MFP4:
restrict the utilization of direct pointers to the content of ip packet. These modifications are functionally nop()s thus can be merged with no side effects.
This commit is contained in:
Paolo Pisati
parent
8c9056b50b
commit
4741f3a109
@ -170,48 +170,42 @@ a timeout period.
|
||||
*/
|
||||
|
||||
/* Local prototypes */
|
||||
static void TcpMonitorIn(struct ip *, struct alias_link *);
|
||||
static void TcpMonitorIn(u_char, struct alias_link *);
|
||||
|
||||
static void TcpMonitorOut(struct ip *, struct alias_link *);
|
||||
static void TcpMonitorOut(u_char, struct alias_link *);
|
||||
|
||||
|
||||
static void
|
||||
TcpMonitorIn(struct ip *pip, struct alias_link *lnk)
|
||||
TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
|
||||
switch (GetStateIn(lnk)) {
|
||||
case ALIAS_TCP_STATE_NOT_CONNECTED:
|
||||
if (tc->th_flags & TH_RST)
|
||||
if (th_flags & TH_RST)
|
||||
SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED);
|
||||
else if (tc->th_flags & TH_SYN)
|
||||
else if (th_flags & TH_SYN)
|
||||
SetStateIn(lnk, ALIAS_TCP_STATE_CONNECTED);
|
||||
break;
|
||||
case ALIAS_TCP_STATE_CONNECTED:
|
||||
if (tc->th_flags & (TH_FIN | TH_RST))
|
||||
if (th_flags & (TH_FIN | TH_RST))
|
||||
SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
TcpMonitorOut(struct ip *pip, struct alias_link *lnk)
|
||||
TcpMonitorOut(u_char th_flags, struct alias_link *lnk)
|
||||
{
|
||||
struct tcphdr *tc;
|
||||
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
|
||||
switch (GetStateOut(lnk)) {
|
||||
case ALIAS_TCP_STATE_NOT_CONNECTED:
|
||||
if (tc->th_flags & TH_RST)
|
||||
if (th_flags & TH_RST)
|
||||
SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED);
|
||||
else if (tc->th_flags & TH_SYN)
|
||||
else if (th_flags & TH_SYN)
|
||||
SetStateOut(lnk, ALIAS_TCP_STATE_CONNECTED);
|
||||
break;
|
||||
case ALIAS_TCP_STATE_CONNECTED:
|
||||
if (tc->th_flags & (TH_FIN | TH_RST))
|
||||
if (th_flags & (TH_FIN | TH_RST))
|
||||
SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED);
|
||||
break;
|
||||
}
|
||||
@ -646,7 +640,7 @@ IcmpAliasOut(struct libalias *la, struct ip *pip, int create)
|
||||
}
|
||||
|
||||
|
||||
|
||||
// XXX ip free
|
||||
static int
|
||||
ProtoAliasIn(struct libalias *la, struct ip *pip)
|
||||
{
|
||||
@ -679,7 +673,7 @@ ProtoAliasIn(struct libalias *la, struct ip *pip)
|
||||
return (PKT_ALIAS_IGNORED);
|
||||
}
|
||||
|
||||
|
||||
// XXX ip free
|
||||
static int
|
||||
ProtoAliasOut(struct libalias *la, struct ip *pip, int create)
|
||||
{
|
||||
@ -930,7 +924,8 @@ TcpAliasIn(struct libalias *la, struct ip *pip)
|
||||
if (GetAckModified(lnk) == 1) {
|
||||
int delta;
|
||||
|
||||
delta = GetDeltaAckIn(pip, lnk);
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
delta = GetDeltaAckIn(tc->th_ack, lnk);
|
||||
if (delta != 0) {
|
||||
accumulate += twowords(&tc->th_ack);
|
||||
tc->th_ack = htonl(ntohl(tc->th_ack) - delta);
|
||||
@ -954,7 +949,8 @@ TcpAliasIn(struct libalias *la, struct ip *pip)
|
||||
ADJUST_CHECKSUM(accumulate, pip->ip_sum);
|
||||
|
||||
/* Monitor TCP connection state */
|
||||
TcpMonitorIn(pip, lnk);
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
TcpMonitorIn(tc->th_flags, lnk);
|
||||
|
||||
return (PKT_ALIAS_OK);
|
