0a1,2
> /* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c 145522 2005-04-25 18:43:14Z darrenr $ */
>
2,4c4,9
< * $Id: ip_rcmd_pxy.c,v 1.4.2.7 2003/04/26 05:59:39 darrenr Exp $
< */
< /*
---
> * Copyright (C) 1998-2003 by Darren Reed
> *
> * See the IPFILTER.LICENCE file for details on licencing.
> *
> * Id: ip_rcmd_pxy.c,v 1.41.2.4 2005/02/04 10:22:55 darrenr Exp
> *
7c12
< * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c 130886 2004-06-21 22:46:36Z darrenr $
---
> * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c 145522 2005-04-25 18:43:14Z darrenr $
9,11d13
< #if SOLARIS && defined(_KERNEL)
< extern kmutex_t ipf_rw;
< #endif
13,14d14
< #define isdigit(x) ((x) >= '0' && (x) <= '9')
<
19,20c19,22
< int ippr_rcmd_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
< int ippr_rcmd_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
---
> void ippr_rcmd_fini __P((void));
> int ippr_rcmd_new __P((fr_info_t *, ap_session_t *, nat_t *));
> int ippr_rcmd_out __P((fr_info_t *, ap_session_t *, nat_t *));
> int ippr_rcmd_in __P((fr_info_t *, ap_session_t *, nat_t *));
22c24
< int ippr_rcmd_portmsg __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
---
> int ippr_rcmd_portmsg __P((fr_info_t *, ap_session_t *, nat_t *));
25a28
> int rcmd_proxy_init = 0;
26a30
>
34a39,41
> MUTEX_INIT(&rcmdfr.fr_lock, "RCMD proxy rule lock");
> rcmd_proxy_init = 1;
>
38a46,54
> void ippr_rcmd_fini()
> {
> if (rcmd_proxy_init == 1) {
> MUTEX_DESTROY(&rcmdfr.fr_lock);
> rcmd_proxy_init = 0;
> }
> }
>
>
42c58
< int ippr_rcmd_new(fin, ip, aps, nat)
---
> int ippr_rcmd_new(fin, aps, nat)
44d59
< ip_t *ip;
49a65,67
> fin = fin; /* LINT */
> nat = nat; /* LINT */
>
52c70,73
< if (aps->aps_data == NULL)
---
> if (aps->aps_data == NULL) {
> #ifdef IP_RCMD_PROXY_DEBUG
> printf("ippr_rcmd_new:KMALLOCS(%d) failed\n", sizeof(u_32_t));
> #endif
53a75
> }
70c92
< while ((c = *s++) && isdigit(c)) {
---
> while (((c = *s++) != '\0') && ISDIGIT(c)) {
78c100
< int ippr_rcmd_portmsg(fin, ip, aps, nat)
---
> int ippr_rcmd_portmsg(fin, aps, nat)
80d101
< ip_t *ip;
84,86d104
< char portbuf[8], *s;
< struct in_addr swip;
< int off, dlen;
87a106,108
> struct in_addr swip, swip2;
> int off, dlen, nflags;
> char portbuf[8], *s;
90c111,112
< nat_t *ipn;
---
> nat_t *nat2;
> ip_t *ip;
104c126,128
< off = fin->fin_hlen + (tcp->th_off << 2);
---
> m = fin->fin_m;
> ip = fin->fin_ip;
> off = (char *)tcp - (char *)ip + (TCP_OFF(tcp) << 2) + fin->fin_ipoff;
106,111c130,131
< #if SOLARIS
< m = fin->fin_qfm;
<
< dlen = msgdsize(m) - off;
< bzero(portbuf, sizeof(portbuf));
< copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
---
> #ifdef __sgi
> dlen = fin->fin_plen - off;
113,116c133
< m = *(mb_t **)fin->fin_mp;
< dlen = mbufchainlen(m) - off;
< bzero(portbuf, sizeof(portbuf));
< m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
