static int ParseFtpEprtCommand(struct libalias *la, char *, int);
+static int ParseFtp227Reply(struct libalias *la, char *, int);
+static int ParseFtp229Reply(struct libalias *la, char *, int);
+static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *,
+ int, int);
static void
AliasHandleFtpOut(
@@ -244,13 +237,15 @@
ftp_message_type = FTP_UNKNOWN_MESSAGE;
if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) {
- /* When aliasing a client, check for the PORT/EPRT command. */
+ /* When aliasing a client, check for the PORT/EPRT
+ * command. */
if (ParseFtpPortCommand(la, sptr, dlen))
ftp_message_type = FTP_PORT_COMMAND;
else if (ParseFtpEprtCommand(la, sptr, dlen))
ftp_message_type = FTP_EPRT_COMMAND;
} else {
- /* When aliasing a server, check for the 227/229 reply. */
+ /* When aliasing a server, check for the 227/229 reply.
+ */
if (ParseFtp227Reply(la, sptr, dlen))
ftp_message_type = FTP_227_REPLY;
else if (ParseFtp229Reply(la, sptr, dlen)) {
@@ -260,12 +255,13 @@
}
if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
- NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type);
+ NewFtpMessage(la, pip, lnk, maxpacketsize,
+ ftp_message_type);
}
/* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
- if (dlen) { /* only if there's data */
- sptr = (char *)pip; /* start over at beginning */
+ if (dlen) { /* only if there's data */
+ sptr = (char *)pip; /* start over at beginning */
tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may have grown */
if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
pflags &= ~WAIT_CRLF;
@@ -277,8 +273,8 @@
static void
AliasHandleFtpIn(struct libalias *la,
- struct ip *pip, /* IP packet to examine/patch */
- struct alias_link *lnk) /* The link to go through (aliased port) */
+ struct ip *pip, /* IP packet to examine/patch */
+ struct alias_link *lnk) /* The link to go through (aliased port) */
{
int hlen, tlen, dlen, pflags;
char *sptr;
@@ -302,7 +298,7 @@
if (dlen <= MAX_MESSAGE_SIZE && (pflags & WAIT_CRLF) == 0 &&
ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER &&
(ParseFtpPortCommand(la, sptr, dlen) != 0 ||
- ParseFtpEprtCommand(la, sptr, dlen) != 0)) {
+ ParseFtpEprtCommand(la, sptr, dlen) != 0)) {
/*
* Alias active mode client requesting data from server
* behind NAT. We need to alias server->client connection
@@ -314,15 +310,15 @@
}
/* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
if (dlen) {
- sptr = (char *)pip; /* start over at beginning */
- tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may
- * have grown. */
+ sptr = (char *)pip; /* start over at beginning */
+ tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may
+ * have grown. */
if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
pflags &= ~WAIT_CRLF;
else
pflags |= WAIT_CRLF;
SetProtocolFlags(lnk, pflags);
- }
+ }
}
static int
@@ -417,7 +413,7 @@
return (0);
addr = port = octet = 0;
- delim = '|'; /* XXX gcc -Wuninitialized */
+ delim = '|'; /* XXX gcc -Wuninitialized */
state = 0;
for (i = 5; i < dlen; i++) {
ch = sptr[i];
@@ -429,7 +425,7 @@
}
break;
case 1:
- if (ch == '1') /* IPv4 address */
+ if (ch == '1') /* IPv4 address */
state++;
else
return (0);
@@ -578,7 +574,7 @@
return (0);
port = 0;
- delim = '|'; /* XXX gcc -Wuninitialized */
+ delim = '|'; /* XXX gcc -Wuninitialized */
state = 0;
for (i = 4; i < dlen; i++) {
@@ -631,10 +627,8 @@
}
static void
-NewFtpMessage(struct libalias *la, struct ip *pip,
- struct alias_link *lnk,
- int maxpacketsize,
- int ftp_message_type)
+NewFtpMessage(struct libalias *la, struct ip *pip, struct alias_link *lnk,
+ int maxpacketsize, int ftp_message_type)
{
struct alias_link *ftp_lnk;
@@ -695,8 +689,9 @@
if (ftp_message_type == FTP_PORT_COMMAND) {
/* Generate PORT command string. */
- sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
- a1, a2, a3, a4, p1, p2);
+ sprintf(stemp,
+ "PORT %d,%d,%d,%d,%d,%d\r\n", a1,
+ a2, a3, a4, p1, p2);
} else {
/* Generate 227 reply string. */
sprintf(stemp,
@@ -711,7 +706,8 @@
break;
case FTP_229_REPLY:
/* Generate 229 reply string. */
- sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n",
+ sprintf(stemp,
+ "229 Entering Extended Passive Mode (|||%d|)\r\n",
ntohs(alias_port));
break;
}
@@ -740,12 +736,9 @@
{
u_short new_len;
- new_len = htons(hlen +
- MIN(slen, maxpacketsize - hlen));
- DifferentialChecksum(&pip->ip_sum,
- &new_len,
- &pip->ip_len,
- 1);
+ new_len = htons(hlen + MIN(slen, maxpacketsize - hlen));
+ DifferentialChecksum(&pip->ip_sum, &new_len,
+ &pip->ip_len, 1);
pip->ip_len = new_len;
}
Index: sys/netinet/libalias/alias_irc.c
===================================================================
--- sys/netinet/libalias/alias_irc.c
+++ sys/netinet/libalias/alias_irc.c
@@ -50,23 +50,24 @@
/* Includes */
#ifdef _KERNEL
#include <sys/param.h>
-#include <sys/ctype.h>
-#include <sys/limits.h>
#include <sys/systm.h>
+#include <sys/ctype.h>
#include <sys/kernel.h>
+#include <sys/limits.h>
#include <sys/module.h>
#else
+#include <sys/types.h>
+
#include <ctype.h>
#include <errno.h>
-#include <sys/types.h>
+#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <limits.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
@@ -82,23 +83,22 @@
#define IRC_CONTROL_PORT_NUMBER_1 6667
#define IRC_CONTROL_PORT_NUMBER_2 6668
-#define PKTSIZE (IP_MAXPACKET + 1)
+#define PKTSIZE (IP_MAXPACKET + 1)
char *newpacket;
/* Local defines */
#define DBprintf(a)
-static void
-AliasHandleIrcOut(struct libalias *, struct ip *, struct alias_link *,
- int maxpacketsize);
+static void AliasHandleIrcOut(struct libalias *, struct ip *,
+ struct alias_link *, int maxpacketsize);
static int
fingerprint(struct libalias *la, struct alias_data *ah)
{
if (ah->dport == NULL || ah->lnk == NULL || ah->maxpktsize == 0)
return (-1);
- if (ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_1
- || ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_2)
+ if (ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_1 ||
+ ntohs(*ah->dport) == IRC_CONTROL_PORT_NUMBER_2)
return (0);
return (-1);
}
@@ -114,16 +114,12 @@
return (0);
}
-struct proto_handler handlers[] = {
- {
- .pri = 90,
- .dir = OUT,
- .proto = TCP,
- .fingerprint = &fingerprint,
- .protohandler = &protohandler
- },
- { EOH }
-};
+struct proto_handler handlers[] = { { .pri = 90,
+ .dir = OUT,
+ .proto = TCP,
+ .fingerprint = &fingerprint,
+ .protohandler = &protohandler },
+ { EOH } };
static int
mod_handler(module_t mod, int type, void *data)
@@ -148,9 +144,7 @@
#ifdef _KERNEL
static
#endif
-moduledata_t alias_mod = {
- "alias_irc", mod_handler, NULL
-};
+ moduledata_t alias_mod = { "alias_irc", mod_handler, NULL };
/* Kernel module definition. */
#ifdef _KERNEL
@@ -161,10 +155,10 @@
static void
AliasHandleIrcOut(struct libalias *la,
- struct ip *pip, /* IP packet to examine */
- struct alias_link *lnk, /* Which link are we on? */
- int maxsize /* Maximum size of IP packet including
- * headers */
+ struct ip *pip, /* IP packet to examine */
+ struct alias_link *lnk, /* Which link are we on? */
+ int maxsize /* Maximum size of IP packet including
+ * headers */
)
{
int hlen, tlen, dlen;
@@ -172,7 +166,7 @@
u_short true_port;
char *sptr;
struct tcphdr *tc;
- int i; /* Iterator through the source */
+ int i; /* Iterator through the source */
/* Calculate data length of TCP packet */
tc = (struct tcphdr *)ip_next(pip);
@@ -190,287 +184,288 @@
/* Place string pointer at beginning of data */
sptr = (char *)pip;
sptr += hlen;
- maxsize -= hlen; /* We're interested in maximum size of
- * data, not packet */
+ maxsize -= hlen; /* We're interested in maximum size of
+ * data, not packet */
/* Search for a CTCP command [Note 1] */
for (i = 0; i < dlen; i++) {
if (sptr[i] == '\001')
goto lFOUND_CTCP;
}
- return; /* No CTCP commands in */
- /* Handle CTCP commands - the buffer may have to be copied */
- lFOUND_CTCP:
- {
- unsigned int copyat = i;
- unsigned int iCopy = 0; /* How much data have we written to
- * copy-back string? */
- unsigned long org_addr; /* Original IP address */
- unsigned short org_port; /* Original source port
- * address */
-
- lCTCP_START:
- if (i >= dlen || iCopy >= PKTSIZE)
- goto lPACKET_DONE;
- newpacket[iCopy++] = sptr[i++]; /* Copy the CTCP start
- * character */
- /* Start of a CTCP */
- if (i + 4 >= dlen) /* Too short for DCC */
- goto lBAD_CTCP;
- if (sptr[i + 0] != 'D')
- goto lBAD_CTCP;
- if (sptr[i + 1] != 'C')
- goto lBAD_CTCP;
- if (sptr[i + 2] != 'C')
- goto lBAD_CTCP;
- if (sptr[i + 3] != ' ')
- goto lBAD_CTCP;
- /* We have a DCC command - handle it! */
- i += 4; /* Skip "DCC " */
- if (iCopy + 4 > PKTSIZE)
- goto lPACKET_DONE;
- newpacket[iCopy++] = 'D';
- newpacket[iCopy++] = 'C';
- newpacket[iCopy++] = 'C';
- newpacket[iCopy++] = ' ';
+ return; /* No CTCP commands in */
+/* Handle CTCP commands - the buffer may have to be copied */
+lFOUND_CTCP: {
+ unsigned int copyat = i;
+ unsigned int iCopy = 0; /* How much data have we written to
+ * copy-back string? */
+ unsigned long org_addr; /* Original IP address */
+ unsigned short org_port; /* Original source port
+ * address */
+
+lCTCP_START:
+ if (i >= dlen || iCopy >= PKTSIZE)
+ goto lPACKET_DONE;
+ newpacket[iCopy++] = sptr[i++]; /* Copy the CTCP start
+ * character */
+ /* Start of a CTCP */
+ if (i + 4 >= dlen) /* Too short for DCC */
+ goto lBAD_CTCP;
+ if (sptr[i + 0] != 'D')
+ goto lBAD_CTCP;
+ if (sptr[i + 1] != 'C')
+ goto lBAD_CTCP;
+ if (sptr[i + 2] != 'C')
+ goto lBAD_CTCP;
+ if (sptr[i + 3] != ' ')
+ goto lBAD_CTCP;
+ /* We have a DCC command - handle it! */
+ i += 4; /* Skip "DCC " */
+ if (iCopy + 4 > PKTSIZE)
+ goto lPACKET_DONE;
+ newpacket[iCopy++] = 'D';
+ newpacket[iCopy++] = 'C';
+ newpacket[iCopy++] = 'C';
+ newpacket[iCopy++] = ' ';
- DBprintf(("Found DCC\n"));
- /*
- * Skip any extra spaces (should not occur according to
- * protocol, but DCC breaks CTCP protocol anyway
- */
- while (sptr[i] == ' ') {
- if (++i >= dlen) {
- DBprintf(("DCC packet terminated in just spaces\n"));
- goto lPACKET_DONE;
- }
+ DBprintf(("Found DCC\n"));
+ /*
+ * Skip any extra spaces (should not occur according to
+ * protocol, but DCC breaks CTCP protocol anyway
+ */
+ while (sptr[i] == ' ') {
+ if (++i >= dlen) {
+ DBprintf(("DCC packet terminated in just spaces\n"));
+ goto lPACKET_DONE;
}
+ }
- DBprintf(("Transferring command...\n"));
- while (sptr[i] != ' ') {
- newpacket[iCopy++] = sptr[i];
- if (++i >= dlen || iCopy >= PKTSIZE) {
- DBprintf(("DCC packet terminated during command\n"));
- goto lPACKET_DONE;
- }
+ DBprintf(("Transferring command...\n"));
+ while (sptr[i] != ' ') {
+ newpacket[iCopy++] = sptr[i];
+ if (++i >= dlen || iCopy >= PKTSIZE) {
+ DBprintf(("DCC packet terminated during command\n"));
+ goto lPACKET_DONE;
}
- /* Copy _one_ space */
- if (i + 1 < dlen && iCopy < PKTSIZE)
- newpacket[iCopy++] = sptr[i++];
+ }
+ /* Copy _one_ space */
+ if (i + 1 < dlen && iCopy < PKTSIZE)
+ newpacket[iCopy++] = sptr[i++];
- DBprintf(("Done command - removing spaces\n"));
- /*
- * Skip any extra spaces (should not occur according to
- * protocol, but DCC breaks CTCP protocol anyway
- */
- while (sptr[i] == ' ') {
- if (++i >= dlen) {
- DBprintf(("DCC packet terminated in just spaces (post-command)\n"));
- goto lPACKET_DONE;
- }
+ DBprintf(("Done command - removing spaces\n"));
+ /*
+ * Skip any extra spaces (should not occur according to
+ * protocol, but DCC breaks CTCP protocol anyway
+ */
+ while (sptr[i] == ' ') {
+ if (++i >= dlen) {
+ DBprintf((
+ "DCC packet terminated in just spaces (post-command)\n"));
+ goto lPACKET_DONE;
}
+ }
- DBprintf(("Transferring filename...\n"));
- while (sptr[i] != ' ') {
- newpacket[iCopy++] = sptr[i];
- if (++i >= dlen || iCopy >= PKTSIZE) {
- DBprintf(("DCC packet terminated during filename\n"));
- goto lPACKET_DONE;
- }
+ DBprintf(("Transferring filename...\n"));
+ while (sptr[i] != ' ') {
+ newpacket[iCopy++] = sptr[i];
+ if (++i >= dlen || iCopy >= PKTSIZE) {
+ DBprintf(("DCC packet terminated during filename\n"));
+ goto lPACKET_DONE;
}
- /* Copy _one_ space */
- if (i + 1 < dlen && iCopy < PKTSIZE)
- newpacket[iCopy++] = sptr[i++];
+ }
+ /* Copy _one_ space */
+ if (i + 1 < dlen && iCopy < PKTSIZE)
+ newpacket[iCopy++] = sptr[i++];
- DBprintf(("Done filename - removing spaces\n"));
- /*
- * Skip any extra spaces (should not occur according to
- * protocol, but DCC breaks CTCP protocol anyway
- */
- while (sptr[i] == ' ') {
- if (++i >= dlen) {
- DBprintf(("DCC packet terminated in just spaces (post-filename)\n"));
- goto lPACKET_DONE;
- }
+ DBprintf(("Done filename - removing spaces\n"));
+ /*
+ * Skip any extra spaces (should not occur according to
+ * protocol, but DCC breaks CTCP protocol anyway
+ */
+ while (sptr[i] == ' ') {
+ if (++i >= dlen) {
+ DBprintf((
+ "DCC packet terminated in just spaces (post-filename)\n"));
+ goto lPACKET_DONE;
}
+ }
- DBprintf(("Fetching IP address\n"));
- /* Fetch IP address */
- org_addr = 0;
- while (i < dlen && isdigit(sptr[i])) {
- if (org_addr > ULONG_MAX / 10UL) { /* Terminate on overflow */
- DBprintf(("DCC Address overflow (org_addr == 0x%08lx, next char %c\n", org_addr, sptr[i]));
- goto lBAD_CTCP;
- }
- org_addr *= 10;
- org_addr += sptr[i++] - '0';
- }
- DBprintf(("Skipping space\n"));
- if (i + 1 >= dlen || sptr[i] != ' ') {
- DBprintf(("Overflow (%d >= %d) or bad character (%02x) terminating IP address\n", i + 1, dlen, sptr[i]));
+ DBprintf(("Fetching IP address\n"));
+ /* Fetch IP address */
+ org_addr = 0;
+ while (i < dlen && isdigit(sptr[i])) {
+ if (org_addr > ULONG_MAX / 10UL) { /* Terminate on overflow */
+ DBprintf((
+ "DCC Address overflow (org_addr == 0x%08lx, next char %c\n",
+ org_addr, sptr[i]));
goto lBAD_CTCP;
}
- /*
- * Skip any extra spaces (should not occur according to
- * protocol, but DCC breaks CTCP protocol anyway, so we
- * might as well play it safe
- */
- while (sptr[i] == ' ') {
- if (++i >= dlen) {
- DBprintf(("Packet failure - space overflow.\n"));
- goto lPACKET_DONE;
- }
- }
- DBprintf(("Fetching port number\n"));
- /* Fetch source port */
- org_port = 0;
- while (i < dlen && isdigit(sptr[i])) {
- if (org_port > 6554) { /* Terminate on overflow
- * (65536/10 rounded up */
- DBprintf(("DCC: port number overflow\n"));
- goto lBAD_CTCP;
- }
- org_port *= 10;
- org_port += sptr[i++] - '0';
+ org_addr *= 10;
+ org_addr += sptr[i++] - '0';
+ }
+ DBprintf(("Skipping space\n"));
+ if (i + 1 >= dlen || sptr[i] != ' ') {
+ DBprintf((
+ "Overflow (%d >= %d) or bad character (%02x) terminating IP address\n",
+ i + 1, dlen, sptr[i]));
+ goto lBAD_CTCP;
+ }
+ /*
+ * Skip any extra spaces (should not occur according to
+ * protocol, but DCC breaks CTCP protocol anyway, so we
+ * might as well play it safe
+ */
+ while (sptr[i] == ' ') {
+ if (++i >= dlen) {
+ DBprintf(("Packet failure - space overflow.\n"));
+ goto lPACKET_DONE;
}
- /* Skip illegal addresses (or early termination) */
- if (i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ')) {
- DBprintf(("Bad port termination\n"));
+ }
+ DBprintf(("Fetching port number\n"));
+ /* Fetch source port */
+ org_port = 0;
+ while (i < dlen && isdigit(sptr[i])) {
+ if (org_port > 6554) { /* Terminate on overflow
+ * (65536/10 rounded up */
+ DBprintf(("DCC: port number overflow\n"));
goto lBAD_CTCP;
}
- DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port));
+ org_port *= 10;
+ org_port += sptr[i++] - '0';
+ }
+ /* Skip illegal addresses (or early termination) */
+ if (i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ')) {
+ DBprintf(("Bad port termination\n"));
+ goto lBAD_CTCP;
+ }
+ DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port));
- /* We've got the address and port - now alias it */
- {
- struct alias_link *dcc_lnk;
- struct in_addr destaddr;
+ /* We've got the address and port - now alias it */
+ {
+ struct alias_link *dcc_lnk;
+ struct in_addr destaddr;
- true_port = htons(org_port);
- true_addr.s_addr = htonl(org_addr);
- destaddr.s_addr = 0;
+ true_port = htons(org_port);
+ true_addr.s_addr = htonl(org_addr);
+ destaddr.s_addr = 0;
- /* Sanity/Security checking */
- if (!org_addr || !org_port ||
- pip->ip_src.s_addr != true_addr.s_addr ||
- org_port < IPPORT_RESERVED)
- goto lBAD_CTCP;
+ /* Sanity/Security checking */
+ if (!org_addr || !org_port ||
+ pip->ip_src.s_addr != true_addr.s_addr ||
+ org_port < IPPORT_RESERVED)
+ goto lBAD_CTCP;
- /*
- * Steal the FTP_DATA_PORT - it doesn't really
- * matter, and this would probably allow it through
- * at least _some_ firewalls.
- */
- dcc_lnk = FindUdpTcpOut(la, true_addr, destaddr,
- true_port, 0,
- IPPROTO_TCP, 1);
- DBprintf(("Got a DCC link\n"));
- if (dcc_lnk) {
- struct in_addr alias_address; /* Address from aliasing */
- u_short alias_port; /* Port given by
- * aliasing */
- int n;
+ /*
+ * Steal the FTP_DATA_PORT - it doesn't really
+ * matter, and this would probably allow it through
+ * at least _some_ firewalls.
+ */
+ dcc_lnk = FindUdpTcpOut(la, true_addr, destaddr, true_port, 0,
+ IPPROTO_TCP, 1);
+ DBprintf(("Got a DCC link\n"));
+ if (dcc_lnk) {
+ struct in_addr
+ alias_address; /* Address from aliasing */
+ u_short alias_port; /* Port given by
+ * aliasing */
+ int n;
#ifndef NO_FW_PUNCH
- /* Generate firewall hole as appropriate */
- PunchFWHole(dcc_lnk);
+ /* Generate firewall hole as appropriate */
+ PunchFWHole(dcc_lnk);
#endif
- alias_address = GetAliasAddress(lnk);
- n = snprintf(&newpacket[iCopy],
- PKTSIZE - iCopy,
- "%lu ", (u_long) htonl(alias_address.s_addr));
- if (n < 0) {
- DBprintf(("DCC packet construct failure.\n"));
- goto lBAD_CTCP;
- }
- if ((iCopy += n) >= PKTSIZE) { /* Truncated/fit exactly
- * - bad news */
- DBprintf(("DCC constructed packet overflow.\n"));
- goto lBAD_CTCP;
- }
- alias_port = GetAliasPort(dcc_lnk);
- n = snprintf(&newpacket[iCopy],
- PKTSIZE - iCopy,
- "%u", htons(alias_port));
- if (n < 0) {
- DBprintf(("DCC packet construct failure.\n"));
- goto lBAD_CTCP;
- }
- iCopy += n;
- /*
- * Done - truncated cases will be taken
- * care of by lBAD_CTCP
- */
- DBprintf(("Aliased IP %lu and port %u\n", alias_address.s_addr, (unsigned)alias_port));
+ alias_address = GetAliasAddress(lnk);
+ n = snprintf(&newpacket[iCopy], PKTSIZE - iCopy, "%lu ",
+ (u_long)htonl(alias_address.s_addr));
+ if (n < 0) {
+ DBprintf(("DCC packet construct failure.\n"));
+ goto lBAD_CTCP;
}
- }
- /*
- * An uninteresting CTCP - state entered right after '\001'
- * has been pushed. Also used to copy the rest of a DCC,
- * after IP address and port has been handled
- */
- lBAD_CTCP:
- for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) {
- newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */
- if (sptr[i] == '\001') {
- goto lNORMAL_TEXT;
+ if ((iCopy += n) >= PKTSIZE) { /* Truncated/fit exactly
+ * - bad news */
+ DBprintf(
+ ("DCC constructed packet overflow.\n"));
+ goto lBAD_CTCP;
}
- }
- goto lPACKET_DONE;
- /* Normal text */
- lNORMAL_TEXT:
- for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) {
- newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */
- if (sptr[i] == '\001') {
- goto lCTCP_START;
+ alias_port = GetAliasPort(dcc_lnk);
+ n = snprintf(&newpacket[iCopy], PKTSIZE - iCopy, "%u",
+ htons(alias_port));
+ if (n < 0) {
+ DBprintf(("DCC packet construct failure.\n"));
+ goto lBAD_CTCP;
}
+ iCopy += n;
+ /*
+ * Done - truncated cases will be taken
+ * care of by lBAD_CTCP
+ */
+ DBprintf(("Aliased IP %lu and port %u\n",
+ alias_address.s_addr, (unsigned)alias_port));
+ }
+ }
+/*
+ * An uninteresting CTCP - state entered right after '\001'
+ * has been pushed. Also used to copy the rest of a DCC,
+ * after IP address and port has been handled
+ */
+lBAD_CTCP:
+ for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) {
+ newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */
+ if (sptr[i] == '\001') {
+ goto lNORMAL_TEXT;
}
- /* Handle the end of a packet */
- lPACKET_DONE:
- iCopy = iCopy > maxsize - copyat ? maxsize - copyat : iCopy;
- memcpy(sptr + copyat, newpacket, iCopy);
-
- /* Save information regarding modified seq and ack numbers */
- {
- int delta;
-
- SetAckModified(lnk);
- tc = (struct tcphdr *)ip_next(pip);
- delta = GetDeltaSeqOut(tc->th_seq, lnk);
- AddSeq(lnk, delta + copyat + iCopy - dlen, pip->ip_hl,
- pip->ip_len, tc->th_seq, tc->th_off);
+ }
+ goto lPACKET_DONE;
+/* Normal text */
+lNORMAL_TEXT:
+ for (; i < dlen && iCopy < PKTSIZE; i++, iCopy++) {
+ newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */
+ if (sptr[i] == '\001') {
+ goto lCTCP_START;
}
+ }
+/* Handle the end of a packet */
+lPACKET_DONE:
+ iCopy = iCopy > maxsize - copyat ? maxsize - copyat : iCopy;
+ memcpy(sptr + copyat, newpacket, iCopy);
+
+ /* Save information regarding modified seq and ack numbers */
+ {
+ int delta;
- /* Revise IP header */
- {
- u_short new_len;
+ SetAckModified(lnk);
+ tc = (struct tcphdr *)ip_next(pip);
+ delta = GetDeltaSeqOut(tc->th_seq, lnk);
+ AddSeq(lnk, delta + copyat + iCopy - dlen, pip->ip_hl,
+ pip->ip_len, tc->th_seq, tc->th_off);
+ }
- new_len = htons(hlen + iCopy + copyat);
- DifferentialChecksum(&pip->ip_sum,
- &new_len,
- &pip->ip_len,
- 1);
- pip->ip_len = new_len;
- }
+ /* Revise IP header */
+ {
+ u_short new_len;
+
+ new_len = htons(hlen + iCopy + copyat);
+ DifferentialChecksum(&pip->ip_sum, &new_len, &pip->ip_len, 1);
+ pip->ip_len = new_len;
+ }
- /* Compute TCP checksum for revised packet */
- tc->th_sum = 0;
+ /* Compute TCP checksum for revised packet */
+ tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tc->th_x2 = (TH_RES1 >> 8);
#else
- tc->th_sum = TcpChecksum(pip);
+ tc->th_sum = TcpChecksum(pip);
#endif
- return;
- }
+ return;
+}
}
/* Notes:
[Note 1]
- The initial search will most often fail; it could be replaced with a 32-bit specific search.
- Such a search would be done for 32-bit unsigned value V:
- V ^= 0x01010101; (Search is for null bytes)
- if( ((V-0x01010101)^V) & 0x80808080 ) {
- (found a null bytes which was a 01 byte)
+ The initial search will most often fail; it could be replaced with a 32-bit
+ specific search. Such a search would be done for 32-bit unsigned value V: V ^=
+ 0x01010101; (Search is for null bytes) if( ((V-0x01010101)^V) &
+ 0x80808080 ) { (found a null bytes which was a 01 byte)
}
To assert that the processor is 32-bits, do
extern int ircdccar[32]; (32 bits)
Index: sys/netinet/libalias/alias_local.h
===================================================================
--- sys/netinet/libalias/alias_local.h
+++ sys/netinet/libalias/alias_local.h
@@ -44,20 +44,20 @@
*/
#ifndef _ALIAS_LOCAL_H_
-#define _ALIAS_LOCAL_H_
+#define _ALIAS_LOCAL_H_
-#include <sys/tree.h>
#include <sys/types.h>
#include <sys/sysctl.h>
+#include <sys/tree.h>
#ifdef _KERNEL
-#include <sys/malloc.h>
#include <sys/param.h>
#include <sys/lock.h>
+#include <sys/malloc.h>
#include <sys/mutex.h>
/* XXX: LibAliasSetTarget() uses this constant. */
-#define INADDR_NONE 0xffffffff
+#define INADDR_NONE 0xffffffff
#include <netinet/libalias/alias_sctp.h>
#else
@@ -65,8 +65,8 @@
#endif
/* Sizes of input and output link tables */
-#define GET_ALIAS_PORT -1
-#define GET_ALIAS_ID GET_ALIAS_PORT
+#define GET_ALIAS_PORT -1
+#define GET_ALIAS_ID GET_ALIAS_PORT
#ifdef _KERNEL
#define INET_NTOA_BUF(buf) (buf)
@@ -77,78 +77,78 @@
struct proxy_entry;
struct group_in {
- struct in_addr alias_addr;
- u_short alias_port;
- int link_type;
- SPLAY_ENTRY(group_in) in;
- LIST_HEAD(, alias_link) full, partial;
+ struct in_addr alias_addr;
+ u_short alias_port;
+ int link_type;
+ SPLAY_ENTRY(group_in) in;
+ LIST_HEAD(, alias_link) full, partial;
};
struct libalias {
LIST_ENTRY(libalias) instancelist;
/* Mode flags documented in alias.h */
- int packetAliasMode;
+ int packetAliasMode;
/* Address written onto source field of IP packet. */
- struct in_addr aliasAddress;
+ struct in_addr aliasAddress;
/* IP address incoming packets are sent to
* if no aliasing link already exists */
- struct in_addr targetAddress;
+ struct in_addr targetAddress;
/* Lookup table of pointers to chains of link records.
