2c2
< * Copyright (C) 1995-2000 by Darren Reed.
---
> * Copyright (C) 1995-2001 by Darren Reed.
4,6c4
< * Redistribution and use in source and binary forms are permitted
< * provided that this notice is preserved and due credit is given
< * to the original author and the contributors.
---
> * See the IPFILTER.LICENCE file for details on licencing.
10,13d7
< #if !defined(lint)
< /*static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.16 2000/07/18 13:57:40 darrenr Exp $";*/
< static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_nat.c 75262 2001-04-06 15:52:28Z darrenr $";
< #endif
93a88
> # include <netinet/tcp_fsm.h>
113a109,114
> #if !defined(lint)
> static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
> /* static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $"; */
> static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_nat.c 80482 2001-07-28 11:58:26Z darrenr $";
> #endif
>
304c305,306
< void fix_outcksum(sp, n)
---
> void fix_outcksum(fin, sp, n)
> fr_info_t *fin;
313d314
< #if SOLARIS2 >= 6
314a316,318
> n &= 0xffff;
> n += fin->fin_dlen;
> n = (n & 0xffff) + (n >> 16);
318d321
< #endif
329c332,333
< void fix_incksum(sp, n)
---
> void fix_incksum(fin, sp, n)
> fr_info_t *fin;
338d341
< #if SOLARIS2 >= 6
339a343,345
> n &= 0xffff;
> n += fin->fin_dlen;
> n = (n & 0xffff) + (n >> 16);
343d348
< #endif
627a633
> nat_stats.ns_maptable = maptable;
630a637
> nat_stats.ns_hostmap_sz = ipf_hostmap_sz;
1398c1405
< if ((flags == IPN_TCP) && dohwcksum &&
---
> if ((flags & IPN_TCPUDP) && dohwcksum &&
1405c1412
< sum1 += 30;
---
> sum1 += IPPROTO_TCP;
1465a1473
> u_int hv1, hv2;
1467d1474
< u_int hv;
1480,1482c1487,1503
< hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
< ipf_nattable_sz);
< natp = &nat_table[0][hv];
---
> if (!(nat->nat_flags & (FI_W_SPORT|FI_W_DPORT))) {
> hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
> 0xffffffff);
> hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1 + nat->nat_oport,
> ipf_nattable_sz);
> hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
> 0xffffffff);
> hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2 + nat->nat_oport,
> ipf_nattable_sz);
> } else {
> hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, 0, 0xffffffff);
> hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1, ipf_nattable_sz);
> hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, 0, 0xffffffff);
> hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2, ipf_nattable_sz);
> }
>
> natp = &nat_table[0][hv1];
1489,1491c1510
< hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
< ipf_nattable_sz);
< natp = &nat_table[1][hv];
---
> natp = &nat_table[1][hv2];
1607c1626
< if ((fin->fin_fi.fi_fl & FI_SHORT) || (ip->ip_off & IP_OFFMASK))
---
> if ((fin->fin_fl & FI_SHORT) || (fin->fin_off != 0))
1881c1900
< fix_outcksum(&icmp->icmp_cksum, sumd2);
---
> fix_outcksum(fin, &icmp->icmp_cksum, sumd2);
1883c1902
< fix_incksum(&icmp->icmp_cksum, sumd2);
---
> fix_incksum(fin, &icmp->icmp_cksum, sumd2);
1887c1906,1907
< nat->nat_age = fr_defnaticmpage;
---
> if (oip->ip_p == IPPROTO_ICMP)
> nat->nat_age = fr_defnaticmpage;
1920c1940,1941
< hv = NAT_HASH_FN(dst, dport, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(dst, dport, 0xffffffff);
> hv = NAT_HASH_FN(src.s_addr, hv + sport, ipf_nattable_sz);
1938c1959,1960
< hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(dst, 0, 0xffffffff);
> hv = NAT_HASH_FN(src.s_addr, hv, ipf_nattable_sz);
2002c2024,2025
< hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, 0xffffffff);
> hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz);
2010c2033,2034
< hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, 0xffffffff);
> hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz);
2044c2068,2069
< hv = NAT_HASH_FN(srcip, sport, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(srcip, sport, 0xffffffff);
> hv = NAT_HASH_FN(dst.s_addr, hv + dport, ipf_nattable_sz);
2063a2089
> hv = NAT_HASH_FN(dst.s_addr, hv, ipf_nattable_sz);
2148,2149c2174,2175
< if (!(fin->fin_fi.fi_fl & FI_TCPUDP) ||
< (fin->fin_fi.fi_fl & FI_SHORT) || (ip->ip_off & IP_OFFMASK)) {
---
> if (!(fin->fin_fl & FI_TCPUDP) ||
> (fin->fin_fl & FI_SHORT) || (fin->fin_off != 0)) {
2170a2197,2198
> int natadd = 1, i, icmpset = 1;
> u_int nflags = 0, hv, msk;
2172d2199
< int natadd = 1;
2174d2200
< u_int nflags = 0, hv, msk;
2177d2202
< int i;
2188c2213
< if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) {
---
> if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2206,2207c2231,2232
< ;
< else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) &&
---
> icmpset = 1;
> else if ((fin->fin_fl & FI_FRAG) &&
2241,2242c2266
< if ((np->in_ifp && (np->in_ifp != ifp)) ||
< !np->in_space)
---
> if (np->in_ifp && (np->in_ifp != ifp))
2286,2287c2310
< if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) &&
< np && (np->in_flags & IPN_FRAG))
---
> if (natadd && (fin->fin_fl & FI_FRAG) && np)
2307c2330
< fix_incksum(&ip->ip_sum, sumd);
---
> fix_incksum(fin, &ip->ip_sum, sumd);
2309c2332
< fix_outcksum(&ip->ip_sum, sumd);
---
> fix_outcksum(fin, &ip->ip_sum, sumd);
2314c2337
< fix_outcksum(&ip->ip_sum, nat->nat_ipsumd);
---
> fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2316c2339
< fix_incksum(&ip->ip_sum, nat->nat_ipsumd);
---
> fix_incksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2321,2322c2344
< if (!(ip->ip_off & IP_OFFMASK) &&
< !(fin->fin_fi.fi_fl & FI_SHORT)) {
---
> if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2355c2377,2378
< nat->nat_age = fr_defnaticmpage;
---
> if (!icmpset)
> nat->nat_age = fr_defnaticmpage;
2360c2383
< fix_outcksum(csump, nat->nat_sumd[1]);
---
> fix_outcksum(fin, csump, nat->nat_sumd[1]);
2362c2385
< fix_incksum(csump, nat->nat_sumd[1]);
---
> fix_incksum(fin, csump, nat->nat_sumd[1]);
2392a2416
> u_short sport = 0, dport = 0, *csump = NULL;
2396c2420
< u_short sport = 0, dport = 0, *csump = NULL;
---
> int i, icmpset = 0;
2399d2422
< int i;
2404c2427
< if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) {
---
> if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2424,2425c2447,2448
< ;
< else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) &&
---
> icmpset = 1;
> else if ((fin->fin_fl & FI_FRAG) &&
2492,2493c2515
< if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) &&
< np && (np->in_flags & IPN_FRAG))
---
> if (natadd && (fin->fin_fl & FI_FRAG) && np)
2520c2542
< fix_incksum(&ip->ip_sum, nat->nat_ipsumd);
---
> fix_incksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2522c2544
< fix_outcksum(&ip->ip_sum, nat->nat_ipsumd);
---
> fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2524,2525c2546
< if (!(ip->ip_off & IP_OFFMASK) &&
< !(fin->fin_fi.fi_fl & FI_SHORT)) {
---
> if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2558c2579,2580
< nat->nat_age = fr_defnaticmpage;
---
> if (!icmpset)
> nat->nat_age = fr_defnaticmpage;
2563c2585
< fix_incksum(csump, nat->nat_sumd[0]);
---
> fix_incksum(fin, csump, nat->nat_sumd[0]);
2565c2587
< fix_outcksum(csump, nat->nat_sumd[0]);
---
> fix_outcksum(fin, csump, nat->nat_sumd[0]);
< * Copyright (C) 1995-2000 by Darren Reed.
