| ip_nat.c (92685) | ip_nat.c (95418) |
|---|---|
| 1/* 2 * Copyright (C) 1995-2001 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * 6 * Added redirect stuff and a LOT of bug fixes. (mcn@EnGarde.com) 7 */ 8 --- 97 unchanged lines hidden (view full) --- 106# define MIN(a,b) (((a)<(b))?(a):(b)) 107#endif 108#undef SOCKADDR_IN 109#define SOCKADDR_IN struct sockaddr_in 110 111#if !defined(lint) 112static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; 113/* static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $"; */ | 1/* 2 * Copyright (C) 1995-2001 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * 6 * Added redirect stuff and a LOT of bug fixes. (mcn@EnGarde.com) 7 */ 8 --- 97 unchanged lines hidden (view full) --- 106# define MIN(a,b) (((a)<(b))?(a):(b)) 107#endif 108#undef SOCKADDR_IN 109#define SOCKADDR_IN struct sockaddr_in 110 111#if !defined(lint) 112static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; 113/* static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $"; */ |
| 114static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_nat.c 92685 2002-03-19 11:44:16Z darrenr $"; | 114static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_nat.c 95418 2002-04-25 03:31:39Z darrenr $"; |
| 115#endif 116 117nat_t **nat_table[2] = { NULL, NULL }, 118 *nat_instances = NULL; 119ipnat_t *nat_list = NULL; 120u_int ipf_nattable_sz = NAT_TABLE_SZ; 121u_int ipf_natrules_sz = NAT_SIZE; 122u_int ipf_rdrrules_sz = RDR_SIZE; --- 299 unchanged lines hidden (view full) --- 422u_long cmd; 423#else 424int cmd; 425#endif 426caddr_t data; 427int mode; 428{ 429 register ipnat_t *nat, *nt, *n = NULL, **np = NULL; | 115#endif 116 117nat_t **nat_table[2] = { NULL, NULL }, 118 *nat_instances = NULL; 119ipnat_t *nat_list = NULL; 120u_int ipf_nattable_sz = NAT_TABLE_SZ; 121u_int ipf_natrules_sz = NAT_SIZE; 122u_int ipf_rdrrules_sz = RDR_SIZE; --- 299 unchanged lines hidden (view full) --- 422u_long cmd; 423#else 424int cmd; 425#endif 426caddr_t data; 427int mode; 428{ 429 register ipnat_t *nat, *nt, *n = NULL, **np = NULL; |
| 430 int error = 0, ret, arg; | 430 int error = 0, ret, arg, getlock; |
| 431 ipnat_t natd; 432 u_32_t i, j; 433 434#if (BSD >= 199306) && defined(_KERNEL) 435 if ((securelevel >= 3) && (mode & FWRITE)) 436 return EPERM; 437#endif 438 439 nat = NULL; /* XXX gcc -Wuninitialized */ 440 KMALLOC(nt, ipnat_t *); | 431 ipnat_t natd; 432 u_32_t i, j; 433 434#if (BSD >= 199306) && defined(_KERNEL) 435 if ((securelevel >= 3) && (mode & FWRITE)) 436 return EPERM; 437#endif 438 439 nat = NULL; /* XXX gcc -Wuninitialized */ 440 KMALLOC(nt, ipnat_t *); |
| 441 if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT)) 442 error = IRCOPYPTR(data, (char *)&natd, sizeof(natd)); 443 else if (cmd == SIOCIPFFL) { /* SIOCFLNAT & SIOCCNATL */ | 441 getlock = (mode & NAT_LOCKHELD) ? 0 : 1; 442 if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT)) { 443 if (mode & NAT_SYSSPACE) { 444 bcopy(data, (char *)&natd, sizeof(natd)); 445 error = 0; 446 } else { 447 error = IRCOPYPTR(data, (char *)&natd, sizeof(natd)); 448 } 449 } else if (cmd == SIOCIPFFL) { /* SIOCFLNAT & SIOCCNATL */ |
