Replace PacketAliasRedirectPptp() (which had nothing specific

to PPTP) with more generic PacketAliasRedirectProto().

Major number is not bumped because it is believed that noone
has started using PacketAliasRedirectPptp() yet.
This commit is contained in:
Ruslan Ermilov 2000-04-28 13:44:49 +00:00
parent b673230313
commit 8060760500
10 changed files with 176 additions and 222 deletions

View File

@ -178,6 +178,7 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2(), IcmpAliasIn3()
IcmpAliasOut(), IcmpAliasOut1(), IcmpAliasOut2(), IcmpAliasOut3()
ProtoAliasIn(), ProtoAliasOut()
UdpAliasIn(), UdpAliasOut()
TcpAliasIn(), TcpAliasOut()
@ -224,6 +225,9 @@ static int IcmpAliasOut2(struct ip *);
static int IcmpAliasOut3(struct ip *);
static int IcmpAliasOut (struct ip *);
static int ProtoAliasIn(struct ip *);
static int ProtoAliasOut(struct ip *);
static int UdpAliasOut(struct ip *);
static int UdpAliasIn (struct ip *);
@ -653,10 +657,10 @@ IcmpAliasOut(struct ip *pip)
static int
PptpAliasIn(struct ip *pip)
ProtoAliasIn(struct ip *pip)
{
/*
Handle incoming PPTP packets. The
Handle incoming IP packets. The
only thing which is done in this case is to alias
the dest IP address of the packet to our inside
machine.
@ -667,10 +671,7 @@ PptpAliasIn(struct ip *pip)
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
if (packetAliasMode & PKT_ALIAS_DENY_PPTP)
return PKT_ALIAS_IGNORED;
link = FindPptpIn(pip->ip_src, pip->ip_dst);
link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p);
if (link != NULL)
{
struct in_addr original_address;
@ -691,10 +692,10 @@ PptpAliasIn(struct ip *pip)
static int
PptpAliasOut(struct ip *pip)
ProtoAliasOut(struct ip *pip)
{
/*
Handle outgoing PPTP packets. The
Handle outgoing IP packets. The
only thing which is done in this case is to alias
the source IP address of the packet.
*/
@ -704,10 +705,7 @@ PptpAliasOut(struct ip *pip)
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
if (packetAliasMode & PKT_ALIAS_DENY_PPTP)
return PKT_ALIAS_IGNORED;
link = FindPptpOut(pip->ip_src, pip->ip_dst);
link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p);
if (link != NULL)
{
struct in_addr alias_address;
@ -1303,10 +1301,8 @@ PacketAliasIn(char *ptr, int maxpacketsize)
case IPPROTO_TCP:
iresult = TcpAliasIn(pip);
break;
case IPPROTO_GRE:
case IPPROTO_ESP:
case IPPROTO_AH:
iresult = PptpAliasIn(pip);
default:
iresult = ProtoAliasIn(pip);
break;
}
@ -1411,10 +1407,8 @@ PacketAliasOut(char *ptr, /* valid IP packet */
case IPPROTO_TCP:
iresult = TcpAliasOut(pip, maxpacketsize);
break;
case IPPROTO_GRE:
case IPPROTO_ESP:
case IPPROTO_AH:
iresult = PptpAliasOut(pip);
default:
iresult = ProtoAliasOut(pip);
break;
}
}

View File

@ -60,7 +60,10 @@ struct alias_link;
PacketAliasPptp(struct in_addr);
extern struct alias_link *
PacketAliasRedirectPptp(struct in_addr, struct in_addr, struct in_addr);
PacketAliasRedirectProto(struct in_addr,
struct in_addr,
struct in_addr,
u_char);
extern struct alias_link *
PacketAliasRedirectAddr(struct in_addr,
@ -157,10 +160,6 @@ struct alias_link;
and PacketAliasOut() are reversed */
#define PKT_ALIAS_REVERSE 0x80
/* If PKT_ALIAS_DENY_PPTP is set, then PPTP sessions will be
prevented by the aliasing engine. */
#define PKT_ALIAS_DENY_PPTP 0x200
/* Return Codes */
#define PKT_ALIAS_ERROR -1
#define PKT_ALIAS_OK 1

