Cross Reference: /freebsd-10.2-release/sys/contrib/ipfilter/netinet/ip

Deleted Added

sdiff udiff text old ( 75262 ) new ( 80482 )

full compact

ip_nat.c (75262)	ip_nat.c (80482)
1/*	1/*
2 * Copyright (C) 1995-2000 by Darren Reed.	2 * Copyright (C) 1995-2001 by Darren Reed.
3 *	3 *
4 * Redistribution and use in source and binary forms are permitted 5 * provided that this notice is preserved and due credit is given 6 * to the original author and the contributors.	4 * See the IPFILTER.LICENCE file for details on licencing.
7 * 8 * Added redirect stuff and a LOT of bug fixes. (mcn@EnGarde.com) 9 */	5 * 6 * Added redirect stuff and a LOT of bug fixes. (mcn@EnGarde.com) 7 */
10#if !defined(lint) 11/static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.16 2000/07/18 13:57:40 darrenr Exp $";/ 12static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_nat.c 75262 2001-04-06 15:52:28Z darrenr $"; 13#endif
14 15#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) 16#define _KERNEL 17#endif 18 19#include <sys/errno.h> 20#include <sys/types.h> 21#include <sys/param.h> --- 64 unchanged lines hidden (view full) --- 86#ifdef RFC1825 87# include <vpn/md5.h> 88# include <vpn/ipsec.h> 89extern struct ifnet vpnif; 90#endif 91 92#ifndef linux 93# include <netinet/ip_var.h>	8 9#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) 10#define _KERNEL 11#endif 12 13#include <sys/errno.h> 14#include <sys/types.h> 15#include <sys/param.h> --- 64 unchanged lines hidden (view full) --- 80#ifdef RFC1825 81# include <vpn/md5.h> 82# include <vpn/ipsec.h> 83extern struct ifnet vpnif; 84#endif 85 86#ifndef linux 87# include <netinet/ip_var.h>
	88# include <netinet/tcp_fsm.h>
94#endif 95#include <netinet/tcp.h> 96#include <netinet/udp.h> 97#include <netinet/ip_icmp.h> 98#include "netinet/ip_compat.h" 99#include <netinet/tcpip.h> 100#include "netinet/ip_fil.h" 101#include "netinet/ip_proxy.h" --- 4 unchanged lines hidden (view full) --- 106# include <sys/malloc.h> 107#endif 108#ifndef MIN 109# define MIN(a,b) (((a)<(b))?(a):(b)) 110#endif 111#undef SOCKADDR_IN 112#define SOCKADDR_IN struct sockaddr_in 113	89#endif 90#include <netinet/tcp.h> 91#include <netinet/udp.h> 92#include <netinet/ip_icmp.h> 93#include "netinet/ip_compat.h" 94#include <netinet/tcpip.h> 95#include "netinet/ip_fil.h" 96#include "netinet/ip_proxy.h" --- 4 unchanged lines hidden (view full) --- 101# include <sys/malloc.h> 102#endif 103#ifndef MIN 104# define MIN(a,b) (((a)<(b))?(a):(b)) 105#endif 106#undef SOCKADDR_IN 107#define SOCKADDR_IN struct sockaddr_in 108
	109#if !defined(lint) 110static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; 111/* static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $"; / 112static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_nat.c 80482 2001-07-28 11:58:26Z darrenr $"; 113#endif 114*
114nat_t *nat_table[2] = { NULL, NULL }, 115* nat_instances = NULL; 116ipnat_t nat_list = NULL; 117u_int ipf_nattable_sz = NAT_TABLE_SZ; 118u_int ipf_natrules_sz = NAT_SIZE; 119u_int ipf_rdrrules_sz = RDR_SIZE; 120u_int ipf_hostmap_sz = HOSTMAP_SIZE; 121u_32_t nat_masks = 0; --- 174 unchanged lines hidden (view full) --- 296 if (hm->hm_next) 297 hm->hm_next->hm_pnext = hm->hm_pnext; 298 hm->hm_pnext = hm->hm_next; 299* KFREE(hm); 300 } 301} 302 303	115nat_t *nat_table[2] = { NULL, NULL }, 116* nat_instances = NULL; 117ipnat_t nat_list = NULL; 118u_int ipf_nattable_sz = NAT_TABLE_SZ; 119u_int ipf_natrules_sz = NAT_SIZE; 120u_int ipf_rdrrules_sz = RDR_SIZE; 121u_int ipf_hostmap_sz = HOSTMAP_SIZE; 122u_32_t nat_masks = 0; --- 174 unchanged lines hidden (view full) --- 297 if (hm->hm_next) 298 hm->hm_next->hm_pnext = hm->hm_pnext; 299 hm->hm_pnext = hm->hm_next; 300* KFREE(hm); 301 } 302} 303 304
304void fix_outcksum(sp, n)	305void fix_outcksum(fin, sp, n) 306fr_info_t *fin;
305u_short sp; 306u_32_t n; 307{ 308* register u_short sumshort; 309 register u_32_t sum1; 310 311 if (!n) 312 return;	307u_short sp; 308u_32_t n; 309{ 310* register u_short sumshort; 311 register u_32_t sum1; 312 313 if (!n) 314 return;
313#if SOLARIS2 >= 6
314 else if (n & NAT_HW_CKSUM) {	315 else if (n & NAT_HW_CKSUM) {
	316 n &= 0xffff; 317 n += fin->fin_dlen; 318 n = (n & 0xffff) + (n >> 16);
315 sp = n & 0xffff; 316* return; 317 }	319 sp = n & 0xffff; 320* return; 321 }
318#endif
319 sum1 = (~ntohs(sp)) & 0xffff; 320* sum1 += (n); 321 sum1 = (sum1 >> 16) + (sum1 & 0xffff); 322 /* Again / 323* sum1 = (sum1 >> 16) + (sum1 & 0xffff); 324 sumshort = ~(u_short)sum1; 325 (sp) = htons(sumshort); 326} 327* 328	322 sum1 = (~ntohs(sp)) & 0xffff; 323* sum1 += (n); 324 sum1 = (sum1 >> 16) + (sum1 & 0xffff); 325 /* Again / 326* sum1 = (sum1 >> 16) + (sum1 & 0xffff); 327 sumshort = ~(u_short)sum1; 328 (sp) = htons(sumshort); 329} 330* 331