* Each link record is doubly indexed into input and
* output lookup tables. */
SPLAY_HEAD(splay_out, alias_link) linkSplayOut;
- SPLAY_HEAD(splay_in, group_in) linkSplayIn;
- LIST_HEAD (, alias_link) pptpList;
+ SPLAY_HEAD(splay_in, group_in) linkSplayIn;
+ LIST_HEAD(, alias_link) pptpList;
/* HouseKeeping */
- TAILQ_HEAD (, alias_link) checkExpire;
+ TAILQ_HEAD(, alias_link) checkExpire;
/* Link statistics */
- unsigned int icmpLinkCount;
- unsigned int udpLinkCount;
- unsigned int tcpLinkCount;
- unsigned int pptpLinkCount;
- unsigned int protoLinkCount;
- unsigned int fragmentIdLinkCount;
- unsigned int fragmentPtrLinkCount;
- unsigned int sockCount;
+ unsigned int icmpLinkCount;
+ unsigned int udpLinkCount;
+ unsigned int tcpLinkCount;
+ unsigned int pptpLinkCount;
+ unsigned int protoLinkCount;
+ unsigned int fragmentIdLinkCount;
+ unsigned int fragmentPtrLinkCount;
+ unsigned int sockCount;
/* log descriptor */
#ifdef _KERNEL
- char *logDesc;
+ char *logDesc;
#else
- FILE *logDesc;
+ FILE *logDesc;
#endif
#ifndef NO_FW_PUNCH
/* File descriptor to be able to control firewall.
* Opened by PacketAliasSetMode on first setting
* the PKT_ALIAS_PUNCH_FW flag. */
- int fireWallFD;
+ int fireWallFD;
/* The first firewall entry free for our use */
- int fireWallBaseNum;
+ int fireWallBaseNum;
/* How many entries can we use? */
- int fireWallNumNums;
+ int fireWallNumNums;
/* Which entry did we last use? */
- int fireWallActiveNum;
+ int fireWallActiveNum;
/* bool array for entries */
- char *fireWallField;
+ char *fireWallField;
#endif
/* TCP port used by the Skinny protocol. */
- unsigned int skinnyPort;
+ unsigned int skinnyPort;
struct proxy_entry *proxyList;
- struct in_addr true_addr; /* in network byte order. */
- u_short true_port; /* in host byte order. */
+ struct in_addr true_addr; /* in network byte order. */
+ u_short true_port; /* in host byte order. */
/* Port ranges for aliasing. */
- u_short aliasPortLower;
- u_short aliasPortLength;
+ u_short aliasPortLower;
+ u_short aliasPortLength;
/*
* sctp code support
*/
/* counts associations that have progressed to UP and not yet removed */
- int sctpLinkCount;
+ int sctpLinkCount;
#ifdef _KERNEL
/* timing queue for keeping track of association timeouts */
struct sctp_nat_timer sctpNatTimer;
@@ -169,10 +169,10 @@
#ifdef _KERNEL
#define LIBALIAS_LOCK_INIT(l) \
mtx_init(&l->mutex, "per-instance libalias mutex", NULL, MTX_DEF)
-#define LIBALIAS_LOCK_ASSERT(l) mtx_assert(&l->mutex, MA_OWNED)
-#define LIBALIAS_LOCK(l) mtx_lock(&l->mutex)
-#define LIBALIAS_UNLOCK(l) mtx_unlock(&l->mutex)
-#define LIBALIAS_LOCK_DESTROY(l) mtx_destroy(&l->mutex)
+#define LIBALIAS_LOCK_ASSERT(l) mtx_assert(&l->mutex, MA_OWNED)
+#define LIBALIAS_LOCK(l) mtx_lock(&l->mutex)
+#define LIBALIAS_UNLOCK(l) mtx_unlock(&l->mutex)
+#define LIBALIAS_LOCK_DESTROY(l) mtx_destroy(&l->mutex)
#else
#define LIBALIAS_LOCK_INIT(l)
#define LIBALIAS_LOCK_ASSERT(l)
@@ -189,19 +189,19 @@
* subtracting out old words), and "cksum"
* is the checksum value to be updated.
*/
-#define ADJUST_CHECKSUM(acc, cksum) \
- do { \
- acc += cksum; \
- if (acc < 0) { \
- acc = -acc; \
+#define ADJUST_CHECKSUM(acc, cksum) \
+ do { \
+ acc += cksum; \
+ if (acc < 0) { \
+ acc = -acc; \
acc = (acc >> 16) + (acc & 0xffff); \
- acc += acc >> 16; \
- cksum = (u_short) ~acc; \
- } else { \
+ acc += acc >> 16; \
+ cksum = (u_short)~acc; \
+ } else { \
acc = (acc >> 16) + (acc & 0xffff); \
- acc += acc >> 16; \
- cksum = (u_short) acc; \
- } \
+ acc += acc >> 16; \
+ cksum = (u_short)acc; \
+ } \
} while (0)
/* Prototypes */
@@ -226,120 +226,107 @@
* should be used.
*/
#ifndef _KERNEL
-u_short IpChecksum(struct ip *_pip);
-u_short TcpChecksum(struct ip *_pip);
+u_short IpChecksum(struct ip *_pip);
+u_short TcpChecksum(struct ip *_pip);
#endif
-void
-DifferentialChecksum(u_short * _cksum, void * _new, void * _old, int _n);
+void DifferentialChecksum(u_short *_cksum, void *_new, void *_old, int _n);
/* Internal data access */
-struct alias_link *
-AddLink(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr,
- struct in_addr alias_addr, u_short src_port, u_short dst_port,
- int alias_param, int link_type);
-struct alias_link *
-FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
- u_short _id_alias, int _create);
-struct alias_link *
-FindIcmpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
- u_short _id, int _create);
-struct alias_link *
-FindFragmentIn1(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
- u_short _ip_id);
-struct alias_link *
-FindFragmentIn2(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
- u_short _ip_id);
-struct alias_link *
-AddFragmentPtrLink(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id);
-struct alias_link *
-FindFragmentPtr(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id);
-struct alias_link *
-FindProtoIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
- u_char _proto);
-struct alias_link *
-FindProtoOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
+struct alias_link *AddLink(struct libalias *la, struct in_addr src_addr,
+ struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port,
+ u_short dst_port, int alias_param, int link_type);
+struct alias_link *FindIcmpIn(struct libalias *la, struct in_addr _dst_addr,
+ struct in_addr _alias_addr, u_short _id_alias, int _create);
+struct alias_link *FindIcmpOut(struct libalias *la, struct in_addr _src_addr,
+ struct in_addr _dst_addr, u_short _id, int _create);
+struct alias_link *FindFragmentIn1(struct libalias *la,
+ struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id);
+struct alias_link *FindFragmentIn2(struct libalias *la,
+ struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id);
+struct alias_link *AddFragmentPtrLink(struct libalias *la,
+ struct in_addr _dst_addr, u_short _ip_id);
+struct alias_link *FindFragmentPtr(struct libalias *la,
+ struct in_addr _dst_addr, u_short _ip_id);
+struct alias_link *FindProtoIn(struct libalias *la, struct in_addr _dst_addr,
+ struct in_addr _alias_addr, u_char _proto);
+struct alias_link *FindProtoOut(struct libalias *la, struct in_addr _src_addr,
+ struct in_addr _dst_addr, u_char _proto);
+struct alias_link *FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr,
+ struct in_addr _alias_addr, u_short _dst_port, u_short _alias_port,
+ u_char _proto, int _create);
+struct alias_link *FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr,
+ struct in_addr _dst_addr, u_short _src_port, u_short _dst_port,
+ u_char _proto, int _create);
+struct alias_link *AddPptp(struct libalias *la, struct in_addr _src_addr,
+ struct in_addr _dst_addr, struct in_addr _alias_addr,
+ u_int16_t _src_call_id);
+struct alias_link *FindPptpOutByCallId(struct libalias *la,
+ struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _src_call_id);
+struct alias_link *FindPptpInByCallId(struct libalias *la,
+ struct in_addr _dst_addr, struct in_addr _alias_addr,
+ u_int16_t _dst_call_id);
+struct alias_link *FindPptpOutByPeerCallId(struct libalias *la,
+ struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _dst_call_id);
+struct alias_link *FindPptpInByPeerCallId(struct libalias *la,
+ struct in_addr _dst_addr, struct in_addr _alias_addr,
+ u_int16_t _alias_call_id);
+struct alias_link *FindRtspOut(struct libalias *la, struct in_addr _src_addr,
+ struct in_addr _dst_addr, u_short _src_port, u_short _alias_port,
u_char _proto);
-struct alias_link *
-FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
- u_short _dst_port, u_short _alias_port, u_char _proto, int _create);
-struct alias_link *
-FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
- u_short _src_port, u_short _dst_port, u_char _proto, int _create);
-struct alias_link *
-AddPptp(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
- struct in_addr _alias_addr, u_int16_t _src_call_id);
-struct alias_link *
-FindPptpOutByCallId(struct libalias *la, struct in_addr _src_addr,
- struct in_addr _dst_addr, u_int16_t _src_call_id);
-struct alias_link *
-FindPptpInByCallId(struct libalias *la, struct in_addr _dst_addr,
- struct in_addr _alias_addr, u_int16_t _dst_call_id);
-struct alias_link *
-FindPptpOutByPeerCallId(struct libalias *la, struct in_addr _src_addr,
- struct in_addr _dst_addr, u_int16_t _dst_call_id);
-struct alias_link *
-FindPptpInByPeerCallId(struct libalias *la, struct in_addr _dst_addr,
- struct in_addr _alias_addr, u_int16_t _alias_call_id);
-struct alias_link *
-FindRtspOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
- u_short _src_port, u_short _alias_port, u_char _proto);
-struct in_addr
-FindOriginalAddress(struct libalias *la, struct in_addr _alias_addr);
-struct in_addr
-FindAliasAddress(struct libalias *la, struct in_addr _original_addr);
-struct in_addr
-FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm);
+struct in_addr FindOriginalAddress(struct libalias *la,
+ struct in_addr _alias_addr);
+struct in_addr FindAliasAddress(struct libalias *la,
+ struct in_addr _original_addr);
+struct in_addr FindSctpRedirectAddress(struct libalias *la,
+ struct sctp_nat_msg *sm);
/* External data access/modification */
-int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr,
- struct in_addr _alias_addr, u_short _src_port,
- u_short _dst_port, u_short _port_count, u_char _proto,
- u_char _align);
-void GetFragmentAddr(struct alias_link *_lnk, struct in_addr *_src_addr);
-void SetFragmentAddr(struct alias_link *_lnk, struct in_addr _src_addr);
-void GetFragmentPtr(struct alias_link *_lnk, void **_fptr);
-void SetFragmentPtr(struct alias_link *_lnk, void *fptr);
-void SetStateIn(struct alias_link *_lnk, int _state);
-void SetStateOut(struct alias_link *_lnk, int _state);
-int GetStateIn (struct alias_link *_lnk);
-int GetStateOut(struct alias_link *_lnk);
-struct in_addr GetOriginalAddress(struct alias_link *_lnk);
-struct in_addr GetDestAddress(struct alias_link *_lnk);
-struct in_addr GetAliasAddress(struct alias_link *_lnk);
-struct in_addr GetDefaultAliasAddress(struct libalias *la);
-void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr);
-u_short GetOriginalPort(struct alias_link *_lnk);
-u_short GetAliasPort(struct alias_link *_lnk);
-struct in_addr GetProxyAddress(struct alias_link *_lnk);
-void SetProxyAddress(struct alias_link *_lnk, struct in_addr _addr);
-u_short GetProxyPort(struct alias_link *_lnk);
-void SetProxyPort(struct alias_link *_lnk, u_short _port);
-void SetAckModified(struct alias_link *_lnk);
-int GetAckModified(struct alias_link *_lnk);
-int GetDeltaAckIn(u_long, struct alias_link *_lnk);
-int GetDeltaSeqOut(u_long, struct alias_link *lnk);
-void AddSeq(struct alias_link *lnk, int delta, u_int ip_hl,
- u_short ip_len, u_long th_seq, u_int th_off);
-void SetExpire (struct alias_link *_lnk, int _expire);
-void SetProtocolFlags(struct alias_link *_lnk, int _pflags);
-int GetProtocolFlags(struct alias_link *_lnk);
-void SetDestCallId(struct alias_link *_lnk, u_int16_t _cid);
+int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr,
+ struct in_addr _alias_addr, u_short _src_port, u_short _dst_port,
+ u_short _port_count, u_char _proto, u_char _align);
+void GetFragmentAddr(struct alias_link *_lnk, struct in_addr *_src_addr);
+void SetFragmentAddr(struct alias_link *_lnk, struct in_addr _src_addr);
+void GetFragmentPtr(struct alias_link *_lnk, void **_fptr);
+void SetFragmentPtr(struct alias_link *_lnk, void *fptr);
+void SetStateIn(struct alias_link *_lnk, int _state);
+void SetStateOut(struct alias_link *_lnk, int _state);
+int GetStateIn(struct alias_link *_lnk);
+int GetStateOut(struct alias_link *_lnk);
+struct in_addr GetOriginalAddress(struct alias_link *_lnk);
+struct in_addr GetDestAddress(struct alias_link *_lnk);
+struct in_addr GetAliasAddress(struct alias_link *_lnk);
+struct in_addr GetDefaultAliasAddress(struct libalias *la);
+void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr);
+u_short GetOriginalPort(struct alias_link *_lnk);
+u_short GetAliasPort(struct alias_link *_lnk);
+struct in_addr GetProxyAddress(struct alias_link *_lnk);
+void SetProxyAddress(struct alias_link *_lnk, struct in_addr _addr);
+u_short GetProxyPort(struct alias_link *_lnk);
+void SetProxyPort(struct alias_link *_lnk, u_short _port);
+void SetAckModified(struct alias_link *_lnk);
+int GetAckModified(struct alias_link *_lnk);
+int GetDeltaAckIn(u_long, struct alias_link *_lnk);
+int GetDeltaSeqOut(u_long, struct alias_link *lnk);
+void AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, u_short ip_len,
+ u_long th_seq, u_int th_off);
+void SetExpire(struct alias_link *_lnk, int _expire);
+void SetProtocolFlags(struct alias_link *_lnk, int _pflags);
+int GetProtocolFlags(struct alias_link *_lnk);
+void SetDestCallId(struct alias_link *_lnk, u_int16_t _cid);
#ifndef NO_FW_PUNCH
-void PunchFWHole(struct alias_link *_lnk);
+void PunchFWHole(struct alias_link *_lnk);
#endif
/* Housekeeping function */
-void HouseKeeping(struct libalias *);
+void HouseKeeping(struct libalias *);
/* Transparent proxy routines */
-int
-ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr,
- u_short * proxy_server_port, struct in_addr src_addr,
+int ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr,
+ u_short *proxy_server_port, struct in_addr src_addr,
struct in_addr dst_addr, u_short dst_port, u_char ip_p);
-void
-ProxyModify(struct libalias *la, struct alias_link *_lnk, struct ip *_pip,
+void ProxyModify(struct libalias *la, struct alias_link *_lnk, struct ip *_pip,
int _maxpacketsize, int _proxy_type);
/* Tcp specific routines */
@@ -377,4 +364,4 @@
}
#endif
-#endif /* !_ALIAS_LOCAL_H_ */
+#endif /* !_ALIAS_LOCAL_H_ */
Index: sys/netinet/libalias/alias_mod.h
===================================================================
--- sys/netinet/libalias/alias_mod.h
+++ sys/netinet/libalias/alias_mod.h
@@ -40,21 +40,21 @@
/* Use kernel allocator. */
#if defined(_SYS_MALLOC_H_)
#undef malloc
-#define malloc(x) malloc(x, M_ALIAS, M_NOWAIT|M_ZERO)
-#define calloc(n, x) mallocarray((n), (x), M_ALIAS, M_NOWAIT|M_ZERO)
-#define free(x) free(x, M_ALIAS)
+#define malloc(x) malloc(x, M_ALIAS, M_NOWAIT | M_ZERO)
+#define calloc(n, x) mallocarray((n), (x), M_ALIAS, M_NOWAIT | M_ZERO)
+#define free(x) free(x, M_ALIAS)
#endif
#endif
/* Packet flow direction flags. */
-#define IN 0x0001
-#define OUT 0x0002
-#define NODIR 0x4000
+#define IN 0x0001
+#define OUT 0x0002
+#define NODIR 0x4000
/* Working protocol flags. */
-#define IP 0x01
-#define TCP 0x02
-#define UDP 0x04
+#define IP 0x01
+#define TCP 0x02
+#define UDP 0x04
/*
* Data passed to protocol handler module, it must be filled
@@ -62,12 +62,12 @@
* module is elegible to be called.
*/
struct alias_data {
- struct alias_link *lnk;
- struct in_addr *oaddr; /* Original address. */
- struct in_addr *aaddr; /* Alias address. */
- uint16_t *aport; /* Alias port. */
- uint16_t *sport, *dport; /* Source & destination port */
- uint16_t maxpktsize; /* Max packet size. */
+ struct alias_link *lnk;
+ struct in_addr *oaddr; /* Original address. */
+ struct in_addr *aaddr; /* Alias address. */
+ uint16_t *aport; /* Alias port. */
+ uint16_t *sport, *dport; /* Source & destination port */
+ uint16_t maxpktsize; /* Max packet size. */
};
/*
@@ -75,19 +75,19 @@
* a protocol handler correctly work.
*/
struct proto_handler {
- u_int pri; /* Handler priority. */
- int16_t dir; /* Flow direction. */
- uint8_t proto; /* Working protocol. */
+ u_int pri; /* Handler priority. */
+ int16_t dir; /* Flow direction. */
+ uint8_t proto; /* Working protocol. */
/* Fingerprint * function. */
int (*fingerprint)(struct libalias *, struct alias_data *);
/* Aliasing * function. */
- int (*protohandler)(struct libalias *, struct ip *,
- struct alias_data *);
+ int (
+ *protohandler)(struct libalias *, struct ip *, struct alias_data *);
TAILQ_ENTRY(proto_handler) link;
};
/* End of handlers. */
-#define EOH .dir = NODIR
+#define EOH .dir = NODIR
/* Functions used with protocol handlers. */
int LibAliasAttachHandlers(struct proto_handler *);
@@ -102,16 +102,16 @@
* module loaded. In kernel land (kld mode) we don't need to care
* care about libalias modules cause it's kld to do it for us.
*/
-#define DLL_LEN 32
+#define DLL_LEN 32
struct dll {
- char name[DLL_LEN]; /* Name of module. */
- void *handle; /*
- * Ptr to shared obj obtained through
- * dlopen() - use this ptr to get access
- * to any symbols from a loaded module
- * via dlsym().
- */
- SLIST_ENTRY(dll) next;
+ char name[DLL_LEN]; /* Name of module. */
+ void *handle; /*
+ * Ptr to shared obj obtained through
+ * dlopen() - use this ptr to get access
+ * to any symbols from a loaded module
+ * via dlsym().
+ */
+ SLIST_ENTRY(dll) next;
};
/* Functions used with dll module. */
@@ -139,9 +139,9 @@
* Struct for registering modules statically via SYSINIT.
*/
typedef struct moduledata {
- const char *name; /* module name */
- modeventhand_t evhand; /* event handler */
- void *priv; /* extra data */
+ const char *name; /* module name */
+ modeventhand_t evhand; /* event handler */
+ void *priv; /* extra data */
} moduledata_t;
#endif /* !_KERNEL */
Index: sys/netinet/libalias/alias_mod.c
===================================================================
--- sys/netinet/libalias/alias_mod.c
+++ sys/netinet/libalias/alias_mod.c
@@ -28,19 +28,20 @@
*/
#include <sys/cdefs.h>
#ifdef _KERNEL
-#include <sys/libkern.h>
#include <sys/param.h>
+#include <sys/libkern.h>
#include <sys/lock.h>
#include <sys/rwlock.h>
#else
-#include <stdio.h>
-#include <string.h>
#include <sys/types.h>
+
#include <errno.h>
+#include <stdio.h>
+#include <string.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifdef _KERNEL
@@ -52,8 +53,8 @@
#endif
/* Protocol and userland module handlers chains. */
-static TAILQ_HEAD(handler_chain, proto_handler) handler_chain =
- TAILQ_HEAD_INITIALIZER(handler_chain);
+static TAILQ_HEAD(handler_chain,
+ proto_handler) handler_chain = TAILQ_HEAD_INITIALIZER(handler_chain);
static int
attach_handler(struct proto_handler *p)
@@ -61,8 +62,7 @@
struct proto_handler *b;
TAILQ_FOREACH(b, &handler_chain, link) {
- if ((b->pri == p->pri) &&
- (b->dir == p->dir) &&
+ if ((b->pri == p->pri) && (b->dir == p->dir) &&
(b->proto == p->proto))
return (EEXIST);
if (b->pri > p->pri) {
Index: sys/netinet/libalias/alias_nbt.c
===================================================================
--- sys/netinet/libalias/alias_nbt.c
+++ sys/netinet/libalias/alias_nbt.c
@@ -47,14 +47,15 @@
#include <sys/kernel.h>
#include <sys/module.h>
#else
-#include <errno.h>
#include <sys/types.h>
+
+#include <errno.h>
#include <stdio.h>
#include <strings.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
@@ -66,15 +67,14 @@
#include "alias_mod.h"
#endif
-#define NETBIOS_NS_PORT_NUMBER 137
+#define NETBIOS_NS_PORT_NUMBER 137
#define NETBIOS_DGM_PORT_NUMBER 138
-static int
-AliasHandleUdpNbt(struct libalias *, struct ip *, struct alias_link *,
- struct in_addr *, u_short);
-static int
-AliasHandleUdpNbtNS(struct libalias *, struct ip *, struct alias_link *,
- struct in_addr *, u_short *, struct in_addr *, u_short *);
+static int AliasHandleUdpNbt(struct libalias *, struct ip *,
+ struct alias_link *, struct in_addr *, u_short);
+static int AliasHandleUdpNbtNS(struct libalias *, struct ip *,
+ struct alias_link *, struct in_addr *, u_short *, struct in_addr *,
+ u_short *);
static int
fingerprint1(struct libalias *la, struct alias_data *ah)
@@ -82,8 +82,8 @@
if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL ||
ah->aaddr == NULL || ah->aport == NULL)
return (-1);
- if (ntohs(*ah->dport) == NETBIOS_DGM_PORT_NUMBER
- || ntohs(*ah->sport) == NETBIOS_DGM_PORT_NUMBER)
+ if (ntohs(*ah->dport) == NETBIOS_DGM_PORT_NUMBER ||
+ ntohs(*ah->sport) == NETBIOS_DGM_PORT_NUMBER)
return (0);
return (-1);
}
@@ -100,8 +100,8 @@
if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL ||
ah->aaddr == NULL || ah->aport == NULL)
return (-1);
- if (ntohs(*ah->dport) == NETBIOS_NS_PORT_NUMBER
- || ntohs(*ah->sport) == NETBIOS_NS_PORT_NUMBER)
+ if (ntohs(*ah->dport) == NETBIOS_NS_PORT_NUMBER ||
+ ntohs(*ah->sport) == NETBIOS_NS_PORT_NUMBER)
return (0);
return (-1);
}
@@ -109,8 +109,8 @@
static int
protohandler2in(struct libalias *la, struct ip *pip, struct alias_data *ah)
{
- AliasHandleUdpNbtNS(la, pip, ah->lnk, ah->aaddr, ah->aport,
- ah->oaddr, ah->dport);
+ AliasHandleUdpNbtNS(la, pip, ah->lnk, ah->aaddr, ah->aport, ah->oaddr,
+ ah->dport);
return (0);
}
@@ -122,30 +122,22 @@
}
/* Kernel module definition. */
-struct proto_handler handlers[] = {
- {
- .pri = 130,
- .dir = IN|OUT,
- .proto = UDP,
- .fingerprint = &fingerprint1,
- .protohandler = &protohandler1
- },
- {
- .pri = 140,
- .dir = IN,
- .proto = UDP,
- .fingerprint = &fingerprint2,
- .protohandler = &protohandler2in
- },
- {
- .pri = 140,
- .dir = OUT,
- .proto = UDP,
- .fingerprint = &fingerprint2,
- .protohandler = &protohandler2out
- },
- { EOH }
-};
+struct proto_handler handlers[] = { { .pri = 130,
+ .dir = IN | OUT,
+ .proto = UDP,
+ .fingerprint = &fingerprint1,
+ .protohandler = &protohandler1 },
+ { .pri = 140,
+ .dir = IN,
+ .proto = UDP,
+ .fingerprint = &fingerprint2,
+ .protohandler = &protohandler2in },
+ { .pri = 140,
+ .dir = OUT,
+ .proto = UDP,
+ .fingerprint = &fingerprint2,
+ .protohandler = &protohandler2out },
+ { EOH } };
static int
mod_handler(module_t mod, int type, void *data)
@@ -170,9 +162,7 @@
#ifdef _KERNEL
static
#endif
-moduledata_t alias_mod = {
- "alias_nbt", mod_handler, NULL
-};
+ moduledata_t alias_mod = { "alias_nbt", mod_handler, NULL };
#ifdef _KERNEL
DECLARE_MODULE(alias_nbt, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
@@ -181,44 +171,44 @@
#endif
typedef struct {
- struct in_addr oldaddr;
- u_short oldport;
- struct in_addr newaddr;
- u_short newport;
- u_short *uh_sum;
+ struct in_addr oldaddr;
+ u_short oldport;
+ struct in_addr newaddr;
+ u_short newport;
+ u_short *uh_sum;
} NBTArguments;
typedef struct {
- unsigned char type;
- unsigned char flags;
- u_short id;
- struct in_addr source_ip;
- u_short source_port;
- u_short len;
- u_short offset;
+ unsigned char type;
+ unsigned char flags;
+ u_short id;
+ struct in_addr source_ip;
+ u_short source_port;
+ u_short len;
+ u_short offset;
} NbtDataHeader;
-#define OpQuery 0
-#define OpUnknown 4
-#define OpRegist 5
-#define OpRelease 6
-#define OpWACK 7
-#define OpRefresh 8
+#define OpQuery 0
+#define OpUnknown 4
+#define OpRegist 5
+#define OpRelease 6
+#define OpWACK 7
+#define OpRefresh 8
typedef struct {
- u_short nametrid;
- u_short dir:1, opcode:4, nmflags:7, rcode:4;
- u_short qdcount;
- u_short ancount;
- u_short nscount;
- u_short arcount;
+ u_short nametrid;
+ u_short dir : 1, opcode : 4, nmflags : 7, rcode : 4;
+ u_short qdcount;
+ u_short ancount;
+ u_short nscount;
+ u_short arcount;
} NbtNSHeader;
-#define FMT_ERR 0x1
-#define SRV_ERR 0x2
-#define IMP_ERR 0x4
-#define RFS_ERR 0x5
-#define ACT_ERR 0x6
-#define CFT_ERR 0x7
+#define FMT_ERR 0x1
+#define SRV_ERR 0x2
+#define IMP_ERR 0x4
+#define RFS_ERR 0x5
+#define ACT_ERR 0x6
+#define CFT_ERR 0x7
#ifdef LIBALIAS_DEBUG
static void
@@ -284,7 +274,9 @@
while (s < p) {
if (compress == 1) {
#ifdef LIBALIAS_DEBUG
- c = (u_char) (((((*s & 0x0f) << 4) | (*(s + 1) & 0x0f)) - 0x11));
+ c = (u_char)((
+ (((*s & 0x0f) << 4) | (*(s + 1) & 0x0f)) -
+ 0x11));
if (isprint(c))
printf("%c", c);
else
@@ -315,21 +307,18 @@
/*
* NetBios Datagram Handler (IP/UDP)
*/
-#define DGM_DIRECT_UNIQ 0x10
-#define DGM_DIRECT_GROUP 0x11
-#define DGM_BROADCAST 0x12
-#define DGM_ERROR 0x13
-#define DGM_QUERY 0x14
-#define DGM_POSITIVE_RES 0x15
-#define DGM_NEGATIVE_RES 0x16
+#define DGM_DIRECT_UNIQ 0x10
+#define DGM_DIRECT_GROUP 0x11
+#define DGM_BROADCAST 0x12
+#define DGM_ERROR 0x13
+#define DGM_QUERY 0x14
+#define DGM_POSITIVE_RES 0x15
+#define DGM_NEGATIVE_RES 0x16
static int
-AliasHandleUdpNbt(
- struct libalias *la,
- struct ip *pip, /* IP packet to examine/patch */
- struct alias_link *lnk,
- struct in_addr *alias_address,
- u_short alias_port)
+AliasHandleUdpNbt(struct libalias *la,
+ struct ip *pip, /* IP packet to examine/patch */
+ struct alias_link *lnk, struct in_addr *alias_address, u_short alias_port)
{
struct udphdr *uh;
NbtDataHeader *ndh;
@@ -357,8 +346,8 @@
case DGM_DIRECT_GROUP:
case DGM_BROADCAST:
p = (u_char *)ndh + 14;
- p = AliasHandleName(p, pmax); /* Source Name */
- p = AliasHandleName(p, pmax); /* Destination Name */
+ p = AliasHandleName(p, pmax); /* Source Name */
+ p = AliasHandleName(p, pmax); /* Destination Name */
break;
case DGM_ERROR:
p = (u_char *)ndh + 11;
@@ -367,7 +356,7 @@
case DGM_POSITIVE_RES:
case DGM_NEGATIVE_RES:
p = (u_char *)ndh + 10;
- p = AliasHandleName(p, pmax); /* Destination Name */