View File

@ -147,7 +147,7 @@
/* Timeouts (in seconds) for different link types */
#define ICMP_EXPIRE_TIME 60
#define UDP_EXPIRE_TIME 60
#define PPTP_EXPIRE_TIME 60
#define PROTO_EXPIRE_TIME 60
#define FRAGMENT_ID_EXPIRE_TIME 10
#define FRAGMENT_PTR_EXPIRE_TIME 30
@ -256,16 +256,15 @@ struct alias_link /* Main data structure */
u_short proxy_port;
struct server *server;
int link_type; /* Type of link: TCP, UDP, ICMP, PPTP, frag */
int link_type; /* Type of link: TCP, UDP, ICMP, proto, frag */
/* values for link_type */
#define LINK_ICMP 1
#define LINK_UDP 2
#define LINK_TCP 3
#define LINK_FRAGMENT_ID 4
#define LINK_FRAGMENT_PTR 5
#define LINK_ADDR 6
#define LINK_PPTP 7
#define LINK_ICMP IPPROTO_ICMP
#define LINK_UDP IPPROTO_UDP
#define LINK_TCP IPPROTO_TCP
#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1)
#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2)
#define LINK_ADDR (IPPROTO_MAX + 3)
int flags; /* indicates special characteristics */
@ -329,7 +328,7 @@ linkTableIn[LINK_TABLE_IN_SIZE]; /* into input and output lookup */
static int icmpLinkCount; /* Link statistics */
static int udpLinkCount;
static int tcpLinkCount;
static int pptpLinkCount;
static int protoLinkCount;
static int fragmentIdLinkCount;
static int fragmentPtrLinkCount;
static int sockCount;
@ -455,18 +454,18 @@ ShowAliasStats(void)
if (monitorFile)
{
fprintf(monitorFile, "icmp=%d, udp=%d, tcp=%d, pptp=%d, frag_id=%d frag_ptr=%d",
fprintf(monitorFile, "icmp=%d, udp=%d, tcp=%d, proto=%d, frag_id=%d frag_ptr=%d",
icmpLinkCount,
udpLinkCount,
tcpLinkCount,
pptpLinkCount,
protoLinkCount,
fragmentIdLinkCount,
fragmentPtrLinkCount);
fprintf(monitorFile, " / tot=%d (sock=%d)\n",
icmpLinkCount + udpLinkCount
+ tcpLinkCount
+ pptpLinkCount
+ protoLinkCount
+ fragmentIdLinkCount
+ fragmentPtrLinkCount,
sockCount);
@ -738,17 +737,6 @@ IncrementalCleanup(void)
idelta = timeStamp - link->timestamp;
switch (link->link_type)
{
case LINK_ICMP:
case LINK_UDP:
case LINK_FRAGMENT_ID:
case LINK_FRAGMENT_PTR:
case LINK_PPTP:
if (idelta > link->expire_time)
{
DeleteLink(link);
icount++;
}
break;
case LINK_TCP:
if (idelta > link->expire_time)
{
@ -763,6 +751,13 @@ IncrementalCleanup(void)
}
}
break;
default:
if (idelta > link->expire_time)
{
DeleteLink(link);
icount++;
}
break;
}
link = link_next;
}
@ -842,9 +837,6 @@ DeleteLink(struct alias_link *link)
if (link->data.tcp != NULL)
free(link->data.tcp);
break;
case LINK_PPTP:
pptpLinkCount--;
break;
case LINK_FRAGMENT_ID:
fragmentIdLinkCount--;
break;
@ -853,6 +845,11 @@ DeleteLink(struct alias_link *link)
if (link->data.frag_ptr != NULL)
free(link->data.frag_ptr);
break;
case LINK_ADDR:
break;
default:
protoLinkCount--;
break;
}
/* Free memory */
@ -908,15 +905,17 @@ AddLink(struct in_addr src_addr,
case LINK_TCP:
link->expire_time = TCP_EXPIRE_INITIAL;
break;
case LINK_PPTP:
link->expire_time = PPTP_EXPIRE_TIME;
break;
case LINK_FRAGMENT_ID:
link->expire_time = FRAGMENT_ID_EXPIRE_TIME;
break;
case LINK_FRAGMENT_PTR:
link->expire_time = FRAGMENT_PTR_EXPIRE_TIME;
break;
case LINK_ADDR:
break;
default:
link->expire_time = PROTO_EXPIRE_TIME;
break;
}
/* Determine alias flags */
@ -994,15 +993,17 @@ AddLink(struct in_addr src_addr,
#endif
}
break;
case LINK_PPTP:
pptpLinkCount++;
break;
case LINK_FRAGMENT_ID:
fragmentIdLinkCount++;
break;
case LINK_FRAGMENT_PTR:
fragmentPtrLinkCount++;