329void fix_incksum(sp, n)	332void fix_incksum(fin, sp, n) 333fr_info_t *fin;
330u_short sp; 331u_32_t n; 332{ 333* register u_short sumshort; 334 register u_32_t sum1; 335 336 if (!n) 337 return;	334u_short sp; 335u_32_t n; 336{ 337* register u_short sumshort; 338 register u_32_t sum1; 339 340 if (!n) 341 return;
338#if SOLARIS2 >= 6
339 else if (n & NAT_HW_CKSUM) {	342 else if (n & NAT_HW_CKSUM) {
	343 n &= 0xffff; 344 n += fin->fin_dlen; 345 n = (n & 0xffff) + (n >> 16);
340 sp = n & 0xffff; 341* return; 342 }	346 sp = n & 0xffff; 347* return; 348 }
343#endif
344#ifdef sparc 345 sum1 = (~(sp)) & 0xffff; 346#else 347* sum1 = (~ntohs(sp)) & 0xffff; 348#endif 349* sum1 += ~(n) & 0xffff; 350 sum1 = (sum1 >> 16) + (sum1 & 0xffff); 351 /* Again / --- 268 unchanged lines hidden* (view full) --- 620 } 621 n = NULL; 622 break; 623 case SIOCGNATS : 624 MUTEX_DOWNGRADE(&ipf_nat); 625 nat_stats.ns_table[0] = nat_table[0]; 626 nat_stats.ns_table[1] = nat_table[1]; 627 nat_stats.ns_list = nat_list;	349#ifdef sparc 350 sum1 = (~(sp)) & 0xffff; 351#else 352* sum1 = (~ntohs(sp)) & 0xffff; 353#endif 354* sum1 += ~(n) & 0xffff; 355 sum1 = (sum1 >> 16) + (sum1 & 0xffff); 356 /* Again / --- 268 unchanged lines hidden* (view full) --- 625 } 626 n = NULL; 627 break; 628 case SIOCGNATS : 629 MUTEX_DOWNGRADE(&ipf_nat); 630 nat_stats.ns_table[0] = nat_table[0]; 631 nat_stats.ns_table[1] = nat_table[1]; 632 nat_stats.ns_list = nat_list;
	633 nat_stats.ns_maptable = maptable;
628 nat_stats.ns_nattab_sz = ipf_nattable_sz; 629 nat_stats.ns_rultab_sz = ipf_natrules_sz; 630 nat_stats.ns_rdrtab_sz = ipf_rdrrules_sz;	634 nat_stats.ns_nattab_sz = ipf_nattable_sz; 635 nat_stats.ns_rultab_sz = ipf_natrules_sz; 636 nat_stats.ns_rdrtab_sz = ipf_rdrrules_sz;
	637 nat_stats.ns_hostmap_sz = ipf_hostmap_sz;
631 nat_stats.ns_instances = nat_instances; 632 nat_stats.ns_apslist = ap_sess_list; 633 error = IWCOPYPTR((char )&nat_stats, (char )data, 634 sizeof(nat_stats)); 635 break; 636 case SIOCGNATL : 637 { 638 natlookup_t nl; --- 751 unchanged lines hidden (view full) --- 1390 nat->nat_outport = dport; 1391 nat->nat_oport = sport; 1392 } 1393 } 1394 1395 CALC_SUMD(sum1, sum2, sumd); 1396 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16); 1397#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6)	638 nat_stats.ns_instances = nat_instances; 639 nat_stats.ns_apslist = ap_sess_list; 640 error = IWCOPYPTR((char )&nat_stats, (char )data, 641 sizeof(nat_stats)); 642 break; 643 case SIOCGNATL : 644 { 645 natlookup_t nl; --- 751 unchanged lines hidden (view full) --- 1397 nat->nat_outport = dport; 1398 nat->nat_oport = sport; 1399 } 1400 } 1401 1402 CALC_SUMD(sum1, sum2, sumd); 1403 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16); 1404#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6)
1398 if ((flags == IPN_TCP) && dohwcksum &&	1405 if ((flags & IPN_TCPUDP) && dohwcksum &&
1399 (qf->qf_ill->ill_ick.ick_magic == ICK_M_CTL_MAGIC)) { 1400 if (direction == NAT_OUTBOUND) 1401 sum1 = LONG_SUM(ntohl(in.s_addr)); 1402 else 1403 sum1 = LONG_SUM(ntohl(ip->ip_src.s_addr)); 1404 sum1 += LONG_SUM(ntohl(ip->ip_dst.s_addr));	1406 (qf->qf_ill->ill_ick.ick_magic == ICK_M_CTL_MAGIC)) { 1407 if (direction == NAT_OUTBOUND) 1408 sum1 = LONG_SUM(ntohl(in.s_addr)); 1409 else 1410 sum1 = LONG_SUM(ntohl(ip->ip_src.s_addr)); 1411 sum1 += LONG_SUM(ntohl(ip->ip_dst.s_addr));
1405 sum1 += 30;	1412 sum1 += IPPROTO_TCP;
1406 sum1 = (sum1 & 0xffff) + (sum1 >> 16); 1407 nat->nat_sumd[1] = NAT_HW_CKSUM\|(sum1 & 0xffff); 1408 } else 1409#endif 1410 nat->nat_sumd[1] = nat->nat_sumd[0]; 1411 1412 if ((flags & IPN_TCPUDP) && ((sport != port) \|\| (dport != nport))) { 1413 if (direction == NAT_OUTBOUND) --- 44 unchanged lines hidden (view full) --- 1458 KFREE(nat); 1459 return NULL; 1460} 1461 1462 1463void nat_insert(nat) 1464nat_t nat; 1465*{	1413 sum1 = (sum1 & 0xffff) + (sum1 >> 16); 1414 nat->nat_sumd[1] = NAT_HW_CKSUM\|(sum1 & 0xffff); 1415 } else 1416#endif 1417 nat->nat_sumd[1] = nat->nat_sumd[0]; 1418 1419 if ((flags & IPN_TCPUDP) && ((sport != port) \|\| (dport != nport))) { 1420 if (direction == NAT_OUTBOUND) --- 44 unchanged lines hidden (view full) --- 1465 KFREE(nat); 1466 return NULL; 1467} 1468 1469 1470void nat_insert(nat) 1471nat_t nat; 1472*{
	1473 u_int hv1, hv2;
1466 nat_t **natp;	1474 nat_t **natp;
1467 u_int hv;