||||
}
|
||||
@ -976,8 +972,9 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
|
||||
if (create)
|
||||
proxy_type =
|
||||
ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port);
|
||||
proxy_type = ProxyCheck(la, &proxy_server_address,
|
||||
&proxy_server_port, pip->ip_src, pip->ip_dst,
|
||||
tc->th_dport, pip->ip_p);
|
||||
else
|
||||
proxy_type = 0;
|
||||
|
||||
@ -1036,7 +1033,8 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
|
||||
alias_address = GetAliasAddress(lnk);
|
||||
|
||||
/* Monitor TCP connection state */
|
||||
TcpMonitorOut(pip, lnk);
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
TcpMonitorOut(tc->th_flags, lnk);
|
||||
|
||||
/* Walk out chain. */
|
||||
error = find_handler(OUT, TCP, la, pip, &ad);
|
||||
@ -1052,8 +1050,9 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
|
||||
/* Modify sequence number if necessary */
|
||||
if (GetAckModified(lnk) == 1) {
|
||||
int delta;
|
||||
|
||||
delta = GetDeltaSeqOut(pip, lnk);
|
||||
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
delta = GetDeltaSeqOut(tc->th_seq, lnk);
|
||||
if (delta != 0) {
|
||||
accumulate += twowords(&tc->th_seq);
|
||||
tc->th_seq = htonl(ntohl(tc->th_seq) + delta);
|
||||
@ -1093,7 +1092,7 @@ saved and recalled when a header fragment is seen.
|
||||
static int FragmentIn(struct libalias *, struct ip *);
|
||||
static int FragmentOut(struct libalias *, struct ip *);
|
||||
|
||||
|
||||
// XXX ip free
|
||||
static int
|
||||
FragmentIn(struct libalias *la, struct ip *pip)
|
||||
{
|
||||
@ -1114,7 +1113,7 @@ FragmentIn(struct libalias *la, struct ip *pip)
|
||||
return (PKT_ALIAS_UNRESOLVED_FRAGMENT);
|
||||
}
|
||||
|
||||
|
||||
// XXX ip free
|
||||
static int
|
||||
FragmentOut(struct libalias *la, struct ip *pip)
|
||||
{
|
||||
@ -1146,7 +1145,7 @@ FragmentOut(struct libalias *la, struct ip *pip)
|
||||
(prototypes in alias.h)
|
||||
*/
|
||||
|
||||
|
||||
// XXX ip free
|
||||
int
|
||||
LibAliasSaveFragment(struct libalias *la, char *ptr)
|
||||
{
|
||||
@ -1166,7 +1165,7 @@ LibAliasSaveFragment(struct libalias *la, char *ptr)
|
||||
return (iresult);
|
||||
}
|
||||
|
||||
|
||||
// XXX ip free
|
||||
char *
|
||||
LibAliasGetFragment(struct libalias *la, char *ptr)
|
||||
{
|
||||
@ -1188,7 +1187,7 @@ LibAliasGetFragment(struct libalias *la, char *ptr)
|
||||
return (fptr);
|
||||
}
|
||||
|
||||
|
||||
// XXX ip free
|
||||
void
|
||||
LibAliasFragmentIn(struct libalias *la, char *ptr, /* Points to correctly
|
||||
* de-aliased header
|
||||
|
||||
@ -2005,9 +2005,9 @@ GetAckModified(struct alias_link *lnk)
|
||||
return (lnk->data.tcp->state.ack_modified);
|
||||
}
|
||||
|
||||
|
||||
// XXX ip free
|
||||
int
|
||||
GetDeltaAckIn(struct ip *pip, struct alias_link *lnk)
|
||||
GetDeltaAckIn(u_long ack, struct alias_link *lnk)
|
||||
{
|
||||
/*
|
||||
Find out how much the ACK number has been altered for an incoming
|
||||
@ -2016,12 +2016,7 @@ packet size was altered is searched.
|
||||
*/
|
||||
|
||||
int i;
|
||||
struct tcphdr *tc;
|
||||
int delta, ack_diff_min;
|
||||
u_long ack;
|
||||
|
||||
tc = ip_next(pip);
|
||||
ack = tc->th_ack;
|
||||
|
||||
delta = 0;
|
||||
ack_diff_min = -1;
|
||||
@ -2049,9 +2044,9 @@ packet size was altered is searched.