+ p = AliasHandleName(p, pmax); /* Destination Name */
break;
}
if (p == NULL || (char *)p > pmax)
@@ -402,20 +391,17 @@
}
/* Question Section */
-#define QS_TYPE_NB 0x0020
-#define QS_TYPE_NBSTAT 0x0021
-#define QS_CLAS_IN 0x0001
+#define QS_TYPE_NB 0x0020
+#define QS_TYPE_NBSTAT 0x0021
+#define QS_CLAS_IN 0x0001
typedef struct {
- u_short type; /* The type of Request */
- u_short class; /* The class of Request */
+ u_short type; /* The type of Request */
+ u_short class; /* The class of Request */
} NBTNsQuestion;
static u_char *
-AliasHandleQuestion(
- u_short count,
- NBTNsQuestion * q,
- char *pmax,
- NBTArguments * nbtarg)
+AliasHandleQuestion(u_short count, NBTNsQuestion *q, char *pmax,
+ NBTArguments *nbtarg)
{
(void)nbtarg;
@@ -435,7 +421,8 @@
break;
default:
#ifdef LIBALIAS_DEBUG
- printf("\nUnknown Type on Question %0x\n", ntohs(q->type));
+ printf("\nUnknown Type on Question %0x\n",
+ ntohs(q->type));
#endif
break;
}
@@ -447,31 +434,28 @@
}
/* Resource Record */
-#define RR_TYPE_A 0x0001
-#define RR_TYPE_NS 0x0002
-#define RR_TYPE_NULL 0x000a
-#define RR_TYPE_NB 0x0020
-#define RR_TYPE_NBSTAT 0x0021
-#define RR_CLAS_IN 0x0001
-#define SizeOfNsResource 8
+#define RR_TYPE_A 0x0001
+#define RR_TYPE_NS 0x0002
+#define RR_TYPE_NULL 0x000a
+#define RR_TYPE_NB 0x0020
+#define RR_TYPE_NBSTAT 0x0021
+#define RR_CLAS_IN 0x0001
+#define SizeOfNsResource 8
typedef struct {
- u_short type;
- u_short class;
- unsigned int ttl;
- u_short rdlen;
+ u_short type;
+ u_short class;
+ unsigned int ttl;
+ u_short rdlen;
} NBTNsResource;
-#define SizeOfNsRNB 6
+#define SizeOfNsRNB 6
typedef struct {
- u_short g:1, ont:2, resv:13;
- struct in_addr addr;
+ u_short g : 1, ont : 2, resv : 13;
+ struct in_addr addr;
} NBTNsRNB;
static u_char *
-AliasHandleResourceNB(
- NBTNsResource *q,
- char *pmax,
- NBTArguments *nbtarg)
+AliasHandleResourceNB(NBTNsResource *q, char *pmax, NBTArguments *nbtarg)
{
NBTNsRNB *nb;
u_short bcount;
@@ -492,8 +476,7 @@
#ifdef LIBALIAS_DEBUG
printf("NB rec[%s->%s, %dbytes] ",
inet_ntoa_r(nbtarg->oldaddr, INET_NTOA_BUF(oldbuf)),
- inet_ntoa_r(nbtarg->newaddr, INET_NTOA_BUF(newbuf)),
- bcount);
+ inet_ntoa_r(nbtarg->newaddr, INET_NTOA_BUF(newbuf)), bcount);
#endif
while (nb != NULL && bcount != 0) {
if ((char *)(nb + 1) > pmax) {
@@ -503,7 +486,8 @@
#ifdef LIBALIAS_DEBUG
printf("<%s>", inet_ntoa_r(nb->addr, INET_NTOA_BUF(newbuf)));
#endif
- if (!bcmp(&nbtarg->oldaddr, &nb->addr, sizeof(struct in_addr))) {
+ if (!bcmp(&nbtarg->oldaddr, &nb->addr,
+ sizeof(struct in_addr))) {
if (*nbtarg->uh_sum != 0) {
int acc;
u_short *sptr;
@@ -535,16 +519,13 @@
return ((u_char *)nb);
}
-#define SizeOfResourceA 6
+#define SizeOfResourceA 6
typedef struct {
- struct in_addr addr;
+ struct in_addr addr;
} NBTNsResourceA;
static u_char *
-AliasHandleResourceA(
- NBTNsResource *q,
- char *pmax,
- NBTArguments *nbtarg)
+AliasHandleResourceA(NBTNsResource *q, char *pmax, NBTArguments *nbtarg)
{
NBTNsResourceA *a;
u_short bcount;
@@ -579,17 +560,17 @@
int acc;
u_short *sptr;
- sptr = (u_short *)&(a->addr); /* Old */
+ sptr = (u_short *)&(a->addr); /* Old */
acc = *sptr++;
acc += *sptr;
- sptr = (u_short *)&nbtarg->newaddr; /* New */
+ sptr = (u_short *)&nbtarg->newaddr; /* New */
acc -= *sptr++;
acc -= *sptr;
ADJUST_CHECKSUM(acc, *nbtarg->uh_sum);
}
a->addr = nbtarg->newaddr;
}
- a++; /* XXXX */
+ a++; /* XXXX */
bcount -= SizeOfResourceA;
}
if (a == NULL || (char *)(a + 1) > pmax)
@@ -598,14 +579,11 @@
}
typedef struct {
- u_short opcode:4, flags:8, resv:4;
+ u_short opcode : 4, flags : 8, resv : 4;
} NBTNsResourceNULL;
static u_char *
-AliasHandleResourceNULL(
- NBTNsResource *q,
- char *pmax,
- NBTArguments *nbtarg)
+AliasHandleResourceNULL(NBTNsResource *q, char *pmax, NBTArguments *nbtarg)
{
NBTNsResourceNULL *n;
u_short bcount;
@@ -637,10 +615,7 @@
}
static u_char *
-AliasHandleResourceNS(
- NBTNsResource *q,
- char *pmax,
- NBTArguments *nbtarg)
+AliasHandleResourceNS(NBTNsResource *q, char *pmax, NBTArguments *nbtarg)
{
NBTNsResourceNULL *n;
u_short bcount;
@@ -657,7 +632,7 @@
bcount = ntohs(q->rdlen);
/* Resource Record Name Filed */
- q = (NBTNsResource *)AliasHandleName((u_char *)n, pmax); /* XXX */
+ q = (NBTNsResource *)AliasHandleName((u_char *)n, pmax); /* XXX */
if (q == NULL || (char *)((u_char *)n + bcount) > pmax)
return (NULL);
@@ -666,14 +641,11 @@
}
typedef struct {
- u_short numnames;
+ u_short numnames;
} NBTNsResourceNBSTAT;
static u_char *
-AliasHandleResourceNBSTAT(
- NBTNsResource *q,
- char *pmax,
- NBTArguments *nbtarg)
+AliasHandleResourceNBSTAT(NBTNsResource *q, char *pmax, NBTArguments *nbtarg)
{
NBTNsResourceNBSTAT *n;
u_short bcount;
@@ -696,11 +668,8 @@
}
static u_char *
-AliasHandleResource(
- u_short count,
- NBTNsResource *q,
- char *pmax,
- NBTArguments *nbtarg)
+AliasHandleResource(u_short count, NBTNsResource *q, char *pmax,
+ NBTArguments *nbtarg)
{
while (count != 0) {
/* Resource Record Name Filed */
@@ -715,31 +684,29 @@
/* Type and Class filed */
switch (ntohs(q->type)) {
case RR_TYPE_NB:
- q = (NBTNsResource *)AliasHandleResourceNB(
- q, pmax, nbtarg);
+ q = (NBTNsResource *)AliasHandleResourceNB(q, pmax,
+ nbtarg);
break;
case RR_TYPE_A:
- q = (NBTNsResource *)AliasHandleResourceA(
- q, pmax, nbtarg);
+ q = (NBTNsResource *)AliasHandleResourceA(q, pmax,
+ nbtarg);
break;
case RR_TYPE_NS:
- q = (NBTNsResource *)AliasHandleResourceNS(
- q, pmax, nbtarg);
+ q = (NBTNsResource *)AliasHandleResourceNS(q, pmax,
+ nbtarg);
break;
case RR_TYPE_NULL:
- q = (NBTNsResource *)AliasHandleResourceNULL(
- q, pmax, nbtarg);
+ q = (NBTNsResource *)AliasHandleResourceNULL(q, pmax,
+ nbtarg);
break;
case RR_TYPE_NBSTAT:
- q = (NBTNsResource *)AliasHandleResourceNBSTAT(
- q, pmax, nbtarg);
+ q = (NBTNsResource *)AliasHandleResourceNBSTAT(q, pmax,
+ nbtarg);
break;
default:
#ifdef LIBALIAS_DEBUG
- printf(
- "\nUnknown Type of Resource %0x\n",
- ntohs(q->type)
- );
+ printf("\nUnknown Type of Resource %0x\n",
+ ntohs(q->type));
fflush(stdout);
#endif
break;
@@ -750,14 +717,10 @@
}
static int
-AliasHandleUdpNbtNS(
- struct libalias *la,
- struct ip *pip, /* IP packet to examine/patch */
- struct alias_link *lnk,
- struct in_addr *alias_address,
- u_short *alias_port,
- struct in_addr *original_address,
- u_short *original_port)
+AliasHandleUdpNbtNS(struct libalias *la,
+ struct ip *pip, /* IP packet to examine/patch */
+ struct alias_link *lnk, struct in_addr *alias_address, u_short *alias_port,
+ struct in_addr *original_address, u_short *original_port)
{
struct udphdr *uh;
NbtNSHeader *nsh;
@@ -786,55 +749,32 @@
#ifdef LIBALIAS_DEBUG
printf(" [%s] ID=%02x, op=%01x, flag=%02x, rcode=%01x, qd=%04x"
- ", an=%04x, ns=%04x, ar=%04x, [%d]-->",
- nsh->dir ? "Response" : "Request",
- nsh->nametrid,
- nsh->opcode,
- nsh->nmflags,
- nsh->rcode,
- ntohs(nsh->qdcount),
- ntohs(nsh->ancount),
- ntohs(nsh->nscount),
- ntohs(nsh->arcount),
- (u_char *)p - (u_char *)nsh
- );
+ ", an=%04x, ns=%04x, ar=%04x, [%d]-->",
+ nsh->dir ? "Response" : "Request", nsh->nametrid, nsh->opcode,
+ nsh->nmflags, nsh->rcode, ntohs(nsh->qdcount), ntohs(nsh->ancount),
+ ntohs(nsh->nscount), ntohs(nsh->arcount),
+ (u_char *)p - (u_char *)nsh);
#endif
/* Question Entries */
if (ntohs(nsh->qdcount) != 0) {
- p = AliasHandleQuestion(
- ntohs(nsh->qdcount),
- (NBTNsQuestion *)p,
- pmax,
- &nbtarg
- );
+ p = AliasHandleQuestion(ntohs(nsh->qdcount), (NBTNsQuestion *)p,
+ pmax, &nbtarg);
}
/* Answer Resource Records */
if (ntohs(nsh->ancount) != 0) {
- p = AliasHandleResource(
- ntohs(nsh->ancount),
- (NBTNsResource *)p,
- pmax,
- &nbtarg
- );
+ p = AliasHandleResource(ntohs(nsh->ancount), (NBTNsResource *)p,
+ pmax, &nbtarg);
}
/* Authority Resource Recodrs */
if (ntohs(nsh->nscount) != 0) {
- p = AliasHandleResource(
- ntohs(nsh->nscount),
- (NBTNsResource *)p,
- pmax,
- &nbtarg
- );
+ p = AliasHandleResource(ntohs(nsh->nscount), (NBTNsResource *)p,
+ pmax, &nbtarg);
}
/* Additional Resource Recodrs */
if (ntohs(nsh->arcount) != 0) {
- p = AliasHandleResource(
- ntohs(nsh->arcount),
- (NBTNsResource *)p,
- pmax,
- &nbtarg
- );
+ p = AliasHandleResource(ntohs(nsh->arcount), (NBTNsResource *)p,
+ pmax, &nbtarg);
}
#ifdef LIBALIAS_DEBUG
PrintRcode(nsh->rcode);
Index: sys/netinet/libalias/alias_pptp.c
===================================================================
--- sys/netinet/libalias/alias_pptp.c
+++ sys/netinet/libalias/alias_pptp.c
@@ -40,13 +40,14 @@
/* Includes */
#ifdef _KERNEL
#include <sys/param.h>
-#include <sys/limits.h>
#include <sys/kernel.h>
+#include <sys/limits.h>
#include <sys/module.h>
#else
+#include <sys/types.h>
+
#include <errno.h>
#include <limits.h>
-#include <sys/types.h>
#include <stdio.h>
#endif
@@ -64,25 +65,23 @@
#define PPTP_CONTROL_PORT_NUMBER 1723
-static void
-AliasHandlePptpOut(struct libalias *, struct ip *, struct alias_link *);
+static void AliasHandlePptpOut(struct libalias *, struct ip *,
+ struct alias_link *);
-static void
-AliasHandlePptpIn(struct libalias *, struct ip *, struct alias_link *);
+static void AliasHandlePptpIn(struct libalias *, struct ip *,
+ struct alias_link *);
-static int
-AliasHandlePptpGreOut(struct libalias *, struct ip *);
+static int AliasHandlePptpGreOut(struct libalias *, struct ip *);
-static int
-AliasHandlePptpGreIn(struct libalias *, struct ip *);
+static int AliasHandlePptpGreIn(struct libalias *, struct ip *);
static int
fingerprint(struct libalias *la, struct alias_data *ah)
{
if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL)
return (-1);
- if (ntohs(*ah->dport) == PPTP_CONTROL_PORT_NUMBER
- || ntohs(*ah->sport) == PPTP_CONTROL_PORT_NUMBER)
+ if (ntohs(*ah->dport) == PPTP_CONTROL_PORT_NUMBER ||
+ ntohs(*ah->sport) == PPTP_CONTROL_PORT_NUMBER)
return (0);
return (-1);
}
@@ -125,42 +124,32 @@
}
/* Kernel module definition. */
-struct proto_handler handlers[] = {
- {
- .pri = 200,
- .dir = IN,
- .proto = TCP,
- .fingerprint = &fingerprint,
- .protohandler = &protohandlerin
- },
- {
- .pri = 210,
- .dir = OUT,
- .proto = TCP,
- .fingerprint = &fingerprint,
- .protohandler = &protohandlerout
- },
-/*
- * WATCH OUT!!! these 2 handlers NEED a priority of INT_MAX (highest possible)
- * cause they will ALWAYS process packets, so they must be the last one
- * in chain: look fingerprintgre() above.
- */
- {
- .pri = INT_MAX,
- .dir = IN,
- .proto = IP,
- .fingerprint = &fingerprintgre,
- .protohandler = &protohandlergrein
- },
- {
- .pri = INT_MAX,
- .dir = OUT,
- .proto = IP,
- .fingerprint = &fingerprintgre,
- .protohandler = &protohandlergreout
- },
- { EOH }
-};
+struct proto_handler handlers[] = { { .pri = 200,
+ .dir = IN,
+ .proto = TCP,
+ .fingerprint = &fingerprint,
+ .protohandler = &protohandlerin },
+ { .pri = 210,
+ .dir = OUT,
+ .proto = TCP,
+ .fingerprint = &fingerprint,
+ .protohandler = &protohandlerout },
+ /*
+ * WATCH OUT!!! these 2 handlers NEED a priority of INT_MAX (highest
+ * possible) cause they will ALWAYS process packets, so they must be the
+ * last one in chain: look fingerprintgre() above.
+ */
+ { .pri = INT_MAX,
+ .dir = IN,
+ .proto = IP,
+ .fingerprint = &fingerprintgre,
+ .protohandler = &protohandlergrein },
+ { .pri = INT_MAX,
+ .dir = OUT,
+ .proto = IP,
+ .fingerprint = &fingerprintgre,
+ .protohandler = &protohandlergreout },
+ { EOH } };
static int
mod_handler(module_t mod, int type, void *data)
{
@@ -184,9 +173,7 @@
#ifdef _KERNEL
static
#endif
-moduledata_t alias_mod = {
- "alias_pptp", mod_handler, NULL
-};
+ moduledata_t alias_mod = { "alias_pptp", mod_handler, NULL };
#ifdef _KERNEL
DECLARE_MODULE(alias_pptp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
@@ -223,26 +210,26 @@
* PPTP definitions
*/
-struct grehdr { /* Enhanced GRE header. */
- u_int16_t gh_flags; /* Flags. */
- u_int16_t gh_protocol; /* Protocol type. */
- u_int16_t gh_length; /* Payload length. */
- u_int16_t gh_call_id; /* Call ID. */
- u_int32_t gh_seq_no; /* Sequence number (optional). */
- u_int32_t gh_ack_no; /* Acknowledgment number
- * (optional). */
+struct grehdr { /* Enhanced GRE header. */
+ u_int16_t gh_flags; /* Flags. */
+ u_int16_t gh_protocol; /* Protocol type. */
+ u_int16_t gh_length; /* Payload length. */
+ u_int16_t gh_call_id; /* Call ID. */
+ u_int32_t gh_seq_no; /* Sequence number (optional). */
+ u_int32_t gh_ack_no; /* Acknowledgment number
+ * (optional). */
};
typedef struct grehdr GreHdr;
/* The PPTP protocol ID used in the GRE 'proto' field. */
-#define PPTP_GRE_PROTO 0x880b
+#define PPTP_GRE_PROTO 0x880b
/* Bits that must be set a certain way in all PPTP/GRE packets. */
-#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO)
-#define PPTP_INIT_MASK 0xef7fffff
+#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO)
+#define PPTP_INIT_MASK 0xef7fffff
-#define PPTP_MAGIC 0x1a2b3c4d
-#define PPTP_CTRL_MSG_TYPE 1
+#define PPTP_MAGIC 0x1a2b3c4d
+#define PPTP_CTRL_MSG_TYPE 1
enum {
PPTP_StartCtrlConnRequest = 1,
@@ -264,23 +251,23 @@
/* Message structures */
struct pptpMsgHead {
- u_int16_t length; /* total length */
- u_int16_t msgType;/* PPTP message type */
- u_int32_t magic; /* magic cookie */
- u_int16_t type; /* control message type */
- u_int16_t resv0; /* reserved */
+ u_int16_t length; /* total length */
+ u_int16_t msgType; /* PPTP message type */
+ u_int32_t magic; /* magic cookie */
+ u_int16_t type; /* control message type */
+ u_int16_t resv0; /* reserved */
};
typedef struct pptpMsgHead *PptpMsgHead;
struct pptpCodes {
- u_int8_t resCode;/* Result Code */
- u_int8_t errCode;/* Error Code */
+ u_int8_t resCode; /* Result Code */
+ u_int8_t errCode; /* Error Code */
};
typedef struct pptpCodes *PptpCode;
struct pptpCallIds {
- u_int16_t cid1; /* Call ID field #1 */
- u_int16_t cid2; /* Call ID field #2 */
+ u_int16_t cid1; /* Call ID field #1 */
+ u_int16_t cid2; /* Call ID field #2 */
};
typedef struct pptpCallIds *PptpCallId;
@@ -288,13 +275,13 @@
static void
AliasHandlePptpOut(struct libalias *la,
- struct ip *pip, /* IP packet to examine/patch */
- struct alias_link *lnk) /* The PPTP control link */
+ struct ip *pip, /* IP packet to examine/patch */
+ struct alias_link *lnk) /* The PPTP control link */
{
struct alias_link *pptp_lnk;
PptpCallId cptr;
PptpCode codes;
- u_int16_t ctl_type; /* control message type */
+ u_int16_t ctl_type; /* control message type */
struct tcphdr *tc;
/* Verify valid PPTP control message */
@@ -311,8 +298,8 @@
* Establish PPTP link for address and Call ID found in
* control message.
*/
- pptp_lnk = AddPptp(la, GetOriginalAddress(lnk), GetDestAddress(lnk),
- GetAliasAddress(lnk), cptr->cid1);
+ pptp_lnk = AddPptp(la, GetOriginalAddress(lnk),
+ GetDestAddress(lnk), GetAliasAddress(lnk), cptr->cid1);
break;
case PPTP_CallClearRequest:
case PPTP_CallDiscNotify:
@@ -360,13 +347,13 @@
static void
AliasHandlePptpIn(struct libalias *la,
- struct ip *pip, /* IP packet to examine/patch */
- struct alias_link *lnk) /* The PPTP control link */
+ struct ip *pip, /* IP packet to examine/patch */
+ struct alias_link *lnk) /* The PPTP control link */
{
struct alias_link *pptp_lnk;
PptpCallId cptr;
u_int16_t *pcall_id;
- u_int16_t ctl_type; /* control message type */
+ u_int16_t ctl_type; /* control message type */
struct tcphdr *tc;
/* Verify valid PPTP control message */
@@ -426,7 +413,8 @@
}
static PptpCallId
-AliasVerifyPptp(struct ip *pip, u_int16_t * ptype) /* IP packet to examine/patch */
+AliasVerifyPptp(struct ip *pip,
+ u_int16_t *ptype) /* IP packet to examine/patch */
{
int hlen, tlen, dlen;
PptpMsgHead hptr;
@@ -439,7 +427,8 @@
dlen = tlen - hlen;
/* Verify data length */
- if (dlen < (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds)))
+ if (dlen <
+ (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds)))
return (NULL);
/* Move up to PPTP message header */
@@ -455,8 +444,8 @@
/* Verify data length. */
if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) &&
- (dlen < (int)(sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) +
- sizeof(struct pptpCodes))))
+ (dlen < (int)(sizeof(struct pptpMsgHead) +
+ sizeof(struct pptpCallIds) + sizeof(struct pptpCodes))))
return (NULL);
else
return ((PptpCallId)(hptr + 1));
@@ -474,13 +463,14 @@
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
- lnk = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
+ lnk = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst,
+ gr->gh_call_id);
if (lnk != NULL) {
struct in_addr alias_addr = GetAliasAddress(lnk);
/* Change source IP address. */
- DifferentialChecksum(&pip->ip_sum,
- &alias_addr, &pip->ip_src, 2);
+ DifferentialChecksum(&pip->ip_sum, &alias_addr, &pip->ip_src,
+ 2);
pip->ip_src = alias_addr;
}
return (0);
@@ -498,7 +488,8 @@
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
- lnk = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
+ lnk = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst,
+ gr->gh_call_id);
if (lnk != NULL) {
struct in_addr src_addr = GetOriginalAddress(lnk);
@@ -506,8 +497,7 @@
gr->gh_call_id = GetOriginalPort(lnk);
/* Restore original IP address. */
- DifferentialChecksum(&pip->ip_sum,
- &src_addr, &pip->ip_dst, 2);
+ DifferentialChecksum(&pip->ip_sum, &src_addr, &pip->ip_dst, 2);
pip->ip_dst = src_addr;
}
return (0);
Index: sys/netinet/libalias/alias_proxy.c
===================================================================
--- sys/netinet/libalias/alias_proxy.c
+++ sys/netinet/libalias/alias_proxy.c
@@ -59,10 +59,11 @@
#include <sys/limits.h>
#else
#include <sys/types.h>
+
#include <ctype.h>
+#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
-#include <netdb.h>
#include <string.h>
#endif
@@ -75,8 +76,8 @@
#else
#include <arpa/inet.h>
-#include "alias.h" /* Public API functions for libalias */
-#include "alias_local.h" /* Functions used by alias*.c */
+#include "alias.h" /* Public API functions for libalias */
+#include "alias_local.h" /* Functions used by alias*.c */
#endif
/*
@@ -89,22 +90,22 @@
*/
struct proxy_entry {
struct libalias *la;
-#define PROXY_TYPE_ENCODE_NONE 1
+#define PROXY_TYPE_ENCODE_NONE 1
#define PROXY_TYPE_ENCODE_TCPSTREAM 2
-#define PROXY_TYPE_ENCODE_IPHDR 3
- int rule_index;
- int proxy_type;
- u_char proto;
- u_short proxy_port;
- u_short server_port;
+#define PROXY_TYPE_ENCODE_IPHDR 3
+ int rule_index;
+ int proxy_type;
+ u_char proto;
+ u_short proxy_port;
+ u_short server_port;
- struct in_addr server_addr;
+ struct in_addr server_addr;
- struct in_addr src_addr;
- struct in_addr src_mask;
+ struct in_addr src_addr;
+ struct in_addr src_mask;
- struct in_addr dst_addr;
- struct in_addr dst_mask;
+ struct in_addr dst_addr;
+ struct in_addr dst_mask;
struct proxy_entry *next;
struct proxy_entry *last;
@@ -132,14 +133,14 @@
destination of a proxied IP packet
*/
-static int IpMask(int, struct in_addr *);
-static int IpAddr(char *, struct in_addr *);
-static int IpPort(char *, int, int *);
-static void RuleAdd(struct libalias *la, struct proxy_entry *);
-static void RuleDelete(struct proxy_entry *);
-static int RuleNumberDelete(struct libalias *la, int);
-static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int);
-static void ProxyEncodeIpHeader(struct ip *, int);
+static int IpMask(int, struct in_addr *);
+static int IpAddr(char *, struct in_addr *);
+static int IpPort(char *, int, int *);
+static void RuleAdd(struct libalias *la, struct proxy_entry *);
+static void RuleDelete(struct proxy_entry *);
+static int RuleNumberDelete(struct libalias *la, int);
+static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int);
+static void ProxyEncodeIpHeader(struct ip *, int);
static int
IpMask(int nbits, struct in_addr *mask)
@@ -174,7 +175,7 @@
n = sscanf(s, "%d", port);
if (n != 1)
-#ifndef _KERNEL /* XXX: we accept only numeric ports in kernel */
+#ifndef _KERNEL /* XXX: we accept only numeric ports in kernel */
{
struct servent *se;
@@ -282,9 +283,7 @@
}
static void
-ProxyEncodeTcpStream(struct alias_link *lnk,
- struct ip *pip,
- int maxpacketsize)
+ProxyEncodeTcpStream(struct alias_link *lnk, struct ip *pip, int maxpacketsize)
{
int slen;
char buffer[40];
@@ -375,9 +374,9 @@
static void
ProxyEncodeIpHeader(struct ip *pip, int maxpacketsize)
{
-#define OPTION_LEN_BYTES 8
-#define OPTION_LEN_INT16 4
-#define OPTION_LEN_INT32 2
+#define OPTION_LEN_BYTES 8
+#define OPTION_LEN_INT16 4
+#define OPTION_LEN_INT32 2
_Alignas(_Alignof(u_short)) u_char option[OPTION_LEN_BYTES];
#ifdef LIBALIAS_DEBUG
@@ -396,11 +395,11 @@
u_char *ptr;
struct tcphdr *tc;
- ptr = (u_char *) pip;
+ ptr = (u_char *)pip;
ptr += 20;
memcpy(ptr + OPTION_LEN_BYTES, ptr, ntohs(pip->ip_len) - 20);
- option[0] = 0x64; /* class: 3 (reserved), option 4 */
+ option[0] = 0x64; /* class: 3 (reserved), option 4 */
option[1] = OPTION_LEN_BYTES;
memcpy(&option[2], (u_char *)&pip->ip_dst, 4);
@@ -417,12 +416,12 @@
int accumulate;
u_short *sptr;
- sptr = (u_short *) option;
+ sptr = (u_short *)option;
accumulate = 0;
for (i = 0; i < OPTION_LEN_INT16; i++)
accumulate -= *(sptr++);
- sptr = (u_short *) pip;
+ sptr = (u_short *)pip;
accumulate += *sptr;
pip->ip_hl += OPTION_LEN_INT32;
accumulate -= *sptr;
@@ -453,7 +452,7 @@
int
ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr,
- u_short * proxy_server_port, struct in_addr src_addr,
+ u_short *proxy_server_port, struct in_addr src_addr,
struct in_addr dst_addr, u_short dst_port, u_char ip_p)
{
struct proxy_entry *ptr;
@@ -465,18 +464,21 @@
u_short proxy_port;
proxy_port = ptr->proxy_port;
- if ((dst_port == proxy_port || proxy_port == 0)
- && ip_p == ptr->proto
- && src_addr.s_addr != ptr->server_addr.s_addr) {
+ if ((dst_port == proxy_port || proxy_port == 0) &&
+ ip_p == ptr->proto &&
+ src_addr.s_addr != ptr->server_addr.s_addr) {
struct in_addr src_addr_masked;
struct in_addr dst_addr_masked;
- src_addr_masked.s_addr = src_addr.s_addr & ptr->src_mask.s_addr;
- dst_addr_masked.s_addr = dst_addr.s_addr & ptr->dst_mask.s_addr;
+ src_addr_masked.s_addr = src_addr.s_addr &
+ ptr->src_mask.s_addr;
+ dst_addr_masked.s_addr = dst_addr.s_addr &
+ ptr->dst_mask.s_addr;
- if ((src_addr_masked.s_addr == ptr->src_addr.s_addr)
- && (dst_addr_masked.s_addr == ptr->dst_addr.s_addr)) {
- if ((*proxy_server_port = ptr->server_port) == 0)
+ if ((src_addr_masked.s_addr == ptr->src_addr.s_addr) &&
+ (dst_addr_masked.s_addr == ptr->dst_addr.s_addr)) {
+ if ((*proxy_server_port = ptr->server_port) ==
+ 0)
*proxy_server_port = dst_port;
*proxy_server_addr = ptr->server_addr;
return (ptr->proxy_type);
@@ -489,10 +491,8 @@
}
void
-ProxyModify(struct libalias *la, struct alias_link *lnk,
- struct ip *pip,
- int maxpacketsize,
- int proxy_type)
+ProxyModify(struct libalias *la, struct alias_link *lnk, struct ip *pip,
+ int maxpacketsize, int proxy_type)
{
LIBALIAS_LOCK_ASSERT(la);
(void)la;
@@ -591,15 +591,15 @@
str_server_port[0] = 0;
/* Parse command string with state machine */
-#define STATE_READ_KEYWORD 0
-#define STATE_READ_TYPE 1
-#define STATE_READ_PORT 2
-#define STATE_READ_SERVER 3
-#define STATE_READ_RULE 4
-#define STATE_READ_DELETE 5
-#define STATE_READ_PROTO 6
-#define STATE_READ_SRC 7
-#define STATE_READ_DST 8
+#define STATE_READ_KEYWORD 0
+#define STATE_READ_TYPE 1
+#define STATE_READ_PORT 2
+#define STATE_READ_SERVER 3
+#define STATE_READ_RULE 4
+#define STATE_READ_DELETE 5
+#define STATE_READ_PROTO 6
+#define STATE_READ_SRC 7
+#define STATE_READ_DST 8
state = STATE_READ_KEYWORD;
token = strsep(&res, " \t");
token_count = 0;
@@ -691,7 +691,7 @@
state = STATE_READ_KEYWORD;
break;
- case STATE_READ_DELETE: {
+ case STATE_READ_DELETE: {
int err;
int rule_to_delete;
Index: sys/netinet/libalias/alias_sctp.h
===================================================================
--- sys/netinet/libalias/alias_sctp.h
+++ sys/netinet/libalias/alias_sctp.h
@@ -34,7 +34,8 @@
* with leadership and advice from Jason But
*
* The design is outlined in CAIA technical report number 080618A
- * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in IPFW")
+ * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in
+ * IPFW")
*
* Development is part of the CAIA SONATA project,
* proposed by Jason But and Grenville Armitage:
@@ -47,70 +48,72 @@
*
*/
-
#ifndef _ALIAS_SCTP_H_
#define _ALIAS_SCTP_H_
#include <sys/param.h>
#ifdef _KERNEL
+#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/module.h>
-#include <sys/kernel.h>
#include <sys/proc.h>
-#include <sys/uio.h>
#include <sys/socketvar.h>
#include <sys/syslog.h>
+#include <sys/uio.h>
#endif // #ifdef _KERNEL
#include <sys/types.h>
-
#include <sys/queue.h>
-#include <sys/types.h>
#include <sys/time.h>
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
/**
- * These are defined in sctp_os_bsd.h, but it can't be included due to its local file
- * inclusion, so I'm defining them here.
