| alias.c (59726) | alias.c (61861) |
|---|---|
| 1/* -*- mode: c; tab-width: 8; c-basic-indent: 4; -*- */ 2/* 3 Alias.c provides supervisory control for the functions of the 4 packet aliasing software. It consists of routines to monitor 5 TCP connection state, protocol-specific aliasing routines, 6 fragment handling and the following outside world functional 7 interfaces: SaveFragmentPtr, GetFragmentPtr, FragmentAliasIn, 8 PacketAliasIn and PacketAliasOut. --- 62 unchanged lines hidden (view full) --- 71 - Rationalized API function names to begin 72 with "PacketAlias..." 73 - Eliminated PacketAliasIn2() and 74 PacketAliasOut2() as poorly conceived. 75 76 Version 2.3 Dec 1998 (dillon) 77 - Major bounds checking additions, see FreeBSD/CVS 78 | 1/* -*- mode: c; tab-width: 8; c-basic-indent: 4; -*- */ 2/* 3 Alias.c provides supervisory control for the functions of the 4 packet aliasing software. It consists of routines to monitor 5 TCP connection state, protocol-specific aliasing routines, 6 fragment handling and the following outside world functional 7 interfaces: SaveFragmentPtr, GetFragmentPtr, FragmentAliasIn, 8 PacketAliasIn and PacketAliasOut. --- 62 unchanged lines hidden (view full) --- 71 - Rationalized API function names to begin 72 with "PacketAlias..." 73 - Eliminated PacketAliasIn2() and 74 PacketAliasOut2() as poorly conceived. 75 76 Version 2.3 Dec 1998 (dillon) 77 - Major bounds checking additions, see FreeBSD/CVS 78 |
| 79 Version 3.1 May, 2000 (eds) 80 - Added hooks to handle PPTP. 81 |
|
| 79 See HISTORY file for additional revisions. 80 | 82 See HISTORY file for additional revisions. 83 |
| 81 $FreeBSD: head/sys/netinet/libalias/alias.c 59726 2000-04-28 13:44:49Z ru $ | 84 $FreeBSD: head/sys/netinet/libalias/alias.c 61861 2000-06-20 11:41:48Z ru $ |
| 82*/ 83 84#include <sys/types.h> 85 86#include <netinet/in_systm.h> 87#include <netinet/in.h> 88#include <netinet/ip.h> 89#include <netinet/ip_icmp.h> 90#include <netinet/tcp.h> 91#include <netinet/udp.h> 92 | 85*/ 86 87#include <sys/types.h> 88 89#include <netinet/in_systm.h> 90#include <netinet/in.h> 91#include <netinet/ip.h> 92#include <netinet/ip_icmp.h> 93#include <netinet/tcp.h> 94#include <netinet/udp.h> 95 |
| 93#ifndef IPPROTO_GRE 94#define IPPROTO_GRE 47 95#define IPPROTO_ESP 50 96#define IPPROTO_AH 51 97#endif 98 | |
| 99#include "alias_local.h" 100#include "alias.h" 101 102#define NETBIOS_NS_PORT_NUMBER 137 103#define NETBIOS_DGM_PORT_NUMBER 138 104#define FTP_CONTROL_PORT_NUMBER 21 105#define IRC_CONTROL_PORT_NUMBER_1 6667 106#define IRC_CONTROL_PORT_NUMBER_2 6668 107#define CUSEEME_PORT_NUMBER 7648 | 96#include "alias_local.h" 97#include "alias.h" 98 99#define NETBIOS_NS_PORT_NUMBER 137 100#define NETBIOS_DGM_PORT_NUMBER 138 101#define FTP_CONTROL_PORT_NUMBER 21 102#define IRC_CONTROL_PORT_NUMBER_1 6667 103#define IRC_CONTROL_PORT_NUMBER_2 6668 104#define CUSEEME_PORT_NUMBER 7648 |
| 105#define PPTP_CONTROL_PORT_NUMBER 1723 |
|
| 108 109 110 111 112/* TCP Handling Routines 113 114 TcpMonitorIn() -- These routines monitor TCP connections, and 115 TcpMonitorOut() delete a link when a connection is closed. --- 60 unchanged lines hidden (view full) --- 176 177/* Protocol Specific Packet Aliasing Routines 178 179 IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2(), IcmpAliasIn3() 180 IcmpAliasOut(), IcmpAliasOut1(), IcmpAliasOut2(), IcmpAliasOut3() 181 ProtoAliasIn(), ProtoAliasOut() 182 UdpAliasIn(), UdpAliasOut() 183 TcpAliasIn(), TcpAliasOut() | 106 107 108 109 110/* TCP Handling Routines 111 112 TcpMonitorIn() -- These routines monitor TCP connections, and 113 TcpMonitorOut() delete a link when a connection is closed. --- 60 unchanged lines hidden (view full) --- 174 175/* Protocol Specific Packet Aliasing Routines 176 177 IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2(), IcmpAliasIn3() 178 IcmpAliasOut(), IcmpAliasOut1(), IcmpAliasOut2(), IcmpAliasOut3() 179 ProtoAliasIn(), ProtoAliasOut() 180 UdpAliasIn(), UdpAliasOut() 181 TcpAliasIn(), TcpAliasOut() |
