Lines Matching defs:nat
130 /* nat */
470 "nat ipftq udp tab");
474 "nat ipftq udpack tab");
478 "nat icmp ipftq tab");
482 "nat icmpack ipftq tab");
486 "nat ip ipftq tab");
489 IPFTQ_INIT(&softn->ipf_nat_pending, 1, "nat pending ipftq tab");
508 MUTEX_INIT(&softn->ipf_nat_new, "ipf nat new mutex");
509 MUTEX_INIT(&softn->ipf_nat_io, "ipf nat io mutex");
1009 ipnat_t *nat, *nt, *n;
1036 nat = NULL;
1042 nat = &natd;
1066 nat = nt;
1073 nat->in_flags &= IPN_USERFLAGS;
1074 if ((nat->in_redir & NAT_MAPBLK) == 0) {
1075 if (nat->in_osrcatype == FRI_NORMAL ||
1076 nat->in_osrcatype == FRI_NONE)
1077 nat->in_osrcaddr &= nat->in_osrcmsk;
1078 if (nat->in_odstatype == FRI_NORMAL ||
1079 nat->in_odstatype == FRI_NONE)
1080 nat->in_odstaddr &= nat->in_odstmsk;
1081 if ((nat->in_flags & (IPN_SPLIT|IPN_SIPRANGE)) == 0) {
1082 if (nat->in_nsrcatype == FRI_NORMAL)
1083 nat->in_nsrcaddr &= nat->in_nsrcmsk;
1084 if (nat->in_ndstatype == FRI_NORMAL)
1085 nat->in_ndstaddr &= nat->in_ndstmsk;
1089 error = ipf_nat_rule_init(softc, softn, nat);
1095 if (ipf_nat_cmp_rules(nat, n) == 0)
1167 if (nat != nt)
1168 bcopy((char *)nat, (char *)nt, sizeof(*n));
1172 nat = NULL;
1413 if (nat != NULL)
1414 ipf_nat_rule_fini(softc, nat);
1691 /* Return the size of the nat list entry to be copied back to user space. */
1703 nat_t *nat, *n;
1717 nat = ng.ng_ptr;
1718 if (!nat) {
1719 nat = softn->ipf_nat_instances;
1724 if (nat == NULL) {
1742 if (n == nat)
1757 aps = nat->nat_aps;
1799 nat_t *n, *nat;
1821 nat = ipns.ipn_next;
1822 if (nat == NULL) {
1823 nat = softn->ipf_nat_instances;
1824 if (nat == NULL) {
1838 if (n == nat)
1846 ipn->ipn_next = nat->nat_next;
1851 bcopy((char *)nat, &ipn->ipn_nat, sizeof(*nat));
1856 if (nat->nat_ptr != NULL)
1857 bcopy((char *)nat->nat_ptr, (char *)&ipn->ipn_ipnat,
1864 if (nat->nat_fr != NULL)
1865 bcopy((char *)nat->nat_fr, (char *)&ipn->ipn_fr,
1873 aps = nat->nat_aps;
1933 nat_t *n, *nat;
1949 nat = NULL;
1979 KMALLOC(nat, nat_t *);
1980 if (nat == NULL) {
1986 bcopy((char *)&ipnn->ipn_nat, (char *)nat, sizeof(*nat));
1988 switch (nat->nat_v[0])
2005 bzero((char *)nat, offsetof(struct nat, nat_tqe));
2006 nat->nat_tqe.tqe_pnext = NULL;
2007 nat->nat_tqe.tqe_next = NULL;
2008 nat->nat_tqe.tqe_ifq = NULL;
2009 nat->nat_tqe.tqe_parent = nat;
2012 * Restore the rule associated with this nat session
2017 nat->nat_ptr = in;
2046 fin.fin_v = nat->nat_v[0];
2047 fin.fin_p = nat->nat_pr[0];
2048 fin.fin_rev = nat->nat_rev;
2049 fin.fin_ifp = nat->nat_ifps[0];
2050 fin.fin_data[0] = ntohs(nat->nat_ndport);
2051 fin.fin_data[1] = ntohs(nat->nat_nsport);
2053 switch (nat->nat_dir)
2061 fin.fin_v = nat->nat_v[1];
2062 if (nat->nat_v[1] == 4) {
2063 n = ipf_nat_inlookup(&fin, nat->nat_flags, fin.fin_p,
2064 nat->nat_ndstip, nat->nat_nsrcip);
2066 } else if (nat->nat_v[1] == 6) {
2067 n = ipf_nat6_inlookup(&fin, nat->nat_flags, fin.fin_p,
2068 &nat->nat_ndst6.in6,
2069 &nat->nat_nsrc6.in6);
2090 n = ipf_nat_outlookup(&fin, nat->nat_flags, fin.fin_p,
2091 nat->nat_ndstip,
2092 nat->nat_nsrcip);
2095 n = ipf_nat6_outlookup(&fin, nat->nat_flags, fin.fin_p,
2096 &nat->nat_ndst6.in6,
2097 &nat->nat_nsrc6.in6);
2121 aps = nat->nat_aps;
2124 nat->nat_aps = aps;
2159 fr = nat->nat_fr;
2161 if ((nat->nat_flags & SI_NEWFR) != 0) {
2163 nat->nat_fr = fr;
2180 MUTEX_INIT(&fr->fr_lock, "nat-filter rule lock");
2216 error = ipf_nat_finalise(&fin, nat);
2219 error = ipf_nat6_finalise(&fin, nat);
2240 if (nat != NULL) {
2252 KFREE(nat);
2262 /* nat(I) - pointer to NAT structure to delete */
2266 /* Delete a nat entry from the various lists and table. If NAT logging is */
2270 ipf_nat_delete(softc, nat, logtype)
2272 struct nat *nat;
2281 ipf_nat_log(softc, softn, nat, logtype);
2287 if (nat->nat_pnext != NULL) {
2290 bkt = nat->nat_hv[0] % softn->ipf_nat_table_sz;
2298 bkt = nat->nat_hv[1] % softn->ipf_nat_table_sz;
2306 *nat->nat_pnext = nat->nat_next;
2307 if (nat->nat_next != NULL) {
2308 nat->nat_next->nat_pnext = nat->nat_pnext;
2309 nat->nat_next = NULL;
2311 nat->nat_pnext = NULL;
2313 *nat->nat_phnext[0] = nat->nat_hnext[0];
2314 if (nat->nat_hnext[0] != NULL) {
2315 nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0];
2316 nat->nat_hnext[0] = NULL;
2318 nat->nat_phnext[0] = NULL;
2320 *nat->nat_phnext[1] = nat->nat_hnext[1];
2321 if (nat->nat_hnext[1] != NULL) {
2322 nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1];
2323 nat->nat_hnext[1] = NULL;
2325 nat->nat_phnext[1] = NULL;
2327 if ((nat->nat_flags & SI_WILDP) != 0) {
2333 if (nat->nat_me != NULL) {
2334 *nat->nat_me = NULL;
2335 nat->nat_me = NULL;
2336 nat->nat_ref--;
2337 ASSERT(nat->nat_ref >= 0);
2340 if (nat->nat_tqe.tqe_ifq != NULL) {
2345 (void) ipf_deletequeueentry(&nat->nat_tqe);