break;
case LINK_ADDR:
break;
default:
protoLinkCount++;
break;
}
}
else
@ -1303,7 +1304,7 @@ FindLinkIn(struct in_addr dst_addr,
FindIcmpIn(), FindIcmpOut()
FindFragmentIn1(), FindFragmentIn2()
AddFragmentPtrLink(), FindFragmentPtr()
FindPptpIn(), FindPptpOut()
FindProtoIn(), FindProtoOut()
FindUdpTcpIn(), FindUdpTcpOut()
FindOriginalAddress(), FindAliasAddress()
@ -1400,14 +1401,15 @@ FindFragmentPtr(struct in_addr dst_addr,
struct alias_link *
FindPptpIn(struct in_addr dst_addr,
struct in_addr alias_addr)
FindProtoIn(struct in_addr dst_addr,
struct in_addr alias_addr,
u_char proto)
{
struct alias_link *link;
link = FindLinkIn(dst_addr, alias_addr,
NO_DEST_PORT, 0,
LINK_PPTP, 1);
proto, 1);
if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))
{
@ -1416,7 +1418,7 @@ FindPptpIn(struct in_addr dst_addr,
target_addr = FindOriginalAddress(alias_addr);
link = AddLink(target_addr, dst_addr, alias_addr,
NO_SRC_PORT, NO_DEST_PORT, 0,
LINK_PPTP);
proto);
}
return (link);
@ -1424,14 +1426,15 @@ FindPptpIn(struct in_addr dst_addr,
struct alias_link *
FindPptpOut(struct in_addr src_addr,
struct in_addr dst_addr)
FindProtoOut(struct in_addr src_addr,
struct in_addr dst_addr,
u_char proto)
{
struct alias_link *link;
link = FindLinkOut(src_addr, dst_addr,
NO_SRC_PORT, NO_DEST_PORT,
LINK_PPTP, 1);
proto, 1);
if (link == NULL)
{
@ -1440,7 +1443,7 @@ FindPptpOut(struct in_addr src_addr,
alias_addr = FindAliasAddress(src_addr);
link = AddLink(src_addr, dst_addr, alias_addr,
NO_SRC_PORT, NO_DEST_PORT, 0,
LINK_PPTP);
proto);
}
return (link);
@ -2063,7 +2066,7 @@ UninitPacketAliasLog(void)
PacketAliasRedirectPort()
PacketAliasAddServer()
PacketAliasRedirectPptp()
PacketAliasRedirectProto()
PacketAliasRedirectAddr()
PacketAliasRedirectDelete()
PacketAliasSetAddress()
@ -2151,32 +2154,32 @@ PacketAliasAddServer(struct alias_link *link, struct in_addr addr, u_short port)
}
/* Translate PPTP packets to a machine on the inside
* XXX This function is made obsolete by PacketAliasRedirectPptp().
* XXX This function is made obsolete by PacketAliasRedirectProto().
*/
int
PacketAliasPptp(struct in_addr src_addr)
{
if (src_addr.s_addr == INADDR_NONE)
packetAliasMode |= PKT_ALIAS_DENY_PPTP;
else
(void)PacketAliasRedirectPptp(src_addr, nullAddress, nullAddress);
if (src_addr.s_addr != INADDR_NONE)
(void)PacketAliasRedirectProto(src_addr, nullAddress, nullAddress,
IPPROTO_GRE);
return 1;
}
/* Redirect PPTP packets from a specific
/* Redirect packets of a given IP protocol from a specific
public address to a private address */
struct alias_link *
PacketAliasRedirectPptp(struct in_addr src_addr,
struct in_addr dst_addr,
struct in_addr alias_addr)
PacketAliasRedirectProto(struct in_addr src_addr,
struct in_addr dst_addr,
struct in_addr alias_addr,
u_char proto)
{
struct alias_link *link;
link = AddLink(src_addr, dst_addr, alias_addr,
NO_SRC_PORT, NO_DEST_PORT, 0,
LINK_PPTP);
proto);
if (link != NULL)
{
@ -2185,7 +2188,7 @@ PacketAliasRedirectPptp(struct in_addr src_addr,
#ifdef DEBUG
else
{
fprintf(stderr, "PacketAliasRedirectPptp(): "
fprintf(stderr, "PacketAliasRedirectProto(): "
"call to AddLink() failed\n");
}
#endif
@ -2286,7 +2289,7 @@ PacketAliasInit(void)
icmpLinkCount = 0;
udpLinkCount = 0;
tcpLinkCount = 0;
pptpLinkCount = 0;
protoLinkCount = 0;
fragmentIdLinkCount = 0;
fragmentPtrLinkCount = 0;
sockCount = 0;

