d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mostly mechanical rework of libalias:

Browse Source 
Makes it possible to have multiple packet aliasing instances in a
single process by moving all static and global variables into an
instance structure called "struct libalias".

Redefine a new API based on s/PacketAlias/LibAlias/g

Add new "instance" argument to all functions in the new API.

Implement old API in terms of the new API.
This commit is contained in:
Poul-Henning Kamp 2004-01-17 10:52:21 +00:00
parent 135bd3f8a1
commit 5e289f9eb6
32 changed files with 2138 additions and 1470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/libalias/Makefile
View File

@ -6,7 +6,7 @@ SHLIB_MAJOR= 4
MAN= libalias.3
SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \
alias_util.c
alias_util.c alias_old.c
INCS= alias.h
.include <bsd.lib.mk>

242
lib/libalias/alias.c
View File

@ -247,26 +247,26 @@ the gateway machine or other machines on a local area network.
/* Local prototypes */
static int IcmpAliasIn1(struct ip *);
static int IcmpAliasIn2(struct ip *);
static int IcmpAliasIn (struct ip *);
static int IcmpAliasIn1(struct libalias *, struct ip *);
static int IcmpAliasIn2(struct libalias *, struct ip *);
static int IcmpAliasIn (struct libalias *, struct ip *);
static int IcmpAliasOut1(struct ip *);
static int IcmpAliasOut2(struct ip *);
static int IcmpAliasOut (struct ip *);
static int IcmpAliasOut1(struct libalias *, struct ip *);
static int IcmpAliasOut2(struct libalias *, struct ip *);
static int IcmpAliasOut (struct libalias *, struct ip *);
static int ProtoAliasIn(struct ip *);
static int ProtoAliasOut(struct ip *);
static int ProtoAliasIn(struct libalias *, struct ip *);
static int ProtoAliasOut(struct libalias *, struct ip *);
static int UdpAliasOut(struct ip *);
static int UdpAliasIn (struct ip *);
static int UdpAliasOut(struct libalias *, struct ip *);
static int UdpAliasIn (struct libalias *, struct ip *);
static int TcpAliasOut(struct ip *, int);
static int TcpAliasIn (struct ip *);
static int TcpAliasOut(struct libalias *, struct ip *, int);
static int TcpAliasIn (struct libalias *, struct ip *);
static int
IcmpAliasIn1(struct ip *pip)
IcmpAliasIn1(struct libalias *la, struct ip *pip)
{
/*
De-alias incoming echo and timestamp replies.
@ -278,7 +278,7 @@ IcmpAliasIn1(struct ip *pip)
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
/* Get source address from ICMP data field and restore original data */
link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
link = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
if (link != NULL)
{
u_short original_id;
@ -312,7 +312,7 @@ IcmpAliasIn1(struct ip *pip)
}
static int
IcmpAliasIn2(struct ip *pip)
IcmpAliasIn2(struct libalias *la, struct ip *pip)
{
/*
Alias incoming ICMP error messages containing
@ -332,16 +332,16 @@ IcmpAliasIn2(struct ip *pip)
ic2 = (struct icmp *) ud;
if (ip->ip_p == IPPROTO_UDP)
link = FindUdpTcpIn(ip->ip_dst, ip->ip_src,
link = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src,
ud->uh_dport, ud->uh_sport,
IPPROTO_UDP, 0);
else if (ip->ip_p == IPPROTO_TCP)
link = FindUdpTcpIn(ip->ip_dst, ip->ip_src,
link = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src,
tc->th_dport, tc->th_sport,
IPPROTO_TCP, 0);
else if (ip->ip_p == IPPROTO_ICMP) {
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
link = FindIcmpIn(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
link = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
else
link = NULL;
} else
@ -430,13 +430,13 @@ fragment contained in ICMP data section */
static int
IcmpAliasIn(struct ip *pip)
IcmpAliasIn(struct libalias *la, struct ip *pip)
{
int iresult;
struct icmp *ic;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
@ -448,18 +448,18 @@ IcmpAliasIn(struct ip *pip)
case ICMP_TSTAMPREPLY:
if (ic->icmp_code == 0)
{
iresult = IcmpAliasIn1(pip);
iresult = IcmpAliasIn1(la, pip);
}
break;
case ICMP_UNREACH:
case ICMP_SOURCEQUENCH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
iresult = IcmpAliasIn2(pip);
iresult = IcmpAliasIn2(la, pip);
break;
case ICMP_ECHO:
case ICMP_TSTAMP:
iresult = IcmpAliasIn1(pip);
iresult = IcmpAliasIn1(la, pip);
break;
}
return(iresult);
@ -467,7 +467,7 @@ IcmpAliasIn(struct ip *pip)
static int
IcmpAliasOut1(struct ip *pip)
IcmpAliasOut1(struct libalias *la, struct ip *pip)
{
/*
Alias outgoing echo and timestamp requests.
@ -479,7 +479,7 @@ IcmpAliasOut1(struct ip *pip)
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
/* Save overwritten data for when echo packet returns */
link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
link = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
if (link != NULL)
{
u_short alias_id;
@ -514,7 +514,7 @@ IcmpAliasOut1(struct ip *pip)
static int
IcmpAliasOut2(struct ip *pip)
IcmpAliasOut2(struct libalias *la, struct ip *pip)
{
/*
Alias outgoing ICMP error messages containing
@ -534,16 +534,16 @@ IcmpAliasOut2(struct ip *pip)
ic2 = (struct icmp *) ud;
if (ip->ip_p == IPPROTO_UDP)
link = FindUdpTcpOut(ip->ip_dst, ip->ip_src,
link = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src,
ud->uh_dport, ud->uh_sport,
IPPROTO_UDP, 0);
else if (ip->ip_p == IPPROTO_TCP)
link = FindUdpTcpOut(ip->ip_dst, ip->ip_src,
link = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src,
tc->th_dport, tc->th_sport,
IPPROTO_TCP, 0);
else if (ip->ip_p == IPPROTO_ICMP) {
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
link = FindIcmpOut(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
link = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
else
link = NULL;
} else
@ -634,13 +634,13 @@ fragment contained in ICMP data section */
static int
IcmpAliasOut(struct ip *pip)
IcmpAliasOut(struct libalias *la, struct ip *pip)
{
int iresult;
struct icmp *ic;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
@ -652,18 +652,18 @@ IcmpAliasOut(struct ip *pip)
case ICMP_TSTAMP:
if (ic->icmp_code == 0)
{
iresult = IcmpAliasOut1(pip);
iresult = IcmpAliasOut1(la, pip);
}
break;
case ICMP_UNREACH:
case ICMP_SOURCEQUENCH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
iresult = IcmpAliasOut2(pip);
iresult = IcmpAliasOut2(la, pip);
break;
case ICMP_ECHOREPLY:
case ICMP_TSTAMPREPLY:
iresult = IcmpAliasOut1(pip);
iresult = IcmpAliasOut1(la, pip);
}
return(iresult);
}
@ -671,7 +671,7 @@ IcmpAliasOut(struct ip *pip)
static int
ProtoAliasIn(struct ip *pip)
ProtoAliasIn(struct libalias *la, struct ip *pip)
{
/*
Handle incoming IP packets. The
@ -682,10 +682,10 @@ ProtoAliasIn(struct ip *pip)
struct alias_link *link;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p);
link = FindProtoIn(la, pip->ip_src, pip->ip_dst, pip->ip_p);
if (link != NULL)
{
struct in_addr original_address;
@ -706,7 +706,7 @@ ProtoAliasIn(struct ip *pip)
static int
ProtoAliasOut(struct ip *pip)
ProtoAliasOut(struct libalias *la, struct ip *pip)
{
/*
Handle outgoing IP packets. The
@ -716,10 +716,10 @@ ProtoAliasOut(struct ip *pip)
struct alias_link *link;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p);
link = FindProtoOut(la, pip->ip_src, pip->ip_dst, pip->ip_p);
if (link != NULL)
{
struct in_addr alias_address;
@ -740,18 +740,18 @@ ProtoAliasOut(struct ip *pip)
static int
UdpAliasIn(struct ip *pip)
UdpAliasIn(struct libalias *la, struct ip *pip)
{
struct udphdr *ud;
struct alias_link *link;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindUdpTcpIn(pip->ip_src, pip->ip_dst,
link = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
ud->uh_sport, ud->uh_dport,
IPPROTO_UDP, 1);
if (link != NULL)
@ -770,14 +770,14 @@ UdpAliasIn(struct ip *pip)
/* Special processing for IP encoding protocols */
if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER)
AliasHandleCUSeeMeIn(pip, original_address);
AliasHandleCUSeeMeIn(la, pip, original_address);
/* If NETBIOS Datagram, It should be alias address in UDP Data, too */
else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER
|| ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER)
r = AliasHandleUdpNbt(pip, link, &original_address, ud->uh_dport);
r = AliasHandleUdpNbt(la, pip, link, &original_address, ud->uh_dport);
else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER
|| ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER)
r = AliasHandleUdpNbtNS(pip, link, &alias_address, &alias_port,
r = AliasHandleUdpNbtNS(la, pip, link, &alias_address, &alias_port,
&original_address, &ud->uh_dport);
/* If UDP checksum is not zero, then adjust since destination port */
@ -814,18 +814,18 @@ UdpAliasIn(struct ip *pip)
}
static int
UdpAliasOut(struct ip *pip)
UdpAliasOut(struct libalias *la, struct ip *pip)
{
struct udphdr *ud;
struct alias_link *link;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindUdpTcpOut(pip->ip_src, pip->ip_dst,
link = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,
ud->uh_sport, ud->uh_dport,
IPPROTO_UDP, 1);
if (link != NULL)
@ -838,14 +838,14 @@ UdpAliasOut(struct ip *pip)
/* Special processing for IP encoding protocols */
if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER)
AliasHandleCUSeeMeOut(pip, link);
AliasHandleCUSeeMeOut(la, pip, link);
/* If NETBIOS Datagram, It should be alias address in UDP Data, too */
else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER
|| ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER)
AliasHandleUdpNbt(pip, link, &alias_address, alias_port);
AliasHandleUdpNbt(la, pip, link, &alias_address, alias_port);
else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER
|| ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER)
AliasHandleUdpNbtNS(pip, link, &pip->ip_src, &ud->uh_sport,
AliasHandleUdpNbtNS(la, pip, link, &pip->ip_src, &ud->uh_sport,
&alias_address, &alias_port);
/*
* We don't know in advance what TID the TFTP server will choose,
@ -853,7 +853,7 @@ UdpAliasOut(struct ip *pip)
* that will match any TID from a given destination.
*/
else if (ntohs(ud->uh_dport) == TFTP_PORT_NUMBER)
FindRtspOut(pip->ip_src, pip->ip_dst,
FindRtspOut(la, pip->ip_src, pip->ip_dst,
ud->uh_sport, alias_port, IPPROTO_UDP);
/* If UDP checksum is not zero, adjust since source port is */
@ -892,17 +892,17 @@ UdpAliasOut(struct ip *pip)
static int
TcpAliasIn(struct ip *pip)
TcpAliasIn(struct libalias *la, struct ip *pip)
{
struct tcphdr *tc;
struct alias_link *link;
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindUdpTcpIn(pip->ip_src, pip->ip_dst,
link = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
tc->th_sport, tc->th_dport,
IPPROTO_TCP,
!(packetAliasMode & PKT_ALIAS_PROXY_ONLY));
!(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY));
if (link != NULL)
{
struct in_addr alias_address;
@ -916,10 +916,10 @@ TcpAliasIn(struct ip *pip)
/* Special processing for IP encoding protocols */
if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
|| ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
AliasHandlePptpIn(pip, link);
else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort
|| ntohs(tc->th_sport) == skinnyPort))
AliasHandleSkinny(pip, link);
AliasHandlePptpIn(la, pip, link);
else if (la->skinnyPort != 0 && (ntohs(tc->th_dport) == la->skinnyPort
|| ntohs(tc->th_sport) == la->skinnyPort))
AliasHandleSkinny(la, pip, link);
alias_address = GetAliasAddress(link);
original_address = GetOriginalAddress(link);
@ -1008,7 +1008,7 @@ TcpAliasIn(struct ip *pip)
}
static int
TcpAliasOut(struct ip *pip, int maxpacketsize)
TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize)
{
int proxy_type;
u_short dest_port;
@ -1020,9 +1020,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
proxy_type = ProxyCheck(pip, &proxy_server_address, &proxy_server_port);
proxy_type = ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port);
if (proxy_type == 0 && (packetAliasMode & PKT_ALIAS_PROXY_ONLY))
if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY))
return PKT_ALIAS_OK;
/* If this is a transparent proxy, save original destination,
@ -1058,7 +1058,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
ADJUST_CHECKSUM(accumulate, pip->ip_sum);
}
link = FindUdpTcpOut(pip->ip_src, pip->ip_dst,
link = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,
tc->th_sport, tc->th_dport,
IPPROTO_TCP, 1);
if (link !=NULL)
@ -1075,7 +1075,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
{
SetProxyPort(link, dest_port);
SetProxyAddress(link, dest_address);
ProxyModify(link, pip, maxpacketsize, proxy_type);
ProxyModify(la, link, pip, maxpacketsize, proxy_type);
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
}
@ -1089,21 +1089,21 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
/* Special processing for IP encoding protocols */
if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER
|| ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER)
AliasHandleFtpOut(pip, link, maxpacketsize);
AliasHandleFtpOut(la, pip, link, maxpacketsize);
else if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1
|| ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2)
AliasHandleIrcOut(pip, link, maxpacketsize);
AliasHandleIrcOut(la, pip, link, maxpacketsize);
else if (ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_1
|| ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_1
|| ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_2
|| ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_2)
AliasHandleRtspOut(pip, link, maxpacketsize);
AliasHandleRtspOut(la, pip, link, maxpacketsize);
else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
|| ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
AliasHandlePptpOut(pip, link);
else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort
|| ntohs(tc->th_dport) == skinnyPort))
AliasHandleSkinny(pip, link);
AliasHandlePptpOut(la, pip, link);
else if (la->skinnyPort != 0 && (ntohs(tc->th_sport) == la->skinnyPort
|| ntohs(tc->th_dport) == la->skinnyPort))
AliasHandleSkinny(la, pip, link);
/* Adjust TCP checksum since source port is being aliased */
/* and source address is being altered */
@ -1171,16 +1171,16 @@ saved and recalled when a header fragment is seen.
*/
/* Local prototypes */
static int FragmentIn(struct ip *);
static int FragmentOut(struct ip *);
static int FragmentIn(struct libalias *, struct ip *);
static int FragmentOut(struct libalias *, struct ip *);
static int
FragmentIn(struct ip *pip)
FragmentIn(struct libalias *la, struct ip *pip)
{
struct alias_link *link;
link = FindFragmentIn2(pip->ip_src, pip->ip_dst, pip->ip_id);
link = FindFragmentIn2(la, pip->ip_src, pip->ip_dst, pip->ip_id);
if (link != NULL)
{
struct in_addr original_address;
@ -1199,11 +1199,11 @@ FragmentIn(struct ip *pip)
static int
FragmentOut(struct ip *pip)
FragmentOut(struct libalias *la, struct ip *pip)
{
struct in_addr alias_address;
alias_address = FindAliasAddress(pip->ip_src);
alias_address = FindAliasAddress(la, pip->ip_src);
DifferentialChecksum(&pip->ip_sum,
(u_short *) &alias_address,
(u_short *) &pip->ip_src,
@ -1232,14 +1232,14 @@ FragmentOut(struct ip *pip)
int
PacketAliasSaveFragment(char *ptr)
LibAliasSaveFragment(struct libalias *la, char *ptr)
{
int iresult;
struct alias_link *link;
struct ip *pip;
pip = (struct ip *) ptr;
link = AddFragmentPtrLink(pip->ip_src, pip->ip_id);
link = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id);
iresult = PKT_ALIAS_ERROR;
if (link != NULL)
{
@ -1251,14 +1251,14 @@ PacketAliasSaveFragment(char *ptr)
char *
PacketAliasGetFragment(char *ptr)
LibAliasGetFragment(struct libalias *la, char *ptr)
{
struct alias_link *link;
char *fptr;
struct ip *pip;
pip = (struct ip *) ptr;
link = FindFragmentPtr(pip->ip_src, pip->ip_id);
link = FindFragmentPtr(la, pip->ip_src, pip->ip_id);
if (link != NULL)
{
GetFragmentPtr(link, &fptr);
@ -1275,7 +1275,7 @@ PacketAliasGetFragment(char *ptr)
void
PacketAliasFragmentIn(char *ptr, /* Points to correctly de-aliased
LibAliasFragmentIn(struct libalias *la, char *ptr, /* Points to correctly de-aliased
header fragment */
char *ptr_fragment /* Points to fragment which must
be de-aliased */
@ -1296,21 +1296,21 @@ PacketAliasFragmentIn(char *ptr, /* Points to correctly de-aliased
int
PacketAliasIn(char *ptr, int maxpacketsize)
LibAliasIn(struct libalias *la, char *ptr, int maxpacketsize)
{
struct in_addr alias_addr;
struct ip *pip;
int iresult;
if (packetAliasMode & PKT_ALIAS_REVERSE) {
packetAliasMode &= ~PKT_ALIAS_REVERSE;
if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
iresult = PacketAliasOut(ptr, maxpacketsize);
packetAliasMode |= PKT_ALIAS_REVERSE;
la->packetAliasMode |= PKT_ALIAS_REVERSE;
return iresult;
}
HouseKeeping();
ClearCheckNewLink();
HouseKeeping(la);
ClearCheckNewLink(la);
pip = (struct ip *) ptr;
alias_addr = pip->ip_dst;
@ -1325,23 +1325,23 @@ PacketAliasIn(char *ptr, int maxpacketsize)
switch (pip->ip_p)
{
case IPPROTO_ICMP:
iresult = IcmpAliasIn(pip);
iresult = IcmpAliasIn(la, pip);
break;
case IPPROTO_UDP:
iresult = UdpAliasIn(pip);
iresult = UdpAliasIn(la, pip);
break;
case IPPROTO_TCP:
iresult = TcpAliasIn(pip);
iresult = TcpAliasIn(la, pip);
break;
case IPPROTO_GRE:
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY ||
AliasHandlePptpGreIn(pip) == 0)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY ||
AliasHandlePptpGreIn(la, pip) == 0)
iresult = PKT_ALIAS_OK;
else
iresult = ProtoAliasIn(pip);
iresult = ProtoAliasIn(la, pip);
break;
default:
iresult = ProtoAliasIn(pip);
iresult = ProtoAliasIn(la, pip);
break;
}
@ -1349,7 +1349,7 @@ PacketAliasIn(char *ptr, int maxpacketsize)
{
struct alias_link *link;
link = FindFragmentIn1(pip->ip_src, alias_addr, pip->ip_id);
link = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id);
if (link != NULL)
{
iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT;
@ -1363,7 +1363,7 @@ PacketAliasIn(char *ptr, int maxpacketsize)
}
else
{
iresult = FragmentIn(pip);
iresult = FragmentIn(la, pip);
}
return(iresult);
@ -1386,7 +1386,7 @@ PacketAliasIn(char *ptr, int maxpacketsize)
#define UNREG_ADDR_C_UPPER 0xc0a8ffff
int
PacketAliasOut(char *ptr, /* valid IP packet */
LibAliasOut(struct libalias *la, char *ptr, /* valid IP packet */
int maxpacketsize /* How much the packet data may grow
(FTP and IRC inline changes) */
)
@ -1395,15 +1395,15 @@ PacketAliasOut(char *ptr, /* valid IP packet */
struct in_addr addr_save;
struct ip *pip;
if (packetAliasMode & PKT_ALIAS_REVERSE) {
packetAliasMode &= ~PKT_ALIAS_REVERSE;
if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
iresult = PacketAliasIn(ptr, maxpacketsize);
packetAliasMode |= PKT_ALIAS_REVERSE;
la->packetAliasMode |= PKT_ALIAS_REVERSE;
return iresult;
}
HouseKeeping();
ClearCheckNewLink();
HouseKeeping(la);
ClearCheckNewLink(la);
pip = (struct ip *) ptr;
/* Defense against mangled packets */
@ -1411,8 +1411,8 @@ PacketAliasOut(char *ptr, /* valid IP packet */
|| (pip->ip_hl<<2) > maxpacketsize)
return PKT_ALIAS_IGNORED;
addr_save = GetDefaultAliasAddress();
if (packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY)
addr_save = GetDefaultAliasAddress(la);
if (la->packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY)
{
u_long addr;
int iclass;
@ -1428,12 +1428,12 @@ PacketAliasOut(char *ptr, /* valid IP packet */
if (iclass == 0)
{
SetDefaultAliasAddress(pip->ip_src);
SetDefaultAliasAddress(la, pip->ip_src);
}
}
else if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
else if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
{
SetDefaultAliasAddress(pip->ip_src);
SetDefaultAliasAddress(la, pip->ip_src);
}
iresult = PKT_ALIAS_IGNORED;
@ -1442,36 +1442,36 @@ PacketAliasOut(char *ptr, /* valid IP packet */
switch (pip->ip_p)
{
case IPPROTO_ICMP:
iresult = IcmpAliasOut(pip);
iresult = IcmpAliasOut(la, pip);
break;
case IPPROTO_UDP:
iresult = UdpAliasOut(pip);
iresult = UdpAliasOut(la, pip);
break;
case IPPROTO_TCP:
iresult = TcpAliasOut(pip, maxpacketsize);
iresult = TcpAliasOut(la, pip, maxpacketsize);
break;
case IPPROTO_GRE:
if (AliasHandlePptpGreOut(pip) == 0)
if (AliasHandlePptpGreOut(la, pip) == 0)
iresult = PKT_ALIAS_OK;
else
iresult = ProtoAliasOut(pip);
iresult = ProtoAliasOut(la, pip);
break;
default:
iresult = ProtoAliasOut(pip);
iresult = ProtoAliasOut(la, pip);
break;
}
}
else
{
iresult = FragmentOut(pip);
iresult = FragmentOut(la, pip);
}
SetDefaultAliasAddress(addr_save);
SetDefaultAliasAddress(la, addr_save);
return(iresult);
}
int
PacketUnaliasOut(char *ptr, /* valid IP packet */
LibAliasUnaliasOut(struct libalias *la, char *ptr, /* valid IP packet */
int maxpacketsize /* for error checking */
)
{
@ -1495,15 +1495,15 @@ PacketUnaliasOut(char *ptr, /* valid IP packet */
/* Find a link */
if (pip->ip_p == IPPROTO_UDP)
link = FindUdpTcpIn(pip->ip_dst, pip->ip_src,
link = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src,
ud->uh_dport, ud->uh_sport,
IPPROTO_UDP, 0);
else if (pip->ip_p == IPPROTO_TCP)
link = FindUdpTcpIn(pip->ip_dst, pip->ip_src,
link = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src,
tc->th_dport, tc->th_sport,
IPPROTO_TCP, 0);
else if (pip->ip_p == IPPROTO_ICMP)
link = FindIcmpIn(pip->ip_dst, pip->ip_src, ic->icmp_id, 0);
link = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0);
else
link = NULL;