+ * These are defined in sctp_os_bsd.h, but it can't be included due to its local
+ * file inclusion, so I'm defining them here.
*
*/
#include <machine/cpufunc.h>
/* The packed define for 64 bit platforms */
#ifndef SCTP_PACKED
#define SCTP_PACKED __attribute__((packed))
-#endif //#ifndef SCTP_PACKED
+#endif // #ifndef SCTP_PACKED
#ifndef SCTP_UNUSED
#define SCTP_UNUSED __attribute__((unused))
-#endif //#ifndef SCTP_UNUSED
+#endif // #ifndef SCTP_UNUSED
#include <netinet/sctp.h>
-//#include <netinet/sctp_os_bsd.h> --might be needed later for mbuf stuff
+// #include <netinet/sctp_os_bsd.h> --might be needed later for mbuf stuff
#include <netinet/sctp_header.h>
#ifndef _KERNEL
-#include <stdlib.h>
#include <stdio.h>
-#endif //#ifdef _KERNEL
-
-#define LINK_SCTP IPPROTO_SCTP
-
-#define SN_TO_LOCAL 0 /**< packet traveling from global to local */
-#define SN_TO_GLOBAL 1 /**< packet traveling from local to global */
-#define SN_TO_NODIR 99 /**< used where direction is not important */
-
-#define SN_NAT_PKT 0x0000 /**< Network Address Translate packet */
-#define SN_DROP_PKT 0x0001 /**< drop packet (don't forward it) */
-#define SN_PROCESSING_ERROR 0x0003 /**< Packet processing error */
-#define SN_REPLY_ABORT 0x0010 /**< Reply with ABORT to sender (don't forward it) */
-#define SN_SEND_ABORT 0x0020 /**< Send ABORT to destination */
-#define SN_TX_ABORT 0x0030 /**< mask for transmitting abort */
-#define SN_REFLECT_ERROR 0x0100 /**< Reply with ERROR to sender on OOTB packet Tbit set */
-#define SN_REPLY_ERROR 0x0200 /**< Reply with ERROR to sender on ASCONF clash */
-#define SN_TX_ERROR 0x0300 /**< mask for transmitting error */
-
-#define PKT_ALIAS_RESPOND 0x1000 /**< Signal to libalias that there is a response packet to send */
+#include <stdlib.h>
+#endif // #ifdef _KERNEL
+
+#define LINK_SCTP IPPROTO_SCTP
+
+#define SN_TO_LOCAL 0 /**< packet traveling from global to local */
+#define SN_TO_GLOBAL 1 /**< packet traveling from local to global */
+#define SN_TO_NODIR 99 /**< used where direction is not important */
+
+#define SN_NAT_PKT 0x0000 /**< Network Address Translate packet */
+#define SN_DROP_PKT 0x0001 /**< drop packet (don't forward it) */
+#define SN_PROCESSING_ERROR 0x0003 /**< Packet processing error */
+#define SN_REPLY_ABORT \
+ 0x0010 /**< Reply with ABORT to sender (don't forward it) */
+#define SN_SEND_ABORT 0x0020 /**< Send ABORT to destination */
+#define SN_TX_ABORT 0x0030 /**< mask for transmitting abort */
+#define SN_REFLECT_ERROR \
+ 0x0100 /**< Reply with ERROR to sender on OOTB packet Tbit set */
+#define SN_REPLY_ERROR 0x0200 /**< Reply with ERROR to sender on ASCONF clash \
+ */
+#define SN_TX_ERROR 0x0300 /**< mask for transmitting error */
+
+#define PKT_ALIAS_RESPOND \
+ 0x1000 /**< Signal to libalias that there is a response packet to send \
+ */
/*
* Data structures
*/
@@ -123,38 +126,45 @@
* Information is stored in network byte order (as is libalias)***
*/
struct sctp_nat_assoc {
- uint32_t l_vtag; /**< local side verification tag */
- uint16_t l_port; /**< local side port number */
- uint32_t g_vtag; /**< global side verification tag */
- uint16_t g_port; /**< global side port number */
- struct in_addr l_addr; /**< local ip address */
- struct in_addr a_addr; /**< alias ip address */
- int state; /**< current state of NAT association */
- int TableRegister; /**< stores which look up tables association is registered in */
- int exp; /**< timer expiration in seconds from uptime */
- int exp_loc; /**< current location in timer_Q */
- int num_Gaddr; /**< number of global IP addresses in the list */
- LIST_HEAD(sctpGlobalAddresshead,sctp_GlobalAddress) Gaddr; /**< List of global addresses */
- LIST_ENTRY (sctp_nat_assoc) list_L; /**< Linked list of pointers for Local table*/
- LIST_ENTRY (sctp_nat_assoc) list_G; /**< Linked list of pointers for Global table */
- LIST_ENTRY (sctp_nat_assoc) timer_Q; /**< Linked list of pointers for timer Q */
- //Using libalias locking
+ uint32_t l_vtag; /**< local side verification tag */
+ uint16_t l_port; /**< local side port number */
+ uint32_t g_vtag; /**< global side verification tag */
+ uint16_t g_port; /**< global side port number */
+ struct in_addr l_addr; /**< local ip address */
+ struct in_addr a_addr; /**< alias ip address */
+ int state; /**< current state of NAT association */
+ int TableRegister; /**< stores which look up tables association is
+ registered in */
+ int exp; /**< timer expiration in seconds from uptime */
+ int exp_loc; /**< current location in timer_Q */
+ int num_Gaddr; /**< number of global IP addresses in the list */
+ LIST_HEAD(sctpGlobalAddresshead,
+ sctp_GlobalAddress) Gaddr; /**< List of global addresses */
+ LIST_ENTRY(sctp_nat_assoc)
+ list_L; /**< Linked list of pointers for Local table*/
+ LIST_ENTRY(sctp_nat_assoc)
+ list_G; /**< Linked list of pointers for Global table */
+ LIST_ENTRY(sctp_nat_assoc)
+ timer_Q; /**< Linked list of pointers for timer Q */
+ // Using libalias locking
};
struct sctp_GlobalAddress {
struct in_addr g_addr;
- LIST_ENTRY (sctp_GlobalAddress) list_Gaddr; /**< Linked list of pointers for Global table */
+ LIST_ENTRY(sctp_GlobalAddress)
+ list_Gaddr; /**< Linked list of pointers for Global table */
};
/**
* @brief SCTP chunk of interest
*
- * The only chunks whose contents are of any interest are the INIT and ASCONF_AddIP
+ * The only chunks whose contents are of any interest are the INIT and
+ * ASCONF_AddIP
*/
union sctpChunkOfInt {
- struct sctp_init *Init; /**< Pointer to Init Chunk */
- struct sctp_init_ack *InitAck; /**< Pointer to Init Chunk */
- struct sctp_paramhdr *Asconf; /**< Pointer to ASCONF chunk */
+ struct sctp_init *Init; /**< Pointer to Init Chunk */
+ struct sctp_init_ack *InitAck; /**< Pointer to Init Chunk */
+ struct sctp_paramhdr *Asconf; /**< Pointer to ASCONF chunk */
};
/**
@@ -163,15 +173,17 @@
* Structure containing the relevant information from the SCTP message
*/
struct sctp_nat_msg {
- uint16_t msg; /**< one of the key messages defined above */
+ uint16_t msg; /**< one of the key messages defined above */
#ifdef INET6
- // struct ip6_hdr *ip_hdr; /**< pointer to ip packet header */ /*no inet6 support yet*/
+ // struct ip6_hdr *ip_hdr; /**< pointer to ip packet header */ /*no
+ // inet6 support yet*/
#else
- struct ip *ip_hdr; /**< pointer to ip packet header */
-#endif //#ifdef INET6
- struct sctphdr *sctp_hdr; /**< pointer to sctp common header */
- union sctpChunkOfInt sctpchnk; /**< union of pointers to the chunk of interest */
- int chunk_length; /**< length of chunk of interest */
+ struct ip *ip_hdr; /**< pointer to ip packet header */
+#endif // #ifdef INET6
+ struct sctphdr *sctp_hdr; /**< pointer to sctp common header */
+ union sctpChunkOfInt
+ sctpchnk; /**< union of pointers to the chunk of interest */
+ int chunk_length; /**< length of chunk of interest */
};
/**
@@ -180,9 +192,11 @@
*/
struct sctp_nat_timer {
- int loc_time; /**< time in seconds for the current location in the queue */
- int cur_loc; /**< index of the current location in the circular queue */
- LIST_HEAD(sctpTimerQ,sctp_nat_assoc) *TimerQ; /**< List of associations at this position in the timer Q */
+ int loc_time; /**< time in seconds for the current location in the queue
+ */
+ int cur_loc; /**< index of the current location in the circular queue */
+ LIST_HEAD(sctpTimerQ, sctp_nat_assoc) *
+ TimerQ; /**< List of associations at this position in the timer Q */
};
-#endif //#ifndef _ALIAS_SCTP_H
+#endif // #ifndef _ALIAS_SCTP_H
Index: sys/netinet/libalias/alias_sctp.c
===================================================================
--- sys/netinet/libalias/alias_sctp.c
+++ sys/netinet/libalias/alias_sctp.c
@@ -33,7 +33,8 @@
* This software was developed by David A. Hayes and Jason But
*
* The design is outlined in CAIA technical report number 080618A
- * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in IPFW")
+ * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in
+ * IPFW")
*
* Development is part of the CAIA SONATA project,
* proposed by Jason But and Grenville Armitage:
@@ -70,28 +71,32 @@
* - Dynamic control of hash-table size
*/
-
#ifdef _KERNEL
-#include <machine/stdarg.h>
#include <sys/param.h>
-#include <sys/gsb_crc32.h>
#include <sys/systm.h>
+#include <sys/gsb_crc32.h>
#include <sys/kernel.h>
#include <sys/module.h>
#include <sys/syslog.h>
-#include <netinet/libalias/alias_sctp.h>
+
+#include <machine/in_cksum.h>
+#include <machine/stdarg.h>
+
#include <netinet/libalias/alias.h>
#include <netinet/libalias/alias_local.h>
+#include <netinet/libalias/alias_sctp.h>
#include <netinet/sctp_crc32.h>
-#include <machine/in_cksum.h>
#else
-#include "alias_sctp.h"
+#include <sys/libkern.h>
+
+#include <machine/in_cksum.h>
+
#include <arpa/inet.h>
+
#include "alias.h"
#include "alias_local.h"
-#include <machine/in_cksum.h>
-#include <sys/libkern.h>
-#endif //#ifdef _KERNEL
+#include "alias_sctp.h"
+#endif // #ifdef _KERNEL
/* ----------------------------------------------------------------------
* FUNCTION PROTOTYPES
@@ -102,55 +107,66 @@
struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc);
static int GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm,
uint32_t *l_vtag, uint32_t *g_vtag, int direction);
-static int IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm, int direction);
-
-static void AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction);
-static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr);
-static void RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction);
-static int IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm, int direction);
+static int IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm,
+ int direction);
+
+static void AddGlobalIPAddresses(struct sctp_nat_msg *sm,
+ struct sctp_nat_assoc *assoc, int direction);
+static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc,
+ struct sctp_GlobalAddress *G_addr);
+static void RmGlobalIPAddresses(struct sctp_nat_msg *sm,
+ struct sctp_nat_assoc *assoc, int direction);
+static int IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm,
+ int direction);
/* State Machine Functions */
-static int ProcessSctpMsg(struct libalias *la, int direction, \
+static int ProcessSctpMsg(struct libalias *la, int direction,
struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc);
-static int ID_process(struct libalias *la, int direction,\
+static int ID_process(struct libalias *la, int direction,
struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
-static int INi_process(struct libalias *la, int direction,\
+static int INi_process(struct libalias *la, int direction,
struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
-static int INa_process(struct libalias *la, int direction,\
+static int INa_process(struct libalias *la, int direction,
struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
-static int UP_process(struct libalias *la, int direction,\
+static int UP_process(struct libalias *la, int direction,
struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
-static int CL_process(struct libalias *la, int direction,\
+static int CL_process(struct libalias *la, int direction,
struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
-static void TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm,\
+static void TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm,
struct sctp_nat_assoc *assoc, int sndrply, int direction);
/* Hash Table Functions */
-static struct sctp_nat_assoc *
-FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port);
-static struct sctp_nat_assoc *
-FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match);
-static struct sctp_nat_assoc *
-FindSctpGlobalClash(struct libalias *la, struct sctp_nat_assoc *Cassoc);
-static struct sctp_nat_assoc *
-FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port);
-static struct sctp_nat_assoc *
-FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port);
-
-static int AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr);
-static int AddSctpAssocGlobal(struct libalias *la, struct sctp_nat_assoc *assoc);
+static struct sctp_nat_assoc *FindSctpLocal(struct libalias *la,
+ struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag,
+ uint16_t l_port, uint16_t g_port);
+static struct sctp_nat_assoc *FindSctpGlobal(struct libalias *la,
+ struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port,
+ int *partial_match);
+static struct sctp_nat_assoc *FindSctpGlobalClash(struct libalias *la,
+ struct sctp_nat_assoc *Cassoc);
+static struct sctp_nat_assoc *FindSctpLocalT(struct libalias *la,
+ struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port);
+static struct sctp_nat_assoc *FindSctpGlobalT(struct libalias *la,
+ struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port);
+
+static int AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc,
+ struct in_addr g_addr);
+static int AddSctpAssocGlobal(struct libalias *la,
+ struct sctp_nat_assoc *assoc);
static void RmSctpAssoc(struct libalias *la, struct sctp_nat_assoc *assoc);
static void freeGlobalAddressList(struct sctp_nat_assoc *assoc);
/* Timer Queue Functions */
static void sctp_AddTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc);
static void sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc);
-static void sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc, int newexp);
+static void sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc,
+ int newexp);
void sctp_CheckTimers(struct libalias *la);
/* Logging Functions */
-static void logsctperror(char *errormsg, uint32_t vtag, int error, int direction);
+static void logsctperror(char *errormsg, uint32_t vtag, int error,
+ int direction);
static void logsctpparse(int direction, struct sctp_nat_msg *sm);
static void logsctpassoc(struct sctp_nat_assoc *assoc, char *s);
static void logTimerQ(struct libalias *la);
@@ -185,17 +201,17 @@
static MALLOC_DEFINE(M_SCTPNAT, "sctpnat", "sctp nat dbs");
/* Use kernel allocator. */
#ifdef _SYS_MALLOC_H_
-#define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT|M_ZERO)
-#define sn_calloc(n,x) mallocarray((n), (x), M_SCTPNAT, M_NOWAIT|M_ZERO)
-#define sn_free(x) free(x, M_SCTPNAT)
-#endif// #ifdef _SYS_MALLOC_H_
+#define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT | M_ZERO)
+#define sn_calloc(n, x) mallocarray((n), (x), M_SCTPNAT, M_NOWAIT | M_ZERO)
+#define sn_free(x) free(x, M_SCTPNAT)
+#endif // #ifdef _SYS_MALLOC_H_
-#else //#ifdef _KERNEL
-#define sn_malloc(x) malloc(x)
-#define sn_calloc(n, x) calloc(n, x)
-#define sn_free(x) free(x)
+#else // #ifdef _KERNEL
+#define sn_malloc(x) malloc(x)
+#define sn_calloc(n, x) calloc(n, x)
+#define sn_free(x) free(x)
-#endif //#ifdef _KERNEL
+#endif // #ifdef _KERNEL
/** @defgroup packet_parser SCTP Packet Parsing
*
@@ -205,107 +221,143 @@
* - SCTP message types for storing in the sctp_nat_msg structure @{
*/
-#define SN_SCTP_FIRSTCHUNK(sctphead) (struct sctp_chunkhdr *)(((char *)sctphead) + sizeof(struct sctphdr))
-/**< Returns a pointer to the first chunk in an SCTP packet given a pointer to the SCTP header */
+#define SN_SCTP_FIRSTCHUNK(sctphead) \
+ (struct sctp_chunkhdr *)(((char *)sctphead) + sizeof(struct sctphdr))
+/**< Returns a pointer to the first chunk in an SCTP packet given a pointer to
+ * the SCTP header */
-#define SN_SCTP_NEXTCHUNK(chunkhead) (struct sctp_chunkhdr *)(((char *)chunkhead) + SCTP_SIZE32(ntohs(chunkhead->chunk_length)))
-/**< Returns a pointer to the next chunk in an SCTP packet given a pointer to the current chunk */
+#define SN_SCTP_NEXTCHUNK(chunkhead) \
+ (struct sctp_chunkhdr *)(((char *)chunkhead) + \
+ SCTP_SIZE32(ntohs(chunkhead->chunk_length)))
+/**< Returns a pointer to the next chunk in an SCTP packet given a pointer to
+ * the current chunk */
-#define SN_SCTP_NEXTPARAM(param) (struct sctp_paramhdr *)(((char *)param) + SCTP_SIZE32(ntohs(param->param_length)))
-/**< Returns a pointer to the next parameter in an SCTP packet given a pointer to the current parameter */
+#define SN_SCTP_NEXTPARAM(param) \
+ (struct sctp_paramhdr *)(((char *)param) + \
+ SCTP_SIZE32(ntohs(param->param_length)))
+/**< Returns a pointer to the next parameter in an SCTP packet given a pointer
+ * to the current parameter */
-#define SN_MIN_CHUNK_SIZE 4 /**< Smallest possible SCTP chunk size in bytes */
-#define SN_MIN_PARAM_SIZE 4 /**< Smallest possible SCTP param size in bytes */
-#define SN_VTAG_PARAM_SIZE 12 /**< Size of SCTP ASCONF vtag param in bytes */
-#define SN_ASCONFACK_PARAM_SIZE 8 /**< Size of SCTP ASCONF ACK param in bytes */
+#define SN_MIN_CHUNK_SIZE 4 /**< Smallest possible SCTP chunk size in bytes */
+#define SN_MIN_PARAM_SIZE 4 /**< Smallest possible SCTP param size in bytes */
+#define SN_VTAG_PARAM_SIZE 12 /**< Size of SCTP ASCONF vtag param in bytes */
+#define SN_ASCONFACK_PARAM_SIZE \
+ 8 /**< Size of SCTP ASCONF ACK param in bytes */
/* Packet parsing return codes */
-#define SN_PARSE_OK 0 /**< Packet parsed for SCTP messages */
-#define SN_PARSE_ERROR_IPSHL 1 /**< Packet parsing error - IP and SCTP common header len */
-#define SN_PARSE_ERROR_AS_MALLOC 2 /**< Packet parsing error - assoc malloc */
-#define SN_PARSE_ERROR_CHHL 3 /**< Packet parsing error - Chunk header len */
-#define SN_PARSE_ERROR_DIR 4 /**< Packet parsing error - Direction */
-#define SN_PARSE_ERROR_VTAG 5 /**< Packet parsing error - Vtag */
-#define SN_PARSE_ERROR_CHUNK 6 /**< Packet parsing error - Chunk */
-#define SN_PARSE_ERROR_PORT 7 /**< Packet parsing error - Port=0 */
-#define SN_PARSE_ERROR_LOOKUP 8 /**< Packet parsing error - Lookup */
-#define SN_PARSE_ERROR_PARTIALLOOKUP 9 /**< Packet parsing error - partial lookup only found */
-#define SN_PARSE_ERROR_LOOKUP_ABORT 10 /**< Packet parsing error - Lookup - but abort packet */
+#define SN_PARSE_OK 0 /**< Packet parsed for SCTP messages */
+#define SN_PARSE_ERROR_IPSHL \
+ 1 /**< Packet parsing error - IP and SCTP common header len */
+#define SN_PARSE_ERROR_AS_MALLOC 2 /**< Packet parsing error - assoc malloc */
+#define SN_PARSE_ERROR_CHHL 3 /**< Packet parsing error - Chunk header len */
+#define SN_PARSE_ERROR_DIR 4 /**< Packet parsing error - Direction */
+#define SN_PARSE_ERROR_VTAG 5 /**< Packet parsing error - Vtag */
+#define SN_PARSE_ERROR_CHUNK 6 /**< Packet parsing error - Chunk */
+#define SN_PARSE_ERROR_PORT 7 /**< Packet parsing error - Port=0 */
+#define SN_PARSE_ERROR_LOOKUP 8 /**< Packet parsing error - Lookup */
+#define SN_PARSE_ERROR_PARTIALLOOKUP \
+ 9 /**< Packet parsing error - partial lookup only found */
+#define SN_PARSE_ERROR_LOOKUP_ABORT \
+ 10 /**< Packet parsing error - Lookup - but abort packet */
/* Alias_sctp performs its processing based on a number of key messages */
-#define SN_SCTP_ABORT 0x0000 /**< a packet containing an ABORT chunk */
-#define SN_SCTP_INIT 0x0001 /**< a packet containing an INIT chunk */
-#define SN_SCTP_INITACK 0x0002 /**< a packet containing an INIT-ACK chunk */
-#define SN_SCTP_SHUTCOMP 0x0010 /**< a packet containing a SHUTDOWN-COMPLETE chunk */
-#define SN_SCTP_SHUTACK 0x0020 /**< a packet containing a SHUTDOWN-ACK chunk */
-#define SN_SCTP_ASCONF 0x0100 /**< a packet containing an ASCONF chunk */
-#define SN_SCTP_ASCONFACK 0x0200 /**< a packet containing an ASCONF-ACK chunk */
-#define SN_SCTP_OTHER 0xFFFF /**< a packet containing a chunk that is not of interest */
+#define SN_SCTP_ABORT 0x0000 /**< a packet containing an ABORT chunk */
+#define SN_SCTP_INIT 0x0001 /**< a packet containing an INIT chunk */
+#define SN_SCTP_INITACK 0x0002 /**< a packet containing an INIT-ACK chunk */
+#define SN_SCTP_SHUTCOMP \
+ 0x0010 /**< a packet containing a SHUTDOWN-COMPLETE chunk */
+#define SN_SCTP_SHUTACK 0x0020 /**< a packet containing a SHUTDOWN-ACK chunk \
+ */
+#define SN_SCTP_ASCONF 0x0100 /**< a packet containing an ASCONF chunk */
+#define SN_SCTP_ASCONFACK 0x0200 /**< a packet containing an ASCONF-ACK chunk \
+ */
+#define SN_SCTP_OTHER \
+ 0xFFFF /**< a packet containing a chunk that is not of interest */
/** @}
* @defgroup state_machine SCTP NAT State Machine
*
* Defines the various states an association can be within the NAT @{
*/
-#define SN_ID 0x0000 /**< Idle state */
-#define SN_INi 0x0010 /**< Initialising, waiting for InitAck state */
-#define SN_INa 0x0020 /**< Initialising, waiting for AddIpAck state */
-#define SN_UP 0x0100 /**< Association in UP state */
-#define SN_CL 0x1000 /**< Closing state */
-#define SN_RM 0x2000 /**< Removing state */
+#define SN_ID 0x0000 /**< Idle state */
+#define SN_INi 0x0010 /**< Initialising, waiting for InitAck state */
+#define SN_INa 0x0020 /**< Initialising, waiting for AddIpAck state */
+#define SN_UP 0x0100 /**< Association in UP state */
+#define SN_CL 0x1000 /**< Closing state */
+#define SN_RM 0x2000 /**< Removing state */
/** @}
* @defgroup Logging Logging Functionality
*
* Define various log levels and a macro to call specified log functions only if
* the current log level (sysctl_log_level) matches the specified level @{
*/
-#define SN_LOG_LOW 0
-#define SN_LOG_EVENT 1
-#define SN_LOG_INFO 2
-#define SN_LOG_DETAIL 3
-#define SN_LOG_DEBUG 4
-#define SN_LOG_DEBUG_MAX 5
-
-#define SN_LOG(level, action) if (sysctl_log_level >= level) { action; } /**< Perform log action ONLY if the current log level meets the specified log level */
+#define SN_LOG_LOW 0
+#define SN_LOG_EVENT 1
+#define SN_LOG_INFO 2
+#define SN_LOG_DETAIL 3
+#define SN_LOG_DEBUG 4
+#define SN_LOG_DEBUG_MAX 5
+
+#define SN_LOG(level, action) \
+ if (sysctl_log_level >= level) { \
+ action; \
+ } /**< Perform log action ONLY if the current log level meets the \
+ specified log level */
/** @}
* @defgroup Hash Hash Table Macros and Functions
*
* Defines minimum/maximum/default values for the hash table size @{
*/
-#define SN_MIN_HASH_SIZE 101 /**< Minimum hash table size (set to stop users choosing stupid values) */
-#define SN_MAX_HASH_SIZE 1000001 /**< Maximum hash table size (NB must be less than max int) */
-#define SN_DEFAULT_HASH_SIZE 2003 /**< A reasonable default size for the hash tables */
-
-#define SN_LOCAL_TBL 0x01 /**< assoc in local table */
-#define SN_GLOBAL_TBL 0x02 /**< assoc in global table */
-#define SN_BOTH_TBL 0x03 /**< assoc in both tables */
-#define SN_WAIT_TOLOCAL 0x10 /**< assoc waiting for TOLOCAL asconf ACK*/
-#define SN_WAIT_TOGLOBAL 0x20 /**< assoc waiting for TOLOCAL asconf ACK*/
-#define SN_NULL_TBL 0x00 /**< assoc in No table */
-#define SN_MAX_GLOBAL_ADDRESSES 100 /**< absolute maximum global address count*/
-
-#define SN_ADD_OK 0 /**< Association added to the table */
-#define SN_ADD_CLASH 1 /**< Clash when trying to add the assoc. info to the table */
-
-#define SN_TABLE_HASH(vtag, port, size) (((u_int) vtag + (u_int) port) % (u_int) size) /**< Calculate the hash table lookup position */
+#define SN_MIN_HASH_SIZE \
+ 101 /**< Minimum hash table size (set to stop users choosing stupid \
+ values) */
+#define SN_MAX_HASH_SIZE \
+ 1000001 /**< Maximum hash table size (NB must be less than max int) */
+#define SN_DEFAULT_HASH_SIZE \
+ 2003 /**< A reasonable default size for the hash tables */
+
+#define SN_LOCAL_TBL 0x01 /**< assoc in local table */
+#define SN_GLOBAL_TBL 0x02 /**< assoc in global table */
+#define SN_BOTH_TBL 0x03 /**< assoc in both tables */
+#define SN_WAIT_TOLOCAL 0x10 /**< assoc waiting for TOLOCAL asconf ACK*/
+#define SN_WAIT_TOGLOBAL 0x20 /**< assoc waiting for TOLOCAL asconf ACK*/
+#define SN_NULL_TBL 0x00 /**< assoc in No table */
+#define SN_MAX_GLOBAL_ADDRESSES 100 /**< absolute maximum global address \
+ count*/
+
+#define SN_ADD_OK 0 /**< Association added to the table */
+#define SN_ADD_CLASH \
+ 1 /**< Clash when trying to add the assoc. info to the table */
+
+#define SN_TABLE_HASH(vtag, port, size) \
+ (((u_int)vtag + (u_int)port) % \
+ (u_int)size) /**< Calculate the hash table lookup position */
/** @}
* @defgroup Timer Timer Queue Macros and Functions
*
* Timer macros set minimum/maximum timeout values and calculate timer expiry
* times for the provided libalias instance @{
*/
-#define SN_MIN_TIMER 1
-#define SN_MAX_TIMER 600
-#define SN_TIMER_QUEUE_SIZE SN_MAX_TIMER+2
-
-#define SN_I_T(la) (LibAliasTime + sysctl_init_timer) /**< INIT State expiration time in seconds */
-#define SN_U_T(la) (LibAliasTime + sysctl_up_timer) /**< UP State expiration time in seconds */
-#define SN_C_T(la) (LibAliasTime + sysctl_shutdown_timer) /**< CL State expiration time in seconds */
-#define SN_X_T(la) (LibAliasTime + sysctl_holddown_timer) /**< Wait after a shutdown complete in seconds */
+#define SN_MIN_TIMER 1
+#define SN_MAX_TIMER 600
+#define SN_TIMER_QUEUE_SIZE SN_MAX_TIMER + 2
+
+#define SN_I_T(la) \
+ (LibAliasTime + \
+ sysctl_init_timer) /**< INIT State expiration time in seconds */
+#define SN_U_T(la) \
+ (LibAliasTime + \
+ sysctl_up_timer) /**< UP State expiration time in seconds */