| 444 error = IRCOPY(data, (char *)&arg, sizeof(arg)); 445 if (error) 446 error = EFAULT; 447 } 448 449 if (error) 450 goto done; 451 452 /* 453 * For add/delete, look to see if the NAT entry is already present 454 */ | 450 error = IRCOPY(data, (char *)&arg, sizeof(arg)); 451 if (error) 452 error = EFAULT; 453 } 454 455 if (error) 456 goto done; 457 458 /* 459 * For add/delete, look to see if the NAT entry is already present 460 */ |
| 455 WRITE_ENTER(&ipf_nat); | 461 if (getlock == 1) 462 WRITE_ENTER(&ipf_nat); |
| 456 if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT)) { 457 nat = &natd; 458 nat->in_flags &= IPN_USERFLAGS; 459 if ((nat->in_redir & NAT_MAPBLK) == 0) { 460 if ((nat->in_flags & IPN_SPLIT) == 0) 461 nat->in_inip &= nat->in_inmsk; 462 if ((nat->in_flags & IPN_IPRANGE) == 0) 463 nat->in_outip &= nat->in_outmsk; --- 248 unchanged lines hidden (view full) --- 712 if (error) 713 error = EFAULT; 714#endif 715 break; 716 default : 717 error = EINVAL; 718 break; 719 } | 463 if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT)) { 464 nat = &natd; 465 nat->in_flags &= IPN_USERFLAGS; 466 if ((nat->in_redir & NAT_MAPBLK) == 0) { 467 if ((nat->in_flags & IPN_SPLIT) == 0) 468 nat->in_inip &= nat->in_inmsk; 469 if ((nat->in_flags & IPN_IPRANGE) == 0) 470 nat->in_outip &= nat->in_outmsk; --- 248 unchanged lines hidden (view full) --- 719 if (error) 720 error = EFAULT; 721#endif 722 break; 723 default : 724 error = EINVAL; 725 break; 726 } |
| 720 RWLOCK_EXIT(&ipf_nat); /* READ/WRITE */ | 727 if (getlock == 1) 728 RWLOCK_EXIT(&ipf_nat); /* READ/WRITE */ |
| 721done: 722 if (nt) 723 KFREE(nt); 724 return error; 725} 726 727 728static int fr_natgetsz(data) --- 99 unchanged lines hidden (view full) --- 828 ipn.ipn_dsize = sizeof(*aps); 829 if (aps->aps_data) 830 ipn.ipn_dsize += aps->aps_psiz; 831 KMALLOCS(ipnn, nat_save_t *, sizeof(*ipnn) + ipn.ipn_dsize); 832 if (ipnn == NULL) 833 return ENOMEM; 834 bcopy((char *)&ipn, (char *)ipnn, sizeof(ipn)); 835 | 729done: 730 if (nt) 731 KFREE(nt); 732 return error; 733} 734 735 736static int fr_natgetsz(data) --- 99 unchanged lines hidden (view full) --- 836 ipn.ipn_dsize = sizeof(*aps); 837 if (aps->aps_data) 838 ipn.ipn_dsize += aps->aps_psiz; 839 KMALLOCS(ipnn, nat_save_t *, sizeof(*ipnn) + ipn.ipn_dsize); 840 if (ipnn == NULL) 841 return ENOMEM; 842 bcopy((char *)&ipn, (char *)ipnn, sizeof(ipn)); 843 |
| 836 bcopy((char *)aps, ipnn->ipn_data, sizeof(*aps)); | 844 bcopy((char *)aps, (char *)ipnn->ipn_data, sizeof(*aps)); |