94
lib/libalias/alias.h
View File

@ -39,7 +39,37 @@
#ifndef _ALIAS_H_
#define _ALIAS_H_
/* The external interface to libalias, the packet aliasing engine. */
/*
* The external interface to libalias, the packet aliasing engine.
*
* There are two sets of functions:
*
* PacketAlias*() the old API which doesn't take an instance pointer
* and therefore can only have one packet engine at a time.
*
* LibAlias*() the new API which takes as first argument a pointer to
* the instance of the packet aliasing engine.
*
* The functions otherwise correspond to each other one for one, except
* for the LibAliasUnaliasOut()/PacketUnaliasOut() function which were
* were misnamed in the old API.
*/
/*
* The instance structure
*/
struct libalias;
/*
* An anonymous structure, a pointer to which is returned from
* PacketAliasRedirectAddr(), PacketAliasRedirectPort() or
* PacketAliasRedirectProto(), passed to PacketAliasAddServer(),
* and freed by PacketAliasRedirectDelete().
*/
struct alias_link;
/* OLD API */
/* Initialization and control functions. */
void PacketAliasInit(void);
@ -57,13 +87,6 @@ int PacketUnaliasOut(char *_ptr, int _maxpacketsize);
/* Port and address redirection functions. */
/*
* An anonymous structure, a pointer to which is returned from
* PacketAliasRedirectAddr(), PacketAliasRedirectPort() or
* PacketAliasRedirectProto(), passed to PacketAliasAddServer(),
* and freed by PacketAliasRedirectDelete().
*/
struct alias_link;
int PacketAliasAddServer(struct alias_link *_link,
struct in_addr _addr, unsigned short _port);
@ -96,6 +119,61 @@ void PacketAliasSetTarget(struct in_addr _target_addr);
/* Transparent proxying routines. */
int PacketAliasProxyRule(const char *_cmd);
/* NEW API */
/* Initialization and control functions. */
struct libalias *LibAliasInit(struct libalias *);
void LibAliasSetAddress(struct libalias *, struct in_addr _addr);
void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num);
void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port);
unsigned int
LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask);
void LibAliasUninit(struct libalias *);
/* Packet Handling functions. */
int LibAliasIn(struct libalias *, char *_ptr, int _maxpacketsize);
int LibAliasOut(struct libalias *, char *_ptr, int _maxpacketsize);
int LibAliasUnaliasOut(struct libalias *, char *_ptr, int _maxpacketsize);
/* Port and address redirection functions. */
int LibAliasAddServer(struct libalias *, struct alias_link *_link,
struct in_addr _addr, unsigned short _port);
struct alias_link *
LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr,
struct in_addr _alias_addr);
int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_link);
void LibAliasRedirectDelete(struct libalias *, struct alias_link *_link);
struct alias_link *
LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr,
unsigned short _src_port, struct in_addr _dst_addr,
unsigned short _dst_port, struct in_addr _alias_addr,
unsigned short _alias_port, unsigned char _proto);
struct alias_link *
LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr,
struct in_addr _dst_addr, struct in_addr _alias_addr,
unsigned char _proto);
/* Fragment Handling functions. */
void LibAliasFragmentIn(struct libalias *, char *_ptr, char *_ptr_fragment);
char *LibAliasGetFragment(struct libalias *, char *_ptr);
int LibAliasSaveFragment(struct libalias *, char *_ptr);
/* Miscellaneous functions. */
int LibAliasCheckNewLink(struct libalias *);
unsigned short
LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes);
void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr);
/* Transparent proxying routines. */
int LibAliasProxyRule(struct libalias *, const char *_cmd);
/*
* Mode flags and other constants.
*/
/* Mode flags, set using PacketAliasSetMode() */
/*

7
lib/libalias/alias_cuseeme.c
View File

@ -29,6 +29,7 @@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <stdio.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
@ -66,7 +67,7 @@ struct client_info {
};
void
AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link)
AliasHandleCUSeeMeOut(struct libalias *la, struct ip *pip, struct alias_link *link)
{
struct udphdr *ud;
@ -79,7 +80,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link)
if (cu->addr)
cu->addr = (u_int32_t)GetAliasAddress(link).s_addr;
cu_link = FindUdpTcpOut(pip->ip_src, GetDestAddress(link),
cu_link = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(link),
ud->uh_dport, 0, IPPROTO_UDP, 1);
#ifndef NO_FW_PUNCH
@ -90,7 +91,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link)
}
void
AliasHandleCUSeeMeIn(struct ip *pip, struct in_addr original_addr)
AliasHandleCUSeeMeIn(struct libalias *la, struct ip *pip, struct in_addr original_addr)
{
struct in_addr alias_addr;
struct udphdr *ud;

734
lib/libalias/alias_db.c
View File

File diff suppressed because it is too large Load Diff

58
lib/libalias/alias_ftp.c
View File

@ -94,17 +94,15 @@ enum ftp_message_type {
FTP_UNKNOWN_MESSAGE
};
static int ParseFtpPortCommand(char *, int);
static int ParseFtpEprtCommand(char *, int);
static int ParseFtp227Reply(char *, int);
static int ParseFtp229Reply(char *, int);
static void NewFtpMessage(struct ip *, struct alias_link *, int, int);
static struct in_addr true_addr; /* in network byte order. */
static u_short true_port; /* in host byte order. */
static int ParseFtpPortCommand(struct libalias *la, char *, int);
static int ParseFtpEprtCommand(struct libalias *la, char *, int);
static int ParseFtp227Reply(struct libalias *la, char *, int);
static int ParseFtp229Reply(struct libalias *la, char *, int);
static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
void
AliasHandleFtpOut(
struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link, /* The link to go through (aliased port) */
int maxpacketsize /* The maximum size this packet can grow to (including headers) */)
@ -136,24 +134,24 @@ int maxpacketsize /* The maximum size this packet can grow to (including header
/*
* When aliasing a client, check for the PORT/EPRT command.
*/
if (ParseFtpPortCommand(sptr, dlen))
if (ParseFtpPortCommand(la, sptr, dlen))
ftp_message_type = FTP_PORT_COMMAND;
else if (ParseFtpEprtCommand(sptr, dlen))
else if (ParseFtpEprtCommand(la, sptr, dlen))
ftp_message_type = FTP_EPRT_COMMAND;
} else {
/*
* When aliasing a server, check for the 227/229 reply.
*/
if (ParseFtp227Reply(sptr, dlen))
if (ParseFtp227Reply(la, sptr, dlen))
ftp_message_type = FTP_227_REPLY;
else if (ParseFtp229Reply(sptr, dlen)) {
else if (ParseFtp229Reply(la, sptr, dlen)) {
ftp_message_type = FTP_229_REPLY;
true_addr.s_addr = pip->ip_src.s_addr;
la->true_addr.s_addr = pip->ip_src.s_addr;
}
}
if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
NewFtpMessage(pip, link, maxpacketsize, ftp_message_type);
NewFtpMessage(la, pip, link, maxpacketsize, ftp_message_type);
}
/* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
@ -170,7 +168,7 @@ int maxpacketsize /* The maximum size this packet can grow to (including header
}
static int
ParseFtpPortCommand(char *sptr, int dlen)
ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen)
{
char ch;
int i, state;
@ -228,15 +226,15 @@ ParseFtpPortCommand(char *sptr, int dlen)
}
if (state == 13) {
true_addr.s_addr = htonl(addr);
true_port = port;
la->true_addr.s_addr = htonl(addr);
la->true_port = port;
return 1;
} else
return 0;
}
static int
ParseFtpEprtCommand(char *sptr, int dlen)
ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen)
{
char ch, delim;
int i, state;
@ -315,15 +313,15 @@ ParseFtpEprtCommand(char *sptr, int dlen)
}
if (state == 13) {
true_addr.s_addr = htonl(addr);
true_port = port;
la->true_addr.s_addr = htonl(addr);
la->true_port = port;
return 1;
} else
return 0;
}
static int
ParseFtp227Reply(char *sptr, int dlen)
ParseFtp227Reply(struct libalias *la, char *sptr, int dlen)
{
char ch;
int i, state;
@ -381,15 +379,15 @@ ParseFtp227Reply(char *sptr, int dlen)
}
if (state == 13) {
true_port = port;
true_addr.s_addr = htonl(addr);
la->true_port = port;
la->true_addr.s_addr = htonl(addr);
return 1;
} else
return 0;
}
static int
ParseFtp229Reply(char *sptr, int dlen)
ParseFtp229Reply(struct libalias *la, char *sptr, int dlen)
{
char ch, delim;
int i, state;
@ -452,14 +450,14 @@ ParseFtp229Reply(char *sptr, int dlen)
}
if (state == 7) {
true_port = port;
la->true_port = port;
return 1;
} else
return 0;
}
static void
NewFtpMessage(struct ip *pip,
NewFtpMessage(struct libalias *la, struct ip *pip,
struct alias_link *link,
int maxpacketsize,
int ftp_message_type)
@ -467,15 +465,15 @@ NewFtpMessage(struct ip *pip,
struct alias_link *ftp_link;
/* Security checks. */
if (pip->ip_src.s_addr != true_addr.s_addr)
if (pip->ip_src.s_addr != la->true_addr.s_addr)
return;
if (true_port < IPPORT_RESERVED)
if (la->true_port < IPPORT_RESERVED)
return;
/* Establish link to address and port found in FTP control message. */
ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link),
htons(true_port), 0, IPPROTO_TCP, 1);
ftp_link = FindUdpTcpOut(la, la->true_addr, GetDestAddress(link),
htons(la->true_port), 0, IPPROTO_TCP, 1);
if (ftp_link != NULL)
{

5
lib/libalias/alias_irc.c
View File

@ -65,7 +65,8 @@ __FBSDID("$FreeBSD$");
void
AliasHandleIrcOut(struct ip *pip, /* IP packet to examine */
AliasHandleIrcOut(struct libalias *la,
struct ip *pip, /* IP packet to examine */
struct alias_link *link, /* Which link are we on? */
int maxsize /* Maximum size of IP packet including headers */
)
@ -246,7 +247,7 @@ lFOUND_CTCP:
/* Steal the FTP_DATA_PORT - it doesn't really matter, and this
would probably allow it through at least _some_
firewalls. */
dcc_link = FindUdpTcpOut(true_addr, destaddr,
dcc_link = FindUdpTcpOut(la, true_addr, destaddr,
true_port, 0,
IPPROTO_TCP, 1);
DBprintf(("Got a DCC link\n"));

164
lib/libalias/alias_local.h
View File

@ -46,6 +46,92 @@
#ifndef _ALIAS_LOCAL_H_
#define _ALIAS_LOCAL_H_
#include <sys/queue.h>
/* Sizes of input and output link tables */
#define LINK_TABLE_OUT_SIZE 101
#define LINK_TABLE_IN_SIZE 4001
struct proxy_entry;
struct libalias {
LIST_ENTRY(libalias) instancelist;
int packetAliasMode; /* Mode flags */
/* - documented in alias.h */
struct in_addr aliasAddress; /* Address written onto source */
/* field of IP packet. */
struct in_addr targetAddress; /* IP address incoming packets */
/* are sent to if no aliasing */
/* link already exists */
struct in_addr nullAddress; /* Used as a dummy parameter for */
/* some function calls */
LIST_HEAD(, alias_link) linkTableOut[LINK_TABLE_OUT_SIZE];
/* Lookup table of pointers to */
/* chains of link records. Each */
LIST_HEAD(, alias_link) linkTableIn[LINK_TABLE_IN_SIZE];
/* link record is doubly indexed */
/* into input and output lookup */
/* tables. */
/* Link statistics */
int icmpLinkCount;
int udpLinkCount;
int tcpLinkCount;
int pptpLinkCount;
int protoLinkCount;
int fragmentIdLinkCount;
int fragmentPtrLinkCount;
int sockCount;
int cleanupIndex; /* Index to chain of link table */
/* being inspected for old links */
int timeStamp; /* System time in seconds for */
/* current packet */
int lastCleanupTime; /* Last time IncrementalCleanup() */
/* was called */
int houseKeepingResidual; /* used by HouseKeeping() */
int deleteAllLinks; /* If equal to zero, DeleteLink() */
/* will not remove permanent links */
FILE *monitorFile; /* File descriptor for link */
/* statistics monitoring file */
int newDefaultLink; /* Indicates if a new aliasing */
/* link has been created after a */
/* call to PacketAliasIn/Out(). */
#ifndef NO_FW_PUNCH
int fireWallFD; /* File descriptor to be able to */
/* control firewall. Opened by */
/* PacketAliasSetMode on first */
/* setting the PKT_ALIAS_PUNCH_FW */
/* flag. */
int fireWallBaseNum; /* The first firewall entry free for our use */
int fireWallNumNums; /* How many entries can we use? */
int fireWallActiveNum; /* Which entry did we last use? */
char *fireWallField; /* bool array for entries */
#endif
unsigned int skinnyPort; /* TCP port used by the Skinny */
/* protocol. */
struct proxy_entry *proxyList;
struct in_addr true_addr; /* in network byte order. */
u_short true_port; /* in host byte order. */
};
/* Macros */
/*
@ -71,10 +157,6 @@
} \
} while (0)
/* Globals */
extern int packetAliasMode;
extern unsigned int skinnyPort;
/* Prototypes */
@ -86,58 +168,58 @@ void DifferentialChecksum(u_short *_cksum, u_short *_new, u_short *_old,
/* Internal data access */
struct alias_link *
FindIcmpIn(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _id_alias, int _create);
struct alias_link *
FindIcmpOut(struct in_addr _src_addr, struct in_addr _dst_addr,
FindIcmpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
u_short _id, int _create);
struct alias_link *
FindFragmentIn1(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindFragmentIn1(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _ip_id);
struct alias_link *
FindFragmentIn2(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindFragmentIn2(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _ip_id);
struct alias_link *
AddFragmentPtrLink(struct in_addr _dst_addr, u_short _ip_id);
AddFragmentPtrLink(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id);
struct alias_link *
FindFragmentPtr(struct in_addr _dst_addr, u_short _ip_id);
FindFragmentPtr(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id);
struct alias_link *
FindProtoIn(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindProtoIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_char _proto);
struct alias_link *
FindProtoOut(struct in_addr _src_addr, struct in_addr _dst_addr,
FindProtoOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
u_char _proto);
struct alias_link *
FindUdpTcpIn(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _dst_port, u_short _alias_port, u_char _proto, int _create);
struct alias_link *
FindUdpTcpOut(struct in_addr _src_addr, struct in_addr _dst_addr,
FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
u_short _src_port, u_short _dst_port, u_char _proto, int _create);
struct alias_link *
AddPptp(struct in_addr _src_addr, struct in_addr _dst_addr,
AddPptp(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
struct in_addr _alias_addr, u_int16_t _src_call_id);
struct alias_link *
FindPptpOutByCallId(struct in_addr _src_addr,
FindPptpOutByCallId(struct libalias *la, struct in_addr _src_addr,
struct in_addr _dst_addr, u_int16_t _src_call_id);
struct alias_link *
FindPptpInByCallId(struct in_addr _dst_addr,
FindPptpInByCallId(struct libalias *la, struct in_addr _dst_addr,
struct in_addr _alias_addr, u_int16_t _dst_call_id);
struct alias_link *
FindPptpOutByPeerCallId(struct in_addr _src_addr,
FindPptpOutByPeerCallId(struct libalias *la, struct in_addr _src_addr,
struct in_addr _dst_addr, u_int16_t _dst_call_id);
struct alias_link *
FindPptpInByPeerCallId(struct in_addr _dst_addr,
FindPptpInByPeerCallId(struct libalias *la, struct in_addr _dst_addr,
struct in_addr _alias_addr, u_int16_t _alias_call_id);
struct alias_link *
FindRtspOut(struct in_addr _src_addr, struct in_addr _dst_addr,
FindRtspOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
u_short _src_port, u_short _alias_port, u_char _proto);
struct in_addr
FindOriginalAddress(struct in_addr _alias_addr);
FindOriginalAddress(struct libalias *la, struct in_addr _alias_addr);
struct in_addr
FindAliasAddress(struct in_addr _original_addr);
FindAliasAddress(struct libalias *la, struct in_addr _original_addr);
/* External data access/modification */
int FindNewPortGroup(struct in_addr _dst_addr, struct in_addr _alias_addr,
int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _src_port, u_short _dst_port, u_short _port_count,
u_char _proto, u_char _align);
void GetFragmentAddr(struct alias_link *_link, struct in_addr *_src_addr);
@ -155,8 +237,8 @@ struct in_addr
struct in_addr
GetAliasAddress(struct alias_link *_link);
struct in_addr
GetDefaultAliasAddress(void);
void SetDefaultAliasAddress(struct in_addr _alias_addr);
GetDefaultAliasAddress(struct libalias *la);
void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr);
u_short GetOriginalPort(struct alias_link *_link);
u_short GetAliasPort(struct alias_link *_link);
struct in_addr
@ -170,7 +252,7 @@ int GetDeltaAckIn(struct ip *_pip, struct alias_link *_link);
int GetDeltaSeqOut(struct ip *_pip, struct alias_link *_link);
void AddSeq(struct ip *_pip, struct alias_link *_link, int _delta);
void SetExpire(struct alias_link *_link, int _expire);
void ClearCheckNewLink(void);
void ClearCheckNewLink(struct libalias *la);
void SetProtocolFlags(struct alias_link *_link, int _pflags);
int GetProtocolFlags(struct alias_link *_link);
void SetDestCallId(struct alias_link *_link, u_int16_t _cid);
@ -179,47 +261,47 @@ void PunchFWHole(struct alias_link *_link);
#endif
/* Housekeeping function */
void HouseKeeping(void);
void HouseKeeping(struct libalias *);
/* Tcp specfic routines */
/* lint -save -library Suppress flexelint warnings */
/* FTP routines */
void AliasHandleFtpOut(struct ip *_pip, struct alias_link *_link,
void AliasHandleFtpOut(struct libalias *la, struct ip *_pip, struct alias_link *_link,
int _maxpacketsize);
/* IRC routines */
void AliasHandleIrcOut(struct ip *_pip, struct alias_link *_link,
void AliasHandleIrcOut(struct libalias *la, struct ip *_pip, struct alias_link *_link,
int _maxsize);
/* RTSP routines */
void AliasHandleRtspOut(struct ip *_pip, struct alias_link *_link,
void AliasHandleRtspOut(struct libalias *la, struct ip *_pip, struct alias_link *_link,
int _maxpacketsize);
/* PPTP routines */
void AliasHandlePptpOut(struct ip *_pip, struct alias_link *_link);
void AliasHandlePptpIn(struct ip *_pip, struct alias_link *_link);
int AliasHandlePptpGreOut(struct ip *_pip);
int AliasHandlePptpGreIn(struct ip *_pip);
void AliasHandlePptpOut(struct libalias *la, struct ip *_pip, struct alias_link *_link);
void AliasHandlePptpIn(struct libalias *la, struct ip *_pip, struct alias_link *_link);
int AliasHandlePptpGreOut(struct libalias *la, struct ip *_pip);
int AliasHandlePptpGreIn(struct libalias *la, struct ip *_pip);
/* NetBIOS routines */
int AliasHandleUdpNbt(struct ip *_pip, struct alias_link *_link,
int AliasHandleUdpNbt(struct libalias *la, struct ip *_pip, struct alias_link *_link,
struct in_addr *_alias_address, u_short _alias_port);
int AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link,
int AliasHandleUdpNbtNS(struct libalias *la, struct ip *_pip, struct alias_link *_link,
struct in_addr *_alias_address, u_short *_alias_port,
struct in_addr *_original_address, u_short *_original_port);
/* CUSeeMe routines */
void AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link);
void AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr);
void AliasHandleCUSeeMeOut(struct libalias *la, struct ip *_pip, struct alias_link *_link);
void AliasHandleCUSeeMeIn(struct libalias *la, struct ip *_pip, struct in_addr _original_addr);
/* Skinny routines */
void AliasHandleSkinny(struct ip *_pip, struct alias_link *_link);
void AliasHandleSkinny(struct libalias *la, struct ip *_pip, struct alias_link *_link);
/* Transparent proxy routines */
int ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr,
int ProxyCheck(struct libalias *la, struct ip *_pip, struct in_addr *_proxy_server_addr,
u_short *_proxy_server_port);
void ProxyModify(struct alias_link *_link, struct ip *_pip,
void ProxyModify(struct libalias *la, struct alias_link *_link, struct ip *_pip,
int _maxpacketsize, int _proxy_type);
enum alias_tcp_state {