+#define SN_C_T(la) \
+ (LibAliasTime + \
+ sysctl_shutdown_timer) /**< CL State expiration time in seconds */
+#define SN_X_T(la) \
+ (LibAliasTime + sysctl_holddown_timer) /**< Wait after a shutdown \
+ complete in seconds */
/** @}
* @defgroup sysctl SysCtl Variable and callback function declarations
*
- * Sysctl variables to modify NAT functionality in real-time along with associated functions
- * to manage modifications to the sysctl variables @{
+ * Sysctl variables to modify NAT functionality in real-time along with
+ * associated functions to manage modifications to the sysctl variables @{
*/
/* Callbacks */
@@ -323,36 +375,65 @@
/** @brief net.inet.ip.alias.sctp.log_level */
static u_int sysctl_log_level = 0; /**< Stores the current level of logging */
/** @brief net.inet.ip.alias.sctp.init_timer */
-static u_int sysctl_init_timer = 15; /**< Seconds to hold an association in the table waiting for an INIT-ACK or AddIP-ACK */
+static u_int sysctl_init_timer =
+ 15; /**< Seconds to hold an association in the table waiting for an INIT-ACK
+ or AddIP-ACK */
/** @brief net.inet.ip.alias.sctp.up_timer */
-static u_int sysctl_up_timer = 300; /**< Seconds to hold an association in the table while no packets are transmitted */
+static u_int sysctl_up_timer = 300; /**< Seconds to hold an association in the
+ table while no packets are transmitted */
/** @brief net.inet.ip.alias.sctp.shutdown_timer */
-static u_int sysctl_shutdown_timer = 15; /**< Seconds to hold an association in the table waiting for a SHUTDOWN-COMPLETE */
+static u_int sysctl_shutdown_timer =
+ 15; /**< Seconds to hold an association in the table waiting for a
+ SHUTDOWN-COMPLETE */
/** @brief net.inet.ip.alias.sctp.holddown_timer */
-static u_int sysctl_holddown_timer = 0; /**< Seconds to hold an association in the table after it has been shutdown (to allow for lost SHUTDOWN-COMPLETEs) */
+static u_int sysctl_holddown_timer =
+ 0; /**< Seconds to hold an association in the table after it has been
+ shutdown (to allow for lost SHUTDOWN-COMPLETEs) */
/** @brief net.inet.ip.alias.sctp.hashtable_size */
-static u_int sysctl_hashtable_size = SN_DEFAULT_HASH_SIZE; /**< Sets the hash table size for any NEW NAT instances (existing instances retain their existing Hash Table */
+static u_int sysctl_hashtable_size =
+ SN_DEFAULT_HASH_SIZE; /**< Sets the hash table size for any NEW NAT
+ instances (existing instances retain their existing
+ Hash Table */
/** @brief net.inet.ip.alias.sctp.error_on_ootb */
-static u_int sysctl_error_on_ootb = 1; /**< NAT response to receipt of OOTB packet
- (0 - No response, 1 - NAT will send ErrorM only to local side,
- 2 - NAT will send local ErrorM and global ErrorM if there was a partial association match
- 3 - NAT will send ErrorM to both local and global) */
+static u_int sysctl_error_on_ootb =
+ 1; /**< NAT response to receipt of OOTB packet
+ (0 - No response, 1 - NAT will send ErrorM only to local side,
+ 2 - NAT will send local ErrorM and global ErrorM if there was a
+ partial association match 3 - NAT will send ErrorM to both local and
+ global) */
/** @brief net.inet.ip.alias.sctp.accept_global_ootb_addip */
-static u_int sysctl_accept_global_ootb_addip = 0; /**<NAT responset to receipt of global OOTB AddIP (0 - No response, 1 - NAT will accept OOTB global AddIP messages for processing (Security risk)) */
+static u_int sysctl_accept_global_ootb_addip =
+ 0; /**<NAT responset to receipt of global OOTB AddIP (0 - No response, 1 -
+ NAT will accept OOTB global AddIP messages for processing (Security
+ risk)) */
/** @brief net.inet.ip.alias.sctp.initialising_chunk_proc_limit */
-static u_int sysctl_initialising_chunk_proc_limit = 2; /**< A limit on the number of chunks that should be searched if there is no matching association (DoS prevention) */
+static u_int sysctl_initialising_chunk_proc_limit =
+ 2; /**< A limit on the number of chunks that should be searched if there is
+ no matching association (DoS prevention) */
/** @brief net.inet.ip.alias.sctp.param_proc_limit */
-static u_int sysctl_chunk_proc_limit = 5; /**< A limit on the number of chunks that should be searched (DoS prevention) */
+static u_int sysctl_chunk_proc_limit =
+ 5; /**< A limit on the number of chunks that should be searched (DoS
+ prevention) */
/** @brief net.inet.ip.alias.sctp.param_proc_limit */
-static u_int sysctl_param_proc_limit = 25; /**< A limit on the number of parameters (in chunks) that should be searched (DoS prevention) */
+static u_int sysctl_param_proc_limit =
+ 25; /**< A limit on the number of parameters (in chunks) that should be
+ searched (DoS prevention) */
/** @brief net.inet.ip.alias.sctp.track_global_addresses */
-static u_int sysctl_track_global_addresses = 0; /**< Configures the global address tracking option within the NAT (0 - Global tracking is disabled, > 0 - enables tracking but limits the number of global IP addresses to this value)
- If set to >=1 the NAT will track that many global IP addresses. This may reduce look up table conflicts, but increases processing */
-
-#define SN_NO_ERROR_ON_OOTB 0 /**< Send no errorM on out of the blue packets */
-#define SN_LOCAL_ERROR_ON_OOTB 1 /**< Send only local errorM on out of the blue packets */
-#define SN_LOCALandPARTIAL_ERROR_ON_OOTB 2 /**< Send local errorM and global errorM for out of the blue packets only if partial match found */
-#define SN_ERROR_ON_OOTB 3 /**< Send errorM on out of the blue packets */
+static u_int sysctl_track_global_addresses =
+ 0; /**< Configures the global address tracking option within the NAT (0 -
+ Global tracking is disabled, > 0 - enables tracking but limits the
+ number of global IP addresses to this value) If set to >=1 the NAT
+ will track that many global IP addresses. This may reduce look up
+ table conflicts, but increases processing */
+
+#define SN_NO_ERROR_ON_OOTB 0 /**< Send no errorM on out of the blue packets \
+ */
+#define SN_LOCAL_ERROR_ON_OOTB \
+ 1 /**< Send only local errorM on out of the blue packets */
+#define SN_LOCALandPARTIAL_ERROR_ON_OOTB \
+ 2 /**< Send local errorM and global errorM for out of the blue packets \
+ only if partial match found */
+#define SN_ERROR_ON_OOTB 3 /**< Send errorM on out of the blue packets */
#ifdef SYSCTL_NODE
@@ -361,42 +442,42 @@
SYSCTL_DECL(_net_inet_ip_alias);
static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp,
- CTLFLAG_RW | CTLFLAG_MPSAFE, NULL,
- "SCTP NAT");
+ CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, "SCTP NAT");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_log_level, 0, sysctl_chg_loglevel, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_log_level, 0,
+ sysctl_chg_loglevel, "IU",
"Level of detail (0 - default, 1 - event, 2 - info, 3 - detail, 4 - debug, 5 - max debug)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_init_timer, 0, sysctl_chg_timer, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_init_timer, 0,
+ sysctl_chg_timer, "IU",
"Timeout value (s) while waiting for (INIT-ACK|AddIP-ACK)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_up_timer, 0, sysctl_chg_timer, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_up_timer, 0,
+ sysctl_chg_timer, "IU",
"Timeout value (s) to keep an association up with no traffic");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_shutdown_timer, 0, sysctl_chg_timer, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_shutdown_timer, 0,
+ sysctl_chg_timer, "IU",
"Timeout value (s) while waiting for SHUTDOWN-COMPLETE");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_holddown_timer, 0, sysctl_chg_timer, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_holddown_timer, 0,
+ sysctl_chg_timer, "IU",
"Hold association in table for this many seconds after receiving a SHUTDOWN-COMPLETE");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_hashtable_size, 0, sysctl_chg_hashtable_size, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_hashtable_size, 0,
+ sysctl_chg_hashtable_size, "IU",
"Size of hash tables used for NAT lookups (100 < prime_number > 1000001)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_error_on_ootb, 0, sysctl_chg_error_on_ootb, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_error_on_ootb, 0,
+ sysctl_chg_error_on_ootb, "IU",
"ErrorM sent on receipt of ootb packet:\n\t0 - none,\n"
"\t1 - to local only,\n"
"\t2 - to local and global if a partial association match,\n"
"\t3 - to local and global (DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip, "IU",
+ &sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip,
+ "IU",
"NAT response to receipt of global OOTB AddIP:\n"
"\t0 - No response,\n"
"\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)");
@@ -407,13 +488,13 @@
"Number of chunks that should be processed if there is no current "
"association found:\n\t > 0 (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_chunk_proc_limit, 0, sysctl_chg_chunk_proc_limit, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_chunk_proc_limit, 0,
+ sysctl_chg_chunk_proc_limit, "IU",
"Number of chunks that should be processed to find key chunk:\n"
"\t>= initialising_chunk_proc_limit (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit,
- CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
- &sysctl_param_proc_limit, 0, sysctl_chg_param_proc_limit, "IU",
+ CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &sysctl_param_proc_limit, 0,
+ sysctl_chg_param_proc_limit, "IU",
"Number of parameters (in a chunk) that should be processed to find key "
"parameters:\n\t> 1 (A high value is a DoS risk)");
SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses,
@@ -431,7 +512,8 @@
* Updates the variable sysctl_log_level to the provided value and ensures
* it is in the valid range (SN_LOG_LOW -> SN_LOG_DEBUG)
*/
-int sysctl_chg_loglevel(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_loglevel(SYSCTL_HANDLER_ARGS)
{
u_int level = *(u_int *)arg1;
int error;
@@ -447,13 +529,15 @@
}
/** @ingroup sysctl
- * @brief sysctl callback for changing net.inet.ip.fw.sctp.(init_timer|up_timer|shutdown_timer)
+ * @brief sysctl callback for changing
+ * net.inet.ip.fw.sctp.(init_timer|up_timer|shutdown_timer)
*
* Updates the timer-based sysctl variables. The new values are sanity-checked
* to make sure that they are within the range SN_MIN_TIMER-SN_MAX_TIMER. The
* holddown timer is allowed to be 0
*/
-int sysctl_chg_timer(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_timer(SYSCTL_HANDLER_ARGS)
{
u_int timer = *(u_int *)arg1;
int error;
@@ -482,7 +566,8 @@
* if it is prime. We approximate by checking that (2,3,5,7,11) are not factors,
* incrementing the user provided value until we find a suitable number.
*/
-int sysctl_chg_hashtable_size(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_hashtable_size(SYSCTL_HANDLER_ARGS)
{
u_int size = *(u_int *)arg1;
int error;
@@ -491,11 +576,16 @@
if (error)
return (error);
- size = (size < SN_MIN_HASH_SIZE) ? (SN_MIN_HASH_SIZE) : ((size > SN_MAX_HASH_SIZE) ? (SN_MAX_HASH_SIZE) : (size));
+ size = (size < SN_MIN_HASH_SIZE) ?
+ (SN_MIN_HASH_SIZE) :
+ ((size > SN_MAX_HASH_SIZE) ? (SN_MAX_HASH_SIZE) : (size));
size |= 0x00000001; /* make odd */
- for (;(((size % 3) == 0) || ((size % 5) == 0) || ((size % 7) == 0) || ((size % 11) == 0)); size+=2);
+ for (; (((size % 3) == 0) || ((size % 5) == 0) || ((size % 7) == 0) ||
+ ((size % 11) == 0));
+ size += 2)
+ ;
sysctl_hashtable_size = size;
return (0);
@@ -511,7 +601,8 @@
* a partial association match
* If set to 3, an ErrorM is sent to both local and global sides (DoS) risk.
*/
-int sysctl_chg_error_on_ootb(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_error_on_ootb(SYSCTL_HANDLER_ARGS)
{
u_int flag = *(u_int *)arg1;
int error;
@@ -520,18 +611,21 @@
if (error)
return (error);
- sysctl_error_on_ootb = (flag > SN_ERROR_ON_OOTB) ? SN_ERROR_ON_OOTB: flag;
+ sysctl_error_on_ootb = (flag > SN_ERROR_ON_OOTB) ? SN_ERROR_ON_OOTB :
+ flag;
return (0);
}
/** @ingroup sysctl
- * @brief sysctl callback for changing net.inet.ip.alias.sctp.accept_global_ootb_addip
+ * @brief sysctl callback for changing
+ * net.inet.ip.alias.sctp.accept_global_ootb_addip
*
- * If set to 1 the NAT will accept ootb global addip messages for processing (Security risk)
- * Default is 0, only responding to local ootb AddIP messages
+ * If set to 1 the NAT will accept ootb global addip messages for processing
+ * (Security risk) Default is 0, only responding to local ootb AddIP messages
*/
-int sysctl_chg_accept_global_ootb_addip(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_accept_global_ootb_addip(SYSCTL_HANDLER_ARGS)
{
u_int flag = *(u_int *)arg1;
int error;
@@ -540,19 +634,21 @@
if (error)
return (error);
- sysctl_accept_global_ootb_addip = (flag == 1) ? 1: 0;
+ sysctl_accept_global_ootb_addip = (flag == 1) ? 1 : 0;
return (0);
}
/** @ingroup sysctl
- * @brief sysctl callback for changing net.inet.ip.alias.sctp.initialising_chunk_proc_limit
+ * @brief sysctl callback for changing
+ * net.inet.ip.alias.sctp.initialising_chunk_proc_limit
*
* Updates the initialising_chunk_proc_limit sysctl variable. Number of chunks
* that should be processed if there is no current association found: > 0 (A
* high value is a DoS risk)
*/
-int sysctl_chg_initialising_chunk_proc_limit(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_initialising_chunk_proc_limit(SYSCTL_HANDLER_ARGS)
{
u_int proclimit = *(u_int *)arg1;
int error;
@@ -561,9 +657,11 @@
if (error)
return (error);
- sysctl_initialising_chunk_proc_limit = (proclimit < 1) ? 1: proclimit;
- sysctl_chunk_proc_limit =
- (sysctl_chunk_proc_limit < sysctl_initialising_chunk_proc_limit) ? sysctl_initialising_chunk_proc_limit : sysctl_chunk_proc_limit;
+ sysctl_initialising_chunk_proc_limit = (proclimit < 1) ? 1 : proclimit;
+ sysctl_chunk_proc_limit = (sysctl_chunk_proc_limit <
+ sysctl_initialising_chunk_proc_limit) ?
+ sysctl_initialising_chunk_proc_limit :
+ sysctl_chunk_proc_limit;
return (0);
}
@@ -575,7 +673,8 @@
* Number of chunks that should be processed to find key chunk:
* >= initialising_chunk_proc_limit (A high value is a DoS risk)
*/
-int sysctl_chg_chunk_proc_limit(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_chunk_proc_limit(SYSCTL_HANDLER_ARGS)
{
u_int proclimit = *(u_int *)arg1;
int error;
@@ -584,8 +683,10 @@
if (error)
return (error);
- sysctl_chunk_proc_limit =
- (proclimit < sysctl_initialising_chunk_proc_limit) ? sysctl_initialising_chunk_proc_limit : proclimit;
+ sysctl_chunk_proc_limit = (proclimit <
+ sysctl_initialising_chunk_proc_limit) ?
+ sysctl_initialising_chunk_proc_limit :
+ proclimit;
return (0);
}
@@ -597,7 +698,8 @@
* Number of parameters that should be processed to find key parameters:
* > 1 (A high value is a DoS risk)
*/
-int sysctl_chg_param_proc_limit(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_param_proc_limit(SYSCTL_HANDLER_ARGS)
{
u_int proclimit = *(u_int *)arg1;
int error;
@@ -606,20 +708,21 @@
if (error)
return (error);
- sysctl_param_proc_limit =
- (proclimit < 2) ? 2 : proclimit;
+ sysctl_param_proc_limit = (proclimit < 2) ? 2 : proclimit;
return (0);
}
/** @ingroup sysctl
- * @brief sysctl callback for changing net.inet.ip.alias.sctp.track_global_addresses
+ * @brief sysctl callback for changing
+ *net.inet.ip.alias.sctp.track_global_addresses
*
*Configures the global address tracking option within the NAT (0 - Global
*tracking is disabled, > 0 - enables tracking but limits the number of global
*IP addresses to this value)
*/
-int sysctl_chg_track_global_addresses(SYSCTL_HANDLER_ARGS)
+int
+sysctl_chg_track_global_addresses(SYSCTL_HANDLER_ARGS)
{
u_int num_to_track = *(u_int *)arg1;
int error;
@@ -628,7 +731,10 @@
if (error)
return (error);
- sysctl_track_global_addresses = (num_to_track > SN_MAX_GLOBAL_ADDRESSES) ? SN_MAX_GLOBAL_ADDRESSES : num_to_track;
+ sysctl_track_global_addresses = (num_to_track >
+ SN_MAX_GLOBAL_ADDRESSES) ?
+ SN_MAX_GLOBAL_ADDRESSES :
+ num_to_track;
return (0);
}
@@ -652,10 +758,15 @@
int i;
la->sctpNatTableSize = sysctl_hashtable_size;
SN_LOG(SN_LOG_EVENT,
- SctpAliasLog("Initialising SCTP NAT Instance (hash_table_size:%d)\n", la->sctpNatTableSize));
- la->sctpTableLocal = sn_calloc(la->sctpNatTableSize, sizeof(struct sctpNatTableL));
- la->sctpTableGlobal = sn_calloc(la->sctpNatTableSize, sizeof(struct sctpNatTableG));
- la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct sctpTimerQ));
+ SctpAliasLog(
+ "Initialising SCTP NAT Instance (hash_table_size:%d)\n",
+ la->sctpNatTableSize));
+ la->sctpTableLocal = sn_calloc(la->sctpNatTableSize,
+ sizeof(struct sctpNatTableL));
+ la->sctpTableGlobal = sn_calloc(la->sctpNatTableSize,
+ sizeof(struct sctpNatTableG));
+ la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE,
+ sizeof(struct sctpTimerQ));
/* Initialise hash table */
for (i = 0; i < la->sctpNatTableSize; i++) {
LIST_INIT(&la->sctpTableLocal[i]);
@@ -666,9 +777,10 @@
for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++)
LIST_INIT(&la->sctpNatTimer.TimerQ[i]);
#ifdef _KERNEL
- la->sctpNatTimer.loc_time=time_uptime; /* LibAliasTime is not set yet */
+ la->sctpNatTimer.loc_time =
+ time_uptime; /* LibAliasTime is not set yet */
#else
- la->sctpNatTimer.loc_time=LibAliasTime;
+ la->sctpNatTimer.loc_time = LibAliasTime;
#endif
la->sctpNatTimer.cur_loc = 0;
la->sctpLinkCount = 0;
@@ -690,11 +802,10 @@
AliasSctpTerm(struct libalias *la)
{
struct sctp_nat_assoc *assoc1, *assoc2;
- int i;
+ int i;
LIBALIAS_LOCK_ASSERT(la);
- SN_LOG(SN_LOG_EVENT,
- SctpAliasLog("Removing SCTP NAT Instance\n"));
+ SN_LOG(SN_LOG_EVENT, SctpAliasLog("Removing SCTP NAT Instance\n"));
for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) {
assoc1 = LIST_FIRST(&la->sctpNatTimer.TimerQ[i]);
while (assoc1 != NULL) {
@@ -748,7 +859,8 @@
sctp_CheckTimers(la); /* Check timers */
/* Parse the packet */
- rtnval = sctp_PktParser(la, direction, pip, &msg, &assoc); //using *char (change to mbuf when get code from paolo)
+ rtnval = sctp_PktParser(la, direction, pip, &msg,
+ &assoc); // using *char (change to mbuf when get code from paolo)
switch (rtnval) {
case SN_PARSE_OK:
break;
@@ -762,40 +874,41 @@
break;
}
SN_LOG(SN_LOG_EVENT,
- logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
+ logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval,
+ direction));
return (PKT_ALIAS_ERROR);
case SN_PARSE_ERROR_PARTIALLOOKUP:
if (sysctl_error_on_ootb > SN_LOCALandPARTIAL_ERROR_ON_OOTB) {
SN_LOG(SN_LOG_EVENT,
- logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
+ logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag,
+ rtnval, direction));
return (PKT_ALIAS_ERROR);
}
case SN_PARSE_ERROR_LOOKUP:
if (sysctl_error_on_ootb == SN_ERROR_ON_OOTB ||
- (sysctl_error_on_ootb == SN_LOCALandPARTIAL_ERROR_ON_OOTB && direction == SN_TO_LOCAL) ||
- (sysctl_error_on_ootb == SN_LOCAL_ERROR_ON_OOTB && direction == SN_TO_GLOBAL)) {
- TxAbortErrorM(la, &msg, assoc, SN_REFLECT_ERROR, direction); /*NB assoc=NULL */
+ (sysctl_error_on_ootb == SN_LOCALandPARTIAL_ERROR_ON_OOTB &&
+ direction == SN_TO_LOCAL) ||
+ (sysctl_error_on_ootb == SN_LOCAL_ERROR_ON_OOTB &&
+ direction == SN_TO_GLOBAL)) {
+ TxAbortErrorM(la, &msg, assoc, SN_REFLECT_ERROR,
+ direction); /*NB assoc=NULL */
return (PKT_ALIAS_RESPOND);
}
default:
SN_LOG(SN_LOG_EVENT,
- logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
+ logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval,
+ direction));
return (PKT_ALIAS_ERROR);
}
- SN_LOG(SN_LOG_DETAIL,
- logsctpassoc(assoc, "*");
- logsctpparse(direction, &msg);
- );
+ SN_LOG(SN_LOG_DETAIL, logsctpassoc(assoc, "*");
+ logsctpparse(direction, &msg););
/* Process the SCTP message */
rtnval = ProcessSctpMsg(la, direction, &msg, assoc);
- SN_LOG(SN_LOG_DEBUG_MAX,
- logsctpassoc(assoc, "-");
- logSctpLocal(la);
- logSctpGlobal(la);
- );
+ SN_LOG(SN_LOG_DEBUG_MAX, logsctpassoc(assoc, "-"); logSctpLocal(la);
+ logSctpGlobal(la););
SN_LOG(SN_LOG_DEBUG, logTimerQ(la));
switch (rtnval) {
@@ -804,21 +917,29 @@
case SN_TO_LOCAL:
DifferentialChecksum(&(msg.ip_hdr->ip_sum),
&(assoc->l_addr), &(msg.ip_hdr->ip_dst), 2);
- msg.ip_hdr->ip_dst = assoc->l_addr; /* change dst address to local address*/
+ msg.ip_hdr->ip_dst =
+ assoc->l_addr; /* change dst address to local
+ address*/
break;
case SN_TO_GLOBAL:
DifferentialChecksum(&(msg.ip_hdr->ip_sum),
- &(assoc->a_addr), &(msg.ip_hdr->ip_src), 2);
- msg.ip_hdr->ip_src = assoc->a_addr; /* change src to alias addr*/
+ &(assoc->a_addr), &(msg.ip_hdr->ip_src), 2);
+ msg.ip_hdr->ip_src =
+ assoc->a_addr; /* change src to alias addr*/
break;
default:
- rtnval = SN_DROP_PKT; /* shouldn't get here, but if it does drop packet */
- SN_LOG(SN_LOG_LOW, logsctperror("ERROR: Invalid direction", msg.sctp_hdr->v_tag, rtnval, direction));
+ rtnval = SN_DROP_PKT; /* shouldn't get here, but if it
+ does drop packet */
+ SN_LOG(SN_LOG_LOW,
+ logsctperror("ERROR: Invalid direction",
+ msg.sctp_hdr->v_tag, rtnval, direction));
break;
}
break;
case SN_DROP_PKT:
- SN_LOG(SN_LOG_DETAIL, logsctperror("SN_DROP_PKT", msg.sctp_hdr->v_tag, rtnval, direction));
+ SN_LOG(SN_LOG_DETAIL,
+ logsctperror("SN_DROP_PKT", msg.sctp_hdr->v_tag, rtnval,
+ direction));
break;
case SN_REPLY_ABORT:
case SN_REPLY_ERROR:
@@ -826,9 +947,12 @@
TxAbortErrorM(la, &msg, assoc, rtnval, direction);
break;
default:
- // big error, remove association and go to idle and write log messages
- SN_LOG(SN_LOG_LOW, logsctperror("SN_PROCESSING_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
- assoc->state = SN_RM;/* Mark for removal*/
+ // big error, remove association and go to idle and write log
+ // messages
+ SN_LOG(SN_LOG_LOW,
+ logsctperror("SN_PROCESSING_ERROR", msg.sctp_hdr->v_tag,
+ rtnval, direction));
+ assoc->state = SN_RM; /* Mark for removal*/
break;
}
@@ -875,8 +999,8 @@
* up-state is a Heartbeat packet, which is big enough to be transformed to an
* ErrorM.
*
- * We create a temporary character array to store the packet as we are constructing
- * it. We then populate the array with appropriate values based on:
+ * We create a temporary character array to store the packet as we are
+ * constructing it. We then populate the array with appropriate values based on:
* - Packet type (AbortM | ErrorM)
* - Initial packet direction (SN_TO_LOCAL | SN_TO_GLOBAL)
* - NAT response (Send packet | Reply packet)
@@ -928,24 +1052,29 @@
}
static void
-TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int sndrply, int direction)
+TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm,
+ struct sctp_nat_assoc *assoc, int sndrply, int direction)
{
- int sctp_size = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_error_cause);
+ int sctp_size = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) +
+ sizeof(struct sctp_error_cause);
int ip_size = sizeof(struct ip) + sctp_size;
int include_error_cause = 1;
char tmp_ip[ip_size];
char addrbuf[INET_ADDRSTRLEN];
- if (ntohs(sm->ip_hdr->ip_len) < ip_size) { /* short packet, cannot send error cause */
+ if (ntohs(sm->ip_hdr->ip_len) <
+ ip_size) { /* short packet, cannot send error cause */
include_error_cause = 0;
- ip_size = ip_size - sizeof(struct sctp_error_cause);
- sctp_size = sctp_size - sizeof(struct sctp_error_cause);
+ ip_size = ip_size - sizeof(struct sctp_error_cause);
+ sctp_size = sctp_size - sizeof(struct sctp_error_cause);
}
/* Assign header pointers packet */
- struct ip* ip = (struct ip *) tmp_ip;
- struct sctphdr* sctp_hdr = (struct sctphdr *) ((char *) ip + sizeof(*ip));
- struct sctp_chunkhdr* chunk_hdr = (struct sctp_chunkhdr *) ((char *) sctp_hdr + sizeof(*sctp_hdr));
- struct sctp_error_cause* error_cause = (struct sctp_error_cause *) ((char *) chunk_hdr + sizeof(*chunk_hdr));
+ struct ip *ip = (struct ip *)tmp_ip;
+ struct sctphdr *sctp_hdr = (struct sctphdr *)((char *)ip + sizeof(*ip));
+ struct sctp_chunkhdr *chunk_hdr =
+ (struct sctp_chunkhdr *)((char *)sctp_hdr + sizeof(*sctp_hdr));
+ struct sctp_error_cause *error_cause =
+ (struct sctp_error_cause *)((char *)chunk_hdr + sizeof(*chunk_hdr));
/* construct ip header */
ip->ip_v = sm->ip_hdr->ip_v;
@@ -957,17 +1086,23 @@
ip->ip_ttl = 255;
ip->ip_p = IPPROTO_SCTP;
/*
- The definitions below should be removed when they make it into the SCTP stack
+ The definitions below should be removed when they make it into the
+ SCTP stack
*/
-#define SCTP_MIDDLEBOX_FLAG 0x02
+#define SCTP_MIDDLEBOX_FLAG 0x02
#define SCTP_NAT_TABLE_COLLISION 0x00b0
-#define SCTP_MISSING_NAT 0x00b1
- chunk_hdr->chunk_type = (sndrply & SN_TX_ABORT) ? SCTP_ABORT_ASSOCIATION : SCTP_OPERATION_ERROR;
+#define SCTP_MISSING_NAT 0x00b1
+ chunk_hdr->chunk_type = (sndrply & SN_TX_ABORT) ?
+ SCTP_ABORT_ASSOCIATION :
+ SCTP_OPERATION_ERROR;
chunk_hdr->chunk_flags = SCTP_MIDDLEBOX_FLAG;
if (include_error_cause) {
- error_cause->code = htons((sndrply & SN_REFLECT_ERROR) ? SCTP_MISSING_NAT : SCTP_NAT_TABLE_COLLISION);
+ error_cause->code = htons((sndrply & SN_REFLECT_ERROR) ?