| 837 if (aps->aps_data) { 838 bcopy(aps->aps_data, ipnn->ipn_data + sizeof(*aps), 839 aps->aps_psiz); 840 ipnn->ipn_dsize += aps->aps_psiz; 841 } 842 error = IWCOPY((caddr_t)ipnn, ipnp, 843 sizeof(ipn) + ipn.ipn_dsize); 844 if (error) --- 802 unchanged lines hidden (view full) --- 1647nat_t *nat_icmp(ip, fin, nflags, dir) 1648ip_t *ip; 1649fr_info_t *fin; 1650u_int *nflags; 1651int dir; 1652{ 1653 u_32_t sum1, sum2, sumd, sumd2 = 0; 1654 struct in_addr in; | 845 if (aps->aps_data) { 846 bcopy(aps->aps_data, ipnn->ipn_data + sizeof(*aps), 847 aps->aps_psiz); 848 ipnn->ipn_dsize += aps->aps_psiz; 849 } 850 error = IWCOPY((caddr_t)ipnn, ipnp, 851 sizeof(ipn) + ipn.ipn_dsize); 852 if (error) --- 802 unchanged lines hidden (view full) --- 1655nat_t *nat_icmp(ip, fin, nflags, dir) 1656ip_t *ip; 1657fr_info_t *fin; 1658u_int *nflags; 1659int dir; 1660{ 1661 u_32_t sum1, sum2, sumd, sumd2 = 0; 1662 struct in_addr in; |
| 1663 int flags, dlen; |
|
| 1655 icmphdr_t *icmp; 1656 udphdr_t *udp; | 1664 icmphdr_t *icmp; 1665 udphdr_t *udp; |
| 1666 tcphdr_t *tcp; |
|
| 1657 nat_t *nat; 1658 ip_t *oip; | 1667 nat_t *nat; 1668 ip_t *oip; |
| 1659 int flags; | |
| 1660 1661 if ((fin->fin_fl & FI_SHORT) || (fin->fin_off != 0)) 1662 return NULL; 1663 /* 1664 * nat_icmplookup() will return NULL for `defective' packets. 1665 */ 1666 if ((ip->ip_v != 4) || !(nat = nat_icmplookup(ip, fin, dir))) 1667 return NULL; 1668 1669 flags = 0; 1670 *nflags = IPN_ICMPERR; 1671 icmp = (icmphdr_t *)fin->fin_dp; 1672 oip = (ip_t *)&icmp->icmp_ip; 1673 if (oip->ip_p == IPPROTO_TCP) 1674 flags = IPN_TCP; 1675 else if (oip->ip_p == IPPROTO_UDP) 1676 flags = IPN_UDP; 1677 udp = (udphdr_t *)((((char *)oip) + (oip->ip_hl << 2))); | 1669 1670 if ((fin->fin_fl & FI_SHORT) || (fin->fin_off != 0)) 1671 return NULL; 1672 /* 1673 * nat_icmplookup() will return NULL for `defective' packets. 1674 */ 1675 if ((ip->ip_v != 4) || !(nat = nat_icmplookup(ip, fin, dir))) 1676 return NULL; 1677 1678 flags = 0; 1679 *nflags = IPN_ICMPERR; 1680 icmp = (icmphdr_t *)fin->fin_dp; 1681 oip = (ip_t *)&icmp->icmp_ip; 1682 if (oip->ip_p == IPPROTO_TCP) 1683 flags = IPN_TCP; 1684 else if (oip->ip_p == IPPROTO_UDP) 1685 flags = IPN_UDP; 1686 udp = (udphdr_t *)((((char *)oip) + (oip->ip_hl << 2))); |
| 1687 dlen = ip->ip_len - ((char *)udp - (char *)ip); |
|
| 1678 /* | 1688 /* |
| 1689 * XXX - what if this is bogus hl and we go off the end ? 1690 * In this case, nat_icmplookup() will have returned NULL. 1691 */ 1692 tcp = (tcphdr_t *)udp; 1693 1694 /* |
|
| 1679 * Need to adjust ICMP header to include the real IP#'s and 1680 * port #'s. Only apply a checksum change relative to the 1681 * IP address change as it will be modified again in ip_natout 1682 * for both address and port. Two checksum changes are 1683 * necessary for the two header address changes. Be careful 1684 * to only modify the checksum once for the port # and twice 1685 * for the IP#. 1686 */ --- 5 unchanged lines hidden (view full) --- 1692 * and the ICMP checksum of the ICMP error message itself. 1693 * 1694 * Unfortunately, for UDP and TCP, the IP addresses are also contained 1695 * in the pseudo header that is used to compute the UDP resp. TCP 1696 * checksum. So, we must compensate that as well. Even worse, the 1697 * change in the UDP and TCP checksums require yet another 1698 * adjustment of the ICMP checksum of the ICMP error message. 