2
lib/libalias/alias_nbt.c
View File

@ -196,6 +196,7 @@ static u_char *AliasHandleName ( u_char *p, char *pmax ) {
#define DGM_NEGATIVE_RES 0x16
int AliasHandleUdpNbt(
struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link,
struct in_addr *alias_address,
@ -612,6 +613,7 @@ AliasHandleResource(
}
int AliasHandleUdpNbtNS(
struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link,
struct in_addr *alias_address,

205
lib/libalias/alias_old.c Normal file
View File

@ -0,0 +1,205 @@
/*-
* Copyright (c) 2004 Poul-Henning Kamp <phk@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <stdlib.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <alias.h>
/*
* These functions are for backwards compatibility and because apps may
* be linked against shlib versions, they have to be actual functions,
* we cannot inline them.
*/
static struct libalias *la;
void
PacketAliasInit(void)
{
la = LibAliasInit(la);
}
void
PacketAliasSetAddress(struct in_addr _addr)
{
LibAliasSetAddress(la, _addr);
}
void
PacketAliasSetFWBase(unsigned int _base, unsigned int _num)
{
LibAliasSetFWBase(la, _base, _num);
}
void
PacketAliasSetSkinnyPort(unsigned int _port)
{
LibAliasSetSkinnyPort(la, _port);
}
unsigned int
PacketAliasSetMode(unsigned int _flags, unsigned int _mask)
{
return LibAliasSetMode(la, _flags, _mask);
}
void
PacketAliasUninit(void)
{
LibAliasUninit(la);
la = NULL;
}
int
PacketAliasIn(char *_ptr, int _maxpacketsize)
{
return LibAliasIn(la, _ptr, _maxpacketsize);
}
int
PacketAliasOut(char *_ptr, int _maxpacketsize)
{
return LibAliasOut(la, _ptr, _maxpacketsize);
}
int
PacketUnaliasOut(char *_ptr, int _maxpacketsize)
{
return LibAliasUnaliasOut(la, _ptr, _maxpacketsize);
}
int
PacketAliasAddServer(struct alias_link *_link,
struct in_addr _addr, unsigned short _port)
{
return LibAliasAddServer(la, _link, _addr, _port);
}
struct alias_link *
PacketAliasRedirectAddr(struct in_addr _src_addr,
struct in_addr _alias_addr)
{
return LibAliasRedirectAddr(la, _src_addr, _alias_addr);
}
int
PacketAliasRedirectDynamic(struct alias_link *_link)
{
return LibAliasRedirectDynamic(la, _link);
}
void
PacketAliasRedirectDelete(struct alias_link *_link)
{
LibAliasRedirectDelete(la, _link);
}
struct alias_link *
PacketAliasRedirectPort(struct in_addr _src_addr,
unsigned short _src_port, struct in_addr _dst_addr,
unsigned short _dst_port, struct in_addr _alias_addr,
unsigned short _alias_port, unsigned char _proto)
{
return LibAliasRedirectPort(la, _src_addr, _src_port, _dst_addr,
_dst_port, _alias_addr, _alias_port, _proto);
}
struct alias_link *
PacketAliasRedirectProto(struct in_addr _src_addr,
struct in_addr _dst_addr, struct in_addr _alias_addr,
unsigned char _proto)
{
return LibAliasRedirectProto(la, _src_addr, _dst_addr, _alias_addr,
_proto);
}
void
PacketAliasFragmentIn(char *_ptr, char *_ptr_fragment)
{
LibAliasFragmentIn(la, _ptr, _ptr_fragment);
}
char *
PacketAliasGetFragment(char *_ptr)
{
return LibAliasGetFragment(la, _ptr);
}
int
PacketAliasSaveFragment(char *_ptr)
{
return LibAliasSaveFragment(la, _ptr);
}
int
PacketAliasCheckNewLink(void)
{
return LibAliasCheckNewLink(la);
}
unsigned short
PacketAliasInternetChecksum(unsigned short *_ptr, int _nbytes)
{
return LibAliasInternetChecksum(la, _ptr, _nbytes);
}
void
PacketAliasSetTarget(struct in_addr _target_addr)
{
LibAliasSetTarget(la, _target_addr);
}
/* Transparent proxying routines. */
int
PacketAliasProxyRule(const char *_cmd)
{
return LibAliasProxyRule(la, _cmd);
}

22
lib/libalias/alias_pptp.c
View File

@ -145,7 +145,8 @@ static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *);
void
AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
AliasHandlePptpOut(struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link) /* The PPTP control link */
{
struct alias_link *pptp_link;
@ -165,13 +166,13 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
case PPTP_InCallRequest:
case PPTP_InCallReply:
/* Establish PPTP link for address and Call ID found in control message. */
pptp_link = AddPptp(GetOriginalAddress(link), GetDestAddress(link),
pptp_link = AddPptp(la, GetOriginalAddress(link), GetDestAddress(link),
GetAliasAddress(link), cptr->cid1);
break;
case PPTP_CallClearRequest:
case PPTP_CallDiscNotify:
/* Find PPTP link for address and Call ID found in control message. */
pptp_link = FindPptpOutByCallId(GetOriginalAddress(link),
pptp_link = FindPptpOutByCallId(la, GetOriginalAddress(link),
GetDestAddress(link),
cptr->cid1);
break;
@ -208,7 +209,8 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
}
void
AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
AliasHandlePptpIn(struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link) /* The PPTP control link */
{
struct alias_link *pptp_link;
@ -234,7 +236,7 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
pcall_id = &cptr->cid2;
break;
case PPTP_CallDiscNotify: /* Connection closed. */
pptp_link = FindPptpInByCallId(GetDestAddress(link),
pptp_link = FindPptpInByCallId(la, GetDestAddress(link),
GetAliasAddress(link),
cptr->cid1);
if (pptp_link != NULL)
@ -245,7 +247,7 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
}
/* Find PPTP link for address and Call ID found in PPTP Control Msg */
pptp_link = FindPptpInByPeerCallId(GetDestAddress(link),
pptp_link = FindPptpInByPeerCallId(la, GetDestAddress(link),
GetAliasAddress(link),
*pcall_id);
@ -311,7 +313,7 @@ AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch
int
AliasHandlePptpGreOut(struct ip *pip)
AliasHandlePptpGreOut(struct libalias *la, struct ip *pip)
{
GreHdr *gr;
struct alias_link *link;
@ -322,7 +324,7 @@ AliasHandlePptpGreOut(struct ip *pip)
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
link = FindPptpOutByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
link = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
if (link != NULL) {
struct in_addr alias_addr = GetAliasAddress(link);
@ -339,7 +341,7 @@ AliasHandlePptpGreOut(struct ip *pip)
int
AliasHandlePptpGreIn(struct ip *pip)
AliasHandlePptpGreIn(struct libalias *la, struct ip *pip)
{
GreHdr *gr;
struct alias_link *link;
@ -350,7 +352,7 @@ AliasHandlePptpGreIn(struct ip *pip)
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
link = FindPptpInByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
link = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
if (link != NULL) {
struct in_addr src_addr = GetOriginalAddress(link);

43
lib/libalias/alias_proxy.c
View File

@ -86,6 +86,7 @@ __FBSDID("$FreeBSD$");
*/
struct proxy_entry
{
struct libalias *la;
#define PROXY_TYPE_ENCODE_NONE 1
#define PROXY_TYPE_ENCODE_TCPSTREAM 2
#define PROXY_TYPE_ENCODE_IPHDR 3
@ -113,8 +114,6 @@ struct proxy_entry
File scope variables
*/
static struct proxy_entry *proxyList;
/* Local (static) functions:
@ -138,9 +137,9 @@ static struct proxy_entry *proxyList;
static int IpMask(int, struct in_addr *);
static int IpAddr(char *, struct in_addr *);
static int IpPort(char *, int, int *);
static void RuleAdd(struct proxy_entry *);
static void RuleAdd(struct libalias *la, struct proxy_entry *);
static void RuleDelete(struct proxy_entry *);
static int RuleNumberDelete(int);
static int RuleNumberDelete(struct libalias *la, int);
static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int);
static void ProxyEncodeIpHeader(struct ip *, int);
@ -197,22 +196,23 @@ IpPort(char *s, int proto, int *port)
}
void
RuleAdd(struct proxy_entry *entry)
RuleAdd(struct libalias *la, struct proxy_entry *entry)
{
int rule_index;
struct proxy_entry *ptr;
struct proxy_entry *ptr_last;
if (proxyList == NULL)
if (la->proxyList == NULL)
{
proxyList = entry;
la->proxyList = entry;
entry->last = NULL;
entry->next = NULL;
return;
}
entry->la = la;
rule_index = entry->rule_index;
ptr = proxyList;
ptr = la->proxyList;
ptr_last = NULL;
while (ptr != NULL)
{
@ -220,10 +220,10 @@ RuleAdd(struct proxy_entry *entry)
{
if (ptr_last == NULL)
{
entry->next = proxyList;
entry->next = la->proxyList;
entry->last = NULL;
proxyList->last = entry;
proxyList = entry;
la->proxyList->last = entry;
la->proxyList = entry;
return;
}
@ -245,10 +245,13 @@ RuleAdd(struct proxy_entry *entry)
static void
RuleDelete(struct proxy_entry *entry)
{
struct libalias *la;
la = entry->la;
if (entry->last != NULL)
entry->last->next = entry->next;
else
proxyList = entry->next;
la->proxyList = entry->next;
if (entry->next != NULL)
entry->next->last = entry->last;
@ -257,13 +260,13 @@ RuleDelete(struct proxy_entry *entry)
}
static int
RuleNumberDelete(int rule_index)
RuleNumberDelete(struct libalias *la, int rule_index)
{
int err;
struct proxy_entry *ptr;
err = -1;
ptr = proxyList;
ptr = la->proxyList;
while (ptr != NULL)
{
struct proxy_entry *ptr_next;
@ -447,7 +450,7 @@ ProxyEncodeIpHeader(struct ip *pip,
*/
int
ProxyCheck(struct ip *pip,
ProxyCheck(struct libalias *la, struct ip *pip,
struct in_addr *proxy_server_addr,
u_short *proxy_server_port)
{
@ -461,7 +464,7 @@ ProxyCheck(struct ip *pip,
dst_port = ((struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)))
->th_dport;
ptr = proxyList;
ptr = la->proxyList;
while (ptr != NULL)
{
u_short proxy_port;
@ -493,7 +496,7 @@ ProxyCheck(struct ip *pip,
}
void
ProxyModify(struct alias_link *link,
ProxyModify(struct libalias *la, struct alias_link *link,
struct ip *pip,
int maxpacketsize,
int proxy_type)
@ -516,7 +519,7 @@ ProxyModify(struct alias_link *link,
*/
int
PacketAliasProxyRule(const char *cmd)
LibAliasProxyRule(struct libalias *la, const char *cmd)
{
/*
* This function takes command strings of the form:
@ -694,7 +697,7 @@ PacketAliasProxyRule(const char *cmd)
n = sscanf(token, "%d", &rule_to_delete);
if (n != 1)
return -1;
err = RuleNumberDelete(rule_to_delete);
err = RuleNumberDelete(la, rule_to_delete);
if (err)
return -1;
return 0;
@ -831,7 +834,7 @@ PacketAliasProxyRule(const char *cmd)
proxy_entry->src_mask = src_mask;
proxy_entry->dst_mask = dst_mask;
RuleAdd(proxy_entry);
RuleAdd(la, proxy_entry);
return 0;
}

12
lib/libalias/alias_skinny.c
View File

@ -173,7 +173,7 @@ alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip,
}
static int
alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack,
alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opnrcvch_ack,
struct ip * pip, struct tcphdr *tc,
struct alias_link *link, u_int32_t *localIpAddr,
ConvDirection direction)
@ -186,7 +186,7 @@ alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack,
localPort = opnrcvch_ack->port;
null_addr.s_addr = INADDR_ANY;
opnrcv_link = FindUdpTcpOut(pip->ip_src, null_addr,
opnrcv_link = FindUdpTcpOut(la, pip->ip_src, null_addr,
htons((u_short) opnrcvch_ack->port), 0,
IPPROTO_UDP, 1);
opnrcvch_ack->ipAddr = (u_int32_t) GetAliasAddress(opnrcv_link).s_addr;
@ -199,7 +199,7 @@ alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack,
}
void
AliasHandleSkinny(struct ip *pip, struct alias_link *link)
AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *link)
{
int hlen, tlen, dlen;
struct tcphdr *tc;
@ -220,9 +220,9 @@ AliasHandleSkinny(struct ip *pip, struct alias_link *link)
* handle the scenario where the call manager is on the inside, and
* the calling phone is on the global outside.
*/
if (ntohs(tc->th_dport) == skinnyPort) {
if (ntohs(tc->th_dport) == la->skinnyPort) {
direction = ClientToServer;
} else if (ntohs(tc->th_sport) == skinnyPort) {
} else if (ntohs(tc->th_sport) == la->skinnyPort) {
direction = ServerToClient;
} else {
#ifdef DEBUG
@ -306,7 +306,7 @@ AliasHandleSkinny(struct ip *pip, struct alias_link *link)
"PacketAlias/Skinny: Received open rcv channel msg\n");
#endif
opnrcvchn_ack = (struct OpenReceiveChannelAck *) & sd->msgId;
alias_skinny_opnrcvch_ack(opnrcvchn_ack, pip, tc, link, &lip, direction);
alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, link, &lip, direction);
}
break;
case START_MEDIATX:

20
lib/libalias/alias_smedia.c
View File

@ -137,7 +137,7 @@ search_string(char *data, int dlen, const char *search_str)
}
static int
alias_rtsp_out(struct ip *pip,
alias_rtsp_out(struct libalias *la, struct ip *pip,
struct alias_link *link,
char *data,
const char *port_str)
@ -221,8 +221,8 @@ alias_rtsp_out(struct ip *pip,
/* Find an even numbered port number base that
satisfies the contiguous number of ports we need */
null_addr.s_addr = 0;
if (0 == (salias = FindNewPortGroup(null_addr,
FindAliasAddress(pip->ip_src),
if (0 == (salias = FindNewPortGroup(la, null_addr,
FindAliasAddress(la, pip->ip_src),
sport, 0,
RTSP_PORT_GROUP,
IPPROTO_UDP, 1))) {
@ -235,7 +235,7 @@ alias_rtsp_out(struct ip *pip,
base_alias = ntohs(salias);
for (j = 0; j < RTSP_PORT_GROUP; j++) {
/* Establish link to port found in RTSP packet */
rtsp_link = FindRtspOut(GetOriginalAddress(link), null_addr,
rtsp_link = FindRtspOut(la, GetOriginalAddress(link), null_addr,
htons(base_port + j), htons(base_alias + j),
IPPROTO_UDP);
if (rtsp_link != NULL) {
@ -319,7 +319,7 @@ alias_rtsp_out(struct ip *pip,
/* Support the protocol used by early versions of RealPlayer */
static int
alias_pna_out(struct ip *pip,
alias_pna_out(struct libalias *la, struct ip *pip,
struct alias_link *link,
char *data,
int dlen)
@ -343,7 +343,7 @@ alias_pna_out(struct ip *pip,
}
if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) {
memcpy(&port, work, 2);
pna_links = FindUdpTcpOut(pip->ip_src, GetDestAddress(link),
pna_links = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(link),
port, 0, IPPROTO_UDP, 1);
if (pna_links != NULL) {
#ifndef NO_FW_PUNCH
@ -366,7 +366,7 @@ alias_pna_out(struct ip *pip,
}
void
AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize)
AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *link, int maxpacketsize)
{
int hlen, tlen, dlen;
struct tcphdr *tc;
@ -390,13 +390,13 @@ AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize)
if (dlen >= strlen(setup)) {
if (memcmp(data, setup, strlen(setup)) == 0) {
alias_rtsp_out(pip, link, data, client_port_str);
alias_rtsp_out(la, pip, link, data, client_port_str);
return;
}
}
if (dlen >= strlen(pna)) {
if (memcmp(data, pna, strlen(pna)) == 0) {
alias_pna_out(pip, link, data, dlen);
alias_pna_out(la, pip, link, data, dlen);
}
}
@ -424,7 +424,7 @@ AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize)
if ((dlen - i) >= strlen(okstr)) {
if (memcmp(&data[i], okstr, strlen(okstr)) == 0)
alias_rtsp_out(pip, link, data, server_port_str);
alias_rtsp_out(la, pip, link, data, server_port_str);
}
}