+ SCTP_MISSING_NAT :
+ SCTP_NAT_TABLE_COLLISION);
error_cause->length = htons(sizeof(struct sctp_error_cause));
- chunk_hdr->chunk_length = htons(sizeof(*chunk_hdr) + sizeof(struct sctp_error_cause));
+ chunk_hdr->chunk_length = htons(
+ sizeof(*chunk_hdr) + sizeof(struct sctp_error_cause));
} else {
chunk_hdr->chunk_length = htons(sizeof(*chunk_hdr));
}
@@ -979,7 +1114,8 @@
sctp_hdr->v_tag = sm->sctp_hdr->v_tag;
break;
case SN_REPLY_ERROR:
- sctp_hdr->v_tag = (direction == SN_TO_LOCAL) ? assoc->g_vtag : assoc->l_vtag ;
+ sctp_hdr->v_tag = (direction == SN_TO_LOCAL) ? assoc->g_vtag :
+ assoc->l_vtag;
break;
case SN_SEND_ABORT:
sctp_hdr->v_tag = sm->sctp_hdr->v_tag;
@@ -991,8 +1127,10 @@
/* Set send/reply values */
if (sndrply == SN_SEND_ABORT) { /*pass through NAT */
- ip->ip_src = (direction == SN_TO_LOCAL) ? sm->ip_hdr->ip_src : assoc->a_addr;
- ip->ip_dst = (direction == SN_TO_LOCAL) ? assoc->l_addr : sm->ip_hdr->ip_dst;
+ ip->ip_src = (direction == SN_TO_LOCAL) ? sm->ip_hdr->ip_src :
+ assoc->a_addr;
+ ip->ip_dst = (direction == SN_TO_LOCAL) ? assoc->l_addr :
+ sm->ip_hdr->ip_dst;
sctp_hdr->src_port = sm->sctp_hdr->src_port;
sctp_hdr->dest_port = sm->sctp_hdr->dest_port;
} else { /* reply and reflect */
@@ -1007,17 +1145,19 @@
/* calculate SCTP header CRC32 */
sctp_hdr->checksum = 0;
- sctp_hdr->checksum = local_sctp_finalize_crc32(calculate_crc32c(0xffffffff, (unsigned char *) sctp_hdr, sctp_size));
+ sctp_hdr->checksum = local_sctp_finalize_crc32(
+ calculate_crc32c(0xffffffff, (unsigned char *)sctp_hdr, sctp_size));
memcpy(sm->ip_hdr, ip, ip_size);
- SN_LOG(SN_LOG_EVENT,SctpAliasLog("%s %s 0x%x (->%s:%u vtag=0x%x crc=0x%x)\n",
- ((sndrply == SN_SEND_ABORT) ? "Sending" : "Replying"),
- ((sndrply & SN_TX_ERROR) ? "ErrorM" : "AbortM"),
- (include_error_cause ? ntohs(error_cause->code) : 0),
- inet_ntoa_r(ip->ip_dst, INET_NTOA_BUF(addrbuf)),
- ntohs(sctp_hdr->dest_port),
- ntohl(sctp_hdr->v_tag), ntohl(sctp_hdr->checksum)));
+ SN_LOG(SN_LOG_EVENT,
+ SctpAliasLog("%s %s 0x%x (->%s:%u vtag=0x%x crc=0x%x)\n",
+ ((sndrply == SN_SEND_ABORT) ? "Sending" : "Replying"),
+ ((sndrply & SN_TX_ERROR) ? "ErrorM" : "AbortM"),
+ (include_error_cause ? ntohs(error_cause->code) : 0),
+ inet_ntoa_r(ip->ip_dst, INET_NTOA_BUF(addrbuf)),
+ ntohs(sctp_hdr->dest_port), ntohl(sctp_hdr->v_tag),
+ ntohl(sctp_hdr->checksum)));
}
/* ----------------------------------------------------------------------
@@ -1048,7 +1188,8 @@
static int
sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc)
-//sctp_PktParser(int direction, struct mbuf *ipak, int ip_hdr_len,struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc)
+// sctp_PktParser(int direction, struct mbuf *ipak, int ip_hdr_len,struct
+// sctp_nat_msg *sm, struct sctp_nat_assoc *assoc)
{
struct sctphdr *sctp_hdr;
struct sctp_chunkhdr *chunk_hdr;
@@ -1062,15 +1203,16 @@
// int mlen;
// mlen = SCTP_HEADER_LEN(i_pak);
- // mp = SCTP_HEADER_TO_CHAIN(i_pak); /* does nothing in bsd since header and chain not separate */
+ // mp = SCTP_HEADER_TO_CHAIN(i_pak); /* does nothing in bsd since
+ // header and chain not separate */
/*
* Note, that if the VTag is zero, it must be an INIT
* Also, I am only interested in the content of INIT and ADDIP chunks
*/
- sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
- sm->chunk_length = 0; /* only care about length for key chunks */
+ sm->msg = SN_SCTP_OTHER; /* Initialise to largest value*/
+ sm->chunk_length = 0; /* only care about length for key chunks */
// no mbuf stuff from Paolo yet so ...
sm->ip_hdr = pip;
/* remove ip header length from the bytes_left */
@@ -1082,22 +1224,27 @@
return (SN_PARSE_ERROR_IPSHL); /* packet not long enough*/
}
- sm->sctp_hdr = sctp_hdr = (struct sctphdr *) ip_next(pip);
+ sm->sctp_hdr = sctp_hdr = (struct sctphdr *)ip_next(pip);
bytes_left -= sizeof(struct sctphdr);
- /* Check for valid ports (zero valued ports would find partially initialised associations */
+ /* Check for valid ports (zero valued ports would find partially
+ * initialised associations */
if (sctp_hdr->src_port == 0 || sctp_hdr->dest_port == 0)
return (SN_PARSE_ERROR_PORT);
/* Check length of first chunk */
- if (bytes_left < SN_MIN_CHUNK_SIZE) /* malformed chunk - could cause endless loop*/
- return (SN_PARSE_ERROR_CHHL); /* packet not long enough for this chunk */
+ if (bytes_left <
+ SN_MIN_CHUNK_SIZE) /* malformed chunk - could cause endless loop*/
+ return (SN_PARSE_ERROR_CHHL); /* packet not long enough for this
+ chunk */
/* First chunk */
chunk_hdr = SN_SCTP_FIRSTCHUNK(sctp_hdr);
chunk_length = SCTP_SIZE32(ntohs(chunk_hdr->chunk_length));
- if ((chunk_length < SN_MIN_CHUNK_SIZE) || (chunk_length > bytes_left)) /* malformed chunk - could cause endless loop*/
+ if ((chunk_length < SN_MIN_CHUNK_SIZE) ||
+ (chunk_length >
+ bytes_left)) /* malformed chunk - could cause endless loop*/
return (SN_PARSE_ERROR_CHHL);
if ((chunk_hdr->chunk_flags & SCTP_HAD_NO_TCB) &&
@@ -1105,15 +1252,23 @@
(chunk_hdr->chunk_type == SCTP_SHUTDOWN_COMPLETE))) {
/* T-Bit set */
if (direction == SN_TO_LOCAL)
- *passoc = FindSctpGlobalT(la, pip->ip_src, sctp_hdr->v_tag, sctp_hdr->dest_port, sctp_hdr->src_port);
+ *passoc = FindSctpGlobalT(la, pip->ip_src,
+ sctp_hdr->v_tag, sctp_hdr->dest_port,
+ sctp_hdr->src_port);
else
- *passoc = FindSctpLocalT(la, pip->ip_dst, sctp_hdr->v_tag, sctp_hdr->dest_port, sctp_hdr->src_port);
+ *passoc = FindSctpLocalT(la, pip->ip_dst,
+ sctp_hdr->v_tag, sctp_hdr->dest_port,
+ sctp_hdr->src_port);
} else {
/* Proper v_tag settings */
if (direction == SN_TO_LOCAL)
- *passoc = FindSctpGlobal(la, pip->ip_src, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port, &partial_match);
+ *passoc = FindSctpGlobal(la, pip->ip_src,
+ sctp_hdr->v_tag, sctp_hdr->src_port,
+ sctp_hdr->dest_port, &partial_match);
else
- *passoc = FindSctpLocal(la, pip->ip_src, pip->ip_dst, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port);
+ *passoc = FindSctpLocal(la, pip->ip_src, pip->ip_dst,
+ sctp_hdr->v_tag, sctp_hdr->src_port,
+ sctp_hdr->dest_port);
}
chunk_count = 1;
@@ -1121,21 +1276,34 @@
while (IS_SCTP_CONTROL(chunk_hdr)) {
switch (chunk_hdr->chunk_type) {
case SCTP_INITIATION:
- if (chunk_length < sizeof(struct sctp_init_chunk)) /* malformed chunk*/
+ if (chunk_length <
+ sizeof(struct sctp_init_chunk)) /* malformed chunk*/
return (SN_PARSE_ERROR_CHHL);
sm->msg = SN_SCTP_INIT;
- sm->sctpchnk.Init = (struct sctp_init *) ((char *) chunk_hdr + sizeof(struct sctp_chunkhdr));
+ sm->sctpchnk.Init =
+ (struct sctp_init *)((char *)chunk_hdr +
+ sizeof(struct sctp_chunkhdr));
sm->chunk_length = chunk_length;
/* if no existing association, create a new one */
if (*passoc == NULL) {
- if (sctp_hdr->v_tag == 0) { //Init requires vtag=0
- *passoc = (struct sctp_nat_assoc *) sn_malloc(sizeof(struct sctp_nat_assoc));
- if (*passoc == NULL) {/* out of resources */
- return (SN_PARSE_ERROR_AS_MALLOC);
+ if (sctp_hdr->v_tag ==
+ 0) { // Init requires vtag=0
+ *passoc = (struct sctp_nat_assoc *)
+ sn_malloc(
+ sizeof(struct sctp_nat_assoc));
+ if (*passoc ==
+ NULL) { /* out of resources */
+ return (
+ SN_PARSE_ERROR_AS_MALLOC);
}
- /* Initialize association - sn_malloc initializes memory to zeros */
+ /* Initialize association - sn_malloc
+ * initializes memory to zeros */
(*passoc)->state = SN_ID;
- LIST_INIT(&((*passoc)->Gaddr)); /* always initialise to avoid memory problems */
+ LIST_INIT(&(
+ (*passoc)
+ ->Gaddr)); /* always initialise
+ to avoid memory
+ problems */
(*passoc)->TableRegister = SN_NULL_TBL;
return (SN_PARSE_OK);
}
@@ -1143,63 +1311,133 @@
}
return (SN_PARSE_ERROR_LOOKUP);
case SCTP_INITIATION_ACK:
- if (chunk_length < sizeof(struct sctp_init_ack_chunk)) /* malformed chunk*/
+ if (chunk_length <
+ sizeof(struct sctp_init_ack_chunk)) /* malformed
+ chunk*/
return (SN_PARSE_ERROR_CHHL);
sm->msg = SN_SCTP_INITACK;
- sm->sctpchnk.InitAck = (struct sctp_init_ack *) ((char *) chunk_hdr + sizeof(struct sctp_chunkhdr));
+ sm->sctpchnk.InitAck =
+ (struct sctp_init_ack *)((char *)chunk_hdr +
+ sizeof(struct sctp_chunkhdr));
sm->chunk_length = chunk_length;
- return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK));
- case SCTP_ABORT_ASSOCIATION: /* access only minimum sized chunk */
+ return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) :
+ (SN_PARSE_OK));
+ case SCTP_ABORT_ASSOCIATION: /* access only minimum sized chunk
+ */
sm->msg = SN_SCTP_ABORT;
sm->chunk_length = chunk_length;
- return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP_ABORT) : (SN_PARSE_OK));
+ return ((*passoc == NULL) ?
+ (SN_PARSE_ERROR_LOOKUP_ABORT) :
+ (SN_PARSE_OK));
case SCTP_SHUTDOWN_ACK:
- if (chunk_length < sizeof(struct sctp_shutdown_ack_chunk)) /* malformed chunk*/
+ if (chunk_length <
+ sizeof(struct sctp_shutdown_ack_chunk)) /* malformed
+ chunk*/
return (SN_PARSE_ERROR_CHHL);
if (sm->msg > SN_SCTP_SHUTACK) {
sm->msg = SN_SCTP_SHUTACK;
sm->chunk_length = chunk_length;
}
break;
- case SCTP_SHUTDOWN_COMPLETE: /* minimum sized chunk */
+ case SCTP_SHUTDOWN_COMPLETE: /* minimum sized chunk */
if (sm->msg > SN_SCTP_SHUTCOMP) {
sm->msg = SN_SCTP_SHUTCOMP;
sm->chunk_length = chunk_length;
}
- return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK));
+ return ((*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) :
+ (SN_PARSE_OK));
case SCTP_ASCONF:
if (sm->msg > SN_SCTP_ASCONF) {
- if (chunk_length < (sizeof(struct sctp_asconf_chunk) + sizeof(struct sctp_ipv4addr_param))) /* malformed chunk*/
+ if (chunk_length <
+ (sizeof(struct sctp_asconf_chunk) +
+ sizeof(struct
+ sctp_ipv4addr_param))) /* malformed
+ chunk*/
return (SN_PARSE_ERROR_CHHL);
- //leave parameter searching to later, if required
- param_hdr = (struct sctp_paramhdr *) ((char *) chunk_hdr + sizeof(struct sctp_asconf_chunk)); /*compulsory IP parameter*/
- if (ntohs(param_hdr->param_type) == SCTP_IPV4_ADDRESS) {
- if ((*passoc == NULL) && (direction == SN_TO_LOCAL)) { /* AddIP with no association */
- /* try look up with the ASCONF packet's alternative address */
- ipv4addr.s_addr = ((struct sctp_ipv4addr_param *) param_hdr)->addr;
- *passoc = FindSctpGlobal(la, ipv4addr, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port, &partial_match);
+ // leave parameter searching to later, if
+ // required
+ param_hdr =
+ (struct sctp_paramhdr *)((char *)chunk_hdr +
+ sizeof(struct
+ sctp_asconf_chunk)); /*compulsory IP
+ parameter*/
+ if (ntohs(param_hdr->param_type) ==
+ SCTP_IPV4_ADDRESS) {
+ if ((*passoc == NULL) &&
+ (direction ==
+ SN_TO_LOCAL)) { /* AddIP with no
+ association
+ */
+ /* try look up with the ASCONF
+ * packet's alternative address
+ */
+ ipv4addr.s_addr =
+ ((struct sctp_ipv4addr_param
+ *)param_hdr)
+ ->addr;
+ *passoc = FindSctpGlobal(la,
+ ipv4addr, sctp_hdr->v_tag,
+ sctp_hdr->src_port,
+ sctp_hdr->dest_port,
+ &partial_match);
}
- param_hdr = (struct sctp_paramhdr *)
- ((char *) param_hdr + sizeof(struct sctp_ipv4addr_param)); /*asconf's compulsory address parameter */
- sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_chunk) - sizeof(struct sctp_ipv4addr_param); /* rest of chunk */
+ param_hdr = (struct sctp_paramhdr
+ *)((char *)param_hdr +
+ sizeof(struct
+ sctp_ipv4addr_param)); /*asconf's
+ compulsory
+ address
+ parameter
+ */
+ sm->chunk_length = chunk_length -
+ sizeof(struct sctp_asconf_chunk) -
+ sizeof(struct
+ sctp_ipv4addr_param); /* rest of
+ chunk
+ */
} else {
- if (chunk_length < (sizeof(struct sctp_asconf_chunk) + sizeof(struct sctp_ipv6addr_param))) /* malformed chunk*/
+ if (chunk_length <
+ (sizeof(struct sctp_asconf_chunk) +
+ sizeof(struct
+ sctp_ipv6addr_param))) /* malformed
+ chunk*/
return (SN_PARSE_ERROR_CHHL);
- param_hdr = (struct sctp_paramhdr *)
- ((char *) param_hdr + sizeof(struct sctp_ipv6addr_param)); /*asconf's compulsory address parameter */
- sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_chunk) - sizeof(struct sctp_ipv6addr_param); /* rest of chunk */
+ param_hdr = (struct sctp_paramhdr
+ *)((char *)param_hdr +
+ sizeof(struct
+ sctp_ipv6addr_param)); /*asconf's
+ compulsory
+ address
+ parameter
+ */
+ sm->chunk_length = chunk_length -
+ sizeof(struct sctp_asconf_chunk) -
+ sizeof(struct
+ sctp_ipv6addr_param); /* rest of
+ chunk
+ */
}
sm->msg = SN_SCTP_ASCONF;
sm->sctpchnk.Asconf = param_hdr;
- if (*passoc == NULL) { /* AddIP with no association */
- *passoc = (struct sctp_nat_assoc *) sn_malloc(sizeof(struct sctp_nat_assoc));
- if (*passoc == NULL) {/* out of resources */
- return (SN_PARSE_ERROR_AS_MALLOC);
+ if (*passoc ==
+ NULL) { /* AddIP with no association */
+ *passoc = (struct sctp_nat_assoc *)
+ sn_malloc(
+ sizeof(struct sctp_nat_assoc));
+ if (*passoc ==
+ NULL) { /* out of resources */
+ return (
+ SN_PARSE_ERROR_AS_MALLOC);
}
- /* Initialize association - sn_malloc initializes memory to zeros */
+ /* Initialize association - sn_malloc
+ * initializes memory to zeros */
(*passoc)->state = SN_ID;
- LIST_INIT(&((*passoc)->Gaddr)); /* always initialise to avoid memory problems */
+ LIST_INIT(&(
+ (*passoc)
+ ->Gaddr)); /* always initialise
+ to avoid memory
+ problems */
(*passoc)->TableRegister = SN_NULL_TBL;
return (SN_PARSE_OK);
}
@@ -1207,47 +1445,61 @@
break;
case SCTP_ASCONF_ACK:
if (sm->msg > SN_SCTP_ASCONFACK) {
- if (chunk_length < sizeof(struct sctp_asconf_ack_chunk)) /* malformed chunk*/
+ if (chunk_length <
+ sizeof(struct
+ sctp_asconf_ack_chunk)) /* malformed
+ chunk*/
return (SN_PARSE_ERROR_CHHL);
- //leave parameter searching to later, if required
- param_hdr = (struct sctp_paramhdr *) ((char *) chunk_hdr
- + sizeof(struct sctp_asconf_ack_chunk));
+ // leave parameter searching to later, if
+ // required
+ param_hdr =
+ (struct sctp_paramhdr *)((char *)chunk_hdr +
+ sizeof(struct sctp_asconf_ack_chunk));
sm->msg = SN_SCTP_ASCONFACK;
sm->sctpchnk.Asconf = param_hdr;
- sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_ack_chunk);
+ sm->chunk_length = chunk_length -
+ sizeof(struct sctp_asconf_ack_chunk);
}
break;
default:
break; /* do nothing*/
}
- /* if no association is found exit - we need to find an Init or AddIP within sysctl_initialising_chunk_proc_limit */
- if ((*passoc == NULL) && (chunk_count >= sysctl_initialising_chunk_proc_limit))
+ /* if no association is found exit - we need to find an Init or
+ * AddIP within sysctl_initialising_chunk_proc_limit */
+ if ((*passoc == NULL) &&
+ (chunk_count >= sysctl_initialising_chunk_proc_limit))
return (SN_PARSE_ERROR_LOOKUP);
/* finished with this chunk, on to the next chunk*/
- bytes_left-= chunk_length;
+ bytes_left -= chunk_length;
/* Is this the end of the packet ? */
if (bytes_left == 0)
- return (*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) : (SN_PARSE_OK);
+ return (*passoc == NULL) ? (SN_PARSE_ERROR_LOOKUP) :
+ (SN_PARSE_OK);
- /* Are there enough bytes in packet to at least retrieve length of next chunk ? */
+ /* Are there enough bytes in packet to at least retrieve length
+ * of next chunk ? */
if (bytes_left < SN_MIN_CHUNK_SIZE)
return (SN_PARSE_ERROR_CHHL);
chunk_hdr = SN_SCTP_NEXTCHUNK(chunk_hdr);
- /* Is the chunk long enough to not cause endless look and are there enough bytes in packet to read the chunk ? */
+ /* Is the chunk long enough to not cause endless look and are
+ * there enough bytes in packet to read the chunk ? */
chunk_length = SCTP_SIZE32(ntohs(chunk_hdr->chunk_length));
- if ((chunk_length < SN_MIN_CHUNK_SIZE) || (chunk_length > bytes_left))
+ if ((chunk_length < SN_MIN_CHUNK_SIZE) ||
+ (chunk_length > bytes_left))
return (SN_PARSE_ERROR_CHHL);
if (++chunk_count > sysctl_chunk_proc_limit)
- return (SN_PARSE_OK); /* limit for processing chunks, take what we get */
+ return (SN_PARSE_OK); /* limit for processing chunks,
+ take what we get */
}
if (*passoc == NULL)
- return (partial_match) ? (SN_PARSE_ERROR_PARTIALLOOKUP) : (SN_PARSE_ERROR_LOOKUP);
+ return (partial_match) ? (SN_PARSE_ERROR_PARTIALLOOKUP) :
+ (SN_PARSE_ERROR_LOOKUP);
else
return (SN_PARSE_OK);
}
@@ -1263,19 +1515,22 @@
*
* @param la Pointer to the relevant libalias instance
* @param sm Pointer to sctp message information
- * @param l_vtag Pointer to the local vtag in the association this SCTP Message belongs to
- * @param g_vtag Pointer to the local vtag in the association this SCTP Message belongs to
+ * @param l_vtag Pointer to the local vtag in the association this SCTP Message
+ * belongs to
+ * @param g_vtag Pointer to the local vtag in the association this SCTP Message
+ * belongs to
* @param direction SN_TO_LOCAL | SN_TO_GLOBAL
*
* @return 1 - success | 0 - fail
*/
static int
-GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, uint32_t *g_vtag, int direction)
+GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag,
+ uint32_t *g_vtag, int direction)
{
/* To be removed when information is in the sctp headers */
#define SCTP_VTAG_PARAM 0xC007
struct sctp_vtag_param {
- struct sctp_paramhdr ph;/* type=SCTP_VTAG_PARAM */
+ struct sctp_paramhdr ph; /* type=SCTP_VTAG_PARAM */
uint32_t local_vtag;
uint32_t remote_vtag;
} __attribute__((packed));
@@ -1291,13 +1546,15 @@
param_size = SCTP_SIZE32(ntohs(param->param_length));
bytes_left = sm->chunk_length;
/* step through Asconf parameters */
- while((bytes_left >= param_size) && (bytes_left >= SN_VTAG_PARAM_SIZE)) {
+ while (
+ (bytes_left >= param_size) && (bytes_left >= SN_VTAG_PARAM_SIZE)) {
if (ntohs(param->param_type) == SCTP_VTAG_PARAM) {
- vtag_param = (struct sctp_vtag_param *) param;
+ vtag_param = (struct sctp_vtag_param *)param;
switch (direction) {
- /* The Internet draft is a little ambigious as to order of these vtags.