1699 * | 1695 * Need to adjust ICMP header to include the real IP#'s and 1696 * port #'s. Only apply a checksum change relative to the 1697 * IP address change as it will be modified again in ip_natout 1698 * for both address and port. Two checksum changes are 1699 * necessary for the two header address changes. Be careful 1700 * to only modify the checksum once for the port # and twice 1701 * for the IP#. 1702 */ --- 5 unchanged lines hidden (view full) --- 1708 * and the ICMP checksum of the ICMP error message itself. 1709 * 1710 * Unfortunately, for UDP and TCP, the IP addresses are also contained 1711 * in the pseudo header that is used to compute the UDP resp. TCP 1712 * checksum. So, we must compensate that as well. Even worse, the 1713 * change in the UDP and TCP checksums require yet another 1714 * adjustment of the ICMP checksum of the ICMP error message. 1715 * |
| 1700 * For the moment we forget about TCP, because that checksum is not 1701 * in the first 8 bytes, so it will not be available in most cases. | |
| 1702 */ 1703 1704 if (oip->ip_dst.s_addr == nat->nat_oip.s_addr) { 1705 sum1 = LONG_SUM(ntohl(oip->ip_src.s_addr)); 1706 in = nat->nat_inip; 1707 oip->ip_src = in; 1708 } else { 1709 sum1 = LONG_SUM(ntohl(oip->ip_dst.s_addr)); --- 41 unchanged lines hidden (view full) --- 1751 /* 1752 * Fix ICMP checksum to compensate the UDP 1753 * checksum adjustment. 1754 */ 1755 CALC_SUMD(sum1, sum2, sumd); 1756 sumd2 = sumd; 1757 } 1758 | 1716 */ 1717 1718 if (oip->ip_dst.s_addr == nat->nat_oip.s_addr) { 1719 sum1 = LONG_SUM(ntohl(oip->ip_src.s_addr)); 1720 in = nat->nat_inip; 1721 oip->ip_src = in; 1722 } else { 1723 sum1 = LONG_SUM(ntohl(oip->ip_dst.s_addr)); --- 41 unchanged lines hidden (view full) --- 1765 /* 1766 * Fix ICMP checksum to compensate the UDP 1767 * checksum adjustment. 1768 */ 1769 CALC_SUMD(sum1, sum2, sumd); 1770 sumd2 = sumd; 1771 } 1772 |
| 1759#if 0 | 1773#if 1 |
| 1760 /* 1761 * Fix TCP pseudo header checksum to compensate for the 1762 * IP address change. Before we can do the change, we 1763 * must make sure that oip is sufficient large to hold 1764 * the TCP checksum (normally it does not!). 1765 */ | 1774 /* 1775 * Fix TCP pseudo header checksum to compensate for the 1776 * IP address change. Before we can do the change, we 1777 * must make sure that oip is sufficient large to hold 1778 * the TCP checksum (normally it does not!). 1779 */ |
| 1766 if (oip->ip_p == IPPROTO_TCP) { | 1780 if (oip->ip_p == IPPROTO_TCP && dlen >= 18) { |
| 1767 | 1781 |
| 1782 sum1 = ntohs(tcp->th_sum); 1783 fix_datacksum(&tcp->th_sum, sumd); 1784 sum2 = ntohs(tcp->th_sum); 1785 1786 /* 1787 * Fix ICMP checksum to compensate the TCP 1788 * checksum adjustment. 1789 */ 1790 CALC_SUMD(sum1, sum2, sumd); 1791 sumd2 = sumd; |
|