1468 1469 MUTEX_INIT(&nat->nat_lock, "nat entry lock", NULL); 1470 1471 nat->nat_age = fr_defnatage; 1472 nat->nat_ifname[sizeof(nat->nat_ifname) - 1] = '\0'; 1473 if (nat->nat_ifname[0] !='\0') { 1474 nat->nat_ifp = GETUNIT(nat->nat_ifname, 4); 1475 } 1476 1477 nat->nat_next = nat_instances; 1478 nat_instances = nat; 1479	1475 1476 MUTEX_INIT(&nat->nat_lock, "nat entry lock", NULL); 1477 1478 nat->nat_age = fr_defnatage; 1479 nat->nat_ifname[sizeof(nat->nat_ifname) - 1] = '\0'; 1480 if (nat->nat_ifname[0] !='\0') { 1481 nat->nat_ifp = GETUNIT(nat->nat_ifname, 4); 1482 } 1483 1484 nat->nat_next = nat_instances; 1485 nat_instances = nat; 1486
1480 hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport, 1481 ipf_nattable_sz); 1482 natp = &nat_table[0][hv];	1487 if (!(nat->nat_flags & (FI_W_SPORT\|FI_W_DPORT))) { 1488 hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport, 1489 0xffffffff); 1490 hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1 + nat->nat_oport, 1491 ipf_nattable_sz); 1492 hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport, 1493 0xffffffff); 1494 hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2 + nat->nat_oport, 1495 ipf_nattable_sz); 1496 } else { 1497 hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, 0, 0xffffffff); 1498 hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1, ipf_nattable_sz); 1499 hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, 0, 0xffffffff); 1500 hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2, ipf_nattable_sz); 1501 } 1502 1503 natp = &nat_table[0][hv1];
1483 if (natp) 1484* (natp)->nat_phnext[0] = &nat->nat_hnext[0]; 1485* nat->nat_phnext[0] = natp; 1486 nat->nat_hnext[0] = natp; 1487* natp = nat; 1488*	1504 if (natp) 1505* (natp)->nat_phnext[0] = &nat->nat_hnext[0]; 1506* nat->nat_phnext[0] = natp; 1507 nat->nat_hnext[0] = natp; 1508* natp = nat; 1509*
1489 hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport, 1490 ipf_nattable_sz); 1491 natp = &nat_table[1][hv];	1510 natp = &nat_table[1][hv2];
1492 if (natp) 1493* (natp)->nat_phnext[1] = &nat->nat_hnext[1]; 1494* nat->nat_phnext[1] = natp; 1495 nat->nat_hnext[1] = natp; 1496* natp = nat; 1497* 1498 nat_stats.ns_added++; 1499 nat_stats.ns_inuse++; --- 99 unchanged lines hidden (view full) --- 1599 u_32_t sum1, sum2, sumd, sumd2 = 0; 1600 struct in_addr in; 1601 icmphdr_t icmp; 1602* udphdr_t udp; 1603* nat_t nat; 1604* ip_t oip; 1605* int flags = 0; 1606	1511 if (natp) 1512* (natp)->nat_phnext[1] = &nat->nat_hnext[1]; 1513* nat->nat_phnext[1] = natp; 1514 nat->nat_hnext[1] = natp; 1515* natp = nat; 1516* 1517 nat_stats.ns_added++; 1518 nat_stats.ns_inuse++; --- 99 unchanged lines hidden (view full) --- 1618 u_32_t sum1, sum2, sumd, sumd2 = 0; 1619 struct in_addr in; 1620 icmphdr_t icmp; 1621* udphdr_t udp; 1622* nat_t nat; 1623* ip_t oip; 1624* int flags = 0; 1625
1607 if ((fin->fin_fi.fi_fl & FI_SHORT) \|\| (ip->ip_off & IP_OFFMASK))	1626 if ((fin->fin_fl & FI_SHORT) \|\| (fin->fin_off != 0))
1608 return NULL; 1609 /* 1610 * nat_icmplookup() will return NULL for `defective' packets. 1611 / 1612* if ((ip->ip_v != 4) \|\| !(nat = nat_icmplookup(ip, fin, dir))) 1613 return NULL; 1614 nflags = IPN_ICMPERR; 1615* icmp = (icmphdr_t )fin->fin_dp; --- 257 unchanged lines hidden* (view full) --- 1873 sumd2 += sumd; 1874 } 1875 } 1876 } 1877 if (sumd2) { 1878 sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); 1879 sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); 1880 if (nat->nat_dir == NAT_OUTBOUND) {	1627 return NULL; 1628 /* 1629 * nat_icmplookup() will return NULL for `defective' packets. 1630 / 1631* if ((ip->ip_v != 4) \|\| !(nat = nat_icmplookup(ip, fin, dir))) 1632 return NULL; 1633 nflags = IPN_ICMPERR; 1634* icmp = (icmphdr_t )fin->fin_dp; --- 257 unchanged lines hidden* (view full) --- 1892 sumd2 += sumd; 1893 } 1894 } 1895 } 1896 if (sumd2) { 1897 sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); 1898 sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); 1899 if (nat->nat_dir == NAT_OUTBOUND) {
1881 fix_outcksum(&icmp->icmp_cksum, sumd2);	1900 fix_outcksum(fin, &icmp->icmp_cksum, sumd2);
1882 } else {	1901 } else {
1883 fix_incksum(&icmp->icmp_cksum, sumd2);	1902 fix_incksum(fin, &icmp->icmp_cksum, sumd2);
1884 } 1885 } 1886 }	1903 } 1904 } 1905 }
1887 nat->nat_age = fr_defnaticmpage;	1906 if (oip->ip_p == IPPROTO_ICMP) 1907 nat->nat_age = fr_defnaticmpage;