3
lib/libalias/alias_util.c
View File

@ -50,6 +50,7 @@ then these routines will give a result of zero (useful for testing
purposes);
*/
#include <stdio.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
@ -60,7 +61,7 @@ purposes);
#include "alias_local.h"
u_short
PacketAliasInternetChecksum(u_short *ptr, int nbytes)
LibAliasInternetChecksum(struct libalias *la, u_short *ptr, int nbytes)
{
int sum, oddbyte;

191
lib/libalias/libalias.3
View File

@ -67,24 +67,26 @@ of the kernel, without any access to private kernel data structure, but
the source code can also be ported to a kernel environment.
.Sh INITIALIZATION AND CONTROL
One special function,
.Fn PacketAliasInit ,
must always be called before any packet handling may be performed.
.Fn LibAliasInit ,
must always be called before any packet handling may be performed and
the returned instance pointer passed to all the other functions.
Normally, the
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
function is called afterwards, to set the default aliasing address.
In addition, the operating mode of the packet aliasing engine can be
customized by calling
.Fn PacketAliasSetMode .
.Fn LibAliasSetMode .
.Pp
.Ft void
.Fn PacketAliasInit void
.Ft "struct libalias *"
.Fn LibAliasInit "struct libalias *"
.Bd -ragged -offset indent
This function has no arguments or return value and is used to initialize
This function is used to initialize
internal data structures.
When called first time a NULL pointer should be passed as argument.
The following mode bits are always set after calling
.Fn PacketAliasInit .
.Fn LibAliasInit .
See the description of
.Fn PacketAliasSetMode
.Fn LibAliasSetMode
below for the meaning of these mode bits.
.Pp
.Bl -item -offset indent -compact
@ -99,19 +101,19 @@ below for the meaning of these mode bits.
This function will always return the packet aliasing engine to the same
initial state.
The
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
function is normally called afterwards, and any desired changes from the
default mode bits listed above require a call to
.Fn PacketAliasSetMode .
.Fn LibAliasSetMode .
.Pp
It is mandatory that this function be called at the beginning of a program
prior to any packet handling.
.Ed
.Pp
.Ft void
.Fn PacketAliasUninit void
.Fn LibAliasUninit "struct libalias *"
.Bd -ragged -offset indent
This function has no arguments or return value and is used to clear any
This function has no return value and is used to clear any
resources attached to internal data structures.
.Pp
This functions should be called when a program stops using the aliasing
@ -120,18 +122,17 @@ To provide backwards compatibility and extra security, it is added to
the
.Xr atexit 3
chain by
.Fn PacketAliasInit .
Calling it multiple times is harmless.
.Fn LibAliasInit .
.Ed
.Pp
.Ft void
.Fn PacketAliasSetAddress "struct in_addr addr"
.Fn LibAliasSetAddress "struct libalias *" "struct in_addr addr"
.Bd -ragged -offset indent
This function sets the source address to which outgoing packets from the
local area network are aliased.
All outgoing packets are re-mapped to this address unless overridden by a
static address mapping established by
.Fn PacketAliasRedirectAddr .
.Fn LibAliasRedirectAddr .
If this function is not called, and no static rules match, an outgoing
packet retains its source address.
.Pp
@ -153,7 +154,7 @@ It is mandatory that this function be called prior to any packet handling.
.Ed
.Pp
.Ft unsigned int
.Fn PacketAliasSetMode "unsigned int flags" "unsigned int mask"
.Fn LibAliasSetMode "struct libalias *" "unsigned int flags" "unsigned int mask"
.Bd -ragged -offset indent
This function sets or clears mode bits
according to the value of
@ -174,7 +175,7 @@ Mainly useful for debugging when the log file is viewed continuously with
.It Dv PKT_ALIAS_DENY_INCOMING
If this mode bit is set, all incoming packets associated with new TCP
connections or new UDP transactions will be marked for being ignored
.Fn ( PacketAliasIn
.Fn ( LibAliasIn
returns
.Dv PKT_ALIAS_IGNORED
code)
@ -214,7 +215,7 @@ The registered subnet is fully accessible to the outside world, so traffic
from it does not need to be passed through the packet aliasing engine.
.It Dv PKT_ALIAS_RESET_ON_ADDR_CHANGE
When this mode bit is set and
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is called to change the aliasing address, the internal link table of the
packet aliasing engine will be cleared.
This operating mode is useful for
@ -238,7 +239,7 @@ To cater to unexpected death of a program using
changing the state of the flag will clear the entire firewall range
allocated for holes.
This will also happen on the initial call to
.Fn PacketAliasSetFWBase .
.Fn LibAliasSetFWBase .
This call must happen prior to setting this flag.
.It Dv PKT_ALIAS_REVERSE
This option makes
@ -252,13 +253,13 @@ This option tells
to obey transparent proxy rules only.
Normal packet aliasing is not performed.
See
.Fn PacketAliasProxyRule
.Fn LibAliasProxyRule
below for details.
.El
.Ed
.Pp
.Ft void
.Fn PacketAliasSetFWBase "unsigned int base" "unsigned int num"
.Fn LibAliasSetFWBase "struct libalias *" "unsigned int base" "unsigned int num"
.Bd -ragged -offset indent
Set firewall range allocated for punching firewall holes (with the
.Dv PKT_ALIAS_PUNCH_FW
@ -267,7 +268,7 @@ The range will be cleared for all rules on initialization.
.Ed
.Pp
.Ft void
.Fn PacketAliasSkinnyPort "unsigned int port"
.Fn LibAliasSkinnyPort "struct libalias *" "unsigned int port"
.Bd -ragged -offset indent
Set the TCP port used by the Skinny Station protocol.
Skinny is used by Cisco IP phones to communicate with
@ -282,18 +283,18 @@ The calling program is responsible for receiving and sending packets via
network interfaces.
.Pp
Along with
.Fn PacketAliasInit
.Fn LibAliasInit
and
.Fn PacketAliasSetAddress ,
.Fn LibAliasSetAddress ,
the two packet handling functions,
.Fn PacketAliasIn
.Fn LibAliasIn
and
.Fn PacketAliasOut ,
.Fn LibAliasOut ,
comprise minimal set of functions needed for a basic IP masquerading
implementation.
.Pp
.Ft int
.Fn PacketAliasIn "char *buffer" "int maxpacketsize"
.Fn LibAliasIn "struct libalias *" "char *buffer" "int maxpacketsize"
.Bd -ragged -offset indent
An incoming packet coming from a remote machine to the local network is
de-aliased by this function.
@ -315,26 +316,26 @@ type is not handled or if incoming packets for new connections are being
ignored (if
.Dv PKT_ALIAS_DENY_INCOMING
mode bit was set by
.Fn PacketAliasSetMode ) .
.Fn LibAliasSetMode ) .
.It Dv PKT_ALIAS_UNRESOLVED_FRAGMENT
This is returned when a fragment cannot be resolved because the header
fragment has not been sent yet.
In this situation, fragments must be saved with
.Fn PacketAliasSaveFragment
.Fn LibAliasSaveFragment
until a header fragment is found.
.It Dv PKT_ALIAS_FOUND_HEADER_FRAGMENT
The packet aliasing process was successful, and a header fragment was found.
This is a signal to retrieve any unresolved fragments with
.Fn PacketAliasGetFragment
.Fn LibAliasGetFragment
and de-alias them with
.Fn PacketAliasFragmentIn .
.Fn LibAliasFragmentIn .
.It Dv PKT_ALIAS_ERROR
An internal error within the packet aliasing engine occurred.
.El
.Ed
.Pp
.Ft int
.Fn PacketAliasOut "char *buffer" "int maxpacketsize"
.Fn LibAliasOut "struct libalias *" "char *buffer" "int maxpacketsize"
.Bd -ragged -offset indent
An outgoing packet coming from the local network to a remote machine is
aliased by this function.
@ -369,7 +370,8 @@ Individual ports can be re-mapped or static network address translations can
be designated.
.Pp
.Ft struct alias_link *
.Fo PacketAliasRedirectPort
.Fo LibAliasRedirectPort
.Fa "struct libalias *"
.Fa "struct in_addr local_addr"
.Fa "u_short local_port"
.Fa "struct in_addr remote_addr"
@ -396,12 +398,12 @@ or
.Fa alias_addr
is zero, this indicates that the packet aliasing address as established
by
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is to be used.
Even if
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is called to change the address after
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
is called, a zero reference will track this change.
.Pp
If the link is further set up to operate for a load sharing, then
@ -409,7 +411,7 @@ If the link is further set up to operate for a load sharing, then
and
.Fa local_port
are ignored, and are selected dynamically from the server pool, as described in
.Fn PacketAliasAddServer
.Fn LibAliasAddServer
below.
.Pp
If
@ -422,12 +424,12 @@ port number.
Almost always, the remote port specification will be zero, but non-zero
remote addresses can sometimes be useful for firewalling.
If two calls to
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
overlap in their address/port specifications, then the most recent call
will have precedence.
.Pp
This function returns a pointer which can subsequently be used by
.Fn PacketAliasRedirectDelete .
.Fn LibAliasRedirectDelete .
If
.Dv NULL
is returned, then the function call did not complete successfully.
@ -443,7 +445,8 @@ data type.
.Ed
.Pp
.Ft struct alias_link *
.Fo PacketAliasRedirectAddr
.Fo LibAliasRedirectAddr
.Fa "struct libalias *"
.Fa "struct in_addr local_addr"
.Fa "struct in_addr alias_addr"
.Fc
@ -462,22 +465,22 @@ If
or
.Fa alias_addr
is zero, this indicates that the packet aliasing address as established by
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is to be used.
Even if
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is called to change the address after
.Fn PacketAliasRedirectAddr
.Fn LibAliasRedirectAddr
is called, a zero reference will track this change.
.Pp
If the link is further set up to operate for a load sharing, then
.Fa local_addr
is ignored, and is selected dynamically from the server pool, as described in
.Fn PacketAliasAddServer
.Fn LibAliasAddServer
below.
.Pp
If subsequent calls to
.Fn PacketAliasRedirectAddr
.Fn LibAliasRedirectAddr
use the same aliasing address, all new incoming traffic to this aliasing
address will be redirected to the local address made in the last function
call.
@ -485,11 +488,11 @@ New traffic generated by any of the local machines, designated in the
several function calls, will be aliased to the same address.
Consider the following example:
.Bd -literal -offset indent
PacketAliasRedirectAddr(inet_aton("192.168.0.2"),
LibAliasRedirectAddr(inet_aton("192.168.0.2"),
inet_aton("141.221.254.101"));
PacketAliasRedirectAddr(inet_aton("192.168.0.3"),
LibAliasRedirectAddr(inet_aton("192.168.0.3"),
inet_aton("141.221.254.101"));
PacketAliasRedirectAddr(inet_aton("192.168.0.4"),
LibAliasRedirectAddr(inet_aton("192.168.0.4"),
inet_aton("141.221.254.101"));
.Ed
.Pp
@ -502,19 +505,20 @@ from 192.168.0.2, 192.168.0.3 and 192.168.0.4 will appear to come from
Any incoming connections to 141.221.254.101 will be directed to 192.168.0.4.
.Pp
Any calls to
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
will have precedence over address mappings designated by
.Fn PacketAliasRedirectAddr .
.Fn LibAliasRedirectAddr .
.Pp
This function returns a pointer which can subsequently be used by
.Fn PacketAliasRedirectDelete .
.Fn LibAliasRedirectDelete .
If
.Dv NULL
is returned, then the function call did not complete successfully.
.Ed
.Pp
.Ft int
.Fo PacketAliasAddServer
.Fo LibAliasAddServer
.Fa "struct libalias *"
.Fa "struct alias_link *link"
.Fa "struct in_addr addr"
.Fa "u_short port"
@ -541,17 +545,17 @@ the host.
First, the
.Fa link
is created by either
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
or
.Fn PacketAliasRedirectAddr .
.Fn LibAliasRedirectAddr .
Then,
.Fn PacketAliasAddServer
.Fn LibAliasAddServer
is called multiple times to add entries to the
.Fa link Ns 's
server pool.
.Pp
For links created with
.Fn PacketAliasRedirectAddr ,
.Fn LibAliasRedirectAddr ,
the
.Fa port
argument is ignored and could have any value, e.g. htons(~0).
@ -560,10 +564,10 @@ This function returns 0 on success, \-1 otherwise.
.Ed
.Pp
.Ft int
.Fn PacketAliasRedirectDynamic "struct alias_link *link"
.Fn LibAliasRedirectDynamic "struct libalias *" "struct alias_link *link"
.Bd -ragged -offset indent
This function marks the specified static redirect rule entered by
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
as dynamic.
This can be used to e.g. dynamically redirect a single TCP connection,
after which the rule is removed.
@ -579,23 +583,23 @@ This function returns 0 on success, \-1 otherwise.
.Ed
.Pp
.Ft void
.Fn PacketAliasRedirectDelete "struct alias_link *link"
.Fn LibAliasRedirectDelete "struct libalias *" "struct alias_link *link"
.Bd -ragged -offset indent
This function will delete a specific static redirect rule entered by
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
or
.Fn PacketAliasRedirectAddr .
.Fn LibAliasRedirectAddr .
The parameter
.Fa link
is the pointer returned by either of the redirection functions.
If an invalid pointer is passed to
.Fn PacketAliasRedirectDelete ,
.Fn LibAliasRedirectDelete ,
then a program crash or unpredictable operation could result, so it is
necessary to be careful using this function.
.Ed
.Pp
.Ft int
.Fn PacketAliasProxyRule "const char *cmd"
.Fn LibAliasProxyRule "struct libalias *" "const char *cmd"
.Bd -ragged -offset indent
The passed
.Fa cmd
@ -640,14 +644,14 @@ specification is mandatory unless the
command is being used.
.It Cm rule Ar index
Normally, each call to
.Fn PacketAliasProxyRule
.Fn LibAliasProxyRule
inserts the next rule at the start of a linear list of rules.
If an
.Ar index
is specified, the new rule will be checked after all rules with lower
indices.
Calls to
.Fn PacketAliasProxyRule
.Fn LibAliasProxyRule
that do not specify a rule are assigned rule 0.
.It Cm delete Ar index
This token and its argument MUST NOT be used with any other tokens.
@ -688,7 +692,8 @@ access, or to restrict access to certain external machines.
.Ed
.Pp
.Ft struct alias_link *
.Fo PacketAliasRedirectProto
.Fo LibAliasRedirectProto
.Fa "struct libalias *"
.Fa "struct in_addr local_addr"
.Fa "struct in_addr remote_addr"
.Fa "struct in_addr alias_addr"
@ -706,12 +711,12 @@ or
.Fa alias_addr
is zero, this indicates that the packet aliasing address as established
by
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is to be used.
Even if
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is called to change the address after
.Fn PacketAliasRedirectProto
.Fn LibAliasRedirectProto
is called, a zero reference will track this change.
.Pp
If
@ -720,12 +725,12 @@ is zero, this indicates to redirect packets from any remote address.
Non-zero remote addresses can sometimes be useful for firewalling.
.Pp
If two calls to
.Fn PacketAliasRedirectProto
.Fn LibAliasRedirectProto
overlap in their address specifications, then the most recent call
will have precedence.
.Pp
This function returns a pointer which can subsequently be used by
.Fn PacketAliasRedirectDelete .
.Fn LibAliasRedirectDelete .
If
.Dv NULL
is returned, then the function call did not complete successfully.
@ -734,11 +739,11 @@ is returned, then the function call did not complete successfully.
The functions in this section are used to deal with incoming fragments.
.Pp
Outgoing fragments are handled within
.Fn PacketAliasOut
.Fn LibAliasOut
by changing the address according to any applicable mapping set by
.Fn PacketAliasRedirectAddr ,
.Fn LibAliasRedirectAddr ,
or the default aliasing address set by
.Fn PacketAliasSetAddress .
.Fn LibAliasSetAddress .
.Pp
Incoming fragments are handled in one of two ways.
If the header of a fragmented IP packet has already been seen, then all
@ -748,10 +753,10 @@ Fragments which arrive before the header are saved and then retrieved
once the header fragment has been resolved.
.Pp
.Ft int
.Fn PacketAliasSaveFragment "char *ptr"
.Fn LibAliasSaveFragment "struct libalias *" "char *ptr"
.Bd -ragged -offset indent
When
.Fn PacketAliasIn
.Fn LibAliasIn
returns
.Dv PKT_ALIAS_UNRESOLVED_FRAGMENT ,
this function can be used to save the pointer to the unresolved fragment.
@ -773,33 +778,33 @@ if there was an error.
.Ed
.Pp
.Ft char *
.Fn PacketAliasGetFragment "char *buffer"
.Fn LibAliasGetFragment "struct libalias *" "char *buffer"
.Bd -ragged -offset indent
This function can be used to retrieve fragment pointers saved by
.Fn PacketAliasSaveFragment .
.Fn LibAliasSaveFragment .
The IP header fragment pointed to by
.Fa buffer
is the header fragment indicated when
.Fn PacketAliasIn
.Fn LibAliasIn
returns
.Dv PKT_ALIAS_FOUND_HEADER_FRAGMENT .
Once a fragment pointer is retrieved, it becomes the calling program's
responsibility to free the dynamically allocated memory for the fragment.
.Pp
The
.Fn PacketAliasGetFragment
.Fn LibAliasGetFragment
function can be called sequentially until there are no more fragments
available, at which time it returns
.Dv NULL .
.Ed
.Pp
.Ft void
.Fn PacketAliasFragmentIn "char *header" "char *fragment"
.Fn LibAliasFragmentIn "struct libalias *" "char *header" "char *fragment"
.Bd -ragged -offset indent
When a fragment is retrieved with
.Fn PacketAliasGetFragment ,
.Fn LibAliasGetFragment ,
it can then be de-aliased with a call to
.Fn PacketAliasFragmentIn .
.Fn LibAliasFragmentIn .
The
.Fa header
argument is the pointer to a header fragment used as a template, and
@ -808,17 +813,17 @@ is the pointer to the packet to be de-aliased.
.Ed
.Sh MISCELLANEOUS FUNCTIONS
.Ft void
.Fn PacketAliasSetTarget "struct in_addr addr"
.Fn LibAliasSetTarget "struct libalias *" "struct in_addr addr"
.Bd -ragged -offset indent
When an incoming packet not associated with any pre-existing aliasing link
arrives at the host machine, it will be sent to the address indicated by a
call to
.Fn PacketAliasSetTarget .
.Fn LibAliasSetTarget .
.Pp
If this function is called with an
.Dv INADDR_NONE
address argument, then all new incoming packets go to the address set by
.Fn PacketAliasSetAddress .
.Fn LibAliasSetAddress .
.Pp
If this function is not called, or is called with an
.Dv INADDR_ANY
@ -829,17 +834,17 @@ can route packets to the machine in question.
.Ed
.Pp
.Ft int
.Fn PacketAliasCheckNewLink void
.Fn LibAliasCheckNewLink void
.Bd -ragged -offset indent
This function returns a non-zero value when a new aliasing link is created.
In circumstances where incoming traffic is being sequentially sent to
different local servers, this function can be used to trigger when
.Fn PacketAliasSetTarget
.Fn LibAliasSetTarget
is called to change the default target address.
.Ed
.Pp
.Ft u_short
.Fn PacketAliasInternetChecksum "u_short *buffer" "int nbytes"
.Fn LibAliasInternetChecksum "struct libalias *" "u_short *buffer" "int nbytes"
.Bd -ragged -offset indent
This is a utility function that does not seem to be available elsewhere and
is included as a convenience.
@ -856,12 +861,12 @@ The 16-bit checksum field should be zeroed before computing the checksum.
Checksums can also be verified by operating on a block of data including
its checksum.
If the checksum is valid,
.Fn PacketAliasInternetChecksum
.Fn LibAliasInternetChecksum
will return zero.
.Ed
.Pp
.Ft int
.Fn PacketUnaliasOut "char *buffer" "int maxpacketsize"
.Fn LibAliasUnaliasOut "struct libalias *" "char *buffer" "int maxpacketsize"
.Bd -ragged -offset indent
An outgoing packet, which has already been aliased,
has its private address/port information restored by this function.