| 1768 } 1769#endif 1770 } else { 1771 1772 /* 1773 * Fix IP checksum of the offending IP packet to adjust for 1774 * the change in the IP address. 1775 * --- 34 unchanged lines hidden (view full) --- 1810 /* 1811 * Fix ICMP checksum to compensate the UDP 1812 * checksum adjustment. 1813 */ 1814 CALC_SUMD(sum1, sum2, sumd); 1815 sumd2 = sumd; 1816 } 1817 | 1792 } 1793#endif 1794 } else { 1795 1796 /* 1797 * Fix IP checksum of the offending IP packet to adjust for 1798 * the change in the IP address. 1799 * --- 34 unchanged lines hidden (view full) --- 1834 /* 1835 * Fix ICMP checksum to compensate the UDP 1836 * checksum adjustment. 1837 */ 1838 CALC_SUMD(sum1, sum2, sumd); 1839 sumd2 = sumd; 1840 } 1841 |
| 1818#if 0 | 1842#if 1 |
| 1819 /* 1820 * Fix TCP pseudo header checksum to compensate for the 1821 * IP address change. Before we can do the change, we 1822 * must make sure that oip is sufficient large to hold 1823 * the TCP checksum (normally it does not!). 1824 */ | 1843 /* 1844 * Fix TCP pseudo header checksum to compensate for the 1845 * IP address change. Before we can do the change, we 1846 * must make sure that oip is sufficient large to hold 1847 * the TCP checksum (normally it does not!). 1848 */ |
| 1825 if (oip->ip_p == IPPROTO_TCP) { | 1849 if (oip->ip_p == IPPROTO_TCP && dlen >= 18) { |
| 1826 | 1850 |
| 1851 sum1 = ntohs(tcp->th_sum); 1852 fix_datacksum(&tcp->th_sum, sumd); 1853 sum2 = ntohs(tcp->th_sum); 1854 1855 /* 1856 * Fix ICMP checksum to compensate the TCP 1857 * checksum adjustment. 1858 */ 1859 CALC_SUMD(sum1, sum2, sumd); 1860 sumd2 = sumd; |
|
| 1827 }; 1828#endif 1829 1830#endif 1831 } 1832 1833 if ((flags & IPN_TCPUDP) != 0) { | 1861 }; 1862#endif 1863 1864#endif 1865 } 1866 1867 if ((flags & IPN_TCPUDP) != 0) { |
| 1834 tcphdr_t *tcp; 1835 | |
| 1836 /* | 1868 /* |
| 1837 * XXX - what if this is bogus hl and we go off the end ? 1838 * In this case, nat_icmpinlookup() will have returned NULL. 1839 */ 1840 tcp = (tcphdr_t *)udp; 1841 1842 /* | |
| 1843 * Step 2 : 1844 * For offending TCP/UDP IP packets, translate the ports as 1845 * well, based on the NAT specification. Of course such 1846 * a change must be reflected in the ICMP checksum as well. 1847 * 1848 * Advance notice : Now it becomes complicated :-) 1849 * 1850 * Since the port fields are part of the TCP/UDP checksum 1851 * of the offending IP packet, you need to adjust that checksum 1852 * as well... but, if you change, you must change the icmp 1853 * checksum *again*, to reflect that change. 1854 * 1855 * To further complicate: the TCP checksum is not in the first 1856 * 8 bytes of the offending ip packet, so it most likely is not | 1869 * Step 2 : 1870 * For offending TCP/UDP IP packets, translate the ports as 1871 * well, based on the NAT specification. Of course such 1872 * a change must be reflected in the ICMP checksum as well. 1873 * 1874 * Advance notice : Now it becomes complicated :-) 1875 * 1876 * Since the port fields are part of the TCP/UDP checksum 1877 * of the offending IP packet, you need to adjust that checksum 1878 * as well... but, if you change, you must change the icmp 1879 * checksum *again*, to reflect that change. 1880 * 1881 * To further complicate: the TCP checksum is not in the first 1882 * 8 bytes of the offending ip packet, so it most likely is not |