2348 if (nat->nat_sync) {
2349 ipf_sync_del_nat(softc->ipf_sync_soft, nat->nat_sync);
2350 nat->nat_sync = NULL;
2356 MUTEX_ENTER(&nat->nat_lock);
2359 * This happens when a nat'd packet is blocked and we want to throw
2363 if (nat->nat_ref > 2) {
2364 nat->nat_ref -= 2;
2365 MUTEX_EXIT(&nat->nat_lock);
2370 } else if (nat->nat_ref > 1) {
2371 nat->nat_ref--;
2372 MUTEX_EXIT(&nat->nat_lock);
2377 ASSERT(nat->nat_ref >= 0);
2378 MUTEX_EXIT(&nat->nat_lock);
2380 nat->nat_ref = 0;
2388 softn->ipf_nat_stats.ns_proto[nat->nat_pr[0]]--;
2390 if (nat->nat_fr != NULL) {
2391 (void) ipf_derefrule(softc, &nat->nat_fr);
2394 if (nat->nat_hm != NULL) {
2395 ipf_nat_hostmapdel(softc, &nat->nat_hm);
2399 * If there is an active reference from the nat entry to its parent
2403 ipn = nat->nat_ptr;
2404 nat->nat_ptr = NULL;
2411 if (nat->nat_aps != NULL) {
2412 ipf_proxy_free(softc, nat->nat_aps);
2413 nat->nat_aps = NULL;
2416 MUTEX_DESTROY(&nat->nat_lock);
2421 * If there's a fragment table entry too for this nat entry, then
2425 ipf_frag_natforget(softc, (void *)nat);
2427 KFREE(nat);
2450 nat_t *nat;
2466 while ((nat = softn->ipf_nat_instances) != NULL) {
2467 ipf_nat_delete(softc, nat, NL_FLUSH);
2547 nat_t *nat;
2549 for (next = softn->ipf_nat_instances; (nat = next) != NULL;) {
2550 next = nat->nat_next;
2551 if (nat->nat_ptr == np)
2552 ipf_nat_delete(softc, nat, NL_PURGE);
2594 /* nat(I) - pointer to NAT entry */
2604 ipf_nat_newmap(fin, nat, ni)
2606 nat_t *nat;
2629 flags = nat->nat_flags;
2661 nat->nat_hm = hm;
2666 DT4(ns_exhausted_1, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
2684 DT4(ns_exhausted_2, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
2720 DT4(ns_new_ifpaddr_1, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
2731 DT4(ns_exhausted_3, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
2827 DT4(ns_wrap, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
2834 nat->nat_osrcip = fin->fin_src;
2835 nat->nat_nsrcaddr = htonl(in.s_addr);
2836 nat->nat_odstip = fin->fin_dst;
2837 nat->nat_ndstip = fin->fin_dst;
2838 if (nat->nat_hm == NULL)
2839 nat->nat_hm = ipf_nat_hostmap(softn, np, fin->fin_src,
2840 fin->fin_dst, nat->nat_nsrcip,
2844 nat->nat_osport = sport;
2845 nat->nat_nsport = port; /* sport */
2846 nat->nat_odport = dport;
2847 nat->nat_ndport = dport;
2850 nat->nat_oicmpid = fin->fin_data[1];
2852 nat->nat_nicmpid = port;
2863 /* nat(I) - pointer to NAT entry */
2871 ipf_nat_newrdr(fin, nat, ni)
2873 nat_t *nat;
2891 flags = nat->nat_flags;
2963 DT3(ns_new_ifpaddr_2, fr_info_t *, fin, nat_t *, nat, natinfo_t, ni);
3039 nat->nat_ndstaddr = htonl(in.s_addr);
3040 nat->nat_odstip = fin->fin_dst;
3041 nat->nat_nsrcip = fin->fin_src;
3042 nat->nat_osrcip = fin->fin_src;
3043 if ((nat->nat_hm == NULL) && ((np->in_flags & IPN_STICKY) != 0))
3044 nat->nat_hm = ipf_nat_hostmap(softn, np, fin->fin_src,
3048 nat->nat_odport = dport;
3049 nat->nat_ndport = nport;
3050 nat->nat_osport = sport;
3051 nat->nat_nsport = sport;
3054 nat->nat_oicmpid = fin->fin_data[1];
3056 nat->nat_nicmpid = nport;
3095 nat_t *nat, *natl;
3122 /* Give me a new nat */
3123 KMALLOC(nat, nat_t *);
3124 if (nat == NULL) {
3160 bzero((char *)nat, sizeof(*nat));
3161 nat->nat_flags = flags;
3162 nat->nat_redir = np->in_redir;
3163 nat->nat_dir = direction;
3164 nat->nat_pr[0] = fin->fin_p;
3165 nat->nat_pr[1] = fin->fin_p;
3172 move = ipf_nat_newdivert(fin, nat, &ni);
3175 move = ipf_nat_newrewrite(fin, nat, &ni);
3186 KFREE(nat);
3187 nat = natl;
3191 move = ipf_nat_newmap(fin, nat, &ni);
3199 KFREE(nat);
3200 nat = natl;
3204 move = ipf_nat_newrdr(fin, nat, &ni);
3211 nat->nat_mssclamp = np->in_mssclamp;
3212 nat->nat_me = natsave;
3213 nat->nat_fr = fin->fin_fr;
3214 nat->nat_rev = fin->fin_rev;
3215 nat->nat_ptr = np;
3216 nat->nat_dlocal = np->in_dlocal;
3218 if ((np->in_apr != NULL) && ((nat->nat_flags & NAT_SLAVE) == 0)) {
3219 if (ipf_proxy_new(fin, nat) == -1) {
3221 DT3(ns_appr_fail, fr_info_t *, fin, nat_t *, nat, ipnat_t *, np);
3226 nat->nat_ifps[0] = np->in_ifps[0];
3228 COPYIFNAME(np->in_v[0], np->in_ifps[0], nat->nat_ifnames[0]);
3231 nat->nat_ifps[1] = np->in_ifps[1];
3233 COPYIFNAME(np->in_v[1], np->in_ifps[1], nat->nat_ifnames[1]);
3236 if (ipf_nat_finalise(fin, nat) == -1) {
3254 nsp->ns_proto[nat->nat_pr[0]]++;
3258 DT3(ns_badnatnew, fr_info_t *, fin, nat_t *, nat, ipnat_t *, np);
3260 if ((hm = nat->nat_hm) != NULL)
3262 KFREE(nat);
3263 nat = NULL;
3265 if (nat != NULL && np != NULL)
3268 *natsave = nat;
3269 return nat;
3277 /* nat(I) - pointer to NAT entry */
3285 ipf_nat_finalise(fin, nat)
3287 nat_t *nat;
3298 flags = nat->nat_flags;
3300 switch (nat->nat_pr[0])
3303 sum1 = LONG_SUM(ntohs(nat->nat_oicmpid));