2
sys/netinet/libalias/Makefile
View File

@ -6,7 +6,7 @@ SHLIB_MAJOR= 4
MAN= libalias.3
SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \
alias_util.c
alias_util.c alias_old.c
INCS= alias.h
.include <bsd.lib.mk>

242
sys/netinet/libalias/alias.c
View File

@ -247,26 +247,26 @@ the gateway machine or other machines on a local area network.
/* Local prototypes */
static int IcmpAliasIn1(struct ip *);
static int IcmpAliasIn2(struct ip *);
static int IcmpAliasIn (struct ip *);
static int IcmpAliasIn1(struct libalias *, struct ip *);
static int IcmpAliasIn2(struct libalias *, struct ip *);
static int IcmpAliasIn (struct libalias *, struct ip *);
static int IcmpAliasOut1(struct ip *);
static int IcmpAliasOut2(struct ip *);
static int IcmpAliasOut (struct ip *);
static int IcmpAliasOut1(struct libalias *, struct ip *);
static int IcmpAliasOut2(struct libalias *, struct ip *);
static int IcmpAliasOut (struct libalias *, struct ip *);
static int ProtoAliasIn(struct ip *);
static int ProtoAliasOut(struct ip *);
static int ProtoAliasIn(struct libalias *, struct ip *);
static int ProtoAliasOut(struct libalias *, struct ip *);
static int UdpAliasOut(struct ip *);
static int UdpAliasIn (struct ip *);
static int UdpAliasOut(struct libalias *, struct ip *);
static int UdpAliasIn (struct libalias *, struct ip *);
static int TcpAliasOut(struct ip *, int);
static int TcpAliasIn (struct ip *);
static int TcpAliasOut(struct libalias *, struct ip *, int);
static int TcpAliasIn (struct libalias *, struct ip *);
static int
IcmpAliasIn1(struct ip *pip)
IcmpAliasIn1(struct libalias *la, struct ip *pip)
{
/*
De-alias incoming echo and timestamp replies.
@ -278,7 +278,7 @@ IcmpAliasIn1(struct ip *pip)
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
/* Get source address from ICMP data field and restore original data */
link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
link = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
if (link != NULL)
{
u_short original_id;
@ -312,7 +312,7 @@ IcmpAliasIn1(struct ip *pip)
}
static int
IcmpAliasIn2(struct ip *pip)
IcmpAliasIn2(struct libalias *la, struct ip *pip)
{
/*
Alias incoming ICMP error messages containing
@ -332,16 +332,16 @@ IcmpAliasIn2(struct ip *pip)
ic2 = (struct icmp *) ud;
if (ip->ip_p == IPPROTO_UDP)
link = FindUdpTcpIn(ip->ip_dst, ip->ip_src,
link = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src,
ud->uh_dport, ud->uh_sport,
IPPROTO_UDP, 0);
else if (ip->ip_p == IPPROTO_TCP)
link = FindUdpTcpIn(ip->ip_dst, ip->ip_src,
link = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src,
tc->th_dport, tc->th_sport,
IPPROTO_TCP, 0);
else if (ip->ip_p == IPPROTO_ICMP) {
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
link = FindIcmpIn(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
link = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
else
link = NULL;
} else
@ -430,13 +430,13 @@ fragment contained in ICMP data section */
static int
IcmpAliasIn(struct ip *pip)
IcmpAliasIn(struct libalias *la, struct ip *pip)
{
int iresult;
struct icmp *ic;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
@ -448,18 +448,18 @@ IcmpAliasIn(struct ip *pip)
case ICMP_TSTAMPREPLY:
if (ic->icmp_code == 0)
{
iresult = IcmpAliasIn1(pip);
iresult = IcmpAliasIn1(la, pip);
}
break;
case ICMP_UNREACH:
case ICMP_SOURCEQUENCH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
iresult = IcmpAliasIn2(pip);
iresult = IcmpAliasIn2(la, pip);
break;
case ICMP_ECHO:
case ICMP_TSTAMP:
iresult = IcmpAliasIn1(pip);
iresult = IcmpAliasIn1(la, pip);
break;
}
return(iresult);
@ -467,7 +467,7 @@ IcmpAliasIn(struct ip *pip)
static int
IcmpAliasOut1(struct ip *pip)
IcmpAliasOut1(struct libalias *la, struct ip *pip)
{
/*
Alias outgoing echo and timestamp requests.
@ -479,7 +479,7 @@ IcmpAliasOut1(struct ip *pip)
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
/* Save overwritten data for when echo packet returns */
link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
link = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
if (link != NULL)
{
u_short alias_id;
@ -514,7 +514,7 @@ IcmpAliasOut1(struct ip *pip)
static int
IcmpAliasOut2(struct ip *pip)
IcmpAliasOut2(struct libalias *la, struct ip *pip)
{
/*
Alias outgoing ICMP error messages containing
@ -534,16 +534,16 @@ IcmpAliasOut2(struct ip *pip)
ic2 = (struct icmp *) ud;
if (ip->ip_p == IPPROTO_UDP)
link = FindUdpTcpOut(ip->ip_dst, ip->ip_src,
link = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src,
ud->uh_dport, ud->uh_sport,
IPPROTO_UDP, 0);
else if (ip->ip_p == IPPROTO_TCP)
link = FindUdpTcpOut(ip->ip_dst, ip->ip_src,
link = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src,
tc->th_dport, tc->th_sport,
IPPROTO_TCP, 0);
else if (ip->ip_p == IPPROTO_ICMP) {
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
link = FindIcmpOut(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
link = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
else
link = NULL;
} else
@ -634,13 +634,13 @@ fragment contained in ICMP data section */
static int
IcmpAliasOut(struct ip *pip)
IcmpAliasOut(struct libalias *la, struct ip *pip)
{
int iresult;
struct icmp *ic;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
@ -652,18 +652,18 @@ IcmpAliasOut(struct ip *pip)
case ICMP_TSTAMP:
if (ic->icmp_code == 0)
{
iresult = IcmpAliasOut1(pip);
iresult = IcmpAliasOut1(la, pip);
}
break;
case ICMP_UNREACH:
case ICMP_SOURCEQUENCH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
iresult = IcmpAliasOut2(pip);
iresult = IcmpAliasOut2(la, pip);
break;
case ICMP_ECHOREPLY:
case ICMP_TSTAMPREPLY:
iresult = IcmpAliasOut1(pip);
iresult = IcmpAliasOut1(la, pip);
}
return(iresult);
}
@ -671,7 +671,7 @@ IcmpAliasOut(struct ip *pip)
static int
ProtoAliasIn(struct ip *pip)
ProtoAliasIn(struct libalias *la, struct ip *pip)
{
/*
Handle incoming IP packets. The
@ -682,10 +682,10 @@ ProtoAliasIn(struct ip *pip)
struct alias_link *link;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p);
link = FindProtoIn(la, pip->ip_src, pip->ip_dst, pip->ip_p);
if (link != NULL)
{
struct in_addr original_address;
@ -706,7 +706,7 @@ ProtoAliasIn(struct ip *pip)
static int
ProtoAliasOut(struct ip *pip)
ProtoAliasOut(struct libalias *la, struct ip *pip)
{
/*
Handle outgoing IP packets. The
@ -716,10 +716,10 @@ ProtoAliasOut(struct ip *pip)
struct alias_link *link;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p);
link = FindProtoOut(la, pip->ip_src, pip->ip_dst, pip->ip_p);
if (link != NULL)
{
struct in_addr alias_address;
@ -740,18 +740,18 @@ ProtoAliasOut(struct ip *pip)
static int
UdpAliasIn(struct ip *pip)
UdpAliasIn(struct libalias *la, struct ip *pip)
{
struct udphdr *ud;
struct alias_link *link;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindUdpTcpIn(pip->ip_src, pip->ip_dst,
link = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
ud->uh_sport, ud->uh_dport,
IPPROTO_UDP, 1);
if (link != NULL)
@ -770,14 +770,14 @@ UdpAliasIn(struct ip *pip)
/* Special processing for IP encoding protocols */
if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER)
AliasHandleCUSeeMeIn(pip, original_address);
AliasHandleCUSeeMeIn(la, pip, original_address);
/* If NETBIOS Datagram, It should be alias address in UDP Data, too */
else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER
|| ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER)
r = AliasHandleUdpNbt(pip, link, &original_address, ud->uh_dport);
r = AliasHandleUdpNbt(la, pip, link, &original_address, ud->uh_dport);
else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER
|| ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER)
r = AliasHandleUdpNbtNS(pip, link, &alias_address, &alias_port,
r = AliasHandleUdpNbtNS(la, pip, link, &alias_address, &alias_port,
&original_address, &ud->uh_dport);
/* If UDP checksum is not zero, then adjust since destination port */
@ -814,18 +814,18 @@ UdpAliasIn(struct ip *pip)
}
static int
UdpAliasOut(struct ip *pip)
UdpAliasOut(struct libalias *la, struct ip *pip)
{
struct udphdr *ud;
struct alias_link *link;
/* Return if proxy-only mode is enabled */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindUdpTcpOut(pip->ip_src, pip->ip_dst,
link = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,
ud->uh_sport, ud->uh_dport,
IPPROTO_UDP, 1);
if (link != NULL)
@ -838,14 +838,14 @@ UdpAliasOut(struct ip *pip)
/* Special processing for IP encoding protocols */
if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER)
AliasHandleCUSeeMeOut(pip, link);
AliasHandleCUSeeMeOut(la, pip, link);
/* If NETBIOS Datagram, It should be alias address in UDP Data, too */
else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER
|| ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER)
AliasHandleUdpNbt(pip, link, &alias_address, alias_port);
AliasHandleUdpNbt(la, pip, link, &alias_address, alias_port);
else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER
|| ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER)
AliasHandleUdpNbtNS(pip, link, &pip->ip_src, &ud->uh_sport,
AliasHandleUdpNbtNS(la, pip, link, &pip->ip_src, &ud->uh_sport,
&alias_address, &alias_port);
/*
* We don't know in advance what TID the TFTP server will choose,
@ -853,7 +853,7 @@ UdpAliasOut(struct ip *pip)
* that will match any TID from a given destination.
*/
else if (ntohs(ud->uh_dport) == TFTP_PORT_NUMBER)
FindRtspOut(pip->ip_src, pip->ip_dst,
FindRtspOut(la, pip->ip_src, pip->ip_dst,
ud->uh_sport, alias_port, IPPROTO_UDP);
/* If UDP checksum is not zero, adjust since source port is */
@ -892,17 +892,17 @@ UdpAliasOut(struct ip *pip)
static int
TcpAliasIn(struct ip *pip)
TcpAliasIn(struct libalias *la, struct ip *pip)
{
struct tcphdr *tc;
struct alias_link *link;
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
link = FindUdpTcpIn(pip->ip_src, pip->ip_dst,
link = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
tc->th_sport, tc->th_dport,
IPPROTO_TCP,
!(packetAliasMode & PKT_ALIAS_PROXY_ONLY));
!(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY));
if (link != NULL)
{
struct in_addr alias_address;
@ -916,10 +916,10 @@ TcpAliasIn(struct ip *pip)
/* Special processing for IP encoding protocols */
if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
|| ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
AliasHandlePptpIn(pip, link);
else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort
|| ntohs(tc->th_sport) == skinnyPort))
AliasHandleSkinny(pip, link);
AliasHandlePptpIn(la, pip, link);
else if (la->skinnyPort != 0 && (ntohs(tc->th_dport) == la->skinnyPort
|| ntohs(tc->th_sport) == la->skinnyPort))
AliasHandleSkinny(la, pip, link);
alias_address = GetAliasAddress(link);
original_address = GetOriginalAddress(link);
@ -1008,7 +1008,7 @@ TcpAliasIn(struct ip *pip)
}
static int
TcpAliasOut(struct ip *pip, int maxpacketsize)
TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize)
{
int proxy_type;
u_short dest_port;
@ -1020,9 +1020,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
proxy_type = ProxyCheck(pip, &proxy_server_address, &proxy_server_port);
proxy_type = ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port);
if (proxy_type == 0 && (packetAliasMode & PKT_ALIAS_PROXY_ONLY))
if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY))
return PKT_ALIAS_OK;
/* If this is a transparent proxy, save original destination,
@ -1058,7 +1058,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
ADJUST_CHECKSUM(accumulate, pip->ip_sum);
}
link = FindUdpTcpOut(pip->ip_src, pip->ip_dst,
link = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,
tc->th_sport, tc->th_dport,
IPPROTO_TCP, 1);
if (link !=NULL)
@ -1075,7 +1075,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
{
SetProxyPort(link, dest_port);
SetProxyAddress(link, dest_address);
ProxyModify(link, pip, maxpacketsize, proxy_type);
ProxyModify(la, link, pip, maxpacketsize, proxy_type);
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
}
@ -1089,21 +1089,21 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
/* Special processing for IP encoding protocols */
if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER
|| ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER)
AliasHandleFtpOut(pip, link, maxpacketsize);
AliasHandleFtpOut(la, pip, link, maxpacketsize);
else if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1
|| ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2)
AliasHandleIrcOut(pip, link, maxpacketsize);
AliasHandleIrcOut(la, pip, link, maxpacketsize);
else if (ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_1
|| ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_1
|| ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_2
|| ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_2)
AliasHandleRtspOut(pip, link, maxpacketsize);
AliasHandleRtspOut(la, pip, link, maxpacketsize);
else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
|| ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
AliasHandlePptpOut(pip, link);
else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort
|| ntohs(tc->th_dport) == skinnyPort))
AliasHandleSkinny(pip, link);
AliasHandlePptpOut(la, pip, link);
else if (la->skinnyPort != 0 && (ntohs(tc->th_sport) == la->skinnyPort
|| ntohs(tc->th_dport) == la->skinnyPort))
AliasHandleSkinny(la, pip, link);
/* Adjust TCP checksum since source port is being aliased */
/* and source address is being altered */
@ -1171,16 +1171,16 @@ saved and recalled when a header fragment is seen.
*/
/* Local prototypes */
static int FragmentIn(struct ip *);
static int FragmentOut(struct ip *);
static int FragmentIn(struct libalias *, struct ip *);
static int FragmentOut(struct libalias *, struct ip *);
static int
FragmentIn(struct ip *pip)
FragmentIn(struct libalias *la, struct ip *pip)
{
struct alias_link *link;
link = FindFragmentIn2(pip->ip_src, pip->ip_dst, pip->ip_id);
link = FindFragmentIn2(la, pip->ip_src, pip->ip_dst, pip->ip_id);
if (link != NULL)
{
struct in_addr original_address;
@ -1199,11 +1199,11 @@ FragmentIn(struct ip *pip)
static int
FragmentOut(struct ip *pip)
FragmentOut(struct libalias *la, struct ip *pip)
{
struct in_addr alias_address;
alias_address = FindAliasAddress(pip->ip_src);
alias_address = FindAliasAddress(la, pip->ip_src);
DifferentialChecksum(&pip->ip_sum,
(u_short *) &alias_address,
(u_short *) &pip->ip_src,
@ -1232,14 +1232,14 @@ FragmentOut(struct ip *pip)
int
PacketAliasSaveFragment(char *ptr)
LibAliasSaveFragment(struct libalias *la, char *ptr)
{
int iresult;
struct alias_link *link;
struct ip *pip;
pip = (struct ip *) ptr;
link = AddFragmentPtrLink(pip->ip_src, pip->ip_id);
link = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id);
iresult = PKT_ALIAS_ERROR;
if (link != NULL)
{
@ -1251,14 +1251,14 @@ PacketAliasSaveFragment(char *ptr)
char *
PacketAliasGetFragment(char *ptr)
LibAliasGetFragment(struct libalias *la, char *ptr)
{
struct alias_link *link;
char *fptr;
struct ip *pip;
pip = (struct ip *) ptr;
link = FindFragmentPtr(pip->ip_src, pip->ip_id);
link = FindFragmentPtr(la, pip->ip_src, pip->ip_id);
if (link != NULL)
{
GetFragmentPtr(link, &fptr);
@ -1275,7 +1275,7 @@ PacketAliasGetFragment(char *ptr)
void
PacketAliasFragmentIn(char *ptr, /* Points to correctly de-aliased
LibAliasFragmentIn(struct libalias *la, char *ptr, /* Points to correctly de-aliased
header fragment */
char *ptr_fragment /* Points to fragment which must
be de-aliased */
@ -1296,21 +1296,21 @@ PacketAliasFragmentIn(char *ptr, /* Points to correctly de-aliased
int
PacketAliasIn(char *ptr, int maxpacketsize)
LibAliasIn(struct libalias *la, char *ptr, int maxpacketsize)
{
struct in_addr alias_addr;
struct ip *pip;
int iresult;
if (packetAliasMode & PKT_ALIAS_REVERSE) {
packetAliasMode &= ~PKT_ALIAS_REVERSE;
if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
iresult = PacketAliasOut(ptr, maxpacketsize);
packetAliasMode |= PKT_ALIAS_REVERSE;
la->packetAliasMode |= PKT_ALIAS_REVERSE;
return iresult;
}
HouseKeeping();
ClearCheckNewLink();
HouseKeeping(la);
ClearCheckNewLink(la);
pip = (struct ip *) ptr;
alias_addr = pip->ip_dst;
@ -1325,23 +1325,23 @@ PacketAliasIn(char *ptr, int maxpacketsize)
switch (pip->ip_p)
{
case IPPROTO_ICMP:
iresult = IcmpAliasIn(pip);
iresult = IcmpAliasIn(la, pip);
break;
case IPPROTO_UDP:
iresult = UdpAliasIn(pip);
iresult = UdpAliasIn(la, pip);
break;
case IPPROTO_TCP:
iresult = TcpAliasIn(pip);
iresult = TcpAliasIn(la, pip);
break;
case IPPROTO_GRE:
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY ||
AliasHandlePptpGreIn(pip) == 0)
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY ||
AliasHandlePptpGreIn(la, pip) == 0)
iresult = PKT_ALIAS_OK;
else
iresult = ProtoAliasIn(pip);
iresult = ProtoAliasIn(la, pip);
break;
default:
iresult = ProtoAliasIn(pip);
iresult = ProtoAliasIn(la, pip);
break;
}
@ -1349,7 +1349,7 @@ PacketAliasIn(char *ptr, int maxpacketsize)
{
struct alias_link *link;
link = FindFragmentIn1(pip->ip_src, alias_addr, pip->ip_id);
link = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id);
if (link != NULL)
{
iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT;
@ -1363,7 +1363,7 @@ PacketAliasIn(char *ptr, int maxpacketsize)
}
else
{
iresult = FragmentIn(pip);
iresult = FragmentIn(la, pip);
}
return(iresult);
@ -1386,7 +1386,7 @@ PacketAliasIn(char *ptr, int maxpacketsize)
#define UNREG_ADDR_C_UPPER 0xc0a8ffff
int
PacketAliasOut(char *ptr, /* valid IP packet */
LibAliasOut(struct libalias *la, char *ptr, /* valid IP packet */
int maxpacketsize /* How much the packet data may grow
(FTP and IRC inline changes) */
)
@ -1395,15 +1395,15 @@ PacketAliasOut(char *ptr, /* valid IP packet */
struct in_addr addr_save;
struct ip *pip;
if (packetAliasMode & PKT_ALIAS_REVERSE) {
packetAliasMode &= ~PKT_ALIAS_REVERSE;
if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
iresult = PacketAliasIn(ptr, maxpacketsize);
packetAliasMode |= PKT_ALIAS_REVERSE;
la->packetAliasMode |= PKT_ALIAS_REVERSE;
return iresult;
}
HouseKeeping();
ClearCheckNewLink();
HouseKeeping(la);
ClearCheckNewLink(la);
pip = (struct ip *) ptr;
/* Defense against mangled packets */
@ -1411,8 +1411,8 @@ PacketAliasOut(char *ptr, /* valid IP packet */
|| (pip->ip_hl<<2) > maxpacketsize)
return PKT_ALIAS_IGNORED;
addr_save = GetDefaultAliasAddress();
if (packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY)
addr_save = GetDefaultAliasAddress(la);
if (la->packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY)
{
u_long addr;
int iclass;
@ -1428,12 +1428,12 @@ PacketAliasOut(char *ptr, /* valid IP packet */
if (iclass == 0)
{
SetDefaultAliasAddress(pip->ip_src);
SetDefaultAliasAddress(la, pip->ip_src);
}
}
else if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
else if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
{
SetDefaultAliasAddress(pip->ip_src);
SetDefaultAliasAddress(la, pip->ip_src);
}
iresult = PKT_ALIAS_IGNORED;
@ -1442,36 +1442,36 @@ PacketAliasOut(char *ptr, /* valid IP packet */
switch (pip->ip_p)
{
case IPPROTO_ICMP:
iresult = IcmpAliasOut(pip);
iresult = IcmpAliasOut(la, pip);
break;
case IPPROTO_UDP:
iresult = UdpAliasOut(pip);
iresult = UdpAliasOut(la, pip);
break;
case IPPROTO_TCP:
iresult = TcpAliasOut(pip, maxpacketsize);
iresult = TcpAliasOut(la, pip, maxpacketsize);
break;
case IPPROTO_GRE:
if (AliasHandlePptpGreOut(pip) == 0)
if (AliasHandlePptpGreOut(la, pip) == 0)
iresult = PKT_ALIAS_OK;
else
iresult = ProtoAliasOut(pip);
iresult = ProtoAliasOut(la, pip);
break;
default:
iresult = ProtoAliasOut(pip);
iresult = ProtoAliasOut(la, pip);
break;
}
}
else
{
iresult = FragmentOut(pip);
iresult = FragmentOut(la, pip);
}
SetDefaultAliasAddress(addr_save);
SetDefaultAliasAddress(la, addr_save);
return(iresult);
}
int
PacketUnaliasOut(char *ptr, /* valid IP packet */
LibAliasUnaliasOut(struct libalias *la, char *ptr, /* valid IP packet */
int maxpacketsize /* for error checking */
)
{
@ -1495,15 +1495,15 @@ PacketUnaliasOut(char *ptr, /* valid IP packet */
/* Find a link */
if (pip->ip_p == IPPROTO_UDP)
link = FindUdpTcpIn(pip->ip_dst, pip->ip_src,
link = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src,
ud->uh_dport, ud->uh_sport,
IPPROTO_UDP, 0);
else if (pip->ip_p == IPPROTO_TCP)
link = FindUdpTcpIn(pip->ip_dst, pip->ip_src,
link = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src,
tc->th_dport, tc->th_sport,
IPPROTO_TCP, 0);
else if (pip->ip_p == IPPROTO_ICMP)
link = FindIcmpIn(pip->ip_dst, pip->ip_src, ic->icmp_id, 0);
link = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0);
else
link = NULL;