View File

@ -96,10 +96,10 @@ struct alias_link *
FindFragmentPtr(struct in_addr, u_short);
struct alias_link *
FindPptpIn(struct in_addr, struct in_addr);
FindProtoIn(struct in_addr, struct in_addr, u_char);
struct alias_link *
FindPptpOut(struct in_addr, struct in_addr);
FindProtoOut(struct in_addr, struct in_addr, u_char);
struct alias_link *
FindUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char);

View File

@ -227,15 +227,6 @@ Normal packet aliasing is not performed.
See
.Fn PacketAliasProxyRule
below for details.
.It Dv PKT_ALIAS_DENY_PPTP
If this mode bit is set, all PPTP packets will be marked for being ignored
(both
.Fn PacketAliasIn
and
.Fn PacketAliasOut
return
.Dv PKT_ALIAS_IGNORED
code).
.El
.Ed
.Pp
@ -647,25 +638,17 @@ access, or to restrict access to certain external machines.
.Ed
.Pp
.Ft struct alias_link *
.Fo PacketAliasRedirectPptp
.Fo PacketAliasRedirectProto
.Fa "struct in_addr local_addr"
.Fa "struct in_addr remote_addr"
.Fa "struct in_addr alias_addr"
.Fa "u_char proto"
.Fc
.Bd -ragged -offset indent
This function specifies that any Point to Point Tunneling Protocol
(PPTP) traffic from a given remote address to an alias address be
This function specifies that any IP packet with protocol number of
.Fa proto
from a given remote address to an alias address be
redirected to a specified local address.
Currently supported PPTP protocols include:
.Pp
.Bl -tag -width "IPPROTO_GRE" -compact
.It IPPROTO_GRE
Generic Routing Encapsulation (RFC 1702)
.It IPPROTO_ESP
IP Encapsulating Security Payload (RFC 1827)
.It IPPROTO_AH
IP Authentication Header (RFC 1826)
.El
.Pp
If
.Fa local_addr
@ -678,16 +661,16 @@ is to be used.
Even if
.Fn PacketAliasSetAddress
is called to change the address after
.Fn PacketAliasRedirectPptp
.Fn PacketAliasRedirectProto
is called, a zero reference will track this change.
.Pp
If
.Fa remote_addr
is zero, this indicates to redirect PPTP packets from any remote address.
is zero, this indicates to redirect packets from any remote address.
Non-zero remote addresses can sometimes be useful for firewalling.
.Pp
If two calls to
.Fn PacketAliasRedirectPptp
.Fn PacketAliasRedirectProto
overlap in their address specifications, then the most recent call
will have precedence.
.Pp
@ -713,10 +696,8 @@ then PPTP aliasing is disabled.
.Pp
.Bf -symbolic
This function is made obsolete by
.Fn PacketAliasRedirectPptp
and
.Dv PKT_ALIAS_DENY_PPTP
mode bit, and is provided only for backward compatibility.
.Fn PacketAliasRedirectProto ,
and is provided only for backward compatibility.
.Ef
.Ed
.Sh FRAGMENT HANDLING