1888 return nat; 1889} 1890 1891 1892/* 1893 * NB: these lookups don't lock access to the list, it assume it has already 1894 * been done! 1895 / --- 16 unchanged lines hidden* (view full) --- 1912 register u_32_t dst; 1913 u_int hv; 1914 1915 dst = mapdst.s_addr; 1916 dport = ports >> 16; 1917 sport = ports & 0xffff; 1918 flags &= IPN_TCPUDP; 1919	1908 return nat; 1909} 1910 1911 1912/* 1913 * NB: these lookups don't lock access to the list, it assume it has already 1914 * been done! 1915 / --- 16 unchanged lines hidden* (view full) --- 1932 register u_32_t dst; 1933 u_int hv; 1934 1935 dst = mapdst.s_addr; 1936 dport = ports >> 16; 1937 sport = ports & 0xffff; 1938 flags &= IPN_TCPUDP; 1939
1920 hv = NAT_HASH_FN(dst, dport, ipf_nattable_sz);	1940 hv = NAT_HASH_FN(dst, dport, 0xffffffff); 1941 hv = NAT_HASH_FN(src.s_addr, hv + sport, ipf_nattable_sz);
1921 nat = nat_table[1][hv]; 1922 for (; nat; nat = nat->nat_hnext[1]) { 1923 nflags = nat->nat_flags; 1924 if ((!ifp \|\| ifp == nat->nat_ifp) && 1925 nat->nat_oip.s_addr == src.s_addr && 1926 nat->nat_outip.s_addr == dst && 1927 (((p == 0) && (flags == (nat->nat_flags & IPN_TCPUDP))) 1928 \|\| (p == nat->nat_p)) && (!flags \|\| 1929 (((nat->nat_oport == sport) \|\| (nflags & FI_W_DPORT)) && 1930 ((nat->nat_outport == dport) \|\| (nflags & FI_W_SPORT))))) 1931 return nat; 1932 } 1933 if (!nat_stats.ns_wilds \|\| !(flags & IPN_TCPUDP)) 1934 return NULL; 1935 if (!rw) { 1936 RWLOCK_EXIT(&ipf_nat); 1937 }	1942 nat = nat_table[1][hv]; 1943 for (; nat; nat = nat->nat_hnext[1]) { 1944 nflags = nat->nat_flags; 1945 if ((!ifp \|\| ifp == nat->nat_ifp) && 1946 nat->nat_oip.s_addr == src.s_addr && 1947 nat->nat_outip.s_addr == dst && 1948 (((p == 0) && (flags == (nat->nat_flags & IPN_TCPUDP))) 1949 \|\| (p == nat->nat_p)) && (!flags \|\| 1950 (((nat->nat_oport == sport) \|\| (nflags & FI_W_DPORT)) && 1951 ((nat->nat_outport == dport) \|\| (nflags & FI_W_SPORT))))) 1952 return nat; 1953 } 1954 if (!nat_stats.ns_wilds \|\| !(flags & IPN_TCPUDP)) 1955 return NULL; 1956 if (!rw) { 1957 RWLOCK_EXIT(&ipf_nat); 1958 }
1938 hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz);	1959 hv = NAT_HASH_FN(dst, 0, 0xffffffff); 1960 hv = NAT_HASH_FN(src.s_addr, hv, ipf_nattable_sz);
1939 if (!rw) { 1940 WRITE_ENTER(&ipf_nat); 1941 } 1942 nat = nat_table[1][hv]; 1943 for (; nat; nat = nat->nat_hnext[1]) { 1944 nflags = nat->nat_flags; 1945 if (ifp && ifp != nat->nat_ifp) 1946 continue; --- 47 unchanged lines hidden (view full) --- 1994 1995 if (nat->nat_hnext[1]) 1996 nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1]; 1997 nat->nat_phnext[1] = nat->nat_hnext[1]; 1998* 1999 /* 2000 * Add into the NAT table in the new position 2001 */	1961 if (!rw) { 1962 WRITE_ENTER(&ipf_nat); 1963 } 1964 nat = nat_table[1][hv]; 1965 for (; nat; nat = nat->nat_hnext[1]) { 1966 nflags = nat->nat_flags; 1967 if (ifp && ifp != nat->nat_ifp) 1968 continue; --- 47 unchanged lines hidden (view full) --- 2016 2017 if (nat->nat_hnext[1]) 2018 nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1]; 2019 nat->nat_phnext[1] = nat->nat_hnext[1]; 2020* 2021 /* 2022 * Add into the NAT table in the new position 2023 */
2002 hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, ipf_nattable_sz);	2024 hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, 0xffffffff); 2025 hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz);
2003 natp = &nat_table[0][hv]; 2004 if (natp) 2005* (natp)->nat_phnext[0] = &nat->nat_hnext[0]; 2006* nat->nat_phnext[0] = natp; 2007 nat->nat_hnext[0] = natp; 2008* natp = nat; 2009*	2026 natp = &nat_table[0][hv]; 2027 if (natp) 2028* (natp)->nat_phnext[0] = &nat->nat_hnext[0]; 2029* nat->nat_phnext[0] = natp; 2030 nat->nat_hnext[0] = natp; 2031* natp = nat; 2032*
2010 hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, ipf_nattable_sz);	2033 hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, 0xffffffff); 2034 hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz);
2011 natp = &nat_table[1][hv]; 2012 if (natp) 2013* (natp)->nat_phnext[1] = &nat->nat_hnext[1]; 2014* nat->nat_phnext[1] = natp; 2015 nat->nat_hnext[1] = natp; 2016* natp = nat; 2017} 2018* --- 17 unchanged lines hidden (view full) --- 2036 u_32_t srcip; 2037 u_int hv; 2038 2039 sport = ports & 0xffff; 2040 dport = ports >> 16; 2041 flags &= IPN_TCPUDP; 2042 srcip = src.s_addr; 2043	2035 natp = &nat_table[1][hv]; 2036 if (natp) 2037* (natp)->nat_phnext[1] = &nat->nat_hnext[1]; 2038* nat->nat_phnext[1] = natp; 2039 nat->nat_hnext[1] = natp; 2040* natp = nat; 2041} 2042* --- 17 unchanged lines hidden (view full) --- 2060 u_32_t srcip; 2061 u_int hv; 2062 2063 sport = ports & 0xffff; 2064 dport = ports >> 16; 2065 flags &= IPN_TCPUDP; 2066 srcip = src.s_addr; 2067