3304 sum2 = LONG_SUM(ntohs(nat->nat_nicmpid));
3306 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
3311 sum1 = LONG_SUM(ntohl(nat->nat_osrcaddr) + \
3312 ntohs(nat->nat_osport));
3313 sum2 = LONG_SUM(ntohl(nat->nat_nsrcaddr) + \
3314 ntohs(nat->nat_nsport));
3316 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
3318 sum1 = LONG_SUM(ntohl(nat->nat_odstaddr) + \
3319 ntohs(nat->nat_odport));
3320 sum2 = LONG_SUM(ntohl(nat->nat_ndstaddr) + \
3321 ntohs(nat->nat_ndport));
3323 nat->nat_sumd[0] += (sumd & 0xffff) + (sumd >> 16);
3332 if (nat->nat_dir == NAT_OUTBOUND) {
3333 sum1 = LONG_SUM(ntohl(nat->nat_nsrcaddr));
3334 sum1 += LONG_SUM(ntohl(nat->nat_ndstaddr));
3336 sum1 = LONG_SUM(ntohl(nat->nat_osrcaddr));
3337 sum1 += LONG_SUM(ntohl(nat->nat_odstaddr));
3339 sum1 += nat->nat_pr[1];
3340 nat->nat_sumd[1] = (sum1 & 0xffff) + (sum1 >> 16);
3342 sum1 = LONG_SUM(ntohl(nat->nat_osrcaddr));
3343 sum2 = LONG_SUM(ntohl(nat->nat_nsrcaddr));
3345 nat->nat_ipsumd = (sumd & 0xffff) + (sumd >> 16);
3347 sum1 = LONG_SUM(ntohl(nat->nat_odstaddr));
3348 sum2 = LONG_SUM(ntohl(nat->nat_ndstaddr));
3350 nat->nat_ipsumd += (sumd & 0xffff) + (sumd >> 16);
3352 nat->nat_v[0] = 4;
3353 nat->nat_v[1] = 4;
3355 if ((nat->nat_ifps[0] != NULL) && (nat->nat_ifps[0] != (void *)-1)) {
3356 nat->nat_mtu[0] = GETIFMTU_4(nat->nat_ifps[0]);
3359 if ((nat->nat_ifps[1] != NULL) && (nat->nat_ifps[1] != (void *)-1)) {
3360 nat->nat_mtu[1] = GETIFMTU_4(nat->nat_ifps[1]);
3363 if ((nat->nat_flags & SI_CLONE) == 0)
3364 nat->nat_sync = ipf_sync_new(softc, SMC_NAT, fin, nat);
3366 if (ipf_nat_insert(softc, softn, nat) == 0) {
3368 ipf_nat_log(softc, softn, nat, NL_NEW);
3369 fr = nat->nat_fr;
3379 DT2(ns_unfinalised, fr_info_t *, fin, nat_t *, nat);
3383 if (nat->nat_sync != NULL)
3384 ipf_sync_del_nat(softc->ipf_sync_soft, nat->nat_sync);
3394 /* nat(I) - pointer to NAT structure */
3401 ipf_nat_insert(softc, softn, nat)
3404 nat_t *nat;
3415 if ((nat->nat_flags & (SI_W_SPORT|SI_W_DPORT)) == 0) {
3416 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
3417 sp = nat->nat_osport;
3418 dp = nat->nat_odport;
3419 } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) {
3421 dp = nat->nat_oicmpid;
3426 hv0 = NAT_HASH_FN(nat->nat_osrcaddr, sp, 0xffffffff);
3427 hv0 = NAT_HASH_FN(nat->nat_odstaddr, hv0 + dp, 0xffffffff);
3433 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
3434 sp = nat->nat_nsport;
3435 dp = nat->nat_ndport;
3436 } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) {
3438 dp = nat->nat_nicmpid;
3443 hv1 = NAT_HASH_FN(nat->nat_nsrcaddr, sp, 0xffffffff);
3444 hv1 = NAT_HASH_FN(nat->nat_ndstaddr, hv1 + dp, 0xffffffff);
3450 hv0 = NAT_HASH_FN(nat->nat_osrcaddr, 0, 0xffffffff);
3451 hv0 = NAT_HASH_FN(nat->nat_odstaddr, hv0, 0xffffffff);
3454 hv1 = NAT_HASH_FN(nat->nat_nsrcaddr, 0, 0xffffffff);
3455 hv1 = NAT_HASH_FN(nat->nat_ndstaddr, hv1, 0xffffffff);
3459 nat->nat_hv[0] = hv0;
3460 nat->nat_hv[1] = hv1;
3462 MUTEX_INIT(&nat->nat_lock, "nat entry lock");
3464 in = nat->nat_ptr;
3465 nat->nat_ref = nat->nat_me ? 2 : 1;
3467 nat->nat_ifnames[0][LIFNAMSIZ - 1] = '\0';
3468 nat->nat_ifps[0] = ipf_resolvenic(softc, nat->nat_ifnames[0], 4);
3470 if (nat->nat_ifnames[1][0] != '\0') {
3471 nat->nat_ifnames[1][LIFNAMSIZ - 1] = '\0';
3472 nat->nat_ifps[1] = ipf_resolvenic(softc,
3473 nat->nat_ifnames[1], 4);
3479 (void) strncpy(nat->nat_ifnames[1],
3480 nat->nat_ifnames[0], LIFNAMSIZ);
3481 nat->nat_ifnames[1][LIFNAMSIZ - 1] = '\0';
3482 nat->nat_ifps[1] = nat->nat_ifps[0];
3485 if ((nat->nat_ifps[0] != NULL) && (nat->nat_ifps[0] != (void *)-1)) {
3486 nat->nat_mtu[0] = GETIFMTU_4(nat->nat_ifps[0]);
3488 if ((nat->nat_ifps[1] != NULL) && (nat->nat_ifps[1] != (void *)-1)) {
3489 nat->nat_mtu[1] = GETIFMTU_4(nat->nat_ifps[1]);
3492 ret = ipf_nat_hashtab_add(softc, softn, nat);
3494 MUTEX_DESTROY(&nat->nat_lock);
3504 /* nat(I) - pointer to NAT structure */
3509 ipf_nat_hashtab_add(softc, softn, nat)
3512 nat_t *nat;
3518 hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz;
3519 hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz;
3521 if (nat->nat_dir == NAT_INBOUND || nat->nat_dir == NAT_DIVERTIN) {
3554 nat->nat_next = softn->ipf_nat_instances;
3555 nat->nat_pnext = &softn->ipf_nat_instances;
3557 softn->ipf_nat_instances->nat_pnext = &nat->nat_next;
3558 softn->ipf_nat_instances = nat;
3564 nat->nat_phnext[0] = natp;
3565 nat->nat_hnext[0] = *natp;
3567 (*natp)->nat_phnext[0] = &nat->nat_hnext[0];
3571 *natp = nat;
3578 nat->nat_phnext[1] = natp;
3579 nat->nat_hnext[1] = *natp;
3581 (*natp)->nat_phnext[1] = &nat->nat_hnext[1];
3585 *natp = nat;
3588 ipf_nat_setqueue(softc, softn, nat);
3590 if (nat->nat_dir & NAT_OUTBOUND) {