94
sys/netinet/libalias/alias.h
View File

@ -39,7 +39,37 @@
#ifndef _ALIAS_H_
#define _ALIAS_H_
/* The external interface to libalias, the packet aliasing engine. */
/*
* The external interface to libalias, the packet aliasing engine.
*
* There are two sets of functions:
*
* PacketAlias*() the old API which doesn't take an instance pointer
* and therefore can only have one packet engine at a time.
*
* LibAlias*() the new API which takes as first argument a pointer to
* the instance of the packet aliasing engine.
*
* The functions otherwise correspond to each other one for one, except
* for the LibAliasUnaliasOut()/PacketUnaliasOut() function which were
* were misnamed in the old API.
*/
/*
* The instance structure
*/
struct libalias;
/*
* An anonymous structure, a pointer to which is returned from
* PacketAliasRedirectAddr(), PacketAliasRedirectPort() or
* PacketAliasRedirectProto(), passed to PacketAliasAddServer(),
* and freed by PacketAliasRedirectDelete().
*/
struct alias_link;
/* OLD API */
/* Initialization and control functions. */
void PacketAliasInit(void);
@ -57,13 +87,6 @@ int PacketUnaliasOut(char *_ptr, int _maxpacketsize);
/* Port and address redirection functions. */
/*
* An anonymous structure, a pointer to which is returned from
* PacketAliasRedirectAddr(), PacketAliasRedirectPort() or
* PacketAliasRedirectProto(), passed to PacketAliasAddServer(),
* and freed by PacketAliasRedirectDelete().
*/
struct alias_link;
int PacketAliasAddServer(struct alias_link *_link,
struct in_addr _addr, unsigned short _port);
@ -96,6 +119,61 @@ void PacketAliasSetTarget(struct in_addr _target_addr);
/* Transparent proxying routines. */
int PacketAliasProxyRule(const char *_cmd);
/* NEW API */
/* Initialization and control functions. */
struct libalias *LibAliasInit(struct libalias *);
void LibAliasSetAddress(struct libalias *, struct in_addr _addr);
void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num);
void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port);
unsigned int
LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask);
void LibAliasUninit(struct libalias *);
/* Packet Handling functions. */
int LibAliasIn(struct libalias *, char *_ptr, int _maxpacketsize);
int LibAliasOut(struct libalias *, char *_ptr, int _maxpacketsize);
int LibAliasUnaliasOut(struct libalias *, char *_ptr, int _maxpacketsize);
/* Port and address redirection functions. */
int LibAliasAddServer(struct libalias *, struct alias_link *_link,
struct in_addr _addr, unsigned short _port);
struct alias_link *
LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr,
struct in_addr _alias_addr);
int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_link);
void LibAliasRedirectDelete(struct libalias *, struct alias_link *_link);
struct alias_link *
LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr,
unsigned short _src_port, struct in_addr _dst_addr,
unsigned short _dst_port, struct in_addr _alias_addr,
unsigned short _alias_port, unsigned char _proto);
struct alias_link *
LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr,
struct in_addr _dst_addr, struct in_addr _alias_addr,
unsigned char _proto);
/* Fragment Handling functions. */
void LibAliasFragmentIn(struct libalias *, char *_ptr, char *_ptr_fragment);
char *LibAliasGetFragment(struct libalias *, char *_ptr);
int LibAliasSaveFragment(struct libalias *, char *_ptr);
/* Miscellaneous functions. */
int LibAliasCheckNewLink(struct libalias *);
unsigned short
LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes);
void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr);
/* Transparent proxying routines. */
int LibAliasProxyRule(struct libalias *, const char *_cmd);
/*
* Mode flags and other constants.
*/
/* Mode flags, set using PacketAliasSetMode() */
/*

7
sys/netinet/libalias/alias_cuseeme.c
View File

@ -29,6 +29,7 @@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <stdio.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
@ -66,7 +67,7 @@ struct client_info {
};
void
AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link)
AliasHandleCUSeeMeOut(struct libalias *la, struct ip *pip, struct alias_link *link)
{
struct udphdr *ud;
@ -79,7 +80,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link)
if (cu->addr)
cu->addr = (u_int32_t)GetAliasAddress(link).s_addr;
cu_link = FindUdpTcpOut(pip->ip_src, GetDestAddress(link),
cu_link = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(link),
ud->uh_dport, 0, IPPROTO_UDP, 1);
#ifndef NO_FW_PUNCH
@ -90,7 +91,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link)
}
void
AliasHandleCUSeeMeIn(struct ip *pip, struct in_addr original_addr)
AliasHandleCUSeeMeIn(struct libalias *la, struct ip *pip, struct in_addr original_addr)
{
struct in_addr alias_addr;
struct udphdr *ud;

734
sys/netinet/libalias/alias_db.c
View File

File diff suppressed because it is too large Load Diff

58
sys/netinet/libalias/alias_ftp.c
View File

@ -94,17 +94,15 @@ enum ftp_message_type {
FTP_UNKNOWN_MESSAGE
};
static int ParseFtpPortCommand(char *, int);
static int ParseFtpEprtCommand(char *, int);
static int ParseFtp227Reply(char *, int);
static int ParseFtp229Reply(char *, int);
static void NewFtpMessage(struct ip *, struct alias_link *, int, int);
static struct in_addr true_addr; /* in network byte order. */
static u_short true_port; /* in host byte order. */
static int ParseFtpPortCommand(struct libalias *la, char *, int);
static int ParseFtpEprtCommand(struct libalias *la, char *, int);
static int ParseFtp227Reply(struct libalias *la, char *, int);
static int ParseFtp229Reply(struct libalias *la, char *, int);
static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
void
AliasHandleFtpOut(
struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link, /* The link to go through (aliased port) */
int maxpacketsize /* The maximum size this packet can grow to (including headers) */)
@ -136,24 +134,24 @@ int maxpacketsize /* The maximum size this packet can grow to (including header
/*
* When aliasing a client, check for the PORT/EPRT command.
*/
if (ParseFtpPortCommand(sptr, dlen))
if (ParseFtpPortCommand(la, sptr, dlen))
ftp_message_type = FTP_PORT_COMMAND;
else if (ParseFtpEprtCommand(sptr, dlen))
else if (ParseFtpEprtCommand(la, sptr, dlen))
ftp_message_type = FTP_EPRT_COMMAND;
} else {
/*
* When aliasing a server, check for the 227/229 reply.
*/
if (ParseFtp227Reply(sptr, dlen))
if (ParseFtp227Reply(la, sptr, dlen))
ftp_message_type = FTP_227_REPLY;
else if (ParseFtp229Reply(sptr, dlen)) {
else if (ParseFtp229Reply(la, sptr, dlen)) {
ftp_message_type = FTP_229_REPLY;
true_addr.s_addr = pip->ip_src.s_addr;
la->true_addr.s_addr = pip->ip_src.s_addr;
}
}
if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
NewFtpMessage(pip, link, maxpacketsize, ftp_message_type);
NewFtpMessage(la, pip, link, maxpacketsize, ftp_message_type);
}
/* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
@ -170,7 +168,7 @@ int maxpacketsize /* The maximum size this packet can grow to (including header
}
static int
ParseFtpPortCommand(char *sptr, int dlen)
ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen)
{
char ch;
int i, state;
@ -228,15 +226,15 @@ ParseFtpPortCommand(char *sptr, int dlen)
}
if (state == 13) {
true_addr.s_addr = htonl(addr);
true_port = port;
la->true_addr.s_addr = htonl(addr);
la->true_port = port;
return 1;
} else
return 0;
}
static int
ParseFtpEprtCommand(char *sptr, int dlen)
ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen)
{
char ch, delim;
int i, state;
@ -315,15 +313,15 @@ ParseFtpEprtCommand(char *sptr, int dlen)
}
if (state == 13) {
true_addr.s_addr = htonl(addr);
true_port = port;
la->true_addr.s_addr = htonl(addr);
la->true_port = port;
return 1;
} else
return 0;
}
static int
ParseFtp227Reply(char *sptr, int dlen)
ParseFtp227Reply(struct libalias *la, char *sptr, int dlen)
{
char ch;
int i, state;
@ -381,15 +379,15 @@ ParseFtp227Reply(char *sptr, int dlen)
}
if (state == 13) {
true_port = port;
true_addr.s_addr = htonl(addr);
la->true_port = port;
la->true_addr.s_addr = htonl(addr);
return 1;
} else
return 0;
}
static int
ParseFtp229Reply(char *sptr, int dlen)
ParseFtp229Reply(struct libalias *la, char *sptr, int dlen)
{
char ch, delim;
int i, state;
@ -452,14 +450,14 @@ ParseFtp229Reply(char *sptr, int dlen)
}
if (state == 7) {
true_port = port;
la->true_port = port;
return 1;
} else
return 0;
}
static void
NewFtpMessage(struct ip *pip,
NewFtpMessage(struct libalias *la, struct ip *pip,
struct alias_link *link,
int maxpacketsize,
int ftp_message_type)
@ -467,15 +465,15 @@ NewFtpMessage(struct ip *pip,
struct alias_link *ftp_link;
/* Security checks. */
if (pip->ip_src.s_addr != true_addr.s_addr)
if (pip->ip_src.s_addr != la->true_addr.s_addr)
return;
if (true_port < IPPORT_RESERVED)
if (la->true_port < IPPORT_RESERVED)
return;
/* Establish link to address and port found in FTP control message. */
ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link),
htons(true_port), 0, IPPROTO_TCP, 1);
ftp_link = FindUdpTcpOut(la, la->true_addr, GetDestAddress(link),
htons(la->true_port), 0, IPPROTO_TCP, 1);
if (ftp_link != NULL)
{

5
sys/netinet/libalias/alias_irc.c
View File

@ -65,7 +65,8 @@ __FBSDID("$FreeBSD$");
void
AliasHandleIrcOut(struct ip *pip, /* IP packet to examine */
AliasHandleIrcOut(struct libalias *la,
struct ip *pip, /* IP packet to examine */
struct alias_link *link, /* Which link are we on? */
int maxsize /* Maximum size of IP packet including headers */
)
@ -246,7 +247,7 @@ lFOUND_CTCP:
/* Steal the FTP_DATA_PORT - it doesn't really matter, and this
would probably allow it through at least _some_
firewalls. */
dcc_link = FindUdpTcpOut(true_addr, destaddr,
dcc_link = FindUdpTcpOut(la, true_addr, destaddr,
true_port, 0,
IPPROTO_TCP, 1);
DBprintf(("Got a DCC link\n"));

164
sys/netinet/libalias/alias_local.h
View File

@ -46,6 +46,92 @@
#ifndef _ALIAS_LOCAL_H_
#define _ALIAS_LOCAL_H_
#include <sys/queue.h>
/* Sizes of input and output link tables */
#define LINK_TABLE_OUT_SIZE 101
#define LINK_TABLE_IN_SIZE 4001
struct proxy_entry;
struct libalias {
LIST_ENTRY(libalias) instancelist;
int packetAliasMode; /* Mode flags */
/* - documented in alias.h */
struct in_addr aliasAddress; /* Address written onto source */
/* field of IP packet. */
struct in_addr targetAddress; /* IP address incoming packets */
/* are sent to if no aliasing */
/* link already exists */
struct in_addr nullAddress; /* Used as a dummy parameter for */
/* some function calls */
LIST_HEAD(, alias_link) linkTableOut[LINK_TABLE_OUT_SIZE];
/* Lookup table of pointers to */
/* chains of link records. Each */
LIST_HEAD(, alias_link) linkTableIn[LINK_TABLE_IN_SIZE];
/* link record is doubly indexed */
/* into input and output lookup */
/* tables. */
/* Link statistics */
int icmpLinkCount;
int udpLinkCount;
int tcpLinkCount;
int pptpLinkCount;
int protoLinkCount;
int fragmentIdLinkCount;
int fragmentPtrLinkCount;
int sockCount;
int cleanupIndex; /* Index to chain of link table */
/* being inspected for old links */
int timeStamp; /* System time in seconds for */
/* current packet */
int lastCleanupTime; /* Last time IncrementalCleanup() */
/* was called */
int houseKeepingResidual; /* used by HouseKeeping() */
int deleteAllLinks; /* If equal to zero, DeleteLink() */
/* will not remove permanent links */
FILE *monitorFile; /* File descriptor for link */
/* statistics monitoring file */
int newDefaultLink; /* Indicates if a new aliasing */
/* link has been created after a */
/* call to PacketAliasIn/Out(). */
#ifndef NO_FW_PUNCH
int fireWallFD; /* File descriptor to be able to */
/* control firewall. Opened by */
/* PacketAliasSetMode on first */
/* setting the PKT_ALIAS_PUNCH_FW */
/* flag. */
int fireWallBaseNum; /* The first firewall entry free for our use */
int fireWallNumNums; /* How many entries can we use? */
int fireWallActiveNum; /* Which entry did we last use? */
char *fireWallField; /* bool array for entries */
#endif
unsigned int skinnyPort; /* TCP port used by the Skinny */
/* protocol. */
struct proxy_entry *proxyList;
struct in_addr true_addr; /* in network byte order. */
u_short true_port; /* in host byte order. */
};
/* Macros */
/*
@ -71,10 +157,6 @@
} \
} while (0)
/* Globals */
extern int packetAliasMode;
extern unsigned int skinnyPort;
/* Prototypes */
@ -86,58 +168,58 @@ void DifferentialChecksum(u_short *_cksum, u_short *_new, u_short *_old,
/* Internal data access */
struct alias_link *
FindIcmpIn(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _id_alias, int _create);
struct alias_link *
FindIcmpOut(struct in_addr _src_addr, struct in_addr _dst_addr,
FindIcmpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
u_short _id, int _create);
struct alias_link *
FindFragmentIn1(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindFragmentIn1(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _ip_id);
struct alias_link *
FindFragmentIn2(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindFragmentIn2(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _ip_id);
struct alias_link *
AddFragmentPtrLink(struct in_addr _dst_addr, u_short _ip_id);
AddFragmentPtrLink(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id);
struct alias_link *
FindFragmentPtr(struct in_addr _dst_addr, u_short _ip_id);
FindFragmentPtr(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id);
struct alias_link *
FindProtoIn(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindProtoIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_char _proto);
struct alias_link *
FindProtoOut(struct in_addr _src_addr, struct in_addr _dst_addr,
FindProtoOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
u_char _proto);
struct alias_link *
FindUdpTcpIn(struct in_addr _dst_addr, struct in_addr _alias_addr,
FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _dst_port, u_short _alias_port, u_char _proto, int _create);
struct alias_link *
FindUdpTcpOut(struct in_addr _src_addr, struct in_addr _dst_addr,
FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
u_short _src_port, u_short _dst_port, u_char _proto, int _create);
struct alias_link *
AddPptp(struct in_addr _src_addr, struct in_addr _dst_addr,
AddPptp(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
struct in_addr _alias_addr, u_int16_t _src_call_id);
struct alias_link *
FindPptpOutByCallId(struct in_addr _src_addr,
FindPptpOutByCallId(struct libalias *la, struct in_addr _src_addr,
struct in_addr _dst_addr, u_int16_t _src_call_id);
struct alias_link *
FindPptpInByCallId(struct in_addr _dst_addr,
FindPptpInByCallId(struct libalias *la, struct in_addr _dst_addr,
struct in_addr _alias_addr, u_int16_t _dst_call_id);
struct alias_link *
FindPptpOutByPeerCallId(struct in_addr _src_addr,
FindPptpOutByPeerCallId(struct libalias *la, struct in_addr _src_addr,
struct in_addr _dst_addr, u_int16_t _dst_call_id);
struct alias_link *
FindPptpInByPeerCallId(struct in_addr _dst_addr,
FindPptpInByPeerCallId(struct libalias *la, struct in_addr _dst_addr,
struct in_addr _alias_addr, u_int16_t _alias_call_id);
struct alias_link *
FindRtspOut(struct in_addr _src_addr, struct in_addr _dst_addr,
FindRtspOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr,
u_short _src_port, u_short _alias_port, u_char _proto);
struct in_addr
FindOriginalAddress(struct in_addr _alias_addr);
FindOriginalAddress(struct libalias *la, struct in_addr _alias_addr);
struct in_addr
FindAliasAddress(struct in_addr _original_addr);
FindAliasAddress(struct libalias *la, struct in_addr _original_addr);
/* External data access/modification */
int FindNewPortGroup(struct in_addr _dst_addr, struct in_addr _alias_addr,
int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr,
u_short _src_port, u_short _dst_port, u_short _port_count,
u_char _proto, u_char _align);
void GetFragmentAddr(struct alias_link *_link, struct in_addr *_src_addr);
@ -155,8 +237,8 @@ struct in_addr
struct in_addr
GetAliasAddress(struct alias_link *_link);
struct in_addr
GetDefaultAliasAddress(void);
void SetDefaultAliasAddress(struct in_addr _alias_addr);
GetDefaultAliasAddress(struct libalias *la);
void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr);
u_short GetOriginalPort(struct alias_link *_link);
u_short GetAliasPort(struct alias_link *_link);
struct in_addr
@ -170,7 +252,7 @@ int GetDeltaAckIn(struct ip *_pip, struct alias_link *_link);
int GetDeltaSeqOut(struct ip *_pip, struct alias_link *_link);
void AddSeq(struct ip *_pip, struct alias_link *_link, int _delta);
void SetExpire(struct alias_link *_link, int _expire);
void ClearCheckNewLink(void);
void ClearCheckNewLink(struct libalias *la);
void SetProtocolFlags(struct alias_link *_link, int _pflags);
int GetProtocolFlags(struct alias_link *_link);
void SetDestCallId(struct alias_link *_link, u_int16_t _cid);
@ -179,47 +261,47 @@ void PunchFWHole(struct alias_link *_link);
#endif
/* Housekeeping function */
void HouseKeeping(void);
void HouseKeeping(struct libalias *);
/* Tcp specfic routines */
/* lint -save -library Suppress flexelint warnings */
/* FTP routines */
void AliasHandleFtpOut(struct ip *_pip, struct alias_link *_link,
void AliasHandleFtpOut(struct libalias *la, struct ip *_pip, struct alias_link *_link,
int _maxpacketsize);
/* IRC routines */
void AliasHandleIrcOut(struct ip *_pip, struct alias_link *_link,
void AliasHandleIrcOut(struct libalias *la, struct ip *_pip, struct alias_link *_link,
int _maxsize);
/* RTSP routines */
void AliasHandleRtspOut(struct ip *_pip, struct alias_link *_link,
void AliasHandleRtspOut(struct libalias *la, struct ip *_pip, struct alias_link *_link,
int _maxpacketsize);
/* PPTP routines */
void AliasHandlePptpOut(struct ip *_pip, struct alias_link *_link);
void AliasHandlePptpIn(struct ip *_pip, struct alias_link *_link);
int AliasHandlePptpGreOut(struct ip *_pip);
int AliasHandlePptpGreIn(struct ip *_pip);
void AliasHandlePptpOut(struct libalias *la, struct ip *_pip, struct alias_link *_link);
void AliasHandlePptpIn(struct libalias *la, struct ip *_pip, struct alias_link *_link);
int AliasHandlePptpGreOut(struct libalias *la, struct ip *_pip);
int AliasHandlePptpGreIn(struct libalias *la, struct ip *_pip);
/* NetBIOS routines */
int AliasHandleUdpNbt(struct ip *_pip, struct alias_link *_link,
int AliasHandleUdpNbt(struct libalias *la, struct ip *_pip, struct alias_link *_link,
struct in_addr *_alias_address, u_short _alias_port);
int AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link,
int AliasHandleUdpNbtNS(struct libalias *la, struct ip *_pip, struct alias_link *_link,
struct in_addr *_alias_address, u_short *_alias_port,
struct in_addr *_original_address, u_short *_original_port);
/* CUSeeMe routines */
void AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link);
void AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr);
void AliasHandleCUSeeMeOut(struct libalias *la, struct ip *_pip, struct alias_link *_link);
void AliasHandleCUSeeMeIn(struct libalias *la, struct ip *_pip, struct in_addr _original_addr);
/* Skinny routines */
void AliasHandleSkinny(struct ip *_pip, struct alias_link *_link);
void AliasHandleSkinny(struct libalias *la, struct ip *_pip, struct alias_link *_link);
/* Transparent proxy routines */
int ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr,
int ProxyCheck(struct libalias *la, struct ip *_pip, struct in_addr *_proxy_server_addr,
u_short *_proxy_server_port);
void ProxyModify(struct alias_link *_link, struct ip *_pip,
void ProxyModify(struct libalias *la, struct alias_link *_link, struct ip *_pip,
int _maxpacketsize, int _proxy_type);
enum alias_tcp_state {