View File

@ -178,6 +178,7 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
IcmpAliasIn(), IcmpAliasIn1(), IcmpAliasIn2(), IcmpAliasIn3()
IcmpAliasOut(), IcmpAliasOut1(), IcmpAliasOut2(), IcmpAliasOut3()
ProtoAliasIn(), ProtoAliasOut()
UdpAliasIn(), UdpAliasOut()
TcpAliasIn(), TcpAliasOut()
@ -224,6 +225,9 @@ static int IcmpAliasOut2(struct ip *);
static int IcmpAliasOut3(struct ip *);
static int IcmpAliasOut (struct ip *);
static int ProtoAliasIn(struct ip *);
static int ProtoAliasOut(struct ip *);
static int UdpAliasOut(struct ip *);
static int UdpAliasIn (struct ip *);
@ -653,10 +657,10 @@ IcmpAliasOut(struct ip *pip)
static int
PptpAliasIn(struct ip *pip)
ProtoAliasIn(struct ip *pip)
{
/*
Handle incoming PPTP packets. The
Handle incoming IP packets. The
only thing which is done in this case is to alias
the dest IP address of the packet to our inside
machine.
@ -667,10 +671,7 @@ PptpAliasIn(struct ip *pip)
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
if (packetAliasMode & PKT_ALIAS_DENY_PPTP)
return PKT_ALIAS_IGNORED;
link = FindPptpIn(pip->ip_src, pip->ip_dst);
link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p);
if (link != NULL)
{
struct in_addr original_address;
@ -691,10 +692,10 @@ PptpAliasIn(struct ip *pip)
static int
PptpAliasOut(struct ip *pip)
ProtoAliasOut(struct ip *pip)
{
/*
Handle outgoing PPTP packets. The
Handle outgoing IP packets. The
only thing which is done in this case is to alias
the source IP address of the packet.
*/
@ -704,10 +705,7 @@ PptpAliasOut(struct ip *pip)
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return PKT_ALIAS_OK;
if (packetAliasMode & PKT_ALIAS_DENY_PPTP)
return PKT_ALIAS_IGNORED;
link = FindPptpOut(pip->ip_src, pip->ip_dst);
link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p);
if (link != NULL)
{
struct in_addr alias_address;
@ -1303,10 +1301,8 @@ PacketAliasIn(char *ptr, int maxpacketsize)
case IPPROTO_TCP:
iresult = TcpAliasIn(pip);
break;
case IPPROTO_GRE:
case IPPROTO_ESP:
case IPPROTO_AH:
iresult = PptpAliasIn(pip);
default:
iresult = ProtoAliasIn(pip);
break;
}
@ -1411,10 +1407,8 @@ PacketAliasOut(char *ptr, /* valid IP packet */
case IPPROTO_TCP:
iresult = TcpAliasOut(pip, maxpacketsize);
break;
case IPPROTO_GRE:
case IPPROTO_ESP:
case IPPROTO_AH:
iresult = PptpAliasOut(pip);
default:
iresult = ProtoAliasOut(pip);
break;
}
}