2044 hv = NAT_HASH_FN(srcip, sport, ipf_nattable_sz);	2068 hv = NAT_HASH_FN(srcip, sport, 0xffffffff); 2069 hv = NAT_HASH_FN(dst.s_addr, hv + dport, ipf_nattable_sz);
2045 nat = nat_table[0][hv]; 2046 for (; nat; nat = nat->nat_hnext[0]) { 2047 nflags = nat->nat_flags; 2048 2049 if ((!ifp \|\| ifp == nat->nat_ifp) && 2050 nat->nat_inip.s_addr == srcip && 2051 nat->nat_oip.s_addr == dst.s_addr && 2052 (((p == 0) && (flags == (nflags & IPN_TCPUDP))) 2053 \|\| (p == nat->nat_p)) && (!flags \|\| 2054 ((nat->nat_inport == sport \|\| nflags & FI_W_SPORT) && 2055 (nat->nat_oport == dport \|\| nflags & FI_W_DPORT)))) 2056 return nat; 2057 } 2058 if (!nat_stats.ns_wilds \|\| !(flags & IPN_TCPUDP)) 2059 return NULL; 2060 if (!rw) { 2061 RWLOCK_EXIT(&ipf_nat); 2062 } 2063 hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz);	2070 nat = nat_table[0][hv]; 2071 for (; nat; nat = nat->nat_hnext[0]) { 2072 nflags = nat->nat_flags; 2073 2074 if ((!ifp \|\| ifp == nat->nat_ifp) && 2075 nat->nat_inip.s_addr == srcip && 2076 nat->nat_oip.s_addr == dst.s_addr && 2077 (((p == 0) && (flags == (nflags & IPN_TCPUDP))) 2078 \|\| (p == nat->nat_p)) && (!flags \|\| 2079 ((nat->nat_inport == sport \|\| nflags & FI_W_SPORT) && 2080 (nat->nat_oport == dport \|\| nflags & FI_W_DPORT)))) 2081 return nat; 2082 } 2083 if (!nat_stats.ns_wilds \|\| !(flags & IPN_TCPUDP)) 2084 return NULL; 2085 if (!rw) { 2086 RWLOCK_EXIT(&ipf_nat); 2087 } 2088 hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz);
	2089 hv = NAT_HASH_FN(dst.s_addr, hv, ipf_nattable_sz);
2064 if (!rw) { 2065 WRITE_ENTER(&ipf_nat); 2066 } 2067 nat = nat_table[0][hv]; 2068 for (; nat; nat = nat->nat_hnext[0]) { 2069 nflags = nat->nat_flags; 2070 if (ifp && ifp != nat->nat_ifp) 2071 continue; --- 68 unchanged lines hidden (view full) --- 2140 ^ ((np->in_flags & IPN_NOTSRC) != 0)) 2141 return 0; 2142 if (((fin->fin_fi.fi_daddr & np->in_outmsk) != np->in_outip) 2143 ^ ((np->in_flags & IPN_NOTDST) != 0)) 2144 return 0; 2145 } 2146 2147 ft = &np->in_tuc;	2090 if (!rw) { 2091 WRITE_ENTER(&ipf_nat); 2092 } 2093 nat = nat_table[0][hv]; 2094 for (; nat; nat = nat->nat_hnext[0]) { 2095 nflags = nat->nat_flags; 2096 if (ifp && ifp != nat->nat_ifp) 2097 continue; --- 68 unchanged lines hidden (view full) --- 2166 ^ ((np->in_flags & IPN_NOTSRC) != 0)) 2167 return 0; 2168 if (((fin->fin_fi.fi_daddr & np->in_outmsk) != np->in_outip) 2169 ^ ((np->in_flags & IPN_NOTDST) != 0)) 2170 return 0; 2171 } 2172 2173 ft = &np->in_tuc;
2148 if (!(fin->fin_fi.fi_fl & FI_TCPUDP) \|\| 2149 (fin->fin_fi.fi_fl & FI_SHORT) \|\| (ip->ip_off & IP_OFFMASK)) {	2174 if (!(fin->fin_fl & FI_TCPUDP) \|\| 2175 (fin->fin_fl & FI_SHORT) \|\| (fin->fin_off != 0)) {
2150 if (ft->ftu_scmp \|\| ft->ftu_dcmp) 2151 return 0; 2152 return 1; 2153 } 2154 2155 return fr_tcpudpchk(ft, fin); 2156} 2157 --- 5 unchanged lines hidden (view full) --- 2163int ip_natout(ip, fin) 2164ip_t ip; 2165fr_info_t fin; 2166{ 2167 register ipnat_t np = NULL; 2168* register u_32_t ipa; 2169 tcphdr_t tcp = NULL; 2170* u_short sport = 0, dport = 0, *csump = NULL;	2176 if (ft->ftu_scmp \|\| ft->ftu_dcmp) 2177 return 0; 2178 return 1; 2179 } 2180 2181 return fr_tcpudpchk(ft, fin); 2182} 2183 --- 5 unchanged lines hidden (view full) --- 2189int ip_natout(ip, fin) 2190ip_t ip; 2191fr_info_t fin; 2192{ 2193 register ipnat_t np = NULL; 2194* register u_32_t ipa; 2195 tcphdr_t tcp = NULL; 2196* u_short sport = 0, dport = 0, *csump = NULL;
	2197 int natadd = 1, i, icmpset = 1; 2198 u_int nflags = 0, hv, msk;
2171 struct ifnet *ifp;	2199 struct ifnet *ifp;
2172 int natadd = 1;
2173 frentry_t *fr;	2200 frentry_t *fr;
2174 u_int nflags = 0, hv, msk;
2175 u_32_t iph; 2176 nat_t *nat;	2201 u_32_t iph; 2202 nat_t *nat;
2177 int i;
2178 2179 if (nat_list == NULL \|\| (fr_nat_lock)) 2180 return 0; 2181 2182 if ((fr = fin->fin_fr) && !(fr->fr_flags & FR_DUP) && 2183 fr->fr_tif.fd_ifp && fr->fr_tif.fd_ifp != (void )-1) 2184* ifp = fr->fr_tif.fd_ifp; 2185 else 2186 ifp = fin->fin_ifp; 2187	2203 2204 if (nat_list == NULL \|\| (fr_nat_lock)) 2205 return 0; 2206 2207 if ((fr = fin->fin_fr) && !(fr->fr_flags & FR_DUP) && 2208 fr->fr_tif.fd_ifp && fr->fr_tif.fd_ifp != (void )-1) 2209* ifp = fr->fr_tif.fd_ifp; 2210 else 2211 ifp = fin->fin_ifp; 2212