2
sys/netinet/libalias/alias_nbt.c
View File

@ -196,6 +196,7 @@ static u_char *AliasHandleName ( u_char *p, char *pmax ) {
#define DGM_NEGATIVE_RES 0x16
int AliasHandleUdpNbt(
struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link,
struct in_addr *alias_address,
@ -612,6 +613,7 @@ AliasHandleResource(
}
int AliasHandleUdpNbtNS(
struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link,
struct in_addr *alias_address,

205
sys/netinet/libalias/alias_old.c Normal file
View File

@ -0,0 +1,205 @@
/*-
* Copyright (c) 2004 Poul-Henning Kamp <phk@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <stdlib.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <alias.h>
/*
* These functions are for backwards compatibility and because apps may
* be linked against shlib versions, they have to be actual functions,
* we cannot inline them.
*/
static struct libalias *la;
void
PacketAliasInit(void)
{
la = LibAliasInit(la);
}
void
PacketAliasSetAddress(struct in_addr _addr)
{
LibAliasSetAddress(la, _addr);
}
void
PacketAliasSetFWBase(unsigned int _base, unsigned int _num)
{
LibAliasSetFWBase(la, _base, _num);
}
void
PacketAliasSetSkinnyPort(unsigned int _port)
{
LibAliasSetSkinnyPort(la, _port);
}
unsigned int
PacketAliasSetMode(unsigned int _flags, unsigned int _mask)
{
return LibAliasSetMode(la, _flags, _mask);
}
void
PacketAliasUninit(void)
{
LibAliasUninit(la);
la = NULL;
}
int
PacketAliasIn(char *_ptr, int _maxpacketsize)
{
return LibAliasIn(la, _ptr, _maxpacketsize);
}
int
PacketAliasOut(char *_ptr, int _maxpacketsize)
{
return LibAliasOut(la, _ptr, _maxpacketsize);
}
int
PacketUnaliasOut(char *_ptr, int _maxpacketsize)
{
return LibAliasUnaliasOut(la, _ptr, _maxpacketsize);
}
int
PacketAliasAddServer(struct alias_link *_link,
struct in_addr _addr, unsigned short _port)
{
return LibAliasAddServer(la, _link, _addr, _port);
}
struct alias_link *
PacketAliasRedirectAddr(struct in_addr _src_addr,
struct in_addr _alias_addr)
{
return LibAliasRedirectAddr(la, _src_addr, _alias_addr);
}
int
PacketAliasRedirectDynamic(struct alias_link *_link)
{
return LibAliasRedirectDynamic(la, _link);
}
void
PacketAliasRedirectDelete(struct alias_link *_link)
{
LibAliasRedirectDelete(la, _link);
}
struct alias_link *
PacketAliasRedirectPort(struct in_addr _src_addr,
unsigned short _src_port, struct in_addr _dst_addr,
unsigned short _dst_port, struct in_addr _alias_addr,
unsigned short _alias_port, unsigned char _proto)
{
return LibAliasRedirectPort(la, _src_addr, _src_port, _dst_addr,
_dst_port, _alias_addr, _alias_port, _proto);
}
struct alias_link *
PacketAliasRedirectProto(struct in_addr _src_addr,
struct in_addr _dst_addr, struct in_addr _alias_addr,
unsigned char _proto)
{
return LibAliasRedirectProto(la, _src_addr, _dst_addr, _alias_addr,
_proto);
}
void
PacketAliasFragmentIn(char *_ptr, char *_ptr_fragment)
{
LibAliasFragmentIn(la, _ptr, _ptr_fragment);
}
char *
PacketAliasGetFragment(char *_ptr)
{
return LibAliasGetFragment(la, _ptr);
}
int
PacketAliasSaveFragment(char *_ptr)
{
return LibAliasSaveFragment(la, _ptr);
}
int
PacketAliasCheckNewLink(void)
{
return LibAliasCheckNewLink(la);
}
unsigned short
PacketAliasInternetChecksum(unsigned short *_ptr, int _nbytes)
{
return LibAliasInternetChecksum(la, _ptr, _nbytes);
}
void
PacketAliasSetTarget(struct in_addr _target_addr)
{
LibAliasSetTarget(la, _target_addr);
}
/* Transparent proxying routines. */
int
PacketAliasProxyRule(const char *_cmd)
{
return LibAliasProxyRule(la, _cmd);
}

22
sys/netinet/libalias/alias_pptp.c
View File

@ -145,7 +145,8 @@ static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *);
void
AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
AliasHandlePptpOut(struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link) /* The PPTP control link */
{
struct alias_link *pptp_link;
@ -165,13 +166,13 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
case PPTP_InCallRequest:
case PPTP_InCallReply:
/* Establish PPTP link for address and Call ID found in control message. */
pptp_link = AddPptp(GetOriginalAddress(link), GetDestAddress(link),
pptp_link = AddPptp(la, GetOriginalAddress(link), GetDestAddress(link),
GetAliasAddress(link), cptr->cid1);
break;
case PPTP_CallClearRequest:
case PPTP_CallDiscNotify:
/* Find PPTP link for address and Call ID found in control message. */
pptp_link = FindPptpOutByCallId(GetOriginalAddress(link),
pptp_link = FindPptpOutByCallId(la, GetOriginalAddress(link),
GetDestAddress(link),
cptr->cid1);
break;
@ -208,7 +209,8 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
}
void
AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
AliasHandlePptpIn(struct libalias *la,
struct ip *pip, /* IP packet to examine/patch */
struct alias_link *link) /* The PPTP control link */
{
struct alias_link *pptp_link;
@ -234,7 +236,7 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
pcall_id = &cptr->cid2;
break;
case PPTP_CallDiscNotify: /* Connection closed. */
pptp_link = FindPptpInByCallId(GetDestAddress(link),
pptp_link = FindPptpInByCallId(la, GetDestAddress(link),
GetAliasAddress(link),
cptr->cid1);
if (pptp_link != NULL)
@ -245,7 +247,7 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
}
/* Find PPTP link for address and Call ID found in PPTP Control Msg */
pptp_link = FindPptpInByPeerCallId(GetDestAddress(link),
pptp_link = FindPptpInByPeerCallId(la, GetDestAddress(link),
GetAliasAddress(link),
*pcall_id);
@ -311,7 +313,7 @@ AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch
int
AliasHandlePptpGreOut(struct ip *pip)
AliasHandlePptpGreOut(struct libalias *la, struct ip *pip)
{
GreHdr *gr;
struct alias_link *link;
@ -322,7 +324,7 @@ AliasHandlePptpGreOut(struct ip *pip)
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
link = FindPptpOutByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
link = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
if (link != NULL) {
struct in_addr alias_addr = GetAliasAddress(link);
@ -339,7 +341,7 @@ AliasHandlePptpGreOut(struct ip *pip)
int
AliasHandlePptpGreIn(struct ip *pip)
AliasHandlePptpGreIn(struct libalias *la, struct ip *pip)
{
GreHdr *gr;
struct alias_link *link;
@ -350,7 +352,7 @@ AliasHandlePptpGreIn(struct ip *pip)
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
link = FindPptpInByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
link = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
if (link != NULL) {
struct in_addr src_addr = GetOriginalAddress(link);

43
sys/netinet/libalias/alias_proxy.c
View File

@ -86,6 +86,7 @@ __FBSDID("$FreeBSD$");
*/
struct proxy_entry
{
struct libalias *la;
#define PROXY_TYPE_ENCODE_NONE 1
#define PROXY_TYPE_ENCODE_TCPSTREAM 2
#define PROXY_TYPE_ENCODE_IPHDR 3
@ -113,8 +114,6 @@ struct proxy_entry
File scope variables
*/
static struct proxy_entry *proxyList;
/* Local (static) functions:
@ -138,9 +137,9 @@ static struct proxy_entry *proxyList;
static int IpMask(int, struct in_addr *);
static int IpAddr(char *, struct in_addr *);
static int IpPort(char *, int, int *);
static void RuleAdd(struct proxy_entry *);
static void RuleAdd(struct libalias *la, struct proxy_entry *);
static void RuleDelete(struct proxy_entry *);
static int RuleNumberDelete(int);
static int RuleNumberDelete(struct libalias *la, int);
static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int);
static void ProxyEncodeIpHeader(struct ip *, int);
@ -197,22 +196,23 @@ IpPort(char *s, int proto, int *port)
}
void
RuleAdd(struct proxy_entry *entry)
RuleAdd(struct libalias *la, struct proxy_entry *entry)
{
int rule_index;
struct proxy_entry *ptr;
struct proxy_entry *ptr_last;
if (proxyList == NULL)
if (la->proxyList == NULL)
{
proxyList = entry;
la->proxyList = entry;
entry->last = NULL;
entry->next = NULL;
return;
}
entry->la = la;
rule_index = entry->rule_index;
ptr = proxyList;
ptr = la->proxyList;
ptr_last = NULL;
while (ptr != NULL)
{
@ -220,10 +220,10 @@ RuleAdd(struct proxy_entry *entry)
{
if (ptr_last == NULL)
{
entry->next = proxyList;
entry->next = la->proxyList;
entry->last = NULL;
proxyList->last = entry;
proxyList = entry;
la->proxyList->last = entry;
la->proxyList = entry;
return;
}
@ -245,10 +245,13 @@ RuleAdd(struct proxy_entry *entry)
static void
RuleDelete(struct proxy_entry *entry)
{
struct libalias *la;
la = entry->la;
if (entry->last != NULL)
entry->last->next = entry->next;
else
proxyList = entry->next;
la->proxyList = entry->next;
if (entry->next != NULL)
entry->next->last = entry->last;
@ -257,13 +260,13 @@ RuleDelete(struct proxy_entry *entry)
}
static int
RuleNumberDelete(int rule_index)
RuleNumberDelete(struct libalias *la, int rule_index)
{
int err;
struct proxy_entry *ptr;
err = -1;
ptr = proxyList;
ptr = la->proxyList;
while (ptr != NULL)
{
struct proxy_entry *ptr_next;
@ -447,7 +450,7 @@ ProxyEncodeIpHeader(struct ip *pip,
*/
int
ProxyCheck(struct ip *pip,
ProxyCheck(struct libalias *la, struct ip *pip,
struct in_addr *proxy_server_addr,
u_short *proxy_server_port)
{
@ -461,7 +464,7 @@ ProxyCheck(struct ip *pip,
dst_port = ((struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)))
->th_dport;
ptr = proxyList;
ptr = la->proxyList;
while (ptr != NULL)
{
u_short proxy_port;
@ -493,7 +496,7 @@ ProxyCheck(struct ip *pip,
}
void
ProxyModify(struct alias_link *link,
ProxyModify(struct libalias *la, struct alias_link *link,
struct ip *pip,
int maxpacketsize,
int proxy_type)
@ -516,7 +519,7 @@ ProxyModify(struct alias_link *link,
*/
int
PacketAliasProxyRule(const char *cmd)
LibAliasProxyRule(struct libalias *la, const char *cmd)
{
/*
* This function takes command strings of the form:
@ -694,7 +697,7 @@ PacketAliasProxyRule(const char *cmd)
n = sscanf(token, "%d", &rule_to_delete);
if (n != 1)
return -1;
err = RuleNumberDelete(rule_to_delete);
err = RuleNumberDelete(la, rule_to_delete);
if (err)
return -1;
return 0;
@ -831,7 +834,7 @@ PacketAliasProxyRule(const char *cmd)
proxy_entry->src_mask = src_mask;
proxy_entry->dst_mask = dst_mask;
RuleAdd(proxy_entry);
RuleAdd(la, proxy_entry);
return 0;
}

12
sys/netinet/libalias/alias_skinny.c
View File

@ -173,7 +173,7 @@ alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip,
}
static int
alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack,
alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opnrcvch_ack,
struct ip * pip, struct tcphdr *tc,
struct alias_link *link, u_int32_t *localIpAddr,
ConvDirection direction)
@ -186,7 +186,7 @@ alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack,
localPort = opnrcvch_ack->port;
null_addr.s_addr = INADDR_ANY;
opnrcv_link = FindUdpTcpOut(pip->ip_src, null_addr,
opnrcv_link = FindUdpTcpOut(la, pip->ip_src, null_addr,
htons((u_short) opnrcvch_ack->port), 0,
IPPROTO_UDP, 1);
opnrcvch_ack->ipAddr = (u_int32_t) GetAliasAddress(opnrcv_link).s_addr;
@ -199,7 +199,7 @@ alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack,
}
void
AliasHandleSkinny(struct ip *pip, struct alias_link *link)
AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *link)
{
int hlen, tlen, dlen;
struct tcphdr *tc;
@ -220,9 +220,9 @@ AliasHandleSkinny(struct ip *pip, struct alias_link *link)
* handle the scenario where the call manager is on the inside, and
* the calling phone is on the global outside.
*/
if (ntohs(tc->th_dport) == skinnyPort) {
if (ntohs(tc->th_dport) == la->skinnyPort) {
direction = ClientToServer;
} else if (ntohs(tc->th_sport) == skinnyPort) {
} else if (ntohs(tc->th_sport) == la->skinnyPort) {
direction = ServerToClient;
} else {
#ifdef DEBUG
@ -306,7 +306,7 @@ AliasHandleSkinny(struct ip *pip, struct alias_link *link)
"PacketAlias/Skinny: Received open rcv channel msg\n");
#endif
opnrcvchn_ack = (struct OpenReceiveChannelAck *) & sd->msgId;
alias_skinny_opnrcvch_ack(opnrcvchn_ack, pip, tc, link, &lip, direction);
alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, link, &lip, direction);
}
break;
case START_MEDIATX:

20
sys/netinet/libalias/alias_smedia.c
View File

@ -137,7 +137,7 @@ search_string(char *data, int dlen, const char *search_str)
}
static int
alias_rtsp_out(struct ip *pip,
alias_rtsp_out(struct libalias *la, struct ip *pip,
struct alias_link *link,
char *data,
const char *port_str)
@ -221,8 +221,8 @@ alias_rtsp_out(struct ip *pip,
/* Find an even numbered port number base that
satisfies the contiguous number of ports we need */
null_addr.s_addr = 0;
if (0 == (salias = FindNewPortGroup(null_addr,
FindAliasAddress(pip->ip_src),
if (0 == (salias = FindNewPortGroup(la, null_addr,
FindAliasAddress(la, pip->ip_src),
sport, 0,
RTSP_PORT_GROUP,
IPPROTO_UDP, 1))) {
@ -235,7 +235,7 @@ alias_rtsp_out(struct ip *pip,
base_alias = ntohs(salias);
for (j = 0; j < RTSP_PORT_GROUP; j++) {
/* Establish link to port found in RTSP packet */
rtsp_link = FindRtspOut(GetOriginalAddress(link), null_addr,
rtsp_link = FindRtspOut(la, GetOriginalAddress(link), null_addr,
htons(base_port + j), htons(base_alias + j),
IPPROTO_UDP);
if (rtsp_link != NULL) {
@ -319,7 +319,7 @@ alias_rtsp_out(struct ip *pip,
/* Support the protocol used by early versions of RealPlayer */
static int
alias_pna_out(struct ip *pip,
alias_pna_out(struct libalias *la, struct ip *pip,
struct alias_link *link,
char *data,
int dlen)
@ -343,7 +343,7 @@ alias_pna_out(struct ip *pip,
}
if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) {
memcpy(&port, work, 2);
pna_links = FindUdpTcpOut(pip->ip_src, GetDestAddress(link),
pna_links = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(link),
port, 0, IPPROTO_UDP, 1);
if (pna_links != NULL) {
#ifndef NO_FW_PUNCH
@ -366,7 +366,7 @@ alias_pna_out(struct ip *pip,
}
void
AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize)
AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *link, int maxpacketsize)
{
int hlen, tlen, dlen;
struct tcphdr *tc;
@ -390,13 +390,13 @@ AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize)
if (dlen >= strlen(setup)) {
if (memcmp(data, setup, strlen(setup)) == 0) {
alias_rtsp_out(pip, link, data, client_port_str);
alias_rtsp_out(la, pip, link, data, client_port_str);
return;
}
}
if (dlen >= strlen(pna)) {
if (memcmp(data, pna, strlen(pna)) == 0) {
alias_pna_out(pip, link, data, dlen);
alias_pna_out(la, pip, link, data, dlen);
}
}
@ -424,7 +424,7 @@ AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize)
if ((dlen - i) >= strlen(okstr)) {
if (memcmp(&data[i], okstr, strlen(okstr)) == 0)
alias_rtsp_out(pip, link, data, server_port_str);
alias_rtsp_out(la, pip, link, data, server_port_str);
}
}