|
||||
return (delta);
|
||||
}
|
||||
|
||||
|
||||
// XXX ip free
|
||||
int
|
||||
GetDeltaSeqOut(struct ip *pip, struct alias_link *lnk)
|
||||
GetDeltaSeqOut(u_long seq, struct alias_link *lnk)
|
||||
{
|
||||
/*
|
||||
Find out how much the sequence number has been altered for an outgoing
|
||||
@ -2060,12 +2055,7 @@ packet size was altered is searched.
|
||||
*/
|
||||
|
||||
int i;
|
||||
struct tcphdr *tc;
|
||||
int delta, seq_diff_min;
|
||||
u_long seq;
|
||||
|
||||
tc = ip_next(pip);
|
||||
seq = tc->th_seq;
|
||||
|
||||
delta = 0;
|
||||
seq_diff_min = -1;
|
||||
@ -2093,9 +2083,10 @@ packet size was altered is searched.
|
||||
return (delta);
|
||||
}
|
||||
|
||||
|
||||
// XXX ip free
|
||||
void
|
||||
AddSeq(struct ip *pip, struct alias_link *lnk, int delta)
|
||||
AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, u_short ip_len,
|
||||
u_long th_seq, u_int th_off)
|
||||
{
|
||||
/*
|
||||
When a TCP packet has been altered in length, save this
|
||||
@ -2103,19 +2094,16 @@ information in a circular list. If enough packets have
|
||||
been altered, then this list will begin to overwrite itself.
|
||||
*/
|
||||
|
||||
struct tcphdr *tc;
|
||||
struct ack_data_record x;
|
||||
int hlen, tlen, dlen;
|
||||
int i;
|
||||
|
||||
tc = ip_next(pip);
|
||||
|
||||
hlen = (pip->ip_hl + tc->th_off) << 2;
|
||||
tlen = ntohs(pip->ip_len);
|
||||
hlen = (ip_hl + th_off) << 2;
|
||||
tlen = ntohs(ip_len);
|
||||
dlen = tlen - hlen;
|
||||
|
||||
x.ack_old = htonl(ntohl(tc->th_seq) + dlen);
|
||||
x.ack_new = htonl(ntohl(tc->th_seq) + dlen + delta);
|
||||
x.ack_old = htonl(ntohl(th_seq) + dlen);
|
||||
x.ack_new = htonl(ntohl(th_seq) + dlen + delta);
|
||||
x.delta = delta;
|
||||
x.active = 1;
|
||||
|
||||
|
||||
@ -734,8 +734,10 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
|
||||
int delta;
|
||||
|
||||
SetAckModified(lnk);
|
||||
delta = GetDeltaSeqOut(pip, lnk);
|
||||
AddSeq(pip, lnk, delta + slen - dlen);
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
delta = GetDeltaSeqOut(tc->th_seq, lnk);
|
||||
AddSeq(lnk, delta + slen - dlen, pip->ip_hl,
|
||||
pip->ip_len, tc->th_seq, tc->th_off);
|
||||
}
|
||||
|
||||
/* Revise IP header */
|
||||
|
||||
@ -432,8 +432,10 @@ AliasHandleIrcOut(struct libalias *la,
|
||||
int delta;
|
||||
|
||||
SetAckModified(lnk);
|
||||
delta = GetDeltaSeqOut(pip, lnk);
|
||||
AddSeq(pip, lnk, delta + copyat + iCopy - dlen);
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
delta = GetDeltaSeqOut(tc->th_seq, lnk);
|
||||
AddSeq(lnk, delta + copyat + iCopy - dlen, pip->ip_hl,
|
||||
pip->ip_len, tc->th_seq, tc->th_off);
|
||||
}
|
||||
|
||||
/* Revise IP header */
|
||||
|
||||
@ -298,9 +298,10 @@ u_short GetProxyPort(struct alias_link *_lnk);
|
||||
void SetProxyPort(struct alias_link *_lnk, u_short _port);
|
||||
void SetAckModified(struct alias_link *_lnk);
|
||||
int GetAckModified(struct alias_link *_lnk);
|
||||
int GetDeltaAckIn(struct ip *_pip, struct alias_link *_lnk);
|
||||
int GetDeltaSeqOut(struct ip *_pip, struct alias_link *_lnk);
|
||||
void AddSeq (struct ip *_pip, struct alias_link *_lnk, int _delta);
|
||||