View File

@ -60,7 +60,10 @@ struct alias_link;
PacketAliasPptp(struct in_addr);
extern struct alias_link *
PacketAliasRedirectPptp(struct in_addr, struct in_addr, struct in_addr);
PacketAliasRedirectProto(struct in_addr,
struct in_addr,
struct in_addr,
u_char);
extern struct alias_link *
PacketAliasRedirectAddr(struct in_addr,
@ -157,10 +160,6 @@ struct alias_link;
and PacketAliasOut() are reversed */
#define PKT_ALIAS_REVERSE 0x80
/* If PKT_ALIAS_DENY_PPTP is set, then PPTP sessions will be
prevented by the aliasing engine. */
#define PKT_ALIAS_DENY_PPTP 0x200
/* Return Codes */
#define PKT_ALIAS_ERROR -1
#define PKT_ALIAS_OK 1

View File

@ -147,7 +147,7 @@
/* Timeouts (in seconds) for different link types */
#define ICMP_EXPIRE_TIME 60
#define UDP_EXPIRE_TIME 60
#define PPTP_EXPIRE_TIME 60
#define PROTO_EXPIRE_TIME 60
#define FRAGMENT_ID_EXPIRE_TIME 10
#define FRAGMENT_PTR_EXPIRE_TIME 30
@ -256,16 +256,15 @@ struct alias_link /* Main data structure */
u_short proxy_port;
struct server *server;
int link_type; /* Type of link: TCP, UDP, ICMP, PPTP, frag */
int link_type; /* Type of link: TCP, UDP, ICMP, proto, frag */
/* values for link_type */
#define LINK_ICMP 1
#define LINK_UDP 2
#define LINK_TCP 3
#define LINK_FRAGMENT_ID 4
#define LINK_FRAGMENT_PTR 5
#define LINK_ADDR 6
#define LINK_PPTP 7
#define LINK_ICMP IPPROTO_ICMP
#define LINK_UDP IPPROTO_UDP
#define LINK_TCP IPPROTO_TCP
#define LINK_FRAGMENT_ID (IPPROTO_MAX + 1)
#define LINK_FRAGMENT_PTR (IPPROTO_MAX + 2)
#define LINK_ADDR (IPPROTO_MAX + 3)
int flags; /* indicates special characteristics */
@ -329,7 +328,7 @@ linkTableIn[LINK_TABLE_IN_SIZE]; /* into input and output lookup */
static int icmpLinkCount; /* Link statistics */
static int udpLinkCount;
static int tcpLinkCount;
static int pptpLinkCount;
static int protoLinkCount;
static int fragmentIdLinkCount;
static int fragmentPtrLinkCount;
static int sockCount;
@ -455,18 +454,18 @@ ShowAliasStats(void)
if (monitorFile)
{
fprintf(monitorFile, "icmp=%d, udp=%d, tcp=%d, pptp=%d, frag_id=%d frag_ptr=%d",
fprintf(monitorFile, "icmp=%d, udp=%d, tcp=%d, proto=%d, frag_id=%d frag_ptr=%d",
icmpLinkCount,
udpLinkCount,
tcpLinkCount,
pptpLinkCount,
protoLinkCount,
fragmentIdLinkCount,
fragmentPtrLinkCount);
fprintf(monitorFile, " / tot=%d (sock=%d)\n",
icmpLinkCount + udpLinkCount
+ tcpLinkCount
+ pptpLinkCount
+ protoLinkCount
+ fragmentIdLinkCount
+ fragmentPtrLinkCount,
sockCount);
@ -738,17 +737,6 @@ IncrementalCleanup(void)
idelta = timeStamp - link->timestamp;
switch (link->link_type)
{
case LINK_ICMP:
case LINK_UDP:
case LINK_FRAGMENT_ID:
case LINK_FRAGMENT_PTR:
case LINK_PPTP:
if (idelta > link->expire_time)
{