- We think it is this way around. If we are wrong, the order will need
- to be changed. */
+ /* The Internet draft is a little ambigious as
+ to order of these vtags. We think it is this
+ way around. If we are wrong, the order will
+ need to be changed. */
case SN_TO_GLOBAL:
*g_vtag = vtag_param->local_vtag;
*l_vtag = vtag_param->remote_vtag;
@@ -1318,8 +1575,10 @@
param_size = SCTP_SIZE32(ntohs(param->param_length));
if (++param_count > sysctl_param_proc_limit) {
SN_LOG(SN_LOG_EVENT,
- logsctperror("Parameter parse limit exceeded (GetAsconfVtags)",
- sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
+ logsctperror(
+ "Parameter parse limit exceeded (GetAsconfVtags)",
+ sm->sctp_hdr->v_tag, sysctl_param_proc_limit,
+ direction));
return (0); /* not found limit exceeded*/
}
}
@@ -1338,12 +1597,13 @@
*
*/
static void
-AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction)
+AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc,
+ int direction)
{
struct sctp_ipv4addr_param *ipv4_param;
struct sctp_paramhdr *param = NULL;
struct sctp_GlobalAddress *G_Addr;
- struct in_addr g_addr = {0};
+ struct in_addr g_addr = { 0 };
int bytes_left = 0;
int param_size;
int param_count, addr_param_count = 0;
@@ -1358,12 +1618,18 @@
param_count = 1;
switch (sm->msg) {
case SN_SCTP_INIT:
- bytes_left = sm->chunk_length - sizeof(struct sctp_init_chunk);
- param = (struct sctp_paramhdr *)((char *)sm->sctpchnk.Init + sizeof(struct sctp_init));
+ bytes_left = sm->chunk_length -
+ sizeof(struct sctp_init_chunk);
+ param =
+ (struct sctp_paramhdr *)((char *)sm->sctpchnk.Init +
+ sizeof(struct sctp_init));
break;
case SN_SCTP_INITACK:
- bytes_left = sm->chunk_length - sizeof(struct sctp_init_ack_chunk);
- param = (struct sctp_paramhdr *)((char *)sm->sctpchnk.InitAck + sizeof(struct sctp_init_ack));
+ bytes_left = sm->chunk_length -
+ sizeof(struct sctp_init_ack_chunk);
+ param = (struct sctp_paramhdr *)((char *)sm->sctpchnk
+ .InitAck +
+ sizeof(struct sctp_init_ack));
break;
case SN_SCTP_ASCONF:
bytes_left = sm->chunk_length;
@@ -1374,65 +1640,88 @@
if (bytes_left >= SN_MIN_PARAM_SIZE)
param_size = SCTP_SIZE32(ntohs(param->param_length));
else
- param_size = bytes_left+1; /* force skip loop */
-
- if ((assoc->state == SN_ID) && ((sm->msg == SN_SCTP_INIT) || (bytes_left < SN_MIN_PARAM_SIZE))) {/* add pkt address */
- G_Addr = (struct sctp_GlobalAddress *) sn_malloc(sizeof(struct sctp_GlobalAddress));
- if (G_Addr == NULL) {/* out of resources */
+ param_size = bytes_left + 1; /* force skip loop */
+
+ if ((assoc->state == SN_ID) &&
+ ((sm->msg == SN_SCTP_INIT) ||
+ (bytes_left < SN_MIN_PARAM_SIZE))) { /* add pkt address */
+ G_Addr = (struct sctp_GlobalAddress *)sn_malloc(
+ sizeof(struct sctp_GlobalAddress));
+ if (G_Addr == NULL) { /* out of resources */
SN_LOG(SN_LOG_EVENT,
- logsctperror("AddGlobalIPAddress: No resources for adding global address - revert to no tracking",
- sm->sctp_hdr->v_tag, 0, direction));
- assoc->num_Gaddr = 0; /* don't track any more for this assoc*/
- sysctl_track_global_addresses=0;
+ logsctperror(
+ "AddGlobalIPAddress: No resources for adding global address - revert to no tracking",
+ sm->sctp_hdr->v_tag, 0, direction));
+ assoc->num_Gaddr =
+ 0; /* don't track any more for this assoc*/
+ sysctl_track_global_addresses = 0;
return;
}
G_Addr->g_addr = g_addr;
if (!Add_Global_Address_to_List(assoc, G_Addr))
SN_LOG(SN_LOG_EVENT,
- logsctperror("AddGlobalIPAddress: Address already in list",
- sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
+ logsctperror(
+ "AddGlobalIPAddress: Address already in list",
+ sm->sctp_hdr->v_tag, assoc->num_Gaddr,
+ direction));
}
/* step through parameters */
- while((bytes_left >= param_size) && (bytes_left >= sizeof(struct sctp_ipv4addr_param))) {
+ while ((bytes_left >= param_size) &&
+ (bytes_left >= sizeof(struct sctp_ipv4addr_param))) {
if (assoc->num_Gaddr >= sysctl_track_global_addresses) {
SN_LOG(SN_LOG_EVENT,
- logsctperror("AddGlobalIPAddress: Maximum Number of addresses reached",
- sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction));
+ logsctperror(
+ "AddGlobalIPAddress: Maximum Number of addresses reached",
+ sm->sctp_hdr->v_tag,
+ sysctl_track_global_addresses, direction));
return;
}
switch (ntohs(param->param_type)) {
case SCTP_ADD_IP_ADDRESS:
- /* skip to address parameter - leave param_size so bytes left will be calculated properly*/
- param = (struct sctp_paramhdr *) &((struct sctp_asconf_addrv4_param *) param)->addrp;
+ /* skip to address parameter - leave param_size so bytes
+ * left will be calculated properly*/
+ param = (struct sctp_paramhdr *)&(
+ (struct sctp_asconf_addrv4_param *)param)
+ ->addrp;
/* FALLTHROUGH */
case SCTP_IPV4_ADDRESS:
- ipv4_param = (struct sctp_ipv4addr_param *) param;
+ ipv4_param = (struct sctp_ipv4addr_param *)param;
/* add addresses to association */
- G_Addr = (struct sctp_GlobalAddress *) sn_malloc(sizeof(struct sctp_GlobalAddress));
- if (G_Addr == NULL) {/* out of resources */
+ G_Addr = (struct sctp_GlobalAddress *)sn_malloc(
+ sizeof(struct sctp_GlobalAddress));
+ if (G_Addr == NULL) { /* out of resources */
SN_LOG(SN_LOG_EVENT,
- logsctperror("AddGlobalIPAddress: No resources for adding global address - revert to no tracking",
- sm->sctp_hdr->v_tag, 0, direction));
- assoc->num_Gaddr = 0; /* don't track any more for this assoc*/
- sysctl_track_global_addresses=0;
+ logsctperror(
+ "AddGlobalIPAddress: No resources for adding global address - revert to no tracking",
+ sm->sctp_hdr->v_tag, 0, direction));
+ assoc->num_Gaddr =
+ 0; /* don't track any more for this assoc*/
+ sysctl_track_global_addresses = 0;
return;
}
/* add address */
addr_param_count++;
- if ((sm->msg == SN_SCTP_ASCONF) && (ipv4_param->addr == INADDR_ANY)) { /* use packet address */
+ if ((sm->msg == SN_SCTP_ASCONF) &&
+ (ipv4_param->addr ==
+ INADDR_ANY)) { /* use packet address */
G_Addr->g_addr = g_addr;
if (!Add_Global_Address_to_List(assoc, G_Addr))
SN_LOG(SN_LOG_EVENT,
- logsctperror("AddGlobalIPAddress: Address already in list",
- sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
- return; /*shouldn't be any other addresses if the zero address is given*/
+ logsctperror(
+ "AddGlobalIPAddress: Address already in list",
+ sm->sctp_hdr->v_tag,
+ assoc->num_Gaddr, direction));
+ return; /*shouldn't be any other addresses if
+ the zero address is given*/
} else {
G_Addr->g_addr.s_addr = ipv4_param->addr;
if (!Add_Global_Address_to_List(assoc, G_Addr))
SN_LOG(SN_LOG_EVENT,
- logsctperror("AddGlobalIPAddress: Address already in list",
- sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
+ logsctperror(
+ "AddGlobalIPAddress: Address already in list",
+ sm->sctp_hdr->v_tag,
+ assoc->num_Gaddr, direction));
}
}
@@ -1444,14 +1733,17 @@
param_size = SCTP_SIZE32(ntohs(param->param_length));
if (++param_count > sysctl_param_proc_limit) {
SN_LOG(SN_LOG_EVENT,
- logsctperror("Parameter parse limit exceeded (AddGlobalIPAddress)",
- sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
+ logsctperror(
+ "Parameter parse limit exceeded (AddGlobalIPAddress)",
+ sm->sctp_hdr->v_tag, sysctl_param_proc_limit,
+ direction));
break; /* limit exceeded*/
}
}
if (addr_param_count == 0) {
SN_LOG(SN_LOG_DETAIL,
- logsctperror("AddGlobalIPAddress: no address parameters to add",
+ logsctperror(
+ "AddGlobalIPAddress: no address parameters to add",
sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
}
}
@@ -1470,18 +1762,21 @@
* @return 1 - success | 0 - fail
*/
static int
-Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr)
+Add_Global_Address_to_List(struct sctp_nat_assoc *assoc,
+ struct sctp_GlobalAddress *G_addr)
{
struct sctp_GlobalAddress *iter_G_Addr = NULL, *first_G_Addr = NULL;
first_G_Addr = LIST_FIRST(&(assoc->Gaddr));
if (first_G_Addr == NULL) {
- LIST_INSERT_HEAD(&(assoc->Gaddr), G_addr, list_Gaddr); /* add new address to beginning of list*/
+ LIST_INSERT_HEAD(&(assoc->Gaddr), G_addr,
+ list_Gaddr); /* add new address to beginning of list*/
} else {
LIST_FOREACH(iter_G_Addr, &(assoc->Gaddr), list_Gaddr) {
if (G_addr->g_addr.s_addr == iter_G_Addr->g_addr.s_addr)
return (0); /* already exists, so don't add */
}
- LIST_INSERT_AFTER(first_G_Addr, G_addr, list_Gaddr); /* add address to end of list*/
+ LIST_INSERT_AFTER(first_G_Addr, G_addr,
+ list_Gaddr); /* add address to end of list*/
}
assoc->num_Gaddr++;
return (1); /* success */
@@ -1501,7 +1796,8 @@
*
*/
static void
-RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction)
+RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc,
+ int direction)
{
struct sctp_asconf_addrv4_param *asconf_ipv4_param;
struct sctp_paramhdr *param;
@@ -1517,42 +1813,73 @@
param_size = SCTP_SIZE32(ntohs(param->param_length));
} else {
SN_LOG(SN_LOG_EVENT,
- logsctperror("RmGlobalIPAddress: truncated packet - cannot remove IP addresses",
- sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction));
+ logsctperror(
+ "RmGlobalIPAddress: truncated packet - cannot remove IP addresses",
+ sm->sctp_hdr->v_tag, sysctl_track_global_addresses,
+ direction));
return;
}
/* step through Asconf parameters */
- while((bytes_left >= param_size) && (bytes_left >= sizeof(struct sctp_ipv4addr_param))) {
+ while ((bytes_left >= param_size) &&
+ (bytes_left >= sizeof(struct sctp_ipv4addr_param))) {
if (ntohs(param->param_type) == SCTP_DEL_IP_ADDRESS) {
- asconf_ipv4_param = (struct sctp_asconf_addrv4_param *) param;
- if (asconf_ipv4_param->addrp.addr == INADDR_ANY) { /* remove all bar pkt address */
- LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) {
- if (G_Addr->g_addr.s_addr != sm->ip_hdr->ip_src.s_addr) {
- if (assoc->num_Gaddr > 1) { /* only delete if more than one */
- LIST_REMOVE(G_Addr, list_Gaddr);
+ asconf_ipv4_param = (struct sctp_asconf_addrv4_param *)
+ param;
+ if (asconf_ipv4_param->addrp.addr ==
+ INADDR_ANY) { /* remove all bar pkt address */
+ LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr),
+ list_Gaddr, G_Addr_tmp) {
+ if (G_Addr->g_addr.s_addr !=
+ sm->ip_hdr->ip_src.s_addr) {
+ if (assoc->num_Gaddr >
+ 1) { /* only delete if more
+ than one */
+ LIST_REMOVE(G_Addr,
+ list_Gaddr);
sn_free(G_Addr);
assoc->num_Gaddr--;
} else {
SN_LOG(SN_LOG_EVENT,
- logsctperror("RmGlobalIPAddress: Request to remove last IP address (didn't)",
- sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
+ logsctperror(
+ "RmGlobalIPAddress: Request to remove last IP address (didn't)",
+ sm->sctp_hdr
+ ->v_tag,
+ assoc
+ ->num_Gaddr,
+ direction));
}
}
}
- return; /*shouldn't be any other addresses if the zero address is given*/
+ return; /*shouldn't be any other addresses if
+ the zero address is given*/
} else {
- LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) {
- if (G_Addr->g_addr.s_addr == asconf_ipv4_param->addrp.addr) {
- if (assoc->num_Gaddr > 1) { /* only delete if more than one */
- LIST_REMOVE(G_Addr, list_Gaddr);
+ LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr),
+ list_Gaddr, G_Addr_tmp) {
+ if (G_Addr->g_addr.s_addr ==
+ asconf_ipv4_param->addrp.addr) {
+ if (assoc->num_Gaddr >
+ 1) { /* only delete if more
+ than one */
+ LIST_REMOVE(G_Addr,
+ list_Gaddr);
sn_free(G_Addr);
assoc->num_Gaddr--;
- break; /* Since add only adds new addresses, there should be no double entries */
+ break; /* Since add only
+ adds new
+ addresses,
+ there should
+ be no double
+ entries */
} else {
SN_LOG(SN_LOG_EVENT,
- logsctperror("RmGlobalIPAddress: Request to remove last IP address (didn't)",
- sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
+ logsctperror(
+ "RmGlobalIPAddress: Request to remove last IP address (didn't)",
+ sm->sctp_hdr
+ ->v_tag,
+ assoc
+ ->num_Gaddr,
+ direction));
}
}
}
@@ -1563,8 +1890,10 @@
return;
else if (bytes_left < SN_MIN_PARAM_SIZE) {
SN_LOG(SN_LOG_EVENT,
- logsctperror("RmGlobalIPAddress: truncated packet - may not have removed all IP addresses",
- sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction));
+ logsctperror(
+ "RmGlobalIPAddress: truncated packet - may not have removed all IP addresses",
+ sm->sctp_hdr->v_tag,
+ sysctl_track_global_addresses, direction));
return;
}
@@ -1572,8 +1901,10 @@
param_size = SCTP_SIZE32(ntohs(param->param_length));
if (++param_count > sysctl_param_proc_limit) {
SN_LOG(SN_LOG_EVENT,
- logsctperror("Parameter parse limit exceeded (RmGlobalIPAddress)",
- sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
+ logsctperror(
+ "Parameter parse limit exceeded (RmGlobalIPAddress)",
+ sm->sctp_hdr->v_tag, sysctl_param_proc_limit,
+ direction));
return; /* limit exceeded*/
}
}
@@ -1619,9 +1950,10 @@
if (bytes_left < param_size)
return (0); /* not found */
/* step through Asconf parameters */
- while(bytes_left >= SN_ASCONFACK_PARAM_SIZE) {
+ while (bytes_left >= SN_ASCONFACK_PARAM_SIZE) {
if (ntohs(param->param_type) == SCTP_SUCCESS_REPORT)
- return (1); /* success - but can't match correlation IDs - should only be one */
+ return (1); /* success - but can't match correlation IDs
+ - should only be one */
/* check others just in case */
bytes_left -= param_size;
if (bytes_left >= SN_MIN_PARAM_SIZE)
@@ -1635,8 +1967,10 @@
if (++param_count > sysctl_param_proc_limit) {
SN_LOG(SN_LOG_EVENT,
- logsctperror("Parameter parse limit exceeded (IsASCONFack)",
- sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
+ logsctperror(
+ "Parameter parse limit exceeded (IsASCONFack)",
+ sm->sctp_hdr->v_tag, sysctl_param_proc_limit,
+ direction));
return (0); /* not found limit exceeded*/
}
}
@@ -1671,7 +2005,7 @@
if (bytes_left < param_size)
return (0); /* not found */
/* step through Asconf parameters */
- while(bytes_left >= SN_ASCONFACK_PARAM_SIZE) {
+ while (bytes_left >= SN_ASCONFACK_PARAM_SIZE) {
if (ntohs(param->param_type) == SCTP_ADD_IP_ADDRESS)
return (SCTP_ADD_IP_ADDRESS);
else if (ntohs(param->param_type) == SCTP_DEL_IP_ADDRESS)
@@ -1689,12 +2023,14 @@
if (++param_count > sysctl_param_proc_limit) {
SN_LOG(SN_LOG_EVENT,
- logsctperror("Parameter parse limit exceeded IsADDorDEL)",
- sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
+ logsctperror(
+ "Parameter parse limit exceeded IsADDorDEL)",
+ sm->sctp_hdr->v_tag, sysctl_param_proc_limit,
+ direction));
return (0); /* not found limit exceeded*/
}
}
- return (0); /*Neither found */
+ return (0); /*Neither found */
}
/* ----------------------------------------------------------------------
@@ -1721,10 +2057,12 @@
* @param sm Pointer to sctp message information
* @param assoc Pointer to the association this SCTP Message belongs to
*
- * @return SN_DROP_PKT | SN_NAT_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR | SN_PROCESSING_ERROR
+ * @return SN_DROP_PKT | SN_NAT_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR |
+ * SN_PROCESSING_ERROR
*/
static int
-ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc)
+ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm,
+ struct sctp_nat_assoc *assoc)
{
int rtnval;
@@ -1732,16 +2070,16 @@
case SN_ID: /* Idle */
rtnval = ID_process(la, direction, assoc, sm);
if (rtnval != SN_NAT_PKT) {
- assoc->state = SN_RM;/* Mark for removal*/
+ assoc->state = SN_RM; /* Mark for removal*/
}
return (rtnval);
case SN_INi: /* Initialising - Init */
return (INi_process(la, direction, assoc, sm));
case SN_INa: /* Initialising - AddIP */
return (INa_process(la, direction, assoc, sm));
- case SN_UP: /* Association UP */
+ case SN_UP: /* Association UP */
return (UP_process(la, direction, assoc, sm));
- case SN_CL: /* Association Closing */
+ case SN_CL: /* Association Closing */
return (CL_process(la, direction, assoc, sm));
}
return (SN_PROCESSING_ERROR);
@@ -1762,17 +2100,23 @@
* @return SN_NAT_PKT | SN_DROP_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR
*/
static int
-ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
+ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc,
+ struct sctp_nat_msg *sm)
{
switch (sm->msg) {
- case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk with ADDIP */
- if (!sysctl_accept_global_ootb_addip && (direction == SN_TO_LOCAL))
+ case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk with ADDIP
+ */
+ if (!sysctl_accept_global_ootb_addip &&
+ (direction == SN_TO_LOCAL))
return (SN_DROP_PKT);
- /* if this Asconf packet does not contain the Vtag parameters it is of no use in Idle state */
- if (!GetAsconfVtags(la, sm, &(assoc->l_vtag), &(assoc->g_vtag), direction))
+ /* if this Asconf packet does not contain the Vtag parameters it
+ * is of no use in Idle state */
+ if (!GetAsconfVtags(la, sm, &(assoc->l_vtag), &(assoc->g_vtag),
+ direction))
return (SN_DROP_PKT);
/* FALLTHROUGH */
- case SN_SCTP_INIT: /* a packet containing an INIT chunk or an ASCONF AddIP */
+ case SN_SCTP_INIT: /* a packet containing an INIT chunk or an ASCONF
+ AddIP */
if (sysctl_track_global_addresses)
AddGlobalIPAddresses(sm, assoc, direction);
switch (direction) {
@@ -1783,14 +2127,19 @@
assoc->g_port = sm->sctp_hdr->dest_port;
if (sm->msg == SN_SCTP_INIT)
assoc->g_vtag = sm->sctpchnk.Init->initiate_tag;
- if (AddSctpAssocGlobal(la, assoc)) /* DB clash: need to add dst address */
- return ((sm->msg == SN_SCTP_INIT) ? SN_REPLY_ABORT : SN_REPLY_ERROR);
+ if (AddSctpAssocGlobal(la,
+ assoc)) /* DB clash: need to add dst address */
+ return ((sm->msg == SN_SCTP_INIT) ?
+ SN_REPLY_ABORT :
+ SN_REPLY_ERROR);
if (sm->msg == SN_SCTP_ASCONF) {
- if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_dst)) /* DB clash */
+ if (AddSctpAssocLocal(la, assoc,
+ sm->ip_hdr->ip_dst)) /* DB clash */
return (SN_REPLY_ERROR);
- assoc->TableRegister |= SN_WAIT_TOLOCAL; /* wait for tolocal ack */
+ assoc->TableRegister |=
+ SN_WAIT_TOLOCAL; /* wait for tolocal ack */
}
- break;
+ break;
case SN_TO_LOCAL:
assoc->l_addr = FindSctpRedirectAddress(la, sm);
assoc->a_addr = sm->ip_hdr->ip_dst;
@@ -1798,23 +2147,31 @@
assoc->g_port = sm->sctp_hdr->src_port;
if (sm->msg == SN_SCTP_INIT)
assoc->l_vtag = sm->sctpchnk.Init->initiate_tag;
- if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_src)) /* DB clash */
- return ((sm->msg == SN_SCTP_INIT) ? SN_REPLY_ABORT : SN_REPLY_ERROR);
+ if (AddSctpAssocLocal(la, assoc,
+ sm->ip_hdr->ip_src)) /* DB clash */
+ return ((sm->msg == SN_SCTP_INIT) ?
+ SN_REPLY_ABORT :
+ SN_REPLY_ERROR);
if (sm->msg == SN_SCTP_ASCONF) {
- if (AddSctpAssocGlobal(la, assoc)) /* DB clash: need to add src address */
+ if (AddSctpAssocGlobal(la,
+ assoc)) /* DB clash: need to add src
+ address */
return (SN_REPLY_ERROR);
- assoc->TableRegister |= SN_WAIT_TOGLOBAL; /* wait for toglobal ack */
+ assoc->TableRegister |=
+ SN_WAIT_TOGLOBAL; /* wait for toglobal ack
+ */
}
break;
}
assoc->state = (sm->msg == SN_SCTP_INIT) ? SN_INi : SN_INa;
assoc->exp = SN_I_T(la);
- sctp_AddTimeOut(la,assoc);
+ sctp_AddTimeOut(la, assoc);
return (SN_NAT_PKT);
default: /* Any other type of SCTP message is not valid in Idle */
return (SN_DROP_PKT);
}
- return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
+ return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope
+ for the best */
}
/** @ingroup state_machine
@@ -1831,42 +2188,47 @@
* @return SN_NAT_PKT | SN_DROP_PKT | SN_REPLY_ABORT
*/
static int
-INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
+INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc,
+ struct sctp_nat_msg *sm)
{
switch (sm->msg) {
- case SN_SCTP_INIT: /* a packet containing a retransmitted INIT chunk */
+ case SN_SCTP_INIT: /* a packet containing a retransmitted INIT chunk */
sctp_ResetTimeOut(la, assoc, SN_I_T(la));
return (SN_NAT_PKT);
- case SN_SCTP_INITACK: /* a packet containing an INIT-ACK chunk */
+ case SN_SCTP_INITACK: /* a packet containing an INIT-ACK chunk */
switch (direction) {
case SN_TO_LOCAL:
- if (assoc->num_Gaddr) /*If tracking global addresses for this association */
+ if (assoc->num_Gaddr) /*If tracking global addresses for
+ this association */
AddGlobalIPAddresses(sm, assoc, direction);
assoc->l_vtag = sm->sctpchnk.Init->initiate_tag;
- if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_src)) { /* DB clash */
- assoc->state = SN_RM;/* Mark for removal*/
+ if (AddSctpAssocLocal(la, assoc,
+ sm->ip_hdr->ip_src)) { /* DB clash */
+ assoc->state = SN_RM; /* Mark for removal*/
return (SN_SEND_ABORT);
}
break;
case SN_TO_GLOBAL:
- assoc->l_addr = sm->ip_hdr->ip_src; // Only if not set in Init! *
+ assoc->l_addr =
+ sm->ip_hdr->ip_src; // Only if not set in Init! *
assoc->g_vtag = sm->sctpchnk.Init->initiate_tag;
if (AddSctpAssocGlobal(la, assoc)) { /* DB clash */
- assoc->state = SN_RM;/* Mark for removal*/
+ assoc->state = SN_RM; /* Mark for removal*/
return (SN_SEND_ABORT);
}
break;
}
- assoc->state = SN_UP;/* association established for NAT */
- sctp_ResetTimeOut(la,assoc, SN_U_T(la));
+ assoc->state = SN_UP; /* association established for NAT */
+ sctp_ResetTimeOut(la, assoc, SN_U_T(la));
return (SN_NAT_PKT);
- case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
- assoc->state = SN_RM;/* Mark for removal*/
+ case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
+ assoc->state = SN_RM; /* Mark for removal*/
return (SN_NAT_PKT);
default:
return (SN_DROP_PKT);
}
- return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
+ return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope
+ for the best */
}
/** @ingroup state_machine
@@ -1883,38 +2245,45 @@
* @return SN_NAT_PKT | SN_DROP_PKT
*/
static int
-INa_process(struct libalias *la, int direction,struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
+INa_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc,
+ struct sctp_nat_msg *sm)
{
switch (sm->msg) {
- case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/
- sctp_ResetTimeOut(la,assoc, SN_I_T(la));
+ case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/
+ sctp_ResetTimeOut(la, assoc, SN_I_T(la));
return (SN_NAT_PKT);
- case SN_SCTP_ASCONFACK: /* a packet containing an ASCONF chunk with a ADDIP-ACK */
+ case SN_SCTP_ASCONFACK: /* a packet containing an ASCONF chunk with a
+ ADDIP-ACK */
switch (direction) {
case SN_TO_LOCAL:
- if (!(assoc->TableRegister & SN_WAIT_TOLOCAL)) /* wrong direction */
+ if (!(assoc->TableRegister &
+ SN_WAIT_TOLOCAL)) /* wrong direction */
return (SN_DROP_PKT);
break;
case SN_TO_GLOBAL:
- if (!(assoc->TableRegister & SN_WAIT_TOGLOBAL)) /* wrong direction */
+ if (!(assoc->TableRegister &
+ SN_WAIT_TOGLOBAL)) /* wrong direction */
return (SN_DROP_PKT);
}
- if (IsASCONFack(la,sm,direction)) {
- assoc->TableRegister &= SN_BOTH_TBL; /* remove wait flags */
- assoc->state = SN_UP; /* association established for NAT */
- sctp_ResetTimeOut(la,assoc, SN_U_T(la));
+ if (IsASCONFack(la, sm, direction)) {
+ assoc->TableRegister &=
+ SN_BOTH_TBL; /* remove wait flags */
+ assoc->state =
+ SN_UP; /* association established for NAT */
+ sctp_ResetTimeOut(la, assoc, SN_U_T(la));
return (SN_NAT_PKT);
} else {
- assoc->state = SN_RM;/* Mark for removal*/
+ assoc->state = SN_RM; /* Mark for removal*/
return (SN_NAT_PKT);
}
- case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
- assoc->state = SN_RM;/* Mark for removal*/
+ case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
+ assoc->state = SN_RM; /* Mark for removal*/
return (SN_NAT_PKT);
default:
return (SN_DROP_PKT);
}
- return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
+ return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope
+ for the best */
}
/** @ingroup state_machine
@@ -1931,19 +2300,22 @@
* @return SN_NAT_PKT | SN_DROP_PKT
*/
static int
-UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
+UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc,
+ struct sctp_nat_msg *sm)
{
switch (sm->msg) {
- case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */
+ case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */
assoc->state = SN_CL;
- sctp_ResetTimeOut(la,assoc, SN_C_T(la));
+ sctp_ResetTimeOut(la, assoc, SN_C_T(la));
return (SN_NAT_PKT);
- case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
- assoc->state = SN_RM;/* Mark for removal*/
+ case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
+ assoc->state = SN_RM; /* Mark for removal*/
return (SN_NAT_PKT);
- case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/
- if ((direction == SN_TO_LOCAL) && assoc->num_Gaddr) /*If tracking global addresses for this association & from global side */
- switch (IsADDorDEL(la,sm,direction)) {
+ case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/
+ if ((direction == SN_TO_LOCAL) &&
+ assoc->num_Gaddr) /*If tracking global addresses for this
+ association & from global side */
+ switch (IsADDorDEL(la, sm, direction)) {
case SCTP_ADD_IP_ADDRESS:
AddGlobalIPAddresses(sm, assoc, direction);
break;
@@ -1953,10 +2325,11 @@
}
/* FALLTHROUGH */
default:
- sctp_ResetTimeOut(la,assoc, SN_U_T(la));
- return (SN_NAT_PKT); /* forward packet */
+ sctp_ResetTimeOut(la, assoc, SN_U_T(la));
+ return (SN_NAT_PKT); /* forward packet */
}
- return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
+ return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope
+ for the best */
}
/** @ingroup state_machine
@@ -1975,27 +2348,32 @@
* @return SN_NAT_PKT | SN_DROP_PKT
*/
static int
-CL_process(struct libalias *la, int direction,struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
+CL_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc,
+ struct sctp_nat_msg *sm)
{
switch (sm->msg) {
- case SN_SCTP_SHUTCOMP: /* a packet containing a SHUTDOWN-COMPLETE chunk */
- assoc->state = SN_CL; /* Stay in Close state until timeout */
+ case SN_SCTP_SHUTCOMP: /* a packet containing a SHUTDOWN-COMPLETE chunk
+ */
+ assoc->state = SN_CL; /* Stay in Close state until timeout */
if (sysctl_holddown_timer > 0)
- sctp_ResetTimeOut(la, assoc, SN_X_T(la));/* allow to stay open for Tbit packets*/
+ sctp_ResetTimeOut(la, assoc,
+ SN_X_T(
+ la)); /* allow to stay open for Tbit packets*/
else
- assoc->state = SN_RM;/* Mark for removal*/
+ assoc->state = SN_RM; /* Mark for removal*/
return (SN_NAT_PKT);
- case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */
- assoc->state = SN_CL; /* Stay in Close state until timeout */
+ case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */
+ assoc->state = SN_CL; /* Stay in Close state until timeout */
sctp_ResetTimeOut(la, assoc, SN_C_T(la));
return (SN_NAT_PKT);
- case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
- assoc->state = SN_RM;/* Mark for removal*/
+ case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
+ assoc->state = SN_RM; /* Mark for removal*/
return (SN_NAT_PKT);
default:
return (SN_DROP_PKT);
}
- return (SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
+ return (SN_DROP_PKT); /* shouldn't get here very bad: log, drop and hope
+ for the best */
}
/* ----------------------------------------------------------------------
@@ -2023,7 +2401,8 @@
* @return pointer to association or NULL
*/
static struct sctp_nat_assoc *
-FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port)
+FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr,
+ uint32_t l_vtag, uint16_t l_port, uint16_t g_port)
{
u_int i;
struct sctp_nat_assoc *assoc = NULL;
@@ -2032,11 +2411,15 @@
if (l_vtag != 0) { /* an init packet, vtag==0 */
i = SN_TABLE_HASH(l_vtag, l_port, la->sctpNatTableSize);
LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) {
- if ((assoc->l_vtag == l_vtag) && (assoc->l_port == l_port) && (assoc->g_port == g_port)\
- && (assoc->l_addr.s_addr == l_addr.s_addr)) {
+ if ((assoc->l_vtag == l_vtag) &&
+ (assoc->l_port == l_port) &&
+ (assoc->g_port == g_port) &&
+ (assoc->l_addr.s_addr == l_addr.s_addr)) {
if (assoc->num_Gaddr) {
- LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
- if (G_Addr->g_addr.s_addr == g_addr.s_addr)
+ LIST_FOREACH(G_Addr, &(assoc->Gaddr),
+ list_Gaddr) {
+ if (G_Addr->g_addr.s_addr ==
+ g_addr.s_addr)
return (assoc);
}
} else {
@@ -2068,13 +2451,22 @@
struct sctp_GlobalAddress *G_AddrC = NULL;
if (Cassoc->g_vtag != 0) { /* an init packet, vtag==0 */
- i = SN_TABLE_HASH(Cassoc->g_vtag, Cassoc->g_port, la->sctpNatTableSize);
+ i = SN_TABLE_HASH(Cassoc->g_vtag, Cassoc->g_port,
+ la->sctpNatTableSize);
LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
- if ((assoc->g_vtag == Cassoc->g_vtag) && (assoc->g_port == Cassoc->g_port) && (assoc->l_port == Cassoc->l_port)) {
+ if ((assoc->g_vtag == Cassoc->g_vtag) &&
+ (assoc->g_port == Cassoc->g_port) &&
+ (assoc->l_port == Cassoc->l_port)) {
if (assoc->num_Gaddr) {
- LIST_FOREACH(G_AddrC, &(Cassoc->Gaddr), list_Gaddr) {
- LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
- if (G_Addr->g_addr.s_addr == G_AddrC->g_addr.s_addr)
+ LIST_FOREACH(G_AddrC, &(Cassoc->Gaddr),
+ list_Gaddr) {
+ LIST_FOREACH(G_Addr,
+ &(assoc->Gaddr),
+ list_Gaddr) {
+ if (G_Addr->g_addr
+ .s_addr ==
+ G_AddrC->g_addr
+ .s_addr)
return (assoc);
}
}
@@ -2107,7 +2499,8 @@
* @return pointer to association or NULL
*/
static struct sctp_nat_assoc *
-FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match)
+FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag,
+ uint16_t g_port, uint16_t l_port, int *partial_match)
{
u_int i;
struct sctp_nat_assoc *assoc = NULL;
@@ -2117,11 +2510,15 @@
if (g_vtag != 0) { /* an init packet, vtag==0 */
i = SN_TABLE_HASH(g_vtag, g_port, la->sctpNatTableSize);
LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
- if ((assoc->g_vtag == g_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) {
+ if ((assoc->g_vtag == g_vtag) &&
+ (assoc->g_port == g_port) &&
+ (assoc->l_port == l_port)) {
*partial_match = 1;
if (assoc->num_Gaddr) {
- LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
- if (G_Addr->g_addr.s_addr == g_addr.s_addr)
+ LIST_FOREACH(G_Addr, &(assoc->Gaddr),
+ list_Gaddr) {
+ if (G_Addr->g_addr.s_addr ==
+ g_addr.s_addr)
return (assoc);
}
} else {
@@ -2134,7 +2531,8 @@
}
/** @ingroup Hash
- * @brief Find the SCTP association for a T-Flag message (given the global port and local vtag)
+ * @brief Find the SCTP association for a T-Flag message (given the global port
+ * and local vtag)
*
* Searches the local look-up table for a unique association entry matching the
* provided global port and local vtag information
@@ -2148,7 +2546,8 @@
* @return pointer to association or NULL
*/
static struct sctp_nat_assoc *
-FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port)
+FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag,
+ uint16_t g_port, uint16_t l_port)
{
u_int i;
struct sctp_nat_assoc *assoc = NULL, *lastmatch = NULL;
@@ -2158,11 +2557,17 @@
if (l_vtag != 0) { /* an init packet, vtag==0 */
i = SN_TABLE_HASH(l_vtag, g_port, la->sctpNatTableSize);
LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
- if ((assoc->g_vtag == l_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) {
+ if ((assoc->g_vtag == l_vtag) &&
+ (assoc->g_port == g_port) &&
+ (assoc->l_port == l_port)) {
if (assoc->num_Gaddr) {
- LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
- if (G_Addr->g_addr.s_addr == g_addr.s_addr)
- return (assoc); /* full match */
+ LIST_FOREACH(G_Addr, &(assoc->Gaddr),
+ list_Gaddr) {
+ if (G_Addr->g_addr.s_addr ==
+ g_addr.s_addr)
+ return (
+ assoc); /* full
+ match */
}
} else {
if (++cnt > 1)
@@ -2172,12 +2577,14 @@
}
}
}
- /* If there is more than one match we do not know which local address to send to */
+ /* If there is more than one match we do not know which local address to
+ * send to */
return (cnt ? lastmatch : NULL);
}
/** @ingroup Hash
- * @brief Find the SCTP association for a T-Flag message (given the local port and global vtag)
+ * @brief Find the SCTP association for a T-Flag message (given the local port
+ * and global vtag)
*
* Searches the global look-up table for a unique association entry matching the
* provided local port and global vtag information
@@ -2191,7 +2598,8 @@
* @return pointer to association or NULL
*/
static struct sctp_nat_assoc *
-FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port)
+FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag,
+ uint16_t l_port, uint16_t g_port)
{
u_int i;
struct sctp_nat_assoc *assoc = NULL;
@@ -2200,10 +2608,14 @@
if (g_vtag != 0) { /* an init packet, vtag==0 */
i = SN_TABLE_HASH(g_vtag, l_port, la->sctpNatTableSize);
LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) {
- if ((assoc->l_vtag == g_vtag) && (assoc->l_port == l_port) && (assoc->g_port == g_port)) {
+ if ((assoc->l_vtag == g_vtag) &&
+ (assoc->l_port == l_port) &&
+ (assoc->g_port == g_port)) {
if (assoc->num_Gaddr) {
- LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
- if (G_Addr->g_addr.s_addr == g_addr.s_addr)
+ LIST_FOREACH(G_Addr, &(assoc->Gaddr),
+ list_Gaddr) {
+ if (G_Addr->g_addr.s_addr ==
+ g_addr.s_addr)
return (assoc);
}
} else {
@@ -2232,23 +2644,26 @@
* @return SN_ADD_OK | SN_ADD_CLASH
*/
static int
-AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr)
+AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc,
+ struct in_addr g_addr)
{
struct sctp_nat_assoc *found;
LIBALIAS_LOCK_ASSERT(la);
- found = FindSctpLocal(la, assoc->l_addr, g_addr, assoc->l_vtag, assoc->l_port, assoc->g_port);
+ found = FindSctpLocal(la, assoc->l_addr, g_addr, assoc->l_vtag,
+ assoc->l_port, assoc->g_port);
/*
* Note that if a different global address initiated this Init,
* ie it wasn't resent as presumed:
- * - the local receiver if receiving it for the first time will establish
- * an association with the new global host
- * - if receiving an init from a different global address after sending a
- * lost initack it will send an initack to the new global host, the first
- * association attempt will then be blocked if retried.