| 182 GreAliasIn() |
|
| 184 185These routines handle protocol specific details of packet aliasing. 186One may observe a certain amount of repetitive arithmetic in these 187functions, the purpose of which is to compute a revised checksum 188without actually summing over the entire data packet, which could be 189unnecessarily time consuming. 190 191The purpose of the packet aliasing routines is to replace the source --- 37 unchanged lines hidden (view full) --- 229static int ProtoAliasOut(struct ip *); 230 231static int UdpAliasOut(struct ip *); 232static int UdpAliasIn (struct ip *); 233 234static int TcpAliasOut(struct ip *, int); 235static int TcpAliasIn (struct ip *); 236 | 183 184These routines handle protocol specific details of packet aliasing. 185One may observe a certain amount of repetitive arithmetic in these 186functions, the purpose of which is to compute a revised checksum 187without actually summing over the entire data packet, which could be 188unnecessarily time consuming. 189 190The purpose of the packet aliasing routines is to replace the source --- 37 unchanged lines hidden (view full) --- 228static int ProtoAliasOut(struct ip *); 229 230static int UdpAliasOut(struct ip *); 231static int UdpAliasIn (struct ip *); 232 233static int TcpAliasOut(struct ip *, int); 234static int TcpAliasIn (struct ip *); 235 |
| 236static int GreAliasIn(struct ip *); |
|
| 237 | 237 |
| 238 |
|
| 238static int 239IcmpAliasIn1(struct ip *pip) 240{ 241/* 242 De-alias incoming echo and timestamp replies 243*/ 244 struct alias_link *link; 245 struct icmp *ic; --- 474 unchanged lines hidden (view full) --- 720 pip->ip_src = alias_address; 721 722 return(PKT_ALIAS_OK); 723 } 724 return(PKT_ALIAS_IGNORED); 725} 726 727 | 239static int 240IcmpAliasIn1(struct ip *pip) 241{ 242/* 243 De-alias incoming echo and timestamp replies 244*/ 245 struct alias_link *link; 246 struct icmp *ic; --- 474 unchanged lines hidden (view full) --- 721 pip->ip_src = alias_address; 722 723 return(PKT_ALIAS_OK); 724 } 725 return(PKT_ALIAS_IGNORED); 726} 727 728 |
| 729static int 730GreAliasIn(struct ip *pip) 731{ 732 u_short call_id; 733 struct alias_link *link; |
|
| 728 | 734 |
| 735/* Return if proxy-only mode is enabled. */ 736 if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) 737 return (PKT_ALIAS_OK); 738 739 if (PptpGetCallID(pip, &call_id)) { 740 if ((link = FindPptpIn(pip->ip_src, pip->ip_dst, call_id)) != NULL) { 741 struct in_addr alias_address; 742 struct in_addr original_address; 743 744 alias_address = GetAliasAddress(link); 745 original_address = GetOriginalAddress(link); 746 PptpSetCallID(pip, GetOriginalPort(link)); 747 748 /* Restore original IP address. */ 749 DifferentialChecksum(&pip->ip_sum, 750 (u_short *)&original_address, 751 (u_short *)&pip->ip_dst, 752 2); 753 pip->ip_dst = original_address; 754 755 return (PKT_ALIAS_OK); 756 } else 757 return (PKT_ALIAS_IGNORED); 758 } else 759 return ProtoAliasIn(pip); 760} 761 762 |
|
| 729static int 730UdpAliasIn(struct ip *pip) 731{ 732 struct udphdr *ud; 733 struct alias_link *link; 734 735/* Return if proxy-only mode is enabled */ 736 if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) --- 161 unchanged lines hidden (view full) --- 898 struct in_addr alias_address; 899 struct in_addr original_address; 900 struct in_addr proxy_address; 901 u_short alias_port; 902 u_short proxy_port; 903 int accumulate; 904 u_short *sptr; 905 | 763static int 764UdpAliasIn(struct ip *pip) 765{ 766 struct udphdr *ud; 767 struct alias_link *link; 768 769/* Return if proxy-only mode is enabled */ 770 if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) --- 161 unchanged lines hidden (view full) --- 932 struct in_addr alias_address; 933 struct in_addr original_address; 934 struct in_addr proxy_address; 935 u_short alias_port; 936 u_short proxy_port; 937 int accumulate; 938 u_short *sptr; 939 |