DeleteLink(link);
icount++;
}
break;
case LINK_TCP:
if (idelta > link->expire_time)
{
@ -763,6 +751,13 @@ IncrementalCleanup(void)
}
}
break;
default:
if (idelta > link->expire_time)
{
DeleteLink(link);
icount++;
}
break;
}
link = link_next;
}
@ -842,9 +837,6 @@ DeleteLink(struct alias_link *link)
if (link->data.tcp != NULL)
free(link->data.tcp);
break;
case LINK_PPTP:
pptpLinkCount--;
break;
case LINK_FRAGMENT_ID:
fragmentIdLinkCount--;
break;
@ -853,6 +845,11 @@ DeleteLink(struct alias_link *link)
if (link->data.frag_ptr != NULL)
free(link->data.frag_ptr);
break;
case LINK_ADDR:
break;
default:
protoLinkCount--;
break;
}
/* Free memory */
@ -908,15 +905,17 @@ AddLink(struct in_addr src_addr,
case LINK_TCP:
link->expire_time = TCP_EXPIRE_INITIAL;
break;
case LINK_PPTP:
link->expire_time = PPTP_EXPIRE_TIME;
break;
case LINK_FRAGMENT_ID:
link->expire_time = FRAGMENT_ID_EXPIRE_TIME;
break;
case LINK_FRAGMENT_PTR:
link->expire_time = FRAGMENT_PTR_EXPIRE_TIME;
break;
case LINK_ADDR:
break;
default:
link->expire_time = PROTO_EXPIRE_TIME;
break;
}
/* Determine alias flags */
@ -994,15 +993,17 @@ AddLink(struct in_addr src_addr,
#endif
}
break;
case LINK_PPTP:
pptpLinkCount++;
break;
case LINK_FRAGMENT_ID:
fragmentIdLinkCount++;
break;
case LINK_FRAGMENT_PTR:
fragmentPtrLinkCount++;
break;
case LINK_ADDR:
break;
default:
protoLinkCount++;
break;
}
}
else
@ -1303,7 +1304,7 @@ FindLinkIn(struct in_addr dst_addr,
FindIcmpIn(), FindIcmpOut()
FindFragmentIn1(), FindFragmentIn2()
AddFragmentPtrLink(), FindFragmentPtr()
FindPptpIn(), FindPptpOut()
FindProtoIn(), FindProtoOut()
FindUdpTcpIn(), FindUdpTcpOut()
FindOriginalAddress(), FindAliasAddress()
@ -1400,14 +1401,15 @@ FindFragmentPtr(struct in_addr dst_addr,
struct alias_link *
FindPptpIn(struct in_addr dst_addr,
struct in_addr alias_addr)
FindProtoIn(struct in_addr dst_addr,
struct in_addr alias_addr,
u_char proto)
{
struct alias_link *link;
link = FindLinkIn(dst_addr, alias_addr,
NO_DEST_PORT, 0,
LINK_PPTP, 1);
proto, 1);
if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))
{
@ -1416,7 +1418,7 @@ FindPptpIn(struct in_addr dst_addr,
target_addr = FindOriginalAddress(alias_addr);
link = AddLink(target_addr, dst_addr, alias_addr,
NO_SRC_PORT, NO_DEST_PORT, 0,
LINK_PPTP);
proto);
}
return (link);
@ -1424,14 +1426,15 @@ FindPptpIn(struct in_addr dst_addr,
struct alias_link *
FindPptpOut(struct in_addr src_addr,
struct in_addr dst_addr)
FindProtoOut(struct in_addr src_addr,
struct in_addr dst_addr,
u_char proto)
{
struct alias_link *link;
link = FindLinkOut(src_addr, dst_addr,
NO_SRC_PORT, NO_DEST_PORT,
LINK_PPTP, 1);
proto, 1);
if (link == NULL)
{
@ -1440,7 +1443,7 @@ FindPptpOut(struct in_addr src_addr,