| 1857 * available (we might have to fix that if the encounter a 1858 * device that returns more than 8 data bytes on icmp error) | 1883 * available. Some OSses like Solaris return enough bytes to 1884 * include the TCP checksum. So we have to check if the 1885 * ip->ip_len actually holds the TCP checksum of the oip! |
| 1859 */ 1860 1861 if (nat->nat_oport == tcp->th_dport) { 1862 if (tcp->th_sport != nat->nat_inport) { 1863 /* 1864 * Fix ICMP checksum to compensate port 1865 * adjustment. 1866 */ --- 21 unchanged lines hidden (view full) --- 1888 /* 1889 * Fix ICMP checksum to 1890 * compensate UDP checksum 1891 * adjustment. 1892 */ 1893 CALC_SUMD(sum1, sum2, sumd); 1894 sumd2 += sumd; 1895 } | 1886 */ 1887 1888 if (nat->nat_oport == tcp->th_dport) { 1889 if (tcp->th_sport != nat->nat_inport) { 1890 /* 1891 * Fix ICMP checksum to compensate port 1892 * adjustment. 1893 */ --- 21 unchanged lines hidden (view full) --- 1915 /* 1916 * Fix ICMP checksum to 1917 * compensate UDP checksum 1918 * adjustment. 1919 */ 1920 CALC_SUMD(sum1, sum2, sumd); 1921 sumd2 += sumd; 1922 } |
| 1923 1924 /* 1925 * Fix tcp checksum (if present) to compensate 1926 * port adjustment. NOTE : the offending IP 1927 * packet flows the other direction compared to 1928 * the ICMP message. 1929 */ 1930 if (oip->ip_p == IPPROTO_TCP && dlen >= 18) { 1931 1932 sum1 = ntohs(tcp->th_sum); 1933 fix_datacksum(&tcp->th_sum, sumd); 1934 sum2 = ntohs(tcp->th_sum); 1935 1936 /* 1937 * Fix ICMP checksum to 1938 * compensate TCP checksum 1939 * adjustment. 1940 */ 1941 CALC_SUMD(sum1, sum2, sumd); 1942 sumd2 += sumd; 1943 } |
|
| 1896 } 1897 } else { 1898 if (tcp->th_dport != nat->nat_outport) { 1899 /* 1900 * Fix ICMP checksum to compensate port 1901 * adjustment. 1902 */ 1903 sum1 = ntohs(tcp->th_dport); --- 19 unchanged lines hidden (view full) --- 1923 1924 /* 1925 * Fix ICMP checksum to compensate 1926 * UDP checksum adjustment. 1927 */ 1928 CALC_SUMD(sum1, sum2, sumd); 1929 sumd2 += sumd; 1930 } | 1944 } 1945 } else { 1946 if (tcp->th_dport != nat->nat_outport) { 1947 /* 1948 * Fix ICMP checksum to compensate port 1949 * adjustment. 1950 */ 1951 sum1 = ntohs(tcp->th_dport); --- 19 unchanged lines hidden (view full) --- 1971 1972 /* 1973 * Fix ICMP checksum to compensate 1974 * UDP checksum adjustment. 1975 */ 1976 CALC_SUMD(sum1, sum2, sumd); 1977 sumd2 += sumd; 1978 } |
| 1979 1980 /* 1981 * Fix tcp checksum (if present) to compensate 1982 * port adjustment. NOTE : the offending IP 1983 * packet flows the other direction compared to 1984 * the ICMP message. 1985 */ 1986 if (oip->ip_p == IPPROTO_TCP && dlen >= 18) { 1987 1988 sum1 = ntohs(tcp->th_sum); 1989 fix_datacksum(&tcp->th_sum, sumd); 1990 sum2 = ntohs(tcp->th_sum); 1991 1992 /* 1993 * Fix ICMP checksum to compensate 1994 * UDP checksum adjustment. 1995 */ 1996 CALC_SUMD(sum1, sum2, sumd); 1997 sumd2 += sumd; 1998 } |
