Lines Matching defs:in
68 #include <netinet/in.h>
190 /* | in, processed by ipf_nat_checkin() for x */
198 /* In the NAT table, internal source is recorded as "in" and externally */
279 /* A null-op function that exists as a placeholder so that the flow in */
609 /* Set the "lock status" of NAT to the value in tmp. */
628 /* loaded NAT rules. Updates the bitmask indicating which netmasks are in */
670 /* NAT rules. Updates the bitmask indicating which netmasks are in use by */
913 /* Adjusts the 16bit checksum by "n" for packets going in. */
954 /* Fix_datacksum is used *only* for the adjustments of checksums in the */
957 /* The only situation in which you need to do this is when NAT'ing an */
958 /* ICMP error message. Such a message, contains in its body the IP header */
961 /* You can't use fix_incksum or fix_outcksum in that case, because for the */
1540 /* Initialise all of the NAT address structures in a NAT rule. */
1692 /* The size of the entry is stored in the ng_sz field and the enture natget */
1737 * Make sure the pointer we're copying from exists in the
1833 * Make sure the pointer we're copying from exists in the
1936 ipnat_t *in;
1947 in = NULL;
1954 * New entry, copy in the rest of the NAT entry if it's size is more
2014 in = ipnn->ipn_nat.nat_ptr;
2015 if (in != NULL) {
2016 KMALLOCS(in, ipnat_t *, ipnn->ipn_ipnat.in_size);
2017 nat->nat_ptr = in;
2018 if (in == NULL) {
2023 bcopy((char *)&ipnn->ipn_ipnat, (char *)in,
2025 in->in_use = 1;
2026 in->in_flags |= IPN_DELETE;
2030 if (ipf_nat_resolverule(softc, in) != 0) {
2038 * Check that the NAT entry doesn't already exist in the kernel.
2131 if (in != NULL)
2132 aps->aps_apr = in->in_apr;
2247 if (in != NULL) {
2248 if (in->in_apr)
2249 ipf_proxy_deref(in->in_apr);
2250 KFREES(in, in->in_size);
2343 * garbage collected in ipf_nat_expire().
2358 * NL_DESTROY should only be passed in when we've got nat_ref >= 2.
2439 /* log record should be emitted in ipf_nat_delete() if NAT logging is */
2481 /* Delete all rules in the current list of rules. There is nothing elegant */
2600 /* ni.nai_ip is passed in uninitialised and must be set, in host byte order,*/
2612 struct in_addr in, inb;
2646 in.s_addr = htonl(np->in_snip);
2653 fin->fin_dst, in, 0);
2655 in.s_addr = hm->hm_nsrcip.s_addr;
2659 in.s_addr = ntohl(in.s_addr);
2674 * map the address block in a 1:1 fashion
2676 in.s_addr = np->in_nsrcaddr;
2677 in.s_addr |= fin->fin_saddr & ~np->in_osrcmsk;
2678 in.s_addr = ntohl(in.s_addr);
2690 in.s_addr = ntohl(fin->fin_saddr);
2691 in.s_addr &= ntohl(~np->in_osrcmsk);
2692 inb.s_addr = in.s_addr;
2693 in.s_addr /= np->in_ippip;
2694 in.s_addr &= ntohl(~np->in_nsrcmsk);
2695 in.s_addr += ntohl(np->in_nsrcaddr);
2723 in.s_addr = ntohl(in6.in4.s_addr);
2734 in.s_addr = ntohl(fin->fin_saddr);
2809 inb.s_addr = htonl(in.s_addr);
2835 nat->nat_nsrcaddr = htonl(in.s_addr);
2867 /* ni.nai_ip is passed in uninitialised and must be set, in host byte order,*/
2879 struct in_addr in, inb;
2889 in.s_addr = 0;
2906 * same rule kick in as before. Why would this happen? If you have
2914 in, (u_32_t)dport);
2916 in.s_addr = ntohl(hm->hm_ndstip.s_addr);
2931 in.s_addr = np->in_dnip;
2932 inb.s_addr = htonl(in.s_addr);
2938 in.s_addr = hm->hm_ndstip.s_addr;
2944 if (np->in_ndstaddr == htonl(in.s_addr)) {
2966 in.s_addr = ntohl(in6.in4.s_addr);
2972 in.s_addr = ntohl(fin->fin_daddr);
2977 * map the address block in a 1:1 fashion
2979 in.s_addr = np->in_ndstaddr;
2980 in.s_addr |= fin->fin_daddr & ~np->in_ndstmsk;
2981 in.s_addr = ntohl(in.s_addr);
2983 in.s_addr = ntohl(np->in_ndstaddr);
3010 if (in.s_addr == 0) {
3015 in.s_addr = ntohl(fin->fin_daddr);
3023 inb.s_addr = htonl(in.s_addr);
3038 inb.s_addr = htonl(in.s_addr);
3039 nat->nat_ndstaddr = htonl(in.s_addr);
3070 /* direction(I) - direction of packet (in/out) */
3074 /* in any way. */
3076 /* This function is in three main parts: (1) deal with creating a new NAT */
3082 /* as it can result in memory being corrupted. */
3128 * Try to automatically tune the max # of entries in the
3146 * (e.g. in the unlikely event that a host sends an echo and
3148 * their ip address/id field changed in the same way).