---
> dlen = MSGDSIZE(m) - off;
117a135,136
> if (dlen <= 0)
> return 0;
118a138,140
> bzero(portbuf, sizeof(portbuf));
> COPYDATA(m, off, MIN(sizeof(portbuf), dlen), portbuf);
>
122c144,148
< if (!sp)
---
> if (sp == 0) {
> #ifdef IP_RCMD_PROXY_DEBUG
> printf("ippr_rcmd_portmsg:sp == 0 dlen %d [%s]\n",
> dlen, portbuf);
> #endif
123a150
> }
129a157
> fi.fin_flx |= FI_IGNORE;
131,134c159,166
< fi.fin_data[1] = fin->fin_data[1];
< ipn = nat_outlookup(&fi, IPN_TCP, nat->nat_p, nat->nat_inip,
< ip->ip_dst, 0);
< if (ipn == NULL) {
---
> fi.fin_data[1] = 0;
> if (nat->nat_dir == NAT_OUTBOUND)
> nat2 = nat_outlookup(&fi, NAT_SEARCH|IPN_TCP, nat->nat_p,
> nat->nat_inip, nat->nat_oip);
> else
> nat2 = nat_inlookup(&fi, NAT_SEARCH|IPN_TCP, nat->nat_p,
> nat->nat_inip, nat->nat_oip);
> if (nat2 == NULL) {
143c175
< tcp2->th_off = 5;
---
> TCP_OFF_A(tcp2, 5);
145d176
< fi.fin_data[1] = 0;
146a178
> fi.fin_fr = &rcmdfr;
147a180,183
> fi.fin_plen = fi.fin_hlen + sizeof(*tcp2);
> fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
> nflags = NAT_SLAVE|IPN_TCP|SI_W_DPORT;
>
149,156c185,193
< ip->ip_src = nat->nat_inip;
< ipn = nat_new(&fi, ip, nat->nat_ptr, NULL, IPN_TCP|FI_W_DPORT,
< NAT_OUTBOUND);
< if (ipn != NULL) {
< ipn->nat_age = fr_defnatage;
< fi.fin_fr = &rcmdfr;
< (void) fr_addstate(ip, &fi, NULL,
< FI_W_DPORT|FI_IGNOREPKT);
---
> swip2 = ip->ip_dst;
>
> if (nat->nat_dir == NAT_OUTBOUND) {
> fi.fin_fi.fi_saddr = nat->nat_inip.s_addr;
> ip->ip_src = nat->nat_inip;
> } else {
> fi.fin_fi.fi_saddr = nat->nat_oip.s_addr;
> ip->ip_src = nat->nat_oip;
> nflags |= NAT_NOTRULEPORT;
157a195,209
>
> nat2 = nat_new(&fi, nat->nat_ptr, NULL, nflags, nat->nat_dir);
>
> if (nat2 != NULL) {
> (void) nat_proto(&fi, nat2, IPN_TCP);
> nat_update(&fi, nat2, nat2->nat_ptr);
> fi.fin_ifp = NULL;
> if (nat->nat_dir == NAT_INBOUND) {
> fi.fin_fi.fi_daddr = nat->nat_inip.s_addr;
> ip->ip_dst = nat->nat_inip;
> }
> (void) fr_addstate(&fi, &nat2->nat_state, SI_W_DPORT);
> if (fi.fin_state != NULL)
> fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
> }
159a212
> ip->ip_dst = swip2;
165c218
< int ippr_rcmd_out(fin, ip, aps, nat)
---
> int ippr_rcmd_out(fin, aps, nat)
167d219
< ip_t *ip;
171c223,225
< return ippr_rcmd_portmsg(fin, ip, aps, nat);
---
> if (nat->nat_dir == NAT_OUTBOUND)
> return ippr_rcmd_portmsg(fin, aps, nat);
> return 0;
172a227,237
>
>
> int ippr_rcmd_in(fin, aps, nat)
> fr_info_t *fin;
> ap_session_t *aps;
> nat_t *nat;
> {
> if (nat->nat_dir == NAT_INBOUND)
> return ippr_rcmd_portmsg(fin, aps, nat);
> return 0;
> }
> /* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c 145522 2005-04-25 18:43:14Z darrenr $ */
>
2,4c4,9
< * $Id: ip_rcmd_pxy.c,v 1.4.2.7 2003/04/26 05:59:39 darrenr Exp $
< */
< /*
---
> * Copyright (C) 1998-2003 by Darren Reed
> *
> * See the IPFILTER.LICENCE file for details on licencing.