+ * - the local receiver if receiving it for the first time will
+ * establish an association with the new global host
+ * - if receiving an init from a different global address after sending
+ * a lost initack it will send an initack to the new global host, the
+ * first association attempt will then be blocked if retried.
*/
if (found != NULL) {
- if ((found->TableRegister == SN_LOCAL_TBL) && (found->g_port == assoc->g_port)) { /* resent message */
+ if ((found->TableRegister == SN_LOCAL_TBL) &&
+ (found->g_port == assoc->g_port)) { /* resent message */
RmSctpAssoc(la, found);
sctp_RmTimeOut(la, found);
freeGlobalAddressList(found);
@@ -2257,10 +2672,11 @@
return (SN_ADD_CLASH);
}
- LIST_INSERT_HEAD(&la->sctpTableLocal[SN_TABLE_HASH(assoc->l_vtag, assoc->l_port, la->sctpNatTableSize)],
+ LIST_INSERT_HEAD(&la->sctpTableLocal[SN_TABLE_HASH(assoc->l_vtag,
+ assoc->l_port, la->sctpNatTableSize)],
assoc, list_L);
assoc->TableRegister |= SN_LOCAL_TBL;
- la->sctpLinkCount++; //increment link count
+ la->sctpLinkCount++; // increment link count
if (assoc->TableRegister == SN_BOTH_TBL) {
/* libalias log -- controlled by libalias */
@@ -2307,10 +2723,11 @@
return (SN_ADD_CLASH);
}
- LIST_INSERT_HEAD(&la->sctpTableGlobal[SN_TABLE_HASH(assoc->g_vtag, assoc->g_port, la->sctpNatTableSize)],
+ LIST_INSERT_HEAD(&la->sctpTableGlobal[SN_TABLE_HASH(assoc->g_vtag,
+ assoc->g_port, la->sctpNatTableSize)],
assoc, list_G);
assoc->TableRegister |= SN_GLOBAL_TBL;
- la->sctpLinkCount++; //increment link count
+ la->sctpLinkCount++; // increment link count
if (assoc->TableRegister == SN_BOTH_TBL) {
/* libalias log -- controlled by libalias */
@@ -2344,7 +2761,8 @@
if (assoc == NULL) {
/* very bad, log and die*/
SN_LOG(SN_LOG_LOW,
- logsctperror("ERROR: alias_sctp:RmSctpAssoc(NULL)\n", 0, 0, SN_TO_NODIR));
+ logsctperror("ERROR: alias_sctp:RmSctpAssoc(NULL)\n", 0, 0,
+ SN_TO_NODIR));
return;
}
/* log if association is fully up and now closing */
@@ -2354,13 +2772,13 @@
LIBALIAS_LOCK_ASSERT(la);
if (assoc->TableRegister & SN_LOCAL_TBL) {
assoc->TableRegister ^= SN_LOCAL_TBL;
- la->sctpLinkCount--; //decrement link count
+ la->sctpLinkCount--; // decrement link count
LIST_REMOVE(assoc, list_L);
}
if (assoc->TableRegister & SN_GLOBAL_TBL) {
assoc->TableRegister ^= SN_GLOBAL_TBL;
- la->sctpLinkCount--; //decrement link count
+ la->sctpLinkCount--; // decrement link count
LIST_REMOVE(assoc, list_G);
}
// sn_free(assoc); //Don't remove now, remove if needed later
@@ -2378,9 +2796,10 @@
*
* @param assoc
*/
-static void freeGlobalAddressList(struct sctp_nat_assoc *assoc)
+static void
+freeGlobalAddressList(struct sctp_nat_assoc *assoc)
{
- struct sctp_GlobalAddress *gaddr1=NULL,*gaddr2=NULL;
+ struct sctp_GlobalAddress *gaddr1 = NULL, *gaddr2 = NULL;
/*free global address list*/
gaddr1 = LIST_FIRST(&(assoc->Gaddr));
while (gaddr1 != NULL) {
@@ -2421,7 +2840,8 @@
{
int add_loc;
LIBALIAS_LOCK_ASSERT(la);
- add_loc = assoc->exp - la->sctpNatTimer.loc_time + la->sctpNatTimer.cur_loc;
+ add_loc = assoc->exp - la->sctpNatTimer.loc_time +
+ la->sctpNatTimer.cur_loc;
if (add_loc >= SN_TIMER_QUEUE_SIZE)
add_loc -= SN_TIMER_QUEUE_SIZE;
LIST_INSERT_HEAD(&la->sctpNatTimer.TimerQ[add_loc], assoc, timer_Q);
@@ -2441,7 +2861,7 @@
sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc)
{
LIBALIAS_LOCK_ASSERT(la);
- LIST_REMOVE(assoc, timer_Q);/* Note this is O(1) */
+ LIST_REMOVE(assoc, timer_Q); /* Note this is O(1) */
}
/** @ingroup Timer
@@ -2489,18 +2909,24 @@
struct sctp_nat_assoc *assoc;
LIBALIAS_LOCK_ASSERT(la);
- while(LibAliasTime >= la->sctpNatTimer.loc_time) {
- while (!LIST_EMPTY(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc])) {
- assoc = LIST_FIRST(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc]);
- //SLIST_REMOVE_HEAD(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc], timer_Q);
+ while (LibAliasTime >= la->sctpNatTimer.loc_time) {
+ while (!LIST_EMPTY(
+ &la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc])) {
+ assoc = LIST_FIRST(
+ &la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc]);
+ // SLIST_REMOVE_HEAD(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc],
+ // timer_Q);
LIST_REMOVE(assoc, timer_Q);
if (LibAliasTime >= assoc->exp) { /* state expired */
- SN_LOG(((assoc->state == SN_CL) ? (SN_LOG_DEBUG) : (SN_LOG_INFO)),
- logsctperror("Timer Expired", assoc->g_vtag, assoc->state, SN_TO_NODIR));
+ SN_LOG(((assoc->state == SN_CL) ?
+ (SN_LOG_DEBUG) :
+ (SN_LOG_INFO)),
+ logsctperror("Timer Expired", assoc->g_vtag,
+ assoc->state, SN_TO_NODIR));
RmSctpAssoc(la, assoc);
freeGlobalAddressList(assoc);
sn_free(assoc);
- } else {/* state not expired, reschedule timer*/
+ } else { /* state not expired, reschedule timer*/
sctp_AddTimeOut(la, assoc);
}
}
@@ -2605,7 +3031,8 @@
* @param assoc pointer to sctp association
* @param s Character that indicates the state of processing for this packet
*/
-static void logsctpassoc(struct sctp_nat_assoc *assoc, char *s)
+static void
+logsctpassoc(struct sctp_nat_assoc *assoc, char *s)
{
struct sctp_GlobalAddress *G_Addr = NULL;
char *sp;
@@ -2634,11 +3061,11 @@
sp = "***ERROR***";
break;
}
- SctpAliasLog("%sAssoc: %s exp=%u la=%s lv=%u lp=%u gv=%u gp=%u tbl=%d\n",
- s, sp, assoc->exp, inet_ntoa_r(assoc->l_addr, addrbuf),
- ntohl(assoc->l_vtag), ntohs(assoc->l_port),
- ntohl(assoc->g_vtag), ntohs(assoc->g_port),
- assoc->TableRegister);
+ SctpAliasLog(
+ "%sAssoc: %s exp=%u la=%s lv=%u lp=%u gv=%u gp=%u tbl=%d\n", s, sp,
+ assoc->exp, inet_ntoa_r(assoc->l_addr, addrbuf),
+ ntohl(assoc->l_vtag), ntohs(assoc->l_port), ntohl(assoc->g_vtag),
+ ntohs(assoc->g_port), assoc->TableRegister);
/* list global addresses */
LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
SctpAliasLog("\t\tga=%s\n",
@@ -2651,7 +3078,8 @@
*
* @param la Pointer to the relevant libalias instance
*/
-static void logSctpGlobal(struct libalias *la)
+static void
+logSctpGlobal(struct libalias *la)
{
u_int i;
struct sctp_nat_assoc *assoc = NULL;
@@ -2669,7 +3097,8 @@
*
* @param la Pointer to the relevant libalias instance
*/
-static void logSctpLocal(struct libalias *la)
+static void
+logSctpLocal(struct libalias *la)
{
u_int i;
struct sctp_nat_assoc *assoc = NULL;
@@ -2687,7 +3116,8 @@
*
* @param la Pointer to the relevant libalias instance
*/
-static void logTimerQ(struct libalias *la)
+static void
+logTimerQ(struct libalias *la)
{
static char buf[50];
u_int i;
@@ -2696,8 +3126,8 @@
SctpAliasLog("t->\n");
for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) {
LIST_FOREACH(assoc, &la->sctpNatTimer.TimerQ[i], timer_Q) {
- snprintf(buf, 50, " l=%u ",i);
- //SctpAliasLog(la->logDesc," l=%d ",i);
+ snprintf(buf, 50, " l=%u ", i);
+ // SctpAliasLog(la->logDesc," l=%d ",i);
logsctpassoc(assoc, buf);
}
}
Index: sys/netinet/libalias/alias_skinny.c
===================================================================
--- sys/netinet/libalias/alias_skinny.c
+++ sys/netinet/libalias/alias_skinny.c
@@ -40,8 +40,8 @@
#include <unistd.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
@@ -53,16 +53,17 @@
#include "alias_mod.h"
#endif
-static void
-AliasHandleSkinny(struct libalias *, struct ip *, struct alias_link *);
+static void AliasHandleSkinny(struct libalias *, struct ip *,
+ struct alias_link *);
static int
fingerprint(struct libalias *la, struct alias_data *ah)
{
if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL)
return (-1);
- if (la->skinnyPort != 0 && (ntohs(*ah->sport) == la->skinnyPort ||
- ntohs(*ah->dport) == la->skinnyPort))
+ if (la->skinnyPort != 0 &&
+ (ntohs(*ah->sport) == la->skinnyPort ||
+ ntohs(*ah->dport) == la->skinnyPort))
return (0);
return (-1);
}
@@ -74,16 +75,12 @@
return (0);
}
-struct proto_handler handlers[] = {
- {
- .pri = 110,
- .dir = IN|OUT,
- .proto = TCP,
- .fingerprint = &fingerprint,
- .protohandler = &protohandler
- },
- { EOH }
-};
+struct proto_handler handlers[] = { { .pri = 110,
+ .dir = IN | OUT,
+ .proto = TCP,
+ .fingerprint = &fingerprint,
+ .protohandler = &protohandler },
+ { EOH } };
static int
mod_handler(module_t mod, int type, void *data)
@@ -108,9 +105,7 @@
#ifdef _KERNEL
static
#endif
-moduledata_t alias_mod = {
- "alias_skinny", mod_handler, NULL
-};
+ moduledata_t alias_mod = { "alias_skinny", mod_handler, NULL };
#ifdef _KERNEL
DECLARE_MODULE(alias_skinny, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
@@ -144,69 +139,65 @@
*
* Skinny is a Cisco-proprietary protocol and is a trademark of Cisco Systems,
* Inc. All rights reserved.
-*/
+ */
/* #define LIBALIAS_DEBUG 1 */
/* Message types that need translating */
-#define REG_MSG 0x00000001
-#define IP_PORT_MSG 0x00000002
-#define OPNRCVCH_ACK 0x00000022
-#define START_MEDIATX 0x0000008a
+#define REG_MSG 0x00000001
+#define IP_PORT_MSG 0x00000002
+#define OPNRCVCH_ACK 0x00000022
+#define START_MEDIATX 0x0000008a
struct skinny_header {
- u_int32_t len;
- u_int32_t reserved;
- u_int32_t msgId;
+ u_int32_t len;
+ u_int32_t reserved;
+ u_int32_t msgId;
};
struct RegisterMessage {
- u_int32_t msgId;
- char devName [16];
- u_int32_t uid;
- u_int32_t instance;
- u_int32_t ipAddr;
- u_char devType;
- u_int32_t maxStreams;
+ u_int32_t msgId;
+ char devName[16];
+ u_int32_t uid;
+ u_int32_t instance;
+ u_int32_t ipAddr;
+ u_char devType;
+ u_int32_t maxStreams;
};
struct IpPortMessage {
- u_int32_t msgId;
- u_int32_t stationIpPort; /* Note: Skinny uses 32-bit port
- * numbers */
+ u_int32_t msgId;
+ u_int32_t stationIpPort; /* Note: Skinny uses 32-bit port
+ * numbers */
};
struct OpenReceiveChannelAck {
- u_int32_t msgId;
- u_int32_t status;
- u_int32_t ipAddr;
- u_int32_t port;
- u_int32_t passThruPartyID;
+ u_int32_t msgId;
+ u_int32_t status;
+ u_int32_t ipAddr;
+ u_int32_t port;
+ u_int32_t passThruPartyID;
};
struct StartMediaTransmission {
- u_int32_t msgId;
- u_int32_t conferenceID;
- u_int32_t passThruPartyID;
- u_int32_t remoteIpAddr;
- u_int32_t remotePort;
- u_int32_t MSPacket;
- u_int32_t payloadCap;
- u_int32_t precedence;
- u_int32_t silenceSuppression;
- u_short maxFramesPerPacket;
- u_int32_t G723BitRate;
+ u_int32_t msgId;
+ u_int32_t conferenceID;
+ u_int32_t passThruPartyID;
+ u_int32_t remoteIpAddr;
+ u_int32_t remotePort;
+ u_int32_t MSPacket;
+ u_int32_t payloadCap;
+ u_int32_t precedence;
+ u_int32_t silenceSuppression;
+ u_short maxFramesPerPacket;
+ u_int32_t G723BitRate;
};
-typedef enum {
- ClientToServer = 0,
- ServerToClient = 1
-} ConvDirection;
+typedef enum { ClientToServer = 0, ServerToClient = 1 } ConvDirection;
static int
alias_skinny_reg_msg(struct RegisterMessage *reg_msg, struct ip *pip,
- struct tcphdr *tc, struct alias_link *lnk,
- ConvDirection direction)
+ struct tcphdr *tc, struct alias_link *lnk, ConvDirection direction)
{
(void)direction;
@@ -224,9 +215,8 @@
static int
alias_skinny_startmedia(struct StartMediaTransmission *start_media,
- struct ip *pip, struct tcphdr *tc,
- struct alias_link *lnk, u_int32_t localIpAddr,
- ConvDirection direction)
+ struct ip *pip, struct tcphdr *tc, struct alias_link *lnk,
+ u_int32_t localIpAddr, ConvDirection direction)
{
struct in_addr dst __unused, src __unused;
@@ -248,8 +238,7 @@
static int
alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip,
- struct tcphdr *tc, struct alias_link *lnk,
- ConvDirection direction)
+ struct tcphdr *tc, struct alias_link *lnk, ConvDirection direction)
{
(void)direction;
@@ -265,9 +254,9 @@
}
static int
-alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opnrcvch_ack,
- struct ip *pip, struct tcphdr *tc,
- struct alias_link *lnk, u_int32_t * localIpAddr,
+alias_skinny_opnrcvch_ack(struct libalias *la,
+ struct OpenReceiveChannelAck *opnrcvch_ack, struct ip *pip,
+ struct tcphdr *tc, struct alias_link *lnk, u_int32_t *localIpAddr,
ConvDirection direction)
{
struct in_addr null_addr;
@@ -280,8 +269,7 @@
null_addr.s_addr = INADDR_ANY;
opnrcv_lnk = FindUdpTcpOut(la, pip->ip_src, null_addr,
- htons((u_short) opnrcvch_ack->port), 0,
- IPPROTO_UDP, 1);
+ htons((u_short)opnrcvch_ack->port), 0, IPPROTO_UDP, 1);
opnrcvch_ack->ipAddr = (u_int32_t)GetAliasAddress(opnrcv_lnk).s_addr;
opnrcvch_ack->port = (u_int32_t)ntohs(GetAliasPort(opnrcv_lnk));
@@ -383,7 +371,8 @@
"PacketAlias/Skinny: Received ipport message\n");
#endif
port_mesg = (struct IpPortMessage *)&sd->msgId;
- alias_skinny_port_msg(port_mesg, pip, tc, lnk, direction);
+ alias_skinny_port_msg(port_mesg, pip, tc, lnk,
+ direction);
break;
}
case OPNRCVCH_ACK: {
@@ -400,8 +389,10 @@
fprintf(stderr,
"PacketAlias/Skinny: Received open rcv channel msg\n");
#endif
- opnrcvchn_ack = (struct OpenReceiveChannelAck *)&sd->msgId;
- alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, lnk, &lip, direction);
+ opnrcvchn_ack =
+ (struct OpenReceiveChannelAck *)&sd->msgId;
+ alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc,
+ lnk, &lip, direction);
break;
}
case START_MEDIATX: {
@@ -428,8 +419,10 @@
fprintf(stderr,
"PacketAlias/Skinny: Received start media trans msg\n");
#endif
- startmedia_tx = (struct StartMediaTransmission *)&sd->msgId;
- alias_skinny_startmedia(startmedia_tx, pip, tc, lnk, lip, direction);
+ startmedia_tx =
+ (struct StartMediaTransmission *)&sd->msgId;
+ alias_skinny_startmedia(startmedia_tx, pip, tc, lnk,
+ lip, direction);
break;
}
default:
Index: sys/netinet/libalias/alias_smedia.c
===================================================================
--- sys/netinet/libalias/alias_smedia.c
+++ sys/netinet/libalias/alias_smedia.c
@@ -104,14 +104,15 @@
#include <sys/kernel.h>
#include <sys/module.h>
#else
-#include <errno.h>
#include <sys/types.h>
+
+#include <errno.h>
#include <stdio.h>
#include <string.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
@@ -126,11 +127,10 @@
#define RTSP_CONTROL_PORT_NUMBER_1 554
#define RTSP_CONTROL_PORT_NUMBER_2 7070
-#define TFTP_PORT_NUMBER 69
+#define TFTP_PORT_NUMBER 69
-static void
-AliasHandleRtspOut(struct libalias *, struct ip *, struct alias_link *,
- int maxpacketsize);
+static void AliasHandleRtspOut(struct libalias *, struct ip *,
+ struct alias_link *, int maxpacketsize);
static int
fingerprint(struct libalias *la, struct alias_data *ah)
{
@@ -140,10 +140,10 @@
if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL ||
ah->maxpktsize == 0)
return (-1);
- if (ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_1
- || ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_1
- || ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_2
- || ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_2)
+ if (ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_1 ||
+ ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_1 ||
+ ntohs(*ah->dport) == RTSP_CONTROL_PORT_NUMBER_2 ||
+ ntohs(*ah->sport) == RTSP_CONTROL_PORT_NUMBER_2)
return (0);
return (-1);
}
@@ -152,22 +152,19 @@
protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah)
{
if (ntohs(*ah->dport) == TFTP_PORT_NUMBER)
- FindRtspOut(la, pip->ip_src, pip->ip_dst,
- *ah->sport, *ah->aport, IPPROTO_UDP);
- else AliasHandleRtspOut(la, pip, ah->lnk, ah->maxpktsize);
+ FindRtspOut(la, pip->ip_src, pip->ip_dst, *ah->sport,
+ *ah->aport, IPPROTO_UDP);
+ else
+ AliasHandleRtspOut(la, pip, ah->lnk, ah->maxpktsize);
return (0);
}
-struct proto_handler handlers[] = {
- {
- .pri = 100,
- .dir = OUT,
- .proto = TCP|UDP,
- .fingerprint = &fingerprint,
- .protohandler = &protohandler
- },
- { EOH }
-};
+struct proto_handler handlers[] = { { .pri = 100,
+ .dir = OUT,
+ .proto = TCP | UDP,
+ .fingerprint = &fingerprint,
+ .protohandler = &protohandler },
+ { EOH } };
static int
mod_handler(module_t mod, int type, void *data)
@@ -192,9 +189,7 @@
#ifdef _KERNEL
static
#endif
-moduledata_t alias_mod = {
- "alias_smedia", mod_handler, NULL
-};
+ moduledata_t alias_mod = { "alias_smedia", mod_handler, NULL };
#ifdef _KERNEL
DECLARE_MODULE(alias_smedia, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
@@ -202,11 +197,11 @@
MODULE_DEPEND(alias_smedia, libalias, 1, 1, 1);
#endif
-#define RTSP_CONTROL_PORT_NUMBER_1 554
-#define RTSP_CONTROL_PORT_NUMBER_2 7070
-#define RTSP_PORT_GROUP 2
+#define RTSP_CONTROL_PORT_NUMBER_1 554
+#define RTSP_CONTROL_PORT_NUMBER_2 7070
+#define RTSP_PORT_GROUP 2
-#define ISDIGIT(a) (((a) >= '0') && ((a) <= '9'))
+#define ISDIGIT(a) (((a) >= '0') && ((a) <= '9'))
static int
search_string(char *data, int dlen, const char *search_str)
@@ -228,10 +223,8 @@
}
static int
-alias_rtsp_out(struct libalias *la, struct ip *pip,
- struct alias_link *lnk,
- char *data,
- const char *port_str)
+alias_rtsp_out(struct libalias *la, struct ip *pip, struct alias_link *lnk,
+ char *data, const char *port_str)
{
int hlen, tlen, dlen;
struct tcphdr *tc;
@@ -308,25 +301,35 @@
* need
*/
null_addr.s_addr = 0;
- if (0 == (salias = FindNewPortGroup(la, null_addr,
- FindAliasAddress(la, pip->ip_src),
- sport, 0,
- RTSP_PORT_GROUP,
- IPPROTO_UDP, 1))) {
+ if (0 ==
+ (salias = FindNewPortGroup(la,
+ null_addr,
+ FindAliasAddress(la,
+ pip->ip_src),
+ sport, 0, RTSP_PORT_GROUP,
+ IPPROTO_UDP, 1))) {
#ifdef LIBALIAS_DEBUG
fprintf(stderr,
"PacketAlias/RTSP: Cannot find contiguous RTSP data ports\n");
#endif
} else {
base_alias = ntohs(salias);
- for (j = 0; j < RTSP_PORT_GROUP; j++) {
+ for (j = 0; j < RTSP_PORT_GROUP;
+ j++) {
/*
* Establish link
* to port found in
* RTSP packet
*/
- rtsp_lnk = FindRtspOut(la, GetOriginalAddress(lnk), null_addr,
- htons(base_port + j), htons(base_alias + j),
+ rtsp_lnk = FindRtspOut(
+ la,
+ GetOriginalAddress(
+ lnk),
+ null_addr,
+ htons(
+ base_port + j),
+ htons(
+ base_alias + j),
IPPROTO_UDP);
if (rtsp_lnk != NULL) {
#ifndef NO_FW_PUNCH
@@ -335,7 +338,8 @@
* hole in
* firewall
*/
- PunchFWHole(rtsp_lnk);
+ PunchFWHole(
+ rtsp_lnk);
#endif
} else {
#ifdef LIBALIAS_DEBUG
@@ -346,14 +350,16 @@
}
}
}
- ealias = htons(base_alias + (RTSP_PORT_GROUP - 1));
+ ealias = htons(
+ base_alias + (RTSP_PORT_GROUP - 1));
}
if (salias && rtsp_lnk) {
pkt_updated = 1;
/* Copy into IP packet */
sprintf(stemp, "%d", ntohs(salias));
- memcpy(port_newdata, stemp, strlen(stemp));
+ memcpy(port_newdata, stemp,
+ strlen(stemp));
port_newdata += strlen(stemp);
if (eport != 0) {
@@ -361,8 +367,10 @@
port_newdata++;
/* Copy into IP packet */
- sprintf(stemp, "%d", ntohs(ealias));
- memcpy(port_newdata, stemp, strlen(stemp));
+ sprintf(stemp, "%d",
+ ntohs(ealias));
+ memcpy(port_newdata, stemp,
+ strlen(stemp));
port_newdata += strlen(stemp);
}
*port_newdata = ';';
@@ -412,10 +420,8 @@
/* Support the protocol used by early versions of RealPlayer */
static int
-alias_pna_out(struct libalias *la, struct ip *pip,
- struct alias_link *lnk,
- char *data,
- int dlen)
+alias_pna_out(struct libalias *la, struct ip *pip, struct alias_link *lnk,
+ char *data, int dlen)
{
struct alias_link *pna_links;
u_short msg_id, msg_len;
@@ -435,8 +441,8 @@
if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) {
memcpy(&port, work, 2);
- pna_links = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(lnk),
- port, 0, IPPROTO_UDP, 1);
+ pna_links = FindUdpTcpOut(la, pip->ip_src,
+ GetDestAddress(lnk), port, 0, IPPROTO_UDP, 1);
if (pna_links != NULL) {
#ifndef NO_FW_PUNCH
/* Punch hole in firewall */
@@ -462,7 +468,8 @@
}
static void
-AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *lnk, int maxpacketsize)
+AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *lnk,
+ int maxpacketsize)
{
int hlen, tlen, dlen;
struct tcphdr *tc;
@@ -502,21 +509,23 @@
if (dlen >= (int)strlen(str200)) {
for (parseOk = 0, i = 0;
- i <= dlen - (int)strlen(str200);
- i++)
- if (memcmp(&data[i], str200, strlen(str200)) == 0) {
+ i <= dlen - (int)strlen(str200); i++)
+ if (memcmp(&data[i], str200, strlen(str200)) ==
+ 0) {
parseOk = 1;
break;
}
if (parseOk) {
- i += strlen(str200); /* skip string found */
- while (data[i] == ' ') /* skip blank(s) */
+ i += strlen(str200); /* skip string found */
+ while (data[i] == ' ') /* skip blank(s) */
i++;
if ((dlen - i) >= (int)strlen(okstr))
- if (memcmp(&data[i], okstr, strlen(okstr)) == 0)
- alias_rtsp_out(la, pip, lnk, data, server_port_str);
+ if (memcmp(&data[i], okstr,
+ strlen(okstr)) == 0)
+ alias_rtsp_out(la, pip, lnk,
+ data, server_port_str);
}
}
}
Index: sys/netinet/libalias/alias_util.c
===================================================================
--- sys/netinet/libalias/alias_util.c
+++ sys/netinet/libalias/alias_util.c
@@ -47,11 +47,12 @@
#include <sys/proc.h>
#else
#include <sys/types.h>
+
#include <stdio.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
@@ -70,8 +71,7 @@
* purposes);
*/
u_short
-LibAliasInternetChecksum(struct libalias *la __unused, u_short *ptr,
- int nbytes)
+LibAliasInternetChecksum(struct libalias *la __unused, u_short *ptr, int nbytes)
{
int sum, oddbyte;
@@ -97,9 +97,8 @@
u_short
IpChecksum(struct ip *pip)
{
- return (LibAliasInternetChecksum(NULL, (u_short *)pip,
- (pip->ip_hl << 2)));
-
+ return (
+ LibAliasInternetChecksum(NULL, (u_short *)pip, (pip->ip_hl << 2)));
}
u_short
@@ -116,7 +115,7 @@
tc = (struct tcphdr *)ip_next(pip);
ptr = (u_short *)tc;
-/* Add up TCP header and data */
+ /* Add up TCP header and data */
nbytes = ntcp;
sum = 0;
while (nbytes > 1) {
@@ -129,7 +128,7 @@
((u_char *)&oddbyte)[1] = 0;
sum += oddbyte;
}
-/* "Pseudo-header" data */
+ /* "Pseudo-header" data */
ptr = (void *)&pip->ip_dst;
sum += *ptr++;
sum += *ptr;
@@ -139,14 +138,14 @@
sum += htons((u_short)ntcp);
sum += htons((u_short)pip->ip_p);
-/* Roll over carry bits */
+ /* Roll over carry bits */
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
-/* Return checksum */
+ /* Return checksum */
return ((u_short)~sum);
}
-#endif /* not _KERNEL */
+#endif /* not _KERNEL */
void
DifferentialChecksum(u_short *cksum, void *newp, void *oldp, int n)
@@ -158,7 +157,7 @@
accumulate = *cksum;
for (i = 0; i < n; i++) {
- accumulate -= *new++;
+ accumulate -= *new ++;
accumulate += *old++;
}

File Metadata

Mime Type
text/plain
Expires
Thu, Dec 26, 9:33 PM (12 h, 25 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15608036
Default Alt Text
D30260.diff (291 KB)

Event Timeline