3607 /* ICMP query nat entry. It is assumed that the packet is already of the */
3622 nat_t *nat;
3707 nat = ipf_nat_inlookup(fin, flags, p,
3711 nat = ipf_nat_outlookup(fin, flags, p,
3716 return nat;
3735 nat = ipf_nat_inlookup(fin, flags, p, oip->ip_dst,
3738 nat = ipf_nat_outlookup(fin, flags, p, oip->ip_dst,
3743 return nat;
3746 nat = ipf_nat_inlookup(fin, 0, p, oip->ip_dst, oip->ip_src);
3748 nat = ipf_nat_outlookup(fin, 0, p, oip->ip_dst, oip->ip_src);
3750 return nat;
3781 nat_t *nat;
3793 if ((fin->fin_v != 4) || !(nat = ipf_nat_icmperrorlookup(fin, dir))) {
3891 if (((fin->fin_out == 0) && ((nat->nat_redir & NAT_MAP) != 0)) ||
3892 ((fin->fin_out == 1) && ((nat->nat_redir & NAT_REDIRECT) != 0))) {
3893 a1.s_addr = ntohl(nat->nat_osrcaddr);
3895 a3.s_addr = ntohl(nat->nat_odstaddr);
3901 a1.s_addr = ntohl(nat->nat_ndstaddr);
3903 a3.s_addr = ntohl(nat->nat_nsrcaddr);
3943 sum1 = ntohs(nat->nat_osport);
3945 sum3 = ntohs(nat->nat_odport);
3951 sum1 = ntohs(nat->nat_ndport);
3953 sum3 = ntohs(nat->nat_nsport);
4014 if (orgicmp->icmp_id != nat->nat_osport) {
4029 sum2 = ntohs(nat->nat_oicmpid);
4031 orgicmp->icmp_id = nat->nat_oicmpid;
4036 return nat;
4062 /* Lookup a nat entry based on the mapped destination ip address/port and */
4086 nat_t *nat;
4121 nat = softn->ipf_nat_table[1][hv];
4122 /* TRACE dst, dport, src, sport, hv, nat */
4124 for (; nat; nat = nat->nat_hnext[1]) {
4125 if (nat->nat_ifps[0] != NULL) {
4126 if ((ifp != NULL) && (ifp != nat->nat_ifps[0]))
4130 if (nat->nat_pr[0] != p)
4133 switch (nat->nat_dir)
4137 if (nat->nat_v[0] != 4)
4139 if (nat->nat_osrcaddr != src.s_addr ||
4140 nat->nat_odstaddr != dst)
4142 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4143 if (nat->nat_osport != sport)
4145 if (nat->nat_odport != dport)
4149 if (nat->nat_osport != dport) {
4155 if (nat->nat_dlocal)
4158 if (nat->nat_v[1] != 4)
4160 if (nat->nat_dlocal)
4162 if (nat->nat_dlocal)
4164 if (nat->nat_ndstaddr != src.s_addr ||
4165 nat->nat_nsrcaddr != dst)
4167 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4168 if (nat->nat_ndport != sport)
4170 if (nat->nat_nsport != dport)
4174 if (nat->nat_osport != dport) {
4182 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4183 ipn = nat->nat_ptr;
4184 if ((ipn != NULL) && (nat->nat_aps != NULL))
4185 if (ipf_proxy_match(fin, nat) != 0)
4188 if ((nat->nat_ifps[0] == NULL) && (ifp != NULL)) {
4189 nat->nat_ifps[0] = ifp;
4190 nat->nat_mtu[0] = GETIFMTU_4(ifp);
4192 return nat;
4218 nat = softn->ipf_nat_table[1][hv];
4219 /* TRACE dst, src, hv, nat */
4220 for (; nat; nat = nat->nat_hnext[1]) {
4221 if (nat->nat_ifps[0] != NULL) {
4222 if ((ifp != NULL) && (ifp != nat->nat_ifps[0]))
4226 if (nat->nat_pr[0] != fin->fin_p)
4229 switch (nat->nat_dir & (NAT_INBOUND|NAT_OUTBOUND))
4232 if (nat->nat_v[0] != 4)
4234 if (nat->nat_osrcaddr != src.s_addr ||
4235 nat->nat_odstaddr != dst)
4239 if (nat->nat_v[1] != 4)
4241 if (nat->nat_ndstaddr != src.s_addr ||
4242 nat->nat_nsrcaddr != dst)
4247 nflags = nat->nat_flags;
4251 if (ipf_nat_wildok(nat, (int)sport, (int)dport, nflags,
4256 nat = ipf_nat_clone(fin, nat);
4257 if (nat == NULL)
4265 if (nat->nat_dir == NAT_INBOUND) {
4266 if (nat->nat_osport == 0) {
4267 nat->nat_osport = sport;
4268 nat->nat_nsport = sport;
4270 if (nat->nat_odport == 0) {
4271 nat->nat_odport = dport;
4272 nat->nat_ndport = dport;
4274 } else if (nat->nat_dir == NAT_OUTBOUND) {
4275 if (nat->nat_osport == 0) {
4276 nat->nat_osport = dport;
4277 nat->nat_nsport = dport;
4279 if (nat->nat_odport == 0) {
4280 nat->nat_odport = sport;
4281 nat->nat_ndport = sport;
4284 if ((nat->nat_ifps[0] == NULL) && (ifp != NULL)) {
4285 nat->nat_ifps[0] = ifp;
4286 nat->nat_mtu[0] = GETIFMTU_4(ifp);
4288 nat->nat_flags &= ~(SI_W_DPORT|SI_W_SPORT);
4289 ipf_nat_tabmove(softn, nat);
4296 if (nat == NULL) {
4299 return nat;
4307 /* nat(I) - pointer to NAT structure */
4315 ipf_nat_tabmove(softn, nat)
4317 nat_t *nat;
4323 if (nat->nat_flags & SI_CLONE)
4330 if (nat->nat_hnext[0])
4331 nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0];
4332 *nat->nat_phnext[0] = nat->nat_hnext[0];
4333 nsp->ns_side[0].ns_bucketlen[nat->nat_hv[0] %
4336 if (nat->nat_hnext[1])
4337 nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1];
4338 *nat->nat_phnext[1] = nat->nat_hnext[1];
4339 nsp->ns_side[1].ns_bucketlen[nat->nat_hv[1] %
4345 rhv0 = NAT_HASH_FN(nat->nat_osrcaddr, nat->nat_osport, 0xffffffff);
4346 rhv0 = NAT_HASH_FN(nat->nat_odstaddr, rhv0 + nat->nat_odport,
4348 rhv1 = NAT_HASH_FN(nat->nat_nsrcaddr, nat->nat_nsport, 0xffffffff);
4349 rhv1 = NAT_HASH_FN(nat->nat_ndstaddr, rhv1 + nat->nat_ndport,
4355 if (nat->nat_dir == NAT_INBOUND || nat->nat_dir == NAT_DIVERTIN) {