int GetDeltaAckIn(u_long, struct alias_link *_lnk);
|
||||
int GetDeltaSeqOut(u_long, struct alias_link *lnk);
|
||||
void AddSeq(struct alias_link *lnk, int delta, u_int ip_hl,
|
||||
u_short ip_len, u_long th_seq, u_int th_off);
|
||||
void SetExpire (struct alias_link *_lnk, int _expire);
|
||||
void ClearCheckNewLink(struct libalias *la);
|
||||
void SetProtocolFlags(struct alias_link *_lnk, int _pflags);
|
||||
@ -320,8 +321,9 @@ void HouseKeeping(struct libalias *);
|
||||
|
||||
/* Transparent proxy routines */
|
||||
int
|
||||
ProxyCheck(struct libalias *la, struct ip *_pip, struct in_addr *_proxy_server_addr,
|
||||
u_short * _proxy_server_port);
|
||||
ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr,
|
||||
u_short * proxy_server_port, struct in_addr src_addr,
|
||||
struct in_addr dst_addr, u_short dst_port, u_char ip_p);
|
||||
void
|
||||
ProxyModify(struct libalias *la, struct alias_link *_lnk, struct ip *_pip,
|
||||
int _maxpacketsize, int _proxy_type);
|
||||
|
||||
@ -453,8 +453,10 @@ ProxyEncodeTcpStream(struct alias_link *lnk,
|
||||
int delta;
|
||||
|
||||
SetAckModified(lnk);
|
||||
delta = GetDeltaSeqOut(pip, lnk);
|
||||
AddSeq(pip, lnk, delta + slen);
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
delta = GetDeltaSeqOut(tc->th_seq, lnk);
|
||||
AddSeq(lnk, delta + slen, pip->ip_hl, pip->ip_len, tc->th_seq,
|
||||
tc->th_off);
|
||||
}
|
||||
|
||||
/* Update IP header packet length and checksum */
|
||||
@ -561,20 +563,13 @@ ProxyEncodeIpHeader(struct ip *pip,
|
||||
*/
|
||||
|
||||
int
|
||||
ProxyCheck(struct libalias *la, struct ip *pip,
|
||||
struct in_addr *proxy_server_addr,
|
||||
u_short * proxy_server_port)
|
||||
ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr,
|
||||
u_short * proxy_server_port, struct in_addr src_addr,
|
||||
struct in_addr dst_addr, u_short dst_port, u_char ip_p)
|
||||
{
|
||||
u_short dst_port;
|
||||
struct in_addr src_addr;
|
||||
struct in_addr dst_addr;
|
||||
struct proxy_entry *ptr;
|
||||
|
||||
LIBALIAS_LOCK_ASSERT(la);
|
||||
src_addr = pip->ip_src;
|
||||
dst_addr = pip->ip_dst;
|
||||
dst_port = ((struct tcphdr *)ip_next(pip))
|
||||
->th_dport;
|
||||
|
||||
ptr = la->proxyList;
|
||||
while (ptr != NULL) {
|
||||
@ -582,7 +577,7 @@ ProxyCheck(struct libalias *la, struct ip *pip,
|
||||
|
||||
proxy_port = ptr->proxy_port;
|
||||
if ((dst_port == proxy_port || proxy_port == 0)
|
||||
&& pip->ip_p == ptr->proto
|
||||
&& ip_p == ptr->proto
|
||||
&& src_addr.s_addr != ptr->server_addr.s_addr) {
|
||||
struct in_addr src_addr_masked;
|
||||
struct in_addr dst_addr_masked;
|
||||
|
||||
@ -404,8 +404,10 @@ alias_rtsp_out(struct libalias *la, struct ip *pip,
|
||||
memcpy(data, newdata, new_dlen);
|
||||
|
||||
SetAckModified(lnk);
|
||||
delta = GetDeltaSeqOut(pip, lnk);
|
||||
AddSeq(pip, lnk, delta + new_dlen - dlen);
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
delta = GetDeltaSeqOut(tc->th_seq, lnk);
|
||||
AddSeq(lnk, delta + new_dlen - dlen, pip->ip_hl, pip->ip_len,
|
||||
tc->th_seq, tc->th_off);
|
||||
|
||||
new_len = htons(hlen + new_dlen);
|
||||
DifferentialChecksum(&pip->ip_sum,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user