|
| 1931 } 1932 } 1933 if (sumd2) { 1934 sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); 1935 sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); 1936 if (nat->nat_dir == NAT_OUTBOUND) { 1937 fix_outcksum(fin, &icmp->icmp_cksum, sumd2); 1938 } else { --- 493 unchanged lines hidden (view full) --- 2432 tcp->th_sport = nat->nat_outport; 2433 fin->fin_data[0] = ntohs(tcp->th_sport); 2434 } 2435 2436 if (fin->fin_p == IPPROTO_TCP) { 2437 csump = &tcp->th_sum; 2438 MUTEX_ENTER(&nat->nat_lock); 2439 fr_tcp_age(&nat->nat_age, | 1999 } 2000 } 2001 if (sumd2) { 2002 sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); 2003 sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); 2004 if (nat->nat_dir == NAT_OUTBOUND) { 2005 fix_outcksum(fin, &icmp->icmp_cksum, sumd2); 2006 } else { --- 493 unchanged lines hidden (view full) --- 2500 tcp->th_sport = nat->nat_outport; 2501 fin->fin_data[0] = ntohs(tcp->th_sport); 2502 } 2503 2504 if (fin->fin_p == IPPROTO_TCP) { 2505 csump = &tcp->th_sum; 2506 MUTEX_ENTER(&nat->nat_lock); 2507 fr_tcp_age(&nat->nat_age, |
| 2440 nat->nat_tcpstate, fin, 1); | 2508 nat->nat_tcpstate, fin, 1, 0); |
| 2441 if (nat->nat_age < fr_defnaticmpage) 2442 nat->nat_age = fr_defnaticmpage; 2443#ifdef LARGE_NAT 2444 else if (nat->nat_age > fr_defnatage) 2445 nat->nat_age = fr_defnatage; 2446#endif 2447 /* 2448 * Increase this because we may have --- 191 unchanged lines hidden (view full) --- 2640 tcp->th_dport = nat->nat_inport; 2641 fin->fin_data[1] = ntohs(tcp->th_dport); 2642 } 2643 2644 if (fin->fin_p == IPPROTO_TCP) { 2645 csump = &tcp->th_sum; 2646 MUTEX_ENTER(&nat->nat_lock); 2647 fr_tcp_age(&nat->nat_age, | 2509 if (nat->nat_age < fr_defnaticmpage) 2510 nat->nat_age = fr_defnaticmpage; 2511#ifdef LARGE_NAT 2512 else if (nat->nat_age > fr_defnatage) 2513 nat->nat_age = fr_defnatage; 2514#endif 2515 /* 2516 * Increase this because we may have --- 191 unchanged lines hidden (view full) --- 2708 tcp->th_dport = nat->nat_inport; 2709 fin->fin_data[1] = ntohs(tcp->th_dport); 2710 } 2711 2712 if (fin->fin_p == IPPROTO_TCP) { 2713 csump = &tcp->th_sum; 2714 MUTEX_ENTER(&nat->nat_lock); 2715 fr_tcp_age(&nat->nat_age, |
| 2648 nat->nat_tcpstate, fin, 0); | 2716 nat->nat_tcpstate, fin, 0, 0); |
| 2649 if (nat->nat_age < fr_defnaticmpage) 2650 nat->nat_age = fr_defnaticmpage; 2651#ifdef LARGE_NAT 2652 else if (nat->nat_age > fr_defnatage) 2653 nat->nat_age = fr_defnatage; 2654#endif 2655 /* 2656 * Increase this because we may have --- 205 unchanged lines hidden --- | 2717 if (nat->nat_age < fr_defnaticmpage) 2718 nat->nat_age = fr_defnaticmpage; 2719#ifdef LARGE_NAT 2720 else if (nat->nat_age > fr_defnatage) 2721 nat->nat_age = fr_defnatage; 2722#endif 2723 /* 2724 * Increase this because we may have --- 205 unchanged lines hidden --- |