4366 nat->nat_hv[0] = rhv0;
4369 (*natp)->nat_phnext[0] = &nat->nat_hnext[0];
4370 nat->nat_phnext[0] = natp;
4371 nat->nat_hnext[0] = *natp;
4372 *natp = nat;
4375 nat->nat_hv[1] = rhv1;
4378 (*natp)->nat_phnext[1] = &nat->nat_hnext[1];
4379 nat->nat_phnext[1] = natp;
4380 nat->nat_hnext[1] = *natp;
4381 *natp = nat;
4397 /* Lookup a nat entry based on the source 'real' ip address/port and */
4420 nat_t *nat;
4449 nat = softn->ipf_nat_table[0][hv];
4451 /* TRACE src, sport, dst, dport, hv, nat */
4453 for (; nat; nat = nat->nat_hnext[0]) {
4454 if (nat->nat_ifps[1] != NULL) {
4455 if ((ifp != NULL) && (ifp != nat->nat_ifps[1]))
4459 if (nat->nat_pr[1] != p)
4462 switch (nat->nat_dir)
4466 if (nat->nat_v[1] != 4)
4468 if (nat->nat_ndstaddr != src.s_addr ||
4469 nat->nat_nsrcaddr != dst.s_addr)
4472 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4473 if (nat->nat_ndport != sport)
4475 if (nat->nat_nsport != dport)
4479 if (nat->nat_osport != dport) {
4486 if (nat->nat_v[0] != 4)
4488 if (nat->nat_osrcaddr != src.s_addr ||
4489 nat->nat_odstaddr != dst.s_addr)
4492 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4493 if (nat->nat_odport != dport)
4495 if (nat->nat_osport != sport)
4499 if (nat->nat_osport != dport) {
4506 ipn = nat->nat_ptr;
4507 if ((ipn != NULL) && (nat->nat_aps != NULL))
4508 if (ipf_proxy_match(fin, nat) != 0)
4511 if ((nat->nat_ifps[1] == NULL) && (ifp != NULL)) {
4512 nat->nat_ifps[1] = ifp;
4513 nat->nat_mtu[1] = GETIFMTU_4(ifp);
4515 return nat;
4542 nat = softn->ipf_nat_table[0][hv];
4543 for (; nat; nat = nat->nat_hnext[0]) {
4544 if (nat->nat_ifps[1] != NULL) {
4545 if ((ifp != NULL) && (ifp != nat->nat_ifps[1]))
4549 if (nat->nat_pr[1] != fin->fin_p)
4552 switch (nat->nat_dir & (NAT_INBOUND|NAT_OUTBOUND))
4555 if (nat->nat_v[1] != 4)
4557 if (nat->nat_ndstaddr != src.s_addr ||
4558 nat->nat_nsrcaddr != dst.s_addr)
4562 if (nat->nat_v[0] != 4)
4564 if (nat->nat_osrcaddr != src.s_addr ||
4565 nat->nat_odstaddr != dst.s_addr)
4570 if (!(nat->nat_flags & (NAT_TCPUDP|SI_WILDP)))
4573 if (ipf_nat_wildok(nat, (int)sport, (int)dport, nat->nat_flags,
4577 if ((nat->nat_flags & SI_CLONE) != 0) {
4578 nat = ipf_nat_clone(fin, nat);
4579 if (nat == NULL)
4587 if (nat->nat_dir == NAT_OUTBOUND) {
4588 if (nat->nat_osport == 0) {
4589 nat->nat_osport = sport;
4590 nat->nat_nsport = sport;
4592 if (nat->nat_odport == 0) {
4593 nat->nat_odport = dport;
4594 nat->nat_ndport = dport;
4596 } else if (nat->nat_dir == NAT_INBOUND) {
4597 if (nat->nat_osport == 0) {
4598 nat->nat_osport = dport;
4599 nat->nat_nsport = dport;
4601 if (nat->nat_odport == 0) {
4602 nat->nat_odport = sport;
4603 nat->nat_ndport = sport;
4606 if ((nat->nat_ifps[1] == NULL) && (ifp != NULL)) {
4607 nat->nat_ifps[1] = ifp;
4608 nat->nat_mtu[1] = GETIFMTU_4(ifp);
4610 nat->nat_flags &= ~(SI_W_DPORT|SI_W_SPORT);
4611 ipf_nat_tabmove(softn, nat);
4618 if (nat == NULL) {
4621 return nat;
4649 nat_t *nat;
4672 if ((nat = ipf_nat_inlookup(&fi, np->nl_flags, fi.fin_p,
4674 np->nl_inip = nat->nat_odstip;
4675 np->nl_inport = nat->nat_odport;
4682 if ((nat = ipf_nat_outlookup(&fi, np->nl_flags, fi.fin_p,
4688 fin.fin_p = nat->nat_pr[0];
4689 fin.fin_data[0] = ntohs(nat->nat_ndport);
4690 fin.fin_data[1] = ntohs(nat->nat_nsport);
4692 fin.fin_p, nat->nat_ndstip,
4693 nat->nat_nsrcip) != NULL) {
4698 np->nl_realip = nat->nat_odstip;
4699 np->nl_realport = nat->nat_odport;
4703 return nat;
4772 /* nat(I) - pointer to NAT structure */
4781 ipf_nat_update(fin, nat)
4783 nat_t *nat;
4789 ipnat_t *np = nat->nat_ptr;
4791 tqe = &nat->nat_tqe;
4806 if (nat->nat_pr[0] == IPPROTO_TCP && ifq2 == NULL) {
4807 (void) ipf_tcp_age(&nat->nat_tqe, fin, softn->ipf_nat_tcptq,
4811 if (nat->nat_pr[0] == IPPROTO_UDP)
4814 else if (nat->nat_pr[0] == IPPROTO_ICMP ||
4815 nat->nat_pr[0] == IPPROTO_ICMPV6)
4858 nat_t *nat;
4919 (nat = ipf_nat_icmperror(fin, &nflags, NAT_OUTBOUND)))
4921 else if ((fin->fin_flx & FI_FRAG) && (nat = ipf_frag_natknown(fin)))
4923 else if ((nat = ipf_nat_outlookup(fin, nflags|NAT_SEARCH,
4926 nflags = nat->nat_flags;
4931 * If there is no current entry in the nat table for this IP#,
4995 nat = ipf_nat_add(fin, np, NULL, nflags, NAT_OUTBOUND);
4997 if (nat != NULL) {
5009 if (nat != NULL) {
5010 rval = ipf_nat_out(fin, nat, natadd, nflags);
5012 MUTEX_ENTER(&nat->nat_lock);
5013 ipf_nat_update(fin, nat);
5014 nat->nat_bytes[1] += fin->fin_plen;
5015 nat->nat_pkts[1]++;
5016 fin->fin_pktnum = nat->nat_pkts[1];
5017 MUTEX_EXIT(&nat->nat_lock);
5060 /* nat(I) - pointer to NAT structure */
5067 ipf_nat_out(fin, nat, natadd, nflags)
5069 nat_t *nat;
5083 np = nat->nat_ptr;
5086 (void) ipf_frag_natnew(softc, fin, 0, nat);