> *
> * Id: ip_rcmd_pxy.c,v 1.41.2.4 2005/02/04 10:22:55 darrenr Exp
> *
7c12
< * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c 130886 2004-06-21 22:46:36Z darrenr $
---
> * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c 145522 2005-04-25 18:43:14Z darrenr $
9,11d13
< #if SOLARIS && defined(_KERNEL)
< extern kmutex_t ipf_rw;
< #endif
13,14d14
< #define isdigit(x) ((x) >= '0' && (x) <= '9')
<
19,20c19,22
< int ippr_rcmd_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
< int ippr_rcmd_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
---
> void ippr_rcmd_fini __P((void));
> int ippr_rcmd_new __P((fr_info_t *, ap_session_t *, nat_t *));
> int ippr_rcmd_out __P((fr_info_t *, ap_session_t *, nat_t *));
> int ippr_rcmd_in __P((fr_info_t *, ap_session_t *, nat_t *));
22c24
< int ippr_rcmd_portmsg __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
---
> int ippr_rcmd_portmsg __P((fr_info_t *, ap_session_t *, nat_t *));
25a28
> int rcmd_proxy_init = 0;
26a30
>
34a39,41
> MUTEX_INIT(&rcmdfr.fr_lock, "RCMD proxy rule lock");
> rcmd_proxy_init = 1;
>
38a46,54
> void ippr_rcmd_fini()
> {
> if (rcmd_proxy_init == 1) {
> MUTEX_DESTROY(&rcmdfr.fr_lock);
> rcmd_proxy_init = 0;
> }
> }
>
>
42c58
< int ippr_rcmd_new(fin, ip, aps, nat)
---
> int ippr_rcmd_new(fin, aps, nat)
44d59
< ip_t *ip;
49a65,67
> fin = fin; /* LINT */
> nat = nat; /* LINT */
>
52c70,73
< if (aps->aps_data == NULL)
---
> if (aps->aps_data == NULL) {
> #ifdef IP_RCMD_PROXY_DEBUG
> printf("ippr_rcmd_new:KMALLOCS(%d) failed\n", sizeof(u_32_t));
> #endif
53a75
> }
70c92
< while ((c = *s++) && isdigit(c)) {
---
> while (((c = *s++) != '\0') && ISDIGIT(c)) {
78c100
< int ippr_rcmd_portmsg(fin, ip, aps, nat)
---
> int ippr_rcmd_portmsg(fin, aps, nat)
80d101
< ip_t *ip;
84,86d104
< char portbuf[8], *s;
< struct in_addr swip;
< int off, dlen;
87a106,108
> struct in_addr swip, swip2;
> int off, dlen, nflags;
> char portbuf[8], *s;
90c111,112
< nat_t *ipn;
---
> nat_t *nat2;
> ip_t *ip;
104c126,128
< off = fin->fin_hlen + (tcp->th_off << 2);
---
> m = fin->fin_m;
> ip = fin->fin_ip;
> off = (char *)tcp - (char *)ip + (TCP_OFF(tcp) << 2) + fin->fin_ipoff;
106,111c130,131
< #if SOLARIS
< m = fin->fin_qfm;
<
< dlen = msgdsize(m) - off;
< bzero(portbuf, sizeof(portbuf));
< copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
---
> #ifdef __sgi
> dlen = fin->fin_plen - off;
113,116c133
< m = *(mb_t **)fin->fin_mp;
< dlen = mbufchainlen(m) - off;
< bzero(portbuf, sizeof(portbuf));
< m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
---