| 940/* Special processing for IP encoding protocols */ 941 if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER 942 || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) 943 AliasHandlePptpIn(pip, link); 944 |
|
| 906 alias_address = GetAliasAddress(link); 907 original_address = GetOriginalAddress(link); 908 proxy_address = GetProxyAddress(link); 909 alias_port = tc->th_dport; 910 tc->th_dport = GetOriginalPort(link); 911 proxy_port = GetProxyPort(link); 912 913/* Adjust TCP checksum since destination port is being unaliased */ --- 151 unchanged lines hidden (view full) --- 1065 1066/* Monitor TCP connection state */ 1067 TcpMonitorOut(pip, link); 1068 1069/* Special processing for IP encoding protocols */ 1070 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER 1071 || ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER) 1072 AliasHandleFtpOut(pip, link, maxpacketsize); | 945 alias_address = GetAliasAddress(link); 946 original_address = GetOriginalAddress(link); 947 proxy_address = GetProxyAddress(link); 948 alias_port = tc->th_dport; 949 tc->th_dport = GetOriginalPort(link); 950 proxy_port = GetProxyPort(link); 951 952/* Adjust TCP checksum since destination port is being unaliased */ --- 151 unchanged lines hidden (view full) --- 1104 1105/* Monitor TCP connection state */ 1106 TcpMonitorOut(pip, link); 1107 1108/* Special processing for IP encoding protocols */ 1109 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER 1110 || ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER) 1111 AliasHandleFtpOut(pip, link, maxpacketsize); |
| 1073 if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1 | 1112 else if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1 |
| 1074 || ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2) 1075 AliasHandleIrcOut(pip, link, maxpacketsize); | 1113 || ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2) 1114 AliasHandleIrcOut(pip, link, maxpacketsize); |
| 1115 else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER 1116 || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) 1117 AliasHandlePptpOut(pip, link); |
|
| 1076 1077/* Adjust TCP checksum since source port is being aliased */ 1078/* and source address is being altered */ 1079 accumulate = tc->th_sport; 1080 tc->th_sport = alias_port; 1081 accumulate -= tc->th_sport; 1082 1083 sptr = (u_short *) &(pip->ip_src); --- 212 unchanged lines hidden (view full) --- 1296 iresult = IcmpAliasIn(pip); 1297 break; 1298 case IPPROTO_UDP: 1299 iresult = UdpAliasIn(pip); 1300 break; 1301 case IPPROTO_TCP: 1302 iresult = TcpAliasIn(pip); 1303 break; | 1118 1119/* Adjust TCP checksum since source port is being aliased */ 1120/* and source address is being altered */ 1121 accumulate = tc->th_sport; 1122 tc->th_sport = alias_port; 1123 accumulate -= tc->th_sport; 1124 1125 sptr = (u_short *) &(pip->ip_src); --- 212 unchanged lines hidden (view full) --- 1338 iresult = IcmpAliasIn(pip); 1339 break; 1340 case IPPROTO_UDP: 1341 iresult = UdpAliasIn(pip); 1342 break; 1343 case IPPROTO_TCP: 1344 iresult = TcpAliasIn(pip); 1345 break; |
| 1346 case IPPROTO_GRE: 1347 iresult = GreAliasIn(pip); 1348 break; |
|
| 1304 default: 1305 iresult = ProtoAliasIn(pip); 1306 break; 1307 } 1308 1309 if (ntohs(pip->ip_off) & IP_MF) 1310 { 1311 struct alias_link *link; --- 111 unchanged lines hidden --- | 1349 default: 1350 iresult = ProtoAliasIn(pip); 1351 break; 1352 } 1353 1354 if (ntohs(pip->ip_off) & IP_MF) 1355 { 1356 struct alias_link *link; --- 111 unchanged lines hidden --- |