5100 if (nat->nat_dir == NAT_OUTBOUND) {
5101 s2 = LONG_SUM(ntohl(nat->nat_nsrcaddr));
5103 s2 = LONG_SUM(ntohl(nat->nat_odstaddr));
5109 if (nat->nat_dir == NAT_OUTBOUND) {
5110 s2 = LONG_SUM(ntohl(nat->nat_ndstaddr));
5112 s2 = LONG_SUM(ntohl(nat->nat_osrcaddr));
5128 switch (nat->nat_dir)
5133 nat->nat_ipsumd, 0);
5139 nat->nat_ipsumd, 0);
5154 switch (nat->nat_dir)
5157 fin->fin_ip->ip_src = nat->nat_nsrcip;
5158 fin->fin_saddr = nat->nat_nsrcaddr;
5159 fin->fin_ip->ip_dst = nat->nat_ndstip;
5160 fin->fin_daddr = nat->nat_ndstaddr;
5164 fin->fin_ip->ip_src = nat->nat_odstip;
5165 fin->fin_saddr = nat->nat_ndstaddr;
5166 fin->fin_ip->ip_dst = nat->nat_osrcip;
5167 fin->fin_daddr = nat->nat_nsrcaddr;
5174 skip = ipf_nat_decap(fin, nat);
5194 MUTEX_ENTER(&nat->nat_lock);
5195 ipf_nat_update(fin, nat);
5196 MUTEX_EXIT(&nat->nat_lock);
5256 if ((nat->nat_nsport != 0) && (nflags & IPN_TCPUDP)) {
5259 switch (nat->nat_dir)
5262 tcp->th_sport = nat->nat_nsport;
5263 fin->fin_data[0] = ntohs(nat->nat_nsport);
5264 tcp->th_dport = nat->nat_ndport;
5265 fin->fin_data[1] = ntohs(nat->nat_ndport);
5269 tcp->th_sport = nat->nat_odport;
5270 fin->fin_data[0] = ntohs(nat->nat_odport);
5271 tcp->th_dport = nat->nat_osport;
5272 fin->fin_data[1] = ntohs(nat->nat_osport);
5277 if ((nat->nat_nsport != 0) && (nflags & IPN_ICMPQUERY)) {
5279 icmp->icmp_id = nat->nat_nicmpid;
5282 csump = ipf_nat_proto(fin, nat, nflags);
5289 if (nat->nat_dir == NAT_OUTBOUND)
5291 nat->nat_sumd[0],
5292 nat->nat_sumd[1] +
5296 nat->nat_sumd[0],
5297 nat->nat_sumd[1] +
5302 ipf_sync_update(softc, SMC_NAT, fin, nat->nat_sync);
5314 i = ipf_proxy_check(fin, nat);
5356 nat_t *nat;
5411 (nat = ipf_nat_icmperror(fin, &nflags, NAT_INBOUND)))
5413 else if ((fin->fin_flx & FI_FRAG) && (nat = ipf_frag_natknown(fin)))
5415 else if ((nat = ipf_nat_inlookup(fin, nflags|NAT_SEARCH,
5418 nflags = nat->nat_flags;
5423 * If there is no current entry in the nat table for this IP#,
5489 nat = ipf_nat_add(fin, np, NULL, nflags, NAT_INBOUND);
5491 if (nat != NULL) {
5503 if (nat != NULL) {
5504 rval = ipf_nat_in(fin, nat, natadd, nflags);
5506 MUTEX_ENTER(&nat->nat_lock);
5507 ipf_nat_update(fin, nat);
5508 nat->nat_bytes[0] += fin->fin_plen;
5509 nat->nat_pkts[0]++;
5510 fin->fin_pktnum = nat->nat_pkts[0];
5511 MUTEX_EXIT(&nat->nat_lock);
5554 /* nat(I) - pointer to NAT structure */
5562 ipf_nat_in(fin, nat, natadd, nflags)
5564 nat_t *nat;
5578 np = nat->nat_ptr;
5579 fin->fin_fr = nat->nat_fr;
5583 (void) ipf_frag_natnew(softc, fin, 0, nat);
5596 i = ipf_proxy_check(fin, nat);
5604 ipf_sync_update(softc, SMC_NAT, fin, nat->nat_sync);
5606 ipsumd = nat->nat_ipsumd;
5618 switch (nat->nat_dir)
5622 fin->fin_ip->ip_src = nat->nat_nsrcip;
5623 fin->fin_saddr = nat->nat_nsrcaddr;
5625 sum1 = nat->nat_osrcaddr;
5626 sum2 = nat->nat_nsrcaddr;
5630 fin->fin_ip->ip_dst = nat->nat_ndstip;
5631 fin->fin_daddr = nat->nat_ndstaddr;
5639 fin->fin_ip->ip_src = nat->nat_odstip;
5640 fin->fin_saddr = nat->nat_odstaddr;
5642 sum1 = nat->nat_odstaddr;
5643 sum2 = nat->nat_ndstaddr;
5647 fin->fin_ip->ip_dst = nat->nat_osrcip;
5648 fin->fin_daddr = nat->nat_osrcaddr;
5699 skip = ipf_nat_decap(fin, nat);
5719 ipf_nat_update(fin, nat);
5734 if ((nat->nat_odport != 0) && (nflags & IPN_TCPUDP)) {
5735 switch (nat->nat_dir)
5738 tcp->th_sport = nat->nat_nsport;
5739 fin->fin_data[0] = ntohs(nat->nat_nsport);
5740 tcp->th_dport = nat->nat_ndport;
5741 fin->fin_data[1] = ntohs(nat->nat_ndport);
5745 tcp->th_sport = nat->nat_odport;
5746 fin->fin_data[0] = ntohs(nat->nat_odport);
5747 tcp->th_dport = nat->nat_osport;
5748 fin->fin_data[1] = ntohs(nat->nat_osport);
5754 if ((nat->nat_odport != 0) && (nflags & IPN_ICMPQUERY)) {
5757 icmp->icmp_id = nat->nat_nicmpid;
5760 csump = ipf_nat_proto(fin, nat, nflags);
5767 if (nat->nat_dir == NAT_OUTBOUND)
5768 ipf_fix_incksum(0, csump, nat->nat_sumd[0], 0);
5770 ipf_fix_outcksum(0, csump, nat->nat_sumd[0], 0);
5787 /* nat(I) - pointer to NAT structure */
5796 ipf_nat_proto(fin, nat, nflags)
5798 nat_t *nat;
5808 fin->fin_rev = (nat->nat_dir & NAT_OUTBOUND);
5810 fin->fin_rev = ((nat->nat_dir & NAT_OUTBOUND) == 0);
5825 if ((nat->nat_mssclamp != 0) && (tcp->th_flags & TH_SYN) != 0)
5826 ipf_nat_mssclamp(tcp, nat->nat_mssclamp, fin, csump);
5943 nat_t *nat;
5965 for (nat = softn->ipf_nat_instances; nat; nat = nat->nat_next) {
5966 if ((nat->nat_flags & IPN_TCP) != 0)
5969 n = nat->nat_ptr;
5997 if (((ifp == NULL) || (ifp == nat->nat_ifps[0]) ||
5998 (ifp == nat->nat_ifps[1]))) {
5999 nat->nat_ifps[0] = GETIFP(nat->nat_ifnames[0],
6000 nat->nat_v[0]);
6001 if ((nat->nat_ifps[0] != NULL) &&
6002 (nat->nat_ifps[0] != (void *)-1)) {
6003 nat->nat_mtu[0] = GETIFMTU_4(nat->nat_ifps[0]);