> dlen = MSGDSIZE(m) - off;
117a135,136
> if (dlen <= 0)
> return 0;
118a138,140
> bzero(portbuf, sizeof(portbuf));
> COPYDATA(m, off, MIN(sizeof(portbuf), dlen), portbuf);
>
122c144,148
< if (!sp)
---
> if (sp == 0) {
> #ifdef IP_RCMD_PROXY_DEBUG
> printf("ippr_rcmd_portmsg:sp == 0 dlen %d [%s]\n",
> dlen, portbuf);
> #endif
123a150
> }
129a157
> fi.fin_flx |= FI_IGNORE;
131,134c159,166
< fi.fin_data[1] = fin->fin_data[1];
< ipn = nat_outlookup(&fi, IPN_TCP, nat->nat_p, nat->nat_inip,
< ip->ip_dst, 0);
< if (ipn == NULL) {
---
> fi.fin_data[1] = 0;
> if (nat->nat_dir == NAT_OUTBOUND)
> nat2 = nat_outlookup(&fi, NAT_SEARCH|IPN_TCP, nat->nat_p,
> nat->nat_inip, nat->nat_oip);
> else
> nat2 = nat_inlookup(&fi, NAT_SEARCH|IPN_TCP, nat->nat_p,
> nat->nat_inip, nat->nat_oip);
> if (nat2 == NULL) {
143c175
< tcp2->th_off = 5;
---
> TCP_OFF_A(tcp2, 5);
145d176
< fi.fin_data[1] = 0;
146a178
> fi.fin_fr = &rcmdfr;
147a180,183
> fi.fin_plen = fi.fin_hlen + sizeof(*tcp2);
> fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
> nflags = NAT_SLAVE|IPN_TCP|SI_W_DPORT;
>
149,156c185,193
< ip->ip_src = nat->nat_inip;
< ipn = nat_new(&fi, ip, nat->nat_ptr, NULL, IPN_TCP|FI_W_DPORT,
< NAT_OUTBOUND);
< if (ipn != NULL) {
< ipn->nat_age = fr_defnatage;
< fi.fin_fr = &rcmdfr;
< (void) fr_addstate(ip, &fi, NULL,
< FI_W_DPORT|FI_IGNOREPKT);
---
> swip2 = ip->ip_dst;
>
> if (nat->nat_dir == NAT_OUTBOUND) {
> fi.fin_fi.fi_saddr = nat->nat_inip.s_addr;
> ip->ip_src = nat->nat_inip;
> } else {
> fi.fin_fi.fi_saddr = nat->nat_oip.s_addr;
> ip->ip_src = nat->nat_oip;
> nflags |= NAT_NOTRULEPORT;
157a195,209
>
> nat2 = nat_new(&fi, nat->nat_ptr, NULL, nflags, nat->nat_dir);
>
> if (nat2 != NULL) {
> (void) nat_proto(&fi, nat2, IPN_TCP);
> nat_update(&fi, nat2, nat2->nat_ptr);
> fi.fin_ifp = NULL;
> if (nat->nat_dir == NAT_INBOUND) {
> fi.fin_fi.fi_daddr = nat->nat_inip.s_addr;
> ip->ip_dst = nat->nat_inip;
> }
> (void) fr_addstate(&fi, &nat2->nat_state, SI_W_DPORT);
> if (fi.fin_state != NULL)
> fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
> }
159a212
> ip->ip_dst = swip2;
165c218
< int ippr_rcmd_out(fin, ip, aps, nat)
---
> int ippr_rcmd_out(fin, aps, nat)
167d219
< ip_t *ip;
171c223,225
< return ippr_rcmd_portmsg(fin, ip, aps, nat);
---
> if (nat->nat_dir == NAT_OUTBOUND)
> return ippr_rcmd_portmsg(fin, aps, nat);
> return 0;
172a227,237
>
>
> int ippr_rcmd_in(fin, aps, nat)
> fr_info_t *fin;
> ap_session_t *aps;
> nat_t *nat;
> {
> if (nat->nat_dir == NAT_INBOUND)
> return ippr_rcmd_portmsg(fin, aps, nat);
> return 0;
> }