Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw_nat.c
Show First 20 Lines • Show All 341 Lines • ▼ Show 20 Lines | ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) | ||||
if (mcl->m_pkthdr.rcvif == NULL && | if (mcl->m_pkthdr.rcvif == NULL && | ||||
mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) | mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) | ||||
ldt = 1; | ldt = 1; | ||||
c = mtod(mcl, char *); | c = mtod(mcl, char *); | ||||
/* Check if this is 'global' instance */ | /* Check if this is 'global' instance */ | ||||
if (t == NULL) { | if (t == NULL) { | ||||
if (args->oif == NULL) { | if (args->flags & IPFW_ARGS_IN) { | ||||
/* Wrong direction, skip processing */ | /* Wrong direction, skip processing */ | ||||
args->m = mcl; | args->m = mcl; | ||||
return (IP_FW_NAT); | return (IP_FW_NAT); | ||||
} | } | ||||
found = 0; | found = 0; | ||||
chain = &V_layer3_chain; | chain = &V_layer3_chain; | ||||
IPFW_RLOCK_ASSERT(chain); | IPFW_RLOCK_ASSERT(chain); | ||||
Show All 10 Lines | LIST_FOREACH(t, &chain->nat, _next) { | ||||
} | } | ||||
} | } | ||||
if (found != 1) { | if (found != 1) { | ||||
/* No instance found, return ignore */ | /* No instance found, return ignore */ | ||||
args->m = mcl; | args->m = mcl; | ||||
return (IP_FW_NAT); | return (IP_FW_NAT); | ||||
} | } | ||||
} else { | } else { | ||||
if (args->oif == NULL) | if (args->flags & IPFW_ARGS_IN) | ||||
retval = LibAliasIn(t->lib, c, | retval = LibAliasIn(t->lib, c, | ||||
mcl->m_len + M_TRAILINGSPACE(mcl)); | mcl->m_len + M_TRAILINGSPACE(mcl)); | ||||
else | else | ||||
retval = LibAliasOut(t->lib, c, | retval = LibAliasOut(t->lib, c, | ||||
mcl->m_len + M_TRAILINGSPACE(mcl)); | mcl->m_len + M_TRAILINGSPACE(mcl)); | ||||
} | } | ||||
/* | /* | ||||
* We drop packet when: | * We drop packet when: | ||||
* 1. libalias returns PKT_ALIAS_ERROR; | * 1. libalias returns PKT_ALIAS_ERROR; | ||||
* 2. For incoming packets: | * 2. For incoming packets: | ||||
* a) for unresolved fragments; | * a) for unresolved fragments; | ||||
* b) libalias returns PKT_ALIAS_IGNORED and | * b) libalias returns PKT_ALIAS_IGNORED and | ||||
* PKT_ALIAS_DENY_INCOMING flag is set. | * PKT_ALIAS_DENY_INCOMING flag is set. | ||||
*/ | */ | ||||
if (retval == PKT_ALIAS_ERROR || | if (retval == PKT_ALIAS_ERROR || | ||||
(args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT || | ((args->flags & IPFW_ARGS_IN) && | ||||
(retval == PKT_ALIAS_UNRESOLVED_FRAGMENT || | |||||
(retval == PKT_ALIAS_IGNORED && | (retval == PKT_ALIAS_IGNORED && | ||||
(t->mode & PKT_ALIAS_DENY_INCOMING) != 0)))) { | (t->mode & PKT_ALIAS_DENY_INCOMING) != 0)))) { | ||||
/* XXX - should i add some logging? */ | /* XXX - should i add some logging? */ | ||||
m_free(mcl); | m_free(mcl); | ||||
args->m = NULL; | args->m = NULL; | ||||
return (IP_FW_DENY); | return (IP_FW_DENY); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 840 Lines • Show Last 20 Lines |