6005 if (nat->nat_ifnames[1][0] != '\0') {
6006 nat->nat_ifps[1] = GETIFP(nat->nat_ifnames[1],
6007 nat->nat_v[1]);
6009 nat->nat_ifps[1] = nat->nat_ifps[0];
6011 if ((nat->nat_ifps[1] != NULL) &&
6012 (nat->nat_ifps[1] != (void *)-1)) {
6013 nat->nat_mtu[1] = GETIFMTU_4(nat->nat_ifps[1]);
6015 ifp2 = nat->nat_ifps[0];
6023 sum1 = NATFSUM(nat, nat->nat_v[1], nat_nsrc6);
6024 if (ipf_ifpaddr(softc, nat->nat_v[0], FRI_NORMAL, ifp2,
6026 if (nat->nat_v[0] == 4)
6027 nat->nat_nsrcip = in.in4;
6029 sum2 = NATFSUM(nat, nat->nat_v[1], nat_nsrc6);
6041 sumd += nat->nat_sumd[0];
6042 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
6043 nat->nat_sumd[1] = nat->nat_sumd[0];
6129 /* nat(I) - pointer to NAT structure */
6135 ipf_nat_log(softc, softn, nat, action)
6138 struct nat *nat;
6151 bcopy((char *)&nat->nat_osrc6, (char *)&natl.nl_osrcip,
6153 bcopy((char *)&nat->nat_nsrc6, (char *)&natl.nl_nsrcip,
6155 bcopy((char *)&nat->nat_odst6, (char *)&natl.nl_odstip,
6157 bcopy((char *)&nat->nat_ndst6, (char *)&natl.nl_ndstip,
6160 natl.nl_bytes[0] = nat->nat_bytes[0];
6161 natl.nl_bytes[1] = nat->nat_bytes[1];
6162 natl.nl_pkts[0] = nat->nat_pkts[0];
6163 natl.nl_pkts[1] = nat->nat_pkts[1];
6164 natl.nl_odstport = nat->nat_odport;
6165 natl.nl_osrcport = nat->nat_osport;
6166 natl.nl_nsrcport = nat->nat_nsport;
6167 natl.nl_ndstport = nat->nat_ndport;
6168 natl.nl_p[0] = nat->nat_pr[0];
6169 natl.nl_p[1] = nat->nat_pr[1];
6170 natl.nl_v[0] = nat->nat_v[0];
6171 natl.nl_v[1] = nat->nat_v[1];
6172 natl.nl_type = nat->nat_redir;
6176 bcopy(nat->nat_ifnames[0], natl.nl_ifnames[0],
6177 sizeof(nat->nat_ifnames[0]));
6178 bcopy(nat->nat_ifnames[1], natl.nl_ifnames[1],
6179 sizeof(nat->nat_ifnames[1]));
6182 if (nat->nat_ptr != NULL) {
6185 if (np == nat->nat_ptr) {
6280 /* IF nat_ref == 1 when this function is called, then we have an orphan nat */
6293 nat_t *nat;
6295 nat = *natp;
6298 MUTEX_ENTER(&nat->nat_lock);
6299 if (nat->nat_ref > 1) {
6300 nat->nat_ref--;
6301 ASSERT(nat->nat_ref >= 0);
6302 MUTEX_EXIT(&nat->nat_lock);
6305 MUTEX_EXIT(&nat->nat_lock);
6308 ipf_nat_delete(softc, nat, NL_EXPIRE);
6324 ipf_nat_clone(fin, nat)
6326 nat_t *nat;
6339 bcopy((char *)nat, (char *)clone, sizeof(*clone));
6399 /* Parameters: nat(I) - NAT entry */
6409 ipf_nat_wildok(nat, sport, dport, flags, dir)
6410 nat_t *nat;
6419 * "intended" direction of that NAT entry in nat->nat_dir to decide
6422 switch ((dir << 1) | (nat->nat_dir & (NAT_INBOUND|NAT_OUTBOUND)))
6425 if (((nat->nat_osport == sport) ||
6427 ((nat->nat_odport == dport) ||
6432 if (((nat->nat_osport == dport) ||
6434 ((nat->nat_odport == sport) ||
6439 if (((nat->nat_osport == dport) ||
6441 ((nat->nat_odport == sport) ||
6446 if (((nat->nat_osport == sport) ||
6448 ((nat->nat_odport == dport) ||
6531 /* nat(I)- pointer to NAT structure */
6538 ipf_nat_setqueue(softc, softn, nat)
6541 nat_t *nat;
6544 int rev = nat->nat_rev;
6546 if (nat->nat_ptr != NULL)
6547 nifq = nat->nat_ptr->in_tqehead[rev];
6552 switch (nat->nat_pr[0])
6562 nat->nat_tqe.tqe_state[rev];
6570 oifq = nat->nat_tqe.tqe_ifq;
6576 ipf_movequeue(softc->ipf_ticks, &nat->nat_tqe, oifq, nifq);
6578 ipf_queueappend(softc->ipf_ticks, &nat->nat_tqe, nifq, nat);
6590 /* Fetch the next nat/ipnat structure pointer from the linked list and */
6604 nat_t *nat, *nextnat = NULL, zeronat;
6654 nat = t->ipt_data;
6655 if (nat == NULL) {
6658 nextnat = nat->nat_next;
6713 if (nat != NULL)
6714 ipf_nat_deref(softc, &nat);
6734 /* Flush nat tables. Three actions currently defined: */
6735 /* which == 0 : flush all nat table entries */
6751 nat_t *nat, **natp;
6768 ((nat = *natp) != NULL); ) {
6769 ipf_nat_delete(softc, nat, NL_FLUSH);
6784 nat = tqn->tqe_parent;
6786 if (nat->nat_pr[0] != IPPROTO_TCP ||
6787 nat->nat_pr[1] != IPPROTO_TCP)
6789 ipf_nat_delete(softc, nat, NL_EXPIRE);
6800 nat = tqn->tqe_parent;
6802 if (nat->nat_pr[0] != IPPROTO_TCP ||
6803 nat->nat_pr[1] != IPPROTO_TCP)
6806 if ((nat->nat_tcpstate[0] >
6808 (nat->nat_tcpstate[1] >
6810 ipf_nat_delete(softc, nat, NL_EXPIRE);
6831 nat = tqn->tqe_parent;
6833 ipf_nat_delete(softc, nat, NL_FLUSH);
6850 ((nat = *natp) != NULL); ) {
6851 if (softc->ipf_ticks - nat->nat_touched > which) {
6852 ipf_nat_delete(softc, nat, NL_FLUSH);
6855 natp = &nat->nat_next;
6965 /* nat(I) - pointer to NAT structure */
6975 ipf_nat_setpending(softc, nat)
6977 nat_t *nat;
6982 oifq = nat->nat_tqe.tqe_ifq;
6984 ipf_movequeue(softc->ipf_ticks, &nat->nat_tqe, oifq,
6987 ipf_queueappend(softc->ipf_ticks, &nat->nat_tqe,
6988 &softn->ipf_nat_pending, nat);
6990 if (nat->nat_me != NULL) {
6991 *nat->nat_me = NULL;
6992 nat->nat_me = NULL;
6993 nat->nat_ref--;
6994 ASSERT(nat->nat_ref >= 0);