alias_addr = FindAliasAddress(src_addr);
link = AddLink(src_addr, dst_addr, alias_addr,
NO_SRC_PORT, NO_DEST_PORT, 0,
LINK_PPTP);
proto);
}
return (link);
@ -2063,7 +2066,7 @@ UninitPacketAliasLog(void)
PacketAliasRedirectPort()
PacketAliasAddServer()
PacketAliasRedirectPptp()
PacketAliasRedirectProto()
PacketAliasRedirectAddr()
PacketAliasRedirectDelete()
PacketAliasSetAddress()
@ -2151,32 +2154,32 @@ PacketAliasAddServer(struct alias_link *link, struct in_addr addr, u_short port)
}
/* Translate PPTP packets to a machine on the inside
* XXX This function is made obsolete by PacketAliasRedirectPptp().
* XXX This function is made obsolete by PacketAliasRedirectProto().
*/
int
PacketAliasPptp(struct in_addr src_addr)
{
if (src_addr.s_addr == INADDR_NONE)
packetAliasMode |= PKT_ALIAS_DENY_PPTP;
else
(void)PacketAliasRedirectPptp(src_addr, nullAddress, nullAddress);
if (src_addr.s_addr != INADDR_NONE)
(void)PacketAliasRedirectProto(src_addr, nullAddress, nullAddress,
IPPROTO_GRE);
return 1;
}
/* Redirect PPTP packets from a specific
/* Redirect packets of a given IP protocol from a specific
public address to a private address */
struct alias_link *
PacketAliasRedirectPptp(struct in_addr src_addr,
struct in_addr dst_addr,
struct in_addr alias_addr)
PacketAliasRedirectProto(struct in_addr src_addr,
struct in_addr dst_addr,
struct in_addr alias_addr,
u_char proto)
{
struct alias_link *link;
link = AddLink(src_addr, dst_addr, alias_addr,
NO_SRC_PORT, NO_DEST_PORT, 0,
LINK_PPTP);
proto);
if (link != NULL)
{
@ -2185,7 +2188,7 @@ PacketAliasRedirectPptp(struct in_addr src_addr,
#ifdef DEBUG
else
{
fprintf(stderr, "PacketAliasRedirectPptp(): "
fprintf(stderr, "PacketAliasRedirectProto(): "
"call to AddLink() failed\n");
}
#endif
@ -2286,7 +2289,7 @@ PacketAliasInit(void)
icmpLinkCount = 0;
udpLinkCount = 0;
tcpLinkCount = 0;
pptpLinkCount = 0;
protoLinkCount = 0;
fragmentIdLinkCount = 0;
fragmentPtrLinkCount = 0;
sockCount = 0;

View File

@ -96,10 +96,10 @@ struct alias_link *
FindFragmentPtr(struct in_addr, u_short);
struct alias_link *
FindPptpIn(struct in_addr, struct in_addr);
FindProtoIn(struct in_addr, struct in_addr, u_char);
struct alias_link *
FindPptpOut(struct in_addr, struct in_addr);
FindProtoOut(struct in_addr, struct in_addr, u_char);
struct alias_link *
FindUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char);

View File

@ -227,15 +227,6 @@ Normal packet aliasing is not performed.
See
.Fn PacketAliasProxyRule
below for details.
.It Dv PKT_ALIAS_DENY_PPTP
If this mode bit is set, all PPTP packets will be marked for being ignored
(both
.Fn PacketAliasIn
and
.Fn PacketAliasOut
return
.Dv