3152 * copies it back in its response). So, it closely matches
3328 * Compute the partial checksum, just in case.
3408 ipnat_t *in;
3464 in = nat->nat_ptr;
3474 } else if (in->in_ifnames[1] != -1) {
3477 name = in->in_names + in->in_ifnames[1];
3546 * The ordering of operations in the list and hash table insertion
3604 /* dir(I) - direction of packet (in/out) */
3652 * header claimed in the encapsulated part which is of concern. It
3653 * may be too big to be in this buffer but not so big that it's
3656 * do the pullup early in ipf_check() and thus can't gaurantee it is
3704 * message flows in the opposite direction.
3759 /* dir(I) - direction of packet (in/out) */
3824 * IP address change as it will be modified again in ipf_nat_checkout
3833 * Fix the IP addresses in the offending IP packet. You also need
3838 * IP address change in oip.
3844 * so no change in the icmp_cksum is necessary.
3863 * REWRITE in rule, SRC=a,DST=b -> SRC=c,DST=d
3885 * REWRITE in rule, SRC=a,DST=b -> SRC=c,DST=d
3933 * a change may be reflected in the ICMP checksum as well.
3937 * as well... except that the change in the port numbers should
3967 * TCP/UDP header, given the changes in both the IP
3977 * apply the delta in ports to the ICMP checksum.
4019 * in the ICMP id of the offending ICMP
4024 * in origicmp->icmp_cksum with a delta
4196 * So if we didn't find it but there are wildcard members in the hash
4311 /* original was placed in the table without hashing on the ports and we now */
4343 * Add into the NAT table in the new position
4519 * So if we didn't find it but there are wildcard members in the hash
4633 /* The contents of natlookup_t should imitate those found in a packet that */
4634 /* would be translated - ie a packet coming in for RDR or going out for MAP.*/
4635 /* We can do the lookup in one of two ways, imitating an inbound or */
4668 * - IPN_IN: we have the `real' and `out' address, look for `in'.
4669 * - default: we have the `in' and `out' address, look for `real'.
4714 /* loop inside ipf_nat_checkin() and lay it out properly in its own function. */
4838 /* in a match then a search for a matching NAT rule is made. Create a new */
4931 * If there is no current entry in the nat table for this IP#,
4984 * moved in the list since we got it, start over as
5094 * is no call to modify whatever is in the header now.
5150 * we are using the address in the packet for determining the
5337 /* in a match then a search for a matching NAT rule is made. Create a new */
5352 struct in_addr in;
5406 in = fin->fin_dst;
5417 fin->fin_src, in))) {
5423 * If there is no current entry in the nat table for this IP#,
5428 iph = in.s_addr & msk;
5455 if ((in.s_addr & np->in_odstmsk) !=
5478 * moved in the list since we got it, start over as
5559 /* Translate a packet coming "in" on an interface. */
5792 /* that is not strictly 'address' translation, such as clamping the MSS in */
5941 i6addr_t in;
6025 &in, NULL) != -1) {
6027 nat->nat_nsrcip = in.in4;
6103 * as it is defined in the IPv4 specification
6210 /* pointer to this rule (*inp) is no longer interested in it and when the */
6381 * TCP has special needs in terms of state, initialise the timeout
6418 * We simply combine the packet's direction in dir with the original
6419 * "intended" direction of that NAT entry in nat->nat_dir to decide
6469 /* then the TCP header checksum will be updated to reflect the change in */
6534 /* Put the NAT entry on its default queue entry, using rev as a helped in */
6592 /* in the list to look at is put back in the ipftoken struture. */
6739 /* starting at > 4 days idle and working back in successive half-*/
6741 /* slots then work backwards in half hour slots to 30 minutes. */
6742 /* If that too fails, then work backwards in 30 second intervals */
6777 * Since we're only interested in things that are closing,
6870 * each time. The order tried in must be in decreasing age.
6901 /* we translate that to mean it always succeeds in deleting something. */
6972 /* by nat_me) is no longer interested in it. */
7011 /* time. The loop in here works differently to elsewhere - each iteration */
7173 * lookup of the packet is if it were moving in the opposite
7327 /* fill in the final details. At present a 0 checksum for UDP is being set */
7390 /* This function is responsible for undoing a packet's encapsulation in the */
7414 * to do is change the ICMP reply from including (in the data
7460 * The aim here is to keep the original packet details in "fin" for
7502 /* This function uses the contents of the "na" structure, in combination */
7503 /* with "old" to produce a new address to store in "dst". Not all of the */
7504 /* possible uses of "na" will result in a new address. */
7605 /* This function is expected to be called in two scenarious: when a new NAT */
7610 /* are updating information. This difference is important because in */
8143 * in the new NAT table, somewhere. Because we have a new table,
8144 * we need to restart the counter of how many chains are in use.
8238 * All inbound rules have the NAT_REDIRECT bit set in in_redir and
8303 /* all of the active IP# translations currently in place. */
8374 /* decide that the create was actually in error. It is thus assumed that */
8433 /* various non-zero returns, they're strictly to aid in debugging. Use of */