7004 /* nat(I) - pointer to NAT entry */
7018 ipf_nat_newrewrite(fin, nat, nai)
7020 nat_t *nat;
7036 flags = nat->nat_flags;
7039 nat->nat_hm = NULL;
7211 nat->nat_osrcip = fin->fin_src;
7212 nat->nat_odstip = fin->fin_dst;
7213 nat->nat_nsrcip = frnat.fin_src;
7214 nat->nat_ndstip = frnat.fin_dst;
7217 nat->nat_osport = htons(fin->fin_data[0]);
7218 nat->nat_odport = htons(fin->fin_data[1]);
7219 nat->nat_nsport = htons(frnat.fin_data[0]);
7220 nat->nat_ndport = htons(frnat.fin_data[1]);
7222 nat->nat_oicmpid = fin->fin_data[1];
7223 nat->nat_nicmpid = frnat.fin_data[1];
7234 /* nat(I) - pointer to NAT entry */
7245 ipf_nat_newdivert(fin, nat, nai)
7247 nat_t *nat;
7260 nat->nat_pr[0] = 0;
7261 nat->nat_osrcaddr = fin->fin_saddr;
7262 nat->nat_odstaddr = fin->fin_daddr;
7265 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
7266 nat->nat_osport = htons(fin->fin_data[0]);
7267 nat->nat_odport = htons(fin->fin_data[1]);
7268 } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) {
7269 nat->nat_oicmpid = fin->fin_data[1];
7293 DT3(ns_divert_exist, fr_info_t *, fin, nat_t *, nat, natinfo_t, nai);
7297 nat->nat_nsrcaddr = frnat.fin_saddr;
7298 nat->nat_ndstaddr = frnat.fin_daddr;
7299 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
7300 nat->nat_nsport = htons(frnat.fin_data[0]);
7301 nat->nat_ndport = htons(frnat.fin_data[1]);
7302 } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) {
7303 nat->nat_nicmpid = frnat.fin_data[1];
7306 nat->nat_pr[fin->fin_out] = fin->fin_p;
7307 nat->nat_pr[1 - fin->fin_out] = p;
7310 nat->nat_dir = NAT_DIVERTIN;
7312 nat->nat_dir = NAT_DIVERTOUT;
7388 /* nat(I) - pointer to current NAT session */
7400 ipf_nat_decap(fin, nat)
7402 nat_t *nat;
7422 if (nat->nat_dir & NAT_OUTBOUND) {
7426 sum2 = ntohl(nat->nat_osrcaddr);
7428 fin->fin_ip->ip_dst = nat->nat_osrcip;
7429 fin->fin_daddr = nat->nat_osrcaddr;
7440 switch (nat->nat_dir)
7701 /* nat(I) - pointer to current NAT session */
7711 nat_t *nat, *natnext;
7720 for (nat = softn->ipf_nat_instances; nat != NULL; nat = natnext) {
7721 natnext = nat->nat_next;
7722 if (ipf_nat_matcharray(nat, array, softc->ipf_ticks) == 0) {
7723 ipf_nat_delete(softc, nat, NL_FLUSH);
7741 /* nat(I) - pointer to current NAT session */
7745 ipf_nat_matcharray(nat, array, ticks)
7746 nat_t *nat;
7766 if (p != 0 && p != nat->nat_pr[1])
7773 e |= (nat->nat_pr[1] == x[i + 3]);
7778 if (nat->nat_v[0] == 4) {
7780 e |= ((nat->nat_osrcaddr & x[i + 4]) ==
7784 if (nat->nat_v[1] == 4) {
7786 e |= ((nat->nat_nsrcaddr & x[i + 4]) ==
7793 if (nat->nat_v[0] == 4) {
7795 e |= ((nat->nat_odstaddr & x[i + 4]) ==
7799 if (nat->nat_v[1] == 4) {
7801 e |= ((nat->nat_ndstaddr & x[i + 4]) ==
7809 if (nat->nat_v[0] == 4) {
7810 e |= ((nat->nat_osrcaddr & x[i + 4]) ==
7813 if (nat->nat_v[1] == 4) {
7814 e |= ((nat->nat_nsrcaddr & x[i + 4]) ==
7817 if (nat->nat_v[0] == 4) {
7818 e |= ((nat->nat_odstaddr & x[i + 4]) ==
7821 if (nat->nat_v[1] == 4) {
7822 e |= ((nat->nat_ndstaddr & x[i + 4]) ==
7830 if (nat->nat_v[0] == 6) {
7832 e |= IP6_MASKEQ(&nat->nat_osrc6,
7836 if (nat->nat_v[1] == 6) {
7838 e |= IP6_MASKEQ(&nat->nat_nsrc6,
7845 if (nat->nat_v[0] == 6) {
7847 e |= IP6_MASKEQ(&nat->nat_odst6,
7852 if (nat->nat_v[1] == 6) {
7854 e |= IP6_MASKEQ(&nat->nat_ndst6,
7863 if (nat->nat_v[0] == 6) {
7864 e |= IP6_MASKEQ(&nat->nat_osrc6,
7868 if (nat->nat_v[0] == 6) {
7869 e |= IP6_MASKEQ(&nat->nat_odst6,
7873 if (nat->nat_v[1] == 6) {
7874 e |= IP6_MASKEQ(&nat->nat_nsrc6,
7878 if (nat->nat_v[1] == 6) {
7879 e |= IP6_MASKEQ(&nat->nat_ndst6,
7890 e |= (nat->nat_nsport == x[i + 3]) ||
7891 (nat->nat_ndport == x[i + 3]);
7898 e |= (nat->nat_nsport == x[i + 3]);
7905 e |= (nat->nat_ndport == x[i + 3]);
7911 e |= (nat->nat_tcpstate[0] == x[i + 3]) ||
7912 (nat->nat_tcpstate[1] == x[i + 3]);
7917 e |= (ticks - nat->nat_touched > x[3]);
7937 /* This function handles ioctl requests for tables of nat information. */
8038 nat_t **newtab[2], *nat, **natp;
8153 for (nat = softn->ipf_nat_instances; nat != NULL; nat = nat->nat_next) {
8154 nat->nat_hnext[0] = NULL;
8155 nat->nat_phnext[0] = NULL;
8156 hv = nat->nat_hv[0] % softn->ipf_nat_table_sz;
8160 (*natp)->nat_phnext[0] = &nat->nat_hnext[0];
8164 nat->nat_phnext[0] = natp;
8165 nat->nat_hnext[0] = *natp;
8166 *natp = nat;
8169 nat->nat_hnext[1] = NULL;
8170 nat->nat_phnext[1] = NULL;
8171 hv = nat->nat_hv[1] % softn->ipf_nat_table_sz;
8175 (*natp)->nat_phnext[1] = &nat->nat_hnext[1];
8179 nat->nat_phnext[1] = natp;
8180 nat->nat_hnext[1] = *natp;
8181 *natp = nat;
8388 nat_t *nat;
8406 nat = ipf_nat_outlookup(fin, nflags, (u_int)fin->fin_p,
8409 nat = ipf_nat_inlookup(fin, nflags, (u_int)fin->fin_p,
8413 if (nat != NULL) {
8415 ipf_nat_delete(softc, nat, NL_DESTROY);