2188 if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) {	2213 if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2189 if (ip->ip_p == IPPROTO_TCP) 2190 nflags = IPN_TCP; 2191 else if (ip->ip_p == IPPROTO_UDP) 2192 nflags = IPN_UDP; 2193 if ((nflags & IPN_TCPUDP)) { 2194 tcp = (tcphdr_t )fin->fin_dp; 2195* sport = tcp->th_sport; 2196 dport = tcp->th_dport; 2197 } 2198 } 2199 2200 ipa = ip->ip_src.s_addr; 2201 2202 READ_ENTER(&ipf_nat); 2203 2204 if ((ip->ip_p == IPPROTO_ICMP) && 2205 (nat = nat_icmp(ip, fin, &nflags, NAT_OUTBOUND)))	2214 if (ip->ip_p == IPPROTO_TCP) 2215 nflags = IPN_TCP; 2216 else if (ip->ip_p == IPPROTO_UDP) 2217 nflags = IPN_UDP; 2218 if ((nflags & IPN_TCPUDP)) { 2219 tcp = (tcphdr_t )fin->fin_dp; 2220* sport = tcp->th_sport; 2221 dport = tcp->th_dport; 2222 } 2223 } 2224 2225 ipa = ip->ip_src.s_addr; 2226 2227 READ_ENTER(&ipf_nat); 2228 2229 if ((ip->ip_p == IPPROTO_ICMP) && 2230 (nat = nat_icmp(ip, fin, &nflags, NAT_OUTBOUND)))
2206 ; 2207 else if ((ip->ip_off & (IP_OFFMASK\|IP_MF)) &&	2231 icmpset = 1; 2232 else if ((fin->fin_fl & FI_FRAG) &&
2208 (nat = ipfr_nat_knownfrag(ip, fin))) 2209 natadd = 0; 2210 else if ((nat = nat_outlookup(ifp, nflags, (u_int)ip->ip_p, 2211 ip->ip_src, ip->ip_dst, 2212 (dport << 16) \| sport, 0))) { 2213 nflags = nat->nat_flags; 2214 if ((nflags & (FI_W_SPORT\|FI_W_DPORT)) != 0) { 2215 if ((nflags & FI_W_SPORT) && --- 17 unchanged lines hidden (view full) --- 2233 / 2234* msk = 0xffffffff; 2235 i = 32; 2236maskloop: 2237 iph = ipa & htonl(msk); 2238 hv = NAT_HASH_FN(iph, 0, ipf_natrules_sz); 2239 for (np = nat_rules[hv]; np; np = np->in_mnext) 2240 {	2233 (nat = ipfr_nat_knownfrag(ip, fin))) 2234 natadd = 0; 2235 else if ((nat = nat_outlookup(ifp, nflags, (u_int)ip->ip_p, 2236 ip->ip_src, ip->ip_dst, 2237 (dport << 16) \| sport, 0))) { 2238 nflags = nat->nat_flags; 2239 if ((nflags & (FI_W_SPORT\|FI_W_DPORT)) != 0) { 2240 if ((nflags & FI_W_SPORT) && --- 17 unchanged lines hidden (view full) --- 2258 / 2259* msk = 0xffffffff; 2260 i = 32; 2261maskloop: 2262 iph = ipa & htonl(msk); 2263 hv = NAT_HASH_FN(iph, 0, ipf_natrules_sz); 2264 for (np = nat_rules[hv]; np; np = np->in_mnext) 2265 {
2241 if ((np->in_ifp && (np->in_ifp != ifp)) \|\| 2242 !np->in_space)	2266 if (np->in_ifp && (np->in_ifp != ifp))
2243 continue; 2244 if ((np->in_flags & IPN_RF) && 2245 !(np->in_flags & nflags)) 2246 continue; 2247 if (np->in_flags & IPN_FILTER) { 2248 if (!nat_match(fin, np, ip)) 2249 continue; 2250 } else if ((ipa & np->in_inmsk) != np->in_inip) --- 27 unchanged lines hidden (view full) --- 2278 MUTEX_DOWNGRADE(&ipf_nat); 2279 } 2280 2281 /* 2282 * NOTE: ipf_nat must now only be held as a read lock 2283 / 2284* if (nat) { 2285 np = nat->nat_ptr;	2267 continue; 2268 if ((np->in_flags & IPN_RF) && 2269 !(np->in_flags & nflags)) 2270 continue; 2271 if (np->in_flags & IPN_FILTER) { 2272 if (!nat_match(fin, np, ip)) 2273 continue; 2274 } else if ((ipa & np->in_inmsk) != np->in_inip) --- 27 unchanged lines hidden (view full) --- 2302 MUTEX_DOWNGRADE(&ipf_nat); 2303 } 2304 2305 /* 2306 * NOTE: ipf_nat must now only be held as a read lock 2307 / 2308* if (nat) { 2309 np = nat->nat_ptr;
2286 if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) && 2287 np && (np->in_flags & IPN_FRAG))	2310 if (natadd && (fin->fin_fl & FI_FRAG) && np)
2288 ipfr_nat_newfrag(ip, fin, 0, nat); 2289 MUTEX_ENTER(&nat->nat_lock); 2290 nat->nat_age = fr_defnatage; 2291 nat->nat_bytes += ip->ip_len; 2292 nat->nat_pkts++; 2293 MUTEX_EXIT(&nat->nat_lock); 2294 2295 /* 2296 * Fix up checksums, not by recalculating them, but 2297 * simply computing adjustments. 2298 / 2299* if (nflags == IPN_ICMPERR) { 2300 u_32_t s1, s2, sumd; 2301 2302 s1 = LONG_SUM(ntohl(ip->ip_src.s_addr)); 2303 s2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)); 2304 CALC_SUMD(s1, s2, sumd); 2305 2306 if (nat->nat_dir == NAT_OUTBOUND)	2311 ipfr_nat_newfrag(ip, fin, 0, nat); 2312 MUTEX_ENTER(&nat->nat_lock); 2313 nat->nat_age = fr_defnatage; 2314 nat->nat_bytes += ip->ip_len; 2315 nat->nat_pkts++; 2316 MUTEX_EXIT(&nat->nat_lock); 2317 2318 /* 2319 * Fix up checksums, not by recalculating them, but 2320 * simply computing adjustments. 2321 / 2322* if (nflags == IPN_ICMPERR) { 2323 u_32_t s1, s2, sumd; 2324 2325 s1 = LONG_SUM(ntohl(ip->ip_src.s_addr)); 2326 s2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)); 2327 CALC_SUMD(s1, s2, sumd); 2328 2329 if (nat->nat_dir == NAT_OUTBOUND)
2307 fix_incksum(&ip->ip_sum, sumd);	2330 fix_incksum(fin, &ip->ip_sum, sumd);
2308 else	2331 else
2309 fix_outcksum(&ip->ip_sum, sumd);	2332 fix_outcksum(fin, &ip->ip_sum, sumd);
2310 } 2311#if SOLARIS \|\| defined(__sgi) 2312 else { 2313 if (nat->nat_dir == NAT_OUTBOUND)	2333 } 2334#if SOLARIS \|\| defined(__sgi) 2335 else { 2336 if (nat->nat_dir == NAT_OUTBOUND)
2314 fix_outcksum(&ip->ip_sum, nat->nat_ipsumd);	2337 fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2315 else	2338 else