3
sys/netinet/libalias/alias_util.c
View File

@ -50,6 +50,7 @@ then these routines will give a result of zero (useful for testing
purposes);
*/
#include <stdio.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
@ -60,7 +61,7 @@ purposes);
#include "alias_local.h"
u_short
PacketAliasInternetChecksum(u_short *ptr, int nbytes)
LibAliasInternetChecksum(struct libalias *la, u_short *ptr, int nbytes)
{
int sum, oddbyte;

191
sys/netinet/libalias/libalias.3
View File

@ -67,24 +67,26 @@ of the kernel, without any access to private kernel data structure, but
the source code can also be ported to a kernel environment.
.Sh INITIALIZATION AND CONTROL
One special function,
.Fn PacketAliasInit ,
must always be called before any packet handling may be performed.
.Fn LibAliasInit ,
must always be called before any packet handling may be performed and
the returned instance pointer passed to all the other functions.
Normally, the
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
function is called afterwards, to set the default aliasing address.
In addition, the operating mode of the packet aliasing engine can be
customized by calling
.Fn PacketAliasSetMode .
.Fn LibAliasSetMode .
.Pp
.Ft void
.Fn PacketAliasInit void
.Ft "struct libalias *"
.Fn LibAliasInit "struct libalias *"
.Bd -ragged -offset indent
This function has no arguments or return value and is used to initialize
This function is used to initialize
internal data structures.
When called first time a NULL pointer should be passed as argument.
The following mode bits are always set after calling
.Fn PacketAliasInit .
.Fn LibAliasInit .
See the description of
.Fn PacketAliasSetMode
.Fn LibAliasSetMode
below for the meaning of these mode bits.
.Pp
.Bl -item -offset indent -compact
@ -99,19 +101,19 @@ below for the meaning of these mode bits.
This function will always return the packet aliasing engine to the same
initial state.
The
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
function is normally called afterwards, and any desired changes from the
default mode bits listed above require a call to
.Fn PacketAliasSetMode .
.Fn LibAliasSetMode .
.Pp
It is mandatory that this function be called at the beginning of a program
prior to any packet handling.
.Ed
.Pp
.Ft void
.Fn PacketAliasUninit void
.Fn LibAliasUninit "struct libalias *"
.Bd -ragged -offset indent
This function has no arguments or return value and is used to clear any
This function has no return value and is used to clear any
resources attached to internal data structures.
.Pp
This functions should be called when a program stops using the aliasing
@ -120,18 +122,17 @@ To provide backwards compatibility and extra security, it is added to
the
.Xr atexit 3
chain by
.Fn PacketAliasInit .
Calling it multiple times is harmless.
.Fn LibAliasInit .
.Ed
.Pp
.Ft void
.Fn PacketAliasSetAddress "struct in_addr addr"
.Fn LibAliasSetAddress "struct libalias *" "struct in_addr addr"
.Bd -ragged -offset indent
This function sets the source address to which outgoing packets from the
local area network are aliased.
All outgoing packets are re-mapped to this address unless overridden by a
static address mapping established by
.Fn PacketAliasRedirectAddr .
.Fn LibAliasRedirectAddr .
If this function is not called, and no static rules match, an outgoing
packet retains its source address.
.Pp
@ -153,7 +154,7 @@ It is mandatory that this function be called prior to any packet handling.
.Ed
.Pp
.Ft unsigned int
.Fn PacketAliasSetMode "unsigned int flags" "unsigned int mask"
.Fn LibAliasSetMode "struct libalias *" "unsigned int flags" "unsigned int mask"
.Bd -ragged -offset indent
This function sets or clears mode bits
according to the value of
@ -174,7 +175,7 @@ Mainly useful for debugging when the log file is viewed continuously with
.It Dv PKT_ALIAS_DENY_INCOMING
If this mode bit is set, all incoming packets associated with new TCP
connections or new UDP transactions will be marked for being ignored
.Fn ( PacketAliasIn
.Fn ( LibAliasIn
returns
.Dv PKT_ALIAS_IGNORED
code)
@ -214,7 +215,7 @@ The registered subnet is fully accessible to the outside world, so traffic
from it does not need to be passed through the packet aliasing engine.
.It Dv PKT_ALIAS_RESET_ON_ADDR_CHANGE
When this mode bit is set and
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is called to change the aliasing address, the internal link table of the
packet aliasing engine will be cleared.
This operating mode is useful for
@ -238,7 +239,7 @@ To cater to unexpected death of a program using
changing the state of the flag will clear the entire firewall range
allocated for holes.
This will also happen on the initial call to
.Fn PacketAliasSetFWBase .
.Fn LibAliasSetFWBase .
This call must happen prior to setting this flag.
.It Dv PKT_ALIAS_REVERSE
This option makes
@ -252,13 +253,13 @@ This option tells
to obey transparent proxy rules only.
Normal packet aliasing is not performed.
See
.Fn PacketAliasProxyRule
.Fn LibAliasProxyRule
below for details.
.El
.Ed
.Pp
.Ft void
.Fn PacketAliasSetFWBase "unsigned int base" "unsigned int num"
.Fn LibAliasSetFWBase "struct libalias *" "unsigned int base" "unsigned int num"
.Bd -ragged -offset indent
Set firewall range allocated for punching firewall holes (with the
.Dv PKT_ALIAS_PUNCH_FW
@ -267,7 +268,7 @@ The range will be cleared for all rules on initialization.
.Ed
.Pp
.Ft void
.Fn PacketAliasSkinnyPort "unsigned int port"
.Fn LibAliasSkinnyPort "struct libalias *" "unsigned int port"
.Bd -ragged -offset indent
Set the TCP port used by the Skinny Station protocol.
Skinny is used by Cisco IP phones to communicate with
@ -282,18 +283,18 @@ The calling program is responsible for receiving and sending packets via
network interfaces.
.Pp
Along with
.Fn PacketAliasInit
.Fn LibAliasInit
and
.Fn PacketAliasSetAddress ,
.Fn LibAliasSetAddress ,
the two packet handling functions,
.Fn PacketAliasIn
.Fn LibAliasIn
and
.Fn PacketAliasOut ,
.Fn LibAliasOut ,
comprise minimal set of functions needed for a basic IP masquerading
implementation.
.Pp
.Ft int
.Fn PacketAliasIn "char *buffer" "int maxpacketsize"
.Fn LibAliasIn "struct libalias *" "char *buffer" "int maxpacketsize"
.Bd -ragged -offset indent
An incoming packet coming from a remote machine to the local network is
de-aliased by this function.
@ -315,26 +316,26 @@ type is not handled or if incoming packets for new connections are being
ignored (if
.Dv PKT_ALIAS_DENY_INCOMING
mode bit was set by
.Fn PacketAliasSetMode ) .
.Fn LibAliasSetMode ) .
.It Dv PKT_ALIAS_UNRESOLVED_FRAGMENT
This is returned when a fragment cannot be resolved because the header
fragment has not been sent yet.
In this situation, fragments must be saved with
.Fn PacketAliasSaveFragment
.Fn LibAliasSaveFragment
until a header fragment is found.
.It Dv PKT_ALIAS_FOUND_HEADER_FRAGMENT
The packet aliasing process was successful, and a header fragment was found.
This is a signal to retrieve any unresolved fragments with
.Fn PacketAliasGetFragment
.Fn LibAliasGetFragment
and de-alias them with
.Fn PacketAliasFragmentIn .
.Fn LibAliasFragmentIn .
.It Dv PKT_ALIAS_ERROR
An internal error within the packet aliasing engine occurred.
.El
.Ed
.Pp
.Ft int
.Fn PacketAliasOut "char *buffer" "int maxpacketsize"
.Fn LibAliasOut "struct libalias *" "char *buffer" "int maxpacketsize"
.Bd -ragged -offset indent
An outgoing packet coming from the local network to a remote machine is
aliased by this function.
@ -369,7 +370,8 @@ Individual ports can be re-mapped or static network address translations can
be designated.
.Pp
.Ft struct alias_link *
.Fo PacketAliasRedirectPort
.Fo LibAliasRedirectPort
.Fa "struct libalias *"
.Fa "struct in_addr local_addr"
.Fa "u_short local_port"
.Fa "struct in_addr remote_addr"
@ -396,12 +398,12 @@ or
.Fa alias_addr
is zero, this indicates that the packet aliasing address as established
by
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is to be used.
Even if
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is called to change the address after
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
is called, a zero reference will track this change.
.Pp
If the link is further set up to operate for a load sharing, then
@ -409,7 +411,7 @@ If the link is further set up to operate for a load sharing, then
and
.Fa local_port
are ignored, and are selected dynamically from the server pool, as described in
.Fn PacketAliasAddServer
.Fn LibAliasAddServer
below.
.Pp
If
@ -422,12 +424,12 @@ port number.
Almost always, the remote port specification will be zero, but non-zero
remote addresses can sometimes be useful for firewalling.
If two calls to
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
overlap in their address/port specifications, then the most recent call
will have precedence.
.Pp
This function returns a pointer which can subsequently be used by
.Fn PacketAliasRedirectDelete .
.Fn LibAliasRedirectDelete .
If
.Dv NULL
is returned, then the function call did not complete successfully.
@ -443,7 +445,8 @@ data type.
.Ed
.Pp
.Ft struct alias_link *
.Fo PacketAliasRedirectAddr
.Fo LibAliasRedirectAddr
.Fa "struct libalias *"
.Fa "struct in_addr local_addr"
.Fa "struct in_addr alias_addr"
.Fc
@ -462,22 +465,22 @@ If
or
.Fa alias_addr
is zero, this indicates that the packet aliasing address as established by
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is to be used.
Even if
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is called to change the address after
.Fn PacketAliasRedirectAddr
.Fn LibAliasRedirectAddr
is called, a zero reference will track this change.
.Pp
If the link is further set up to operate for a load sharing, then
.Fa local_addr
is ignored, and is selected dynamically from the server pool, as described in
.Fn PacketAliasAddServer
.Fn LibAliasAddServer
below.
.Pp
If subsequent calls to
.Fn PacketAliasRedirectAddr
.Fn LibAliasRedirectAddr
use the same aliasing address, all new incoming traffic to this aliasing
address will be redirected to the local address made in the last function
call.
@ -485,11 +488,11 @@ New traffic generated by any of the local machines, designated in the
several function calls, will be aliased to the same address.
Consider the following example:
.Bd -literal -offset indent
PacketAliasRedirectAddr(inet_aton("192.168.0.2"),
LibAliasRedirectAddr(inet_aton("192.168.0.2"),
inet_aton("141.221.254.101"));
PacketAliasRedirectAddr(inet_aton("192.168.0.3"),
LibAliasRedirectAddr(inet_aton("192.168.0.3"),
inet_aton("141.221.254.101"));
PacketAliasRedirectAddr(inet_aton("192.168.0.4"),
LibAliasRedirectAddr(inet_aton("192.168.0.4"),
inet_aton("141.221.254.101"));
.Ed
.Pp
@ -502,19 +505,20 @@ from 192.168.0.2, 192.168.0.3 and 192.168.0.4 will appear to come from
Any incoming connections to 141.221.254.101 will be directed to 192.168.0.4.
.Pp
Any calls to
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
will have precedence over address mappings designated by
.Fn PacketAliasRedirectAddr .
.Fn LibAliasRedirectAddr .
.Pp
This function returns a pointer which can subsequently be used by
.Fn PacketAliasRedirectDelete .
.Fn LibAliasRedirectDelete .
If
.Dv NULL
is returned, then the function call did not complete successfully.
.Ed
.Pp
.Ft int
.Fo PacketAliasAddServer
.Fo LibAliasAddServer
.Fa "struct libalias *"
.Fa "struct alias_link *link"
.Fa "struct in_addr addr"
.Fa "u_short port"
@ -541,17 +545,17 @@ the host.
First, the
.Fa link
is created by either
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
or
.Fn PacketAliasRedirectAddr .
.Fn LibAliasRedirectAddr .
Then,
.Fn PacketAliasAddServer
.Fn LibAliasAddServer
is called multiple times to add entries to the
.Fa link Ns 's
server pool.
.Pp
For links created with
.Fn PacketAliasRedirectAddr ,
.Fn LibAliasRedirectAddr ,
the
.Fa port
argument is ignored and could have any value, e.g. htons(~0).
@ -560,10 +564,10 @@ This function returns 0 on success, \-1 otherwise.
.Ed
.Pp
.Ft int
.Fn PacketAliasRedirectDynamic "struct alias_link *link"
.Fn LibAliasRedirectDynamic "struct libalias *" "struct alias_link *link"
.Bd -ragged -offset indent
This function marks the specified static redirect rule entered by
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
as dynamic.
This can be used to e.g. dynamically redirect a single TCP connection,
after which the rule is removed.
@ -579,23 +583,23 @@ This function returns 0 on success, \-1 otherwise.
.Ed
.Pp
.Ft void
.Fn PacketAliasRedirectDelete "struct alias_link *link"
.Fn LibAliasRedirectDelete "struct libalias *" "struct alias_link *link"
.Bd -ragged -offset indent
This function will delete a specific static redirect rule entered by
.Fn PacketAliasRedirectPort
.Fn LibAliasRedirectPort
or
.Fn PacketAliasRedirectAddr .
.Fn LibAliasRedirectAddr .
The parameter
.Fa link
is the pointer returned by either of the redirection functions.
If an invalid pointer is passed to
.Fn PacketAliasRedirectDelete ,
.Fn LibAliasRedirectDelete ,
then a program crash or unpredictable operation could result, so it is
necessary to be careful using this function.
.Ed
.Pp
.Ft int
.Fn PacketAliasProxyRule "const char *cmd"
.Fn LibAliasProxyRule "struct libalias *" "const char *cmd"
.Bd -ragged -offset indent
The passed
.Fa cmd
@ -640,14 +644,14 @@ specification is mandatory unless the
command is being used.
.It Cm rule Ar index
Normally, each call to
.Fn PacketAliasProxyRule
.Fn LibAliasProxyRule
inserts the next rule at the start of a linear list of rules.
If an
.Ar index
is specified, the new rule will be checked after all rules with lower
indices.
Calls to
.Fn PacketAliasProxyRule
.Fn LibAliasProxyRule
that do not specify a rule are assigned rule 0.
.It Cm delete Ar index
This token and its argument MUST NOT be used with any other tokens.
@ -688,7 +692,8 @@ access, or to restrict access to certain external machines.
.Ed
.Pp
.Ft struct alias_link *
.Fo PacketAliasRedirectProto
.Fo LibAliasRedirectProto
.Fa "struct libalias *"
.Fa "struct in_addr local_addr"
.Fa "struct in_addr remote_addr"
.Fa "struct in_addr alias_addr"
@ -706,12 +711,12 @@ or
.Fa alias_addr
is zero, this indicates that the packet aliasing address as established
by
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is to be used.
Even if
.Fn PacketAliasSetAddress
.Fn LibAliasSetAddress
is called to change the address after
.Fn PacketAliasRedirectProto
.Fn LibAliasRedirectProto
is called, a zero reference will track this change.
.Pp
If
@ -720,12 +725,12 @@ is zero, this indicates to redirect packets from any remote address.
Non-zero remote addresses can sometimes be useful for firewalling.
.Pp
If two calls to
.Fn PacketAliasRedirectProto
.Fn LibAliasRedirectProto
overlap in their address specifications, then the most recent call
will have precedence.
.Pp
This function returns a pointer which can subsequently be used by
.Fn PacketAliasRedirectDelete .
.Fn LibAliasRedirectDelete .
If
.Dv NULL
is returned, then the function call did not complete successfully.
@ -734,11 +739,11 @@ is returned, then the function call did not complete successfully.
The functions in this section are used to deal with incoming fragments.
.Pp
Outgoing fragments are handled within
.Fn PacketAliasOut
.Fn LibAliasOut
by changing the address according to any applicable mapping set by
.Fn PacketAliasRedirectAddr ,
.Fn LibAliasRedirectAddr ,
or the default aliasing address set by
.Fn PacketAliasSetAddress .
.Fn LibAliasSetAddress .
.Pp
Incoming fragments are handled in one of two ways.
If the header of a fragmented IP packet has already been seen, then all
@ -748,10 +753,10 @@ Fragments which arrive before the header are saved and then retrieved
once the header fragment has been resolved.
.Pp
.Ft int
.Fn PacketAliasSaveFragment "char *ptr"
.Fn LibAliasSaveFragment "struct libalias *" "char *ptr"
.Bd -ragged -offset indent
When
.Fn PacketAliasIn
.Fn LibAliasIn
returns
.Dv PKT_ALIAS_UNRESOLVED_FRAGMENT ,
this function can be used to save the pointer to the unresolved fragment.
@ -773,33 +778,33 @@ if there was an error.
.Ed
.Pp
.Ft char *
.Fn PacketAliasGetFragment "char *buffer"
.Fn LibAliasGetFragment "struct libalias *" "char *buffer"
.Bd -ragged -offset indent
This function can be used to retrieve fragment pointers saved by
.Fn PacketAliasSaveFragment .
.Fn LibAliasSaveFragment .
The IP header fragment pointed to by
.Fa buffer
is the header fragment indicated when
.Fn PacketAliasIn
.Fn LibAliasIn
returns
.Dv PKT_ALIAS_FOUND_HEADER_FRAGMENT .
Once a fragment pointer is retrieved, it becomes the calling program's
responsibility to free the dynamically allocated memory for the fragment.
.Pp
The
.Fn PacketAliasGetFragment
.Fn LibAliasGetFragment
function can be called sequentially until there are no more fragments
available, at which time it returns
.Dv NULL .
.Ed
.Pp
.Ft void
.Fn PacketAliasFragmentIn "char *header" "char *fragment"
.Fn LibAliasFragmentIn "struct libalias *" "char *header" "char *fragment"
.Bd -ragged -offset indent
When a fragment is retrieved with
.Fn PacketAliasGetFragment ,
.Fn LibAliasGetFragment ,
it can then be de-aliased with a call to
.Fn PacketAliasFragmentIn .
.Fn LibAliasFragmentIn .
The
.Fa header
argument is the pointer to a header fragment used as a template, and
@ -808,17 +813,17 @@ is the pointer to the packet to be de-aliased.
.Ed
.Sh MISCELLANEOUS FUNCTIONS
.Ft void
.Fn PacketAliasSetTarget "struct in_addr addr"
.Fn LibAliasSetTarget "struct libalias *" "struct in_addr addr"
.Bd -ragged -offset indent
When an incoming packet not associated with any pre-existing aliasing link
arrives at the host machine, it will be sent to the address indicated by a
call to
.Fn PacketAliasSetTarget .
.Fn LibAliasSetTarget .
.Pp
If this function is called with an
.Dv INADDR_NONE
address argument, then all new incoming packets go to the address set by
.Fn PacketAliasSetAddress .
.Fn LibAliasSetAddress .
.Pp
If this function is not called, or is called with an
.Dv INADDR_ANY
@ -829,17 +834,17 @@ can route packets to the machine in question.
.Ed
.Pp
.Ft int
.Fn PacketAliasCheckNewLink void
.Fn LibAliasCheckNewLink void
.Bd -ragged -offset indent
This function returns a non-zero value when a new aliasing link is created.
In circumstances where incoming traffic is being sequentially sent to
different local servers, this function can be used to trigger when
.Fn PacketAliasSetTarget
.Fn LibAliasSetTarget
is called to change the default target address.
.Ed
.Pp
.Ft u_short
.Fn PacketAliasInternetChecksum "u_short *buffer" "int nbytes"
.Fn LibAliasInternetChecksum "struct libalias *" "u_short *buffer" "int nbytes"
.Bd -ragged -offset indent
This is a utility function that does not seem to be available elsewhere and
is included as a convenience.
@ -856,12 +861,12 @@ The 16-bit checksum field should be zeroed before computing the checksum.
Checksums can also be verified by operating on a block of data including
its checksum.
If the checksum is valid,
.Fn PacketAliasInternetChecksum
.Fn LibAliasInternetChecksum
will return zero.
.Ed
.Pp
.Ft int
.Fn PacketUnaliasOut "char *buffer" "int maxpacketsize"
.Fn LibAliasUnaliasOut "struct libalias *" "char *buffer" "int maxpacketsize"
.Bd -ragged -offset indent
An outgoing packet, which has already been aliased,
has its private address/port information restored by this function.