---
> * Copyright (C) 1995-2001 by Darren Reed.
4,6c4
< * Redistribution and use in source and binary forms are permitted
< * provided that this notice is preserved and due credit is given
< * to the original author and the contributors.
---
> * See the IPFILTER.LICENCE file for details on licencing.
10,13d7
< #if !defined(lint)
< /*static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.16 2000/07/18 13:57:40 darrenr Exp $";*/
< static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_nat.c 75262 2001-04-06 15:52:28Z darrenr $";
< #endif
93a88
> # include <netinet/tcp_fsm.h>
113a109,114
> #if !defined(lint)
> static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
> /* static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $"; */
> static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_nat.c 80482 2001-07-28 11:58:26Z darrenr $";
> #endif
>
304c305,306
< void fix_outcksum(sp, n)
---
> void fix_outcksum(fin, sp, n)
> fr_info_t *fin;
313d314
< #if SOLARIS2 >= 6
314a316,318
> n &= 0xffff;
> n += fin->fin_dlen;
> n = (n & 0xffff) + (n >> 16);
318d321
< #endif
329c332,333
< void fix_incksum(sp, n)
---
> void fix_incksum(fin, sp, n)
> fr_info_t *fin;
338d341
< #if SOLARIS2 >= 6
339a343,345
> n &= 0xffff;
> n += fin->fin_dlen;
> n = (n & 0xffff) + (n >> 16);
343d348
< #endif
627a633
> nat_stats.ns_maptable = maptable;
630a637
> nat_stats.ns_hostmap_sz = ipf_hostmap_sz;
1398c1405
< if ((flags == IPN_TCP) && dohwcksum &&
---
> if ((flags & IPN_TCPUDP) && dohwcksum &&
1405c1412
< sum1 += 30;
---
> sum1 += IPPROTO_TCP;
1465a1473
> u_int hv1, hv2;
1467d1474
< u_int hv;
1480,1482c1487,1503
< hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
< ipf_nattable_sz);
< natp = &nat_table[0][hv];
---
> if (!(nat->nat_flags & (FI_W_SPORT|FI_W_DPORT))) {
> hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
> 0xffffffff);
> hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1 + nat->nat_oport,
> ipf_nattable_sz);
> hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
> 0xffffffff);
> hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2 + nat->nat_oport,
> ipf_nattable_sz);
> } else {
> hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, 0, 0xffffffff);
> hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1, ipf_nattable_sz);
> hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, 0, 0xffffffff);
> hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2, ipf_nattable_sz);
> }
>
> natp = &nat_table[0][hv1];
1489,1491c1510
< hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
< ipf_nattable_sz);
< natp = &nat_table[1][hv];
---
> natp = &nat_table[1][hv2];
1607c1626
< if ((fin->fin_fi.fi_fl & FI_SHORT) || (ip->ip_off & IP_OFFMASK))
---
> if ((fin->fin_fl & FI_SHORT) || (fin->fin_off != 0))
1881c1900
< fix_outcksum(&icmp->icmp_cksum, sumd2);
---
> fix_outcksum(fin, &icmp->icmp_cksum, sumd2);
1883c1902
< fix_incksum(&icmp->icmp_cksum, sumd2);
---
> fix_incksum(fin, &icmp->icmp_cksum, sumd2);
1887c1906,1907
< nat->nat_age = fr_defnaticmpage;
---
> if (oip->ip_p == IPPROTO_ICMP)
> nat->nat_age = fr_defnaticmpage;
1920c1940,1941
< hv = NAT_HASH_FN(dst, dport, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(dst, dport, 0xffffffff);
> hv = NAT_HASH_FN(src.s_addr, hv + sport, ipf_nattable_sz);
1938c1959,1960
< hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(dst, 0, 0xffffffff);
> hv = NAT_HASH_FN(src.s_addr, hv, ipf_nattable_sz);
2002c2024,2025
< hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, 0xffffffff);
> hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz);
2010c2033,2034
< hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, 0xffffffff);
> hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz);
2044c2068,2069
< hv = NAT_HASH_FN(srcip, sport, ipf_nattable_sz);
---
> hv = NAT_HASH_FN(srcip, sport, 0xffffffff);
> hv = NAT_HASH_FN(dst.s_addr, hv + dport, ipf_nattable_sz);
2063a2089
> hv = NAT_HASH_FN(dst.s_addr, hv, ipf_nattable_sz);
2148,2149c2174,2175
< if (!(fin->fin_fi.fi_fl & FI_TCPUDP) ||
< (fin->fin_fi.fi_fl & FI_SHORT) || (ip->ip_off & IP_OFFMASK)) {
---
> if (!(fin->fin_fl & FI_TCPUDP) ||
> (fin->fin_fl & FI_SHORT) || (fin->fin_off != 0)) {
2170a2197,2198
> int natadd = 1, i, icmpset = 1;
> u_int nflags = 0, hv, msk;
2172d2199
< int natadd = 1;
2174d2200
< u_int nflags = 0, hv, msk;
2177d2202
< int i;
2188c2213
< if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) {
---
> if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2206,2207c2231,2232
< ;
< else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) &&
---
> icmpset = 1;
> else if ((fin->fin_fl & FI_FRAG) &&
2241,2242c2266
< if ((np->in_ifp && (np->in_ifp != ifp)) ||
< !np->in_space)
---
> if (np->in_ifp && (np->in_ifp != ifp))
2286,2287c2310
< if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) &&
< np && (np->in_flags & IPN_FRAG))
---
> if (natadd && (fin->fin_fl & FI_FRAG) && np)
2307c2330
< fix_incksum(&ip->ip_sum, sumd);
---
> fix_incksum(fin, &ip->ip_sum, sumd);
2309c2332
< fix_outcksum(&ip->ip_sum, sumd);
---
> fix_outcksum(fin, &ip->ip_sum, sumd);
2314c2337
< fix_outcksum(&ip->ip_sum, nat->nat_ipsumd);
---
> fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2316c2339
< fix_incksum(&ip->ip_sum, nat->nat_ipsumd);
---
> fix_incksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2321,2322c2344
< if (!(ip->ip_off & IP_OFFMASK) &&
< !(fin->fin_fi.fi_fl & FI_SHORT)) {
---
> if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2355c2377,2378
< nat->nat_age = fr_defnaticmpage;
---
> if (!icmpset)
> nat->nat_age = fr_defnaticmpage;
2360c2383
< fix_outcksum(csump, nat->nat_sumd[1]);
---
> fix_outcksum(fin, csump, nat->nat_sumd[1]);
2362c2385
< fix_incksum(csump, nat->nat_sumd[1]);
---
> fix_incksum(fin, csump, nat->nat_sumd[1]);
2392a2416
> u_short sport = 0, dport = 0, *csump = NULL;
2396c2420
< u_short sport = 0, dport = 0, *csump = NULL;
---
> int i, icmpset = 0;
2399d2422
< int i;
2404c2427
< if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) {
---
> if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2424,2425c2447,2448
< ;
< else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) &&
---
> icmpset = 1;
> else if ((fin->fin_fl & FI_FRAG) &&
2492,2493c2515
< if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) &&
< np && (np->in_flags & IPN_FRAG))
---
> if (natadd && (fin->fin_fl & FI_FRAG) && np)
2520c2542
< fix_incksum(&ip->ip_sum, nat->nat_ipsumd);
---
> fix_incksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2522c2544
< fix_outcksum(&ip->ip_sum, nat->nat_ipsumd);
---
> fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2524,2525c2546
< if (!(ip->ip_off & IP_OFFMASK) &&
< !(fin->fin_fi.fi_fl & FI_SHORT)) {
---
> if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2558c2579,2580
< nat->nat_age = fr_defnaticmpage;
---
> if (!icmpset)
> nat->nat_age = fr_defnaticmpage;
2563c2585
< fix_incksum(csump, nat->nat_sumd[0]);
---
> fix_incksum(fin, csump, nat->nat_sumd[0]);
2565c2587
< fix_outcksum(csump, nat->nat_sumd[0]);
---
> fix_outcksum(fin, csump, nat->nat_sumd[0]);