2316 fix_incksum(&ip->ip_sum, nat->nat_ipsumd);	2339 fix_incksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2317 } 2318#endif 2319 ip->ip_src = nat->nat_outip; 2320	2340 } 2341#endif 2342 ip->ip_src = nat->nat_outip; 2343
2321 if (!(ip->ip_off & IP_OFFMASK) && 2322 !(fin->fin_fi.fi_fl & FI_SHORT)) {	2344 if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2323 2324 if ((nat->nat_outport != 0) && (nflags & IPN_TCPUDP)) { 2325 tcp->th_sport = nat->nat_outport; 2326 fin->fin_data[0] = ntohs(tcp->th_sport); 2327 } 2328 2329 if (ip->ip_p == IPPROTO_TCP) { 2330 csump = &tcp->th_sum; --- 16 unchanged lines hidden (view full) --- 2347 nat->nat_age = fr_tcplastack; 2348 MUTEX_EXIT(&nat->nat_lock); 2349 } else if (ip->ip_p == IPPROTO_UDP) { 2350 udphdr_t udp = (udphdr_t )tcp; 2351 2352 if (udp->uh_sum) 2353 csump = &udp->uh_sum; 2354 } else if (ip->ip_p == IPPROTO_ICMP) {	2345 2346 if ((nat->nat_outport != 0) && (nflags & IPN_TCPUDP)) { 2347 tcp->th_sport = nat->nat_outport; 2348 fin->fin_data[0] = ntohs(tcp->th_sport); 2349 } 2350 2351 if (ip->ip_p == IPPROTO_TCP) { 2352 csump = &tcp->th_sum; --- 16 unchanged lines hidden (view full) --- 2369 nat->nat_age = fr_tcplastack; 2370 MUTEX_EXIT(&nat->nat_lock); 2371 } else if (ip->ip_p == IPPROTO_UDP) { 2372 udphdr_t udp = (udphdr_t )tcp; 2373 2374 if (udp->uh_sum) 2375 csump = &udp->uh_sum; 2376 } else if (ip->ip_p == IPPROTO_ICMP) {
2355 nat->nat_age = fr_defnaticmpage;	2377 if (!icmpset) 2378 nat->nat_age = fr_defnaticmpage;
2356 } 2357 2358 if (csump) { 2359 if (nat->nat_dir == NAT_OUTBOUND)	2379 } 2380 2381 if (csump) { 2382 if (nat->nat_dir == NAT_OUTBOUND)
2360 fix_outcksum(csump, nat->nat_sumd[1]);	2383 fix_outcksum(fin, csump, nat->nat_sumd[1]);
2361 else	2384 else
2362 fix_incksum(csump, nat->nat_sumd[1]);	2385 fix_incksum(fin, csump, nat->nat_sumd[1]);
2363 } 2364 } 2365 2366 if ((np->in_apr != NULL) && (np->in_dport == 0 \|\| 2367 (tcp != NULL && dport == np->in_dport))) { 2368 i = appr_check(ip, fin, nat); 2369 if (i == 0) 2370 i = 1; --- 14 unchanged lines hidden (view full) --- 2385 / 2386int ip_natin(ip, fin) 2387ip_t ip; 2388fr_info_t fin; 2389{ 2390* register struct in_addr src; 2391 register struct in_addr in; 2392 register ipnat_t *np;	2386 } 2387 } 2388 2389 if ((np->in_apr != NULL) && (np->in_dport == 0 \|\| 2390 (tcp != NULL && dport == np->in_dport))) { 2391 i = appr_check(ip, fin, nat); 2392 if (i == 0) 2393 i = 1; --- 14 unchanged lines hidden (view full) --- 2408 / 2409int ip_natin(ip, fin) 2410ip_t ip; 2411fr_info_t fin; 2412{ 2413* register struct in_addr src; 2414 register struct in_addr in; 2415 register ipnat_t *np;
	2416 u_short sport = 0, dport = 0, *csump = NULL;
2393 u_int nflags = 0, natadd = 1, hv, msk; 2394 struct ifnet ifp = fin->fin_ifp; 2395* tcphdr_t *tcp = NULL;	2417 u_int nflags = 0, natadd = 1, hv, msk; 2418 struct ifnet ifp = fin->fin_ifp; 2419* tcphdr_t *tcp = NULL;
2396 u_short sport = 0, dport = 0, *csump = NULL;	2420 int i, icmpset = 0;
2397 nat_t nat; 2398* u_32_t iph;	2421 nat_t nat; 2422* u_32_t iph;
2399 int i;
2400 2401 if ((nat_list == NULL) \|\| (ip->ip_v != 4) \|\| (fr_nat_lock)) 2402 return 0; 2403	2423 2424 if ((nat_list == NULL) \|\| (ip->ip_v != 4) \|\| (fr_nat_lock)) 2425 return 0; 2426
2404 if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) {	2427 if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2405 if (ip->ip_p == IPPROTO_TCP) 2406 nflags = IPN_TCP; 2407 else if (ip->ip_p == IPPROTO_UDP) 2408 nflags = IPN_UDP; 2409 if ((nflags & IPN_TCPUDP)) { 2410 tcp = (tcphdr_t )fin->fin_dp; 2411* dport = tcp->th_dport; 2412 sport = tcp->th_sport; 2413 } 2414 } 2415 2416 in = ip->ip_dst; 2417 /* make sure the source address is to be redirected / 2418* src = ip->ip_src; 2419 2420 READ_ENTER(&ipf_nat); 2421 2422 if ((ip->ip_p == IPPROTO_ICMP) && 2423 (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND)))	2428 if (ip->ip_p == IPPROTO_TCP) 2429 nflags = IPN_TCP; 2430 else if (ip->ip_p == IPPROTO_UDP) 2431 nflags = IPN_UDP; 2432 if ((nflags & IPN_TCPUDP)) { 2433 tcp = (tcphdr_t )fin->fin_dp; 2434* dport = tcp->th_dport; 2435 sport = tcp->th_sport; 2436 } 2437 } 2438 2439 in = ip->ip_dst; 2440 /* make sure the source address is to be redirected / 2441* src = ip->ip_src; 2442 2443 READ_ENTER(&ipf_nat); 2444 2445 if ((ip->ip_p == IPPROTO_ICMP) && 2446 (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND)))
2424 ; 2425 else if ((ip->ip_off & (IP_OFFMASK\|IP_MF)) &&	2447 icmpset = 1; 2448 else if ((fin->fin_fl & FI_FRAG) &&
2426 (nat = ipfr_nat_knownfrag(ip, fin))) 2427 natadd = 0; 2428 else if ((nat = nat_inlookup(fin->fin_ifp, nflags, (u_int)ip->ip_p, 2429 ip->ip_src, in, (dport << 16) \| sport, 2430 0))) { 2431 nflags = nat->nat_flags; 2432 if ((nflags & (FI_W_SPORT\|FI_W_DPORT)) != 0) { 2433 if ((nat->nat_oport != sport) && (nflags & FI_W_DPORT)) --- 50 unchanged lines hidden (view full) --- 2484 } 2485 2486 /* 2487 * NOTE: ipf_nat must now only be held as a read lock 2488 / 2489* if (nat) { 2490 np = nat->nat_ptr; 2491 fin->fin_fr = nat->nat_fr;	2449 (nat = ipfr_nat_knownfrag(ip, fin))) 2450 natadd = 0; 2451 else if ((nat = nat_inlookup(fin->fin_ifp, nflags, (u_int)ip->ip_p, 2452 ip->ip_src, in, (dport << 16) \| sport, 2453 0))) { 2454 nflags = nat->nat_flags; 2455 if ((nflags & (FI_W_SPORT\|FI_W_DPORT)) != 0) { 2456 if ((nat->nat_oport != sport) && (nflags & FI_W_DPORT)) --- 50 unchanged lines hidden (view full) --- 2507 } 2508 2509 /* 2510 * NOTE: ipf_nat must now only be held as a read lock 2511 / 2512* if (nat) { 2513 np = nat->nat_ptr; 2514 fin->fin_fr = nat->nat_fr;
2492 if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) && 2493 np && (np->in_flags & IPN_FRAG))	2515 if (natadd && (fin->fin_fl & FI_FRAG) && np)
2494 ipfr_nat_newfrag(ip, fin, 0, nat); 2495 if ((np->in_apr != NULL) && (np->in_dport == 0 \|\| 2496 (tcp != NULL && sport == np->in_dport))) { 2497 i = appr_check(ip, fin, nat); 2498 if (i == -1) { 2499 RWLOCK_EXIT(&ipf_nat); 2500 return i; 2501 } --- 10 unchanged lines hidden (view full) --- 2512 fin->fin_fi.fi_daddr = nat->nat_inip.s_addr; 2513 2514 /* 2515 * Fix up checksums, not by recalculating them, but 2516 * simply computing adjustments. 2517 / 2518#if SOLARIS \|\| defined(__sgi) 2519* if (nat->nat_dir == NAT_OUTBOUND)	2516 ipfr_nat_newfrag(ip, fin, 0, nat); 2517 if ((np->in_apr != NULL) && (np->in_dport == 0 \|\| 2518 (tcp != NULL && sport == np->in_dport))) { 2519 i = appr_check(ip, fin, nat); 2520 if (i == -1) { 2521 RWLOCK_EXIT(&ipf_nat); 2522 return i; 2523 } --- 10 unchanged lines hidden (view full) --- 2534 fin->fin_fi.fi_daddr = nat->nat_inip.s_addr; 2535 2536 /* 2537 * Fix up checksums, not by recalculating them, but 2538 * simply computing adjustments. 2539 / 2540#if SOLARIS \|\| defined(__sgi) 2541* if (nat->nat_dir == NAT_OUTBOUND)
2520 fix_incksum(&ip->ip_sum, nat->nat_ipsumd);	2542 fix_incksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2521 else	2543 else
2522 fix_outcksum(&ip->ip_sum, nat->nat_ipsumd);	2544 fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd);
2523#endif	2545#endif
2524 if (!(ip->ip_off & IP_OFFMASK) && 2525 !(fin->fin_fi.fi_fl & FI_SHORT)) {	2546 if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
2526 2527 if ((nat->nat_inport != 0) && (nflags & IPN_TCPUDP)) { 2528 tcp->th_dport = nat->nat_inport; 2529 fin->fin_data[1] = ntohs(tcp->th_dport); 2530 } 2531 2532 if (ip->ip_p == IPPROTO_TCP) { 2533 csump = &tcp->th_sum; --- 16 unchanged lines hidden (view full) --- 2550 nat->nat_age = fr_tcplastack; 2551 MUTEX_EXIT(&nat->nat_lock); 2552 } else if (ip->ip_p == IPPROTO_UDP) { 2553 udphdr_t udp = (udphdr_t )tcp; 2554 2555 if (udp->uh_sum) 2556 csump = &udp->uh_sum; 2557 } else if (ip->ip_p == IPPROTO_ICMP) {	2547 2548 if ((nat->nat_inport != 0) && (nflags & IPN_TCPUDP)) { 2549 tcp->th_dport = nat->nat_inport; 2550 fin->fin_data[1] = ntohs(tcp->th_dport); 2551 } 2552 2553 if (ip->ip_p == IPPROTO_TCP) { 2554 csump = &tcp->th_sum; --- 16 unchanged lines hidden (view full) --- 2571 nat->nat_age = fr_tcplastack; 2572 MUTEX_EXIT(&nat->nat_lock); 2573 } else if (ip->ip_p == IPPROTO_UDP) { 2574 udphdr_t udp = (udphdr_t )tcp; 2575 2576 if (udp->uh_sum) 2577 csump = &udp->uh_sum; 2578 } else if (ip->ip_p == IPPROTO_ICMP) {
2558 nat->nat_age = fr_defnaticmpage;	2579 if (!icmpset) 2580 nat->nat_age = fr_defnaticmpage;
2559 } 2560 2561 if (csump) { 2562 if (nat->nat_dir == NAT_OUTBOUND)	2581 } 2582 2583 if (csump) { 2584 if (nat->nat_dir == NAT_OUTBOUND)
2563 fix_incksum(csump, nat->nat_sumd[0]);	2585 fix_incksum(fin, csump, nat->nat_sumd[0]);
2564 else	2586 else
2565 fix_outcksum(csump, nat->nat_sumd[0]);	2587 fix_outcksum(fin, csump, nat->nat_sumd[0]);
2566 } 2567 } 2568 ATOMIC_INCL(nat_stats.ns_mapped[0]); 2569 RWLOCK_EXIT(&ipf_nat); /* READ / 2570* return 1; 2571 } 2572 RWLOCK_EXIT(&ipf_nat); /* READ/WRITE / 2573* return 0; --- 166 unchanged lines hidden ---	2588 } 2589 } 2590 ATOMIC_INCL(nat_stats.ns_mapped[0]); 2591 RWLOCK_EXIT(&ipf_nat); /* READ / 2592* return 1; 2593 } 2594 RWLOCK_EXIT(&ipf_nat); /* READ/WRITE / 2595* return 0; --- 166 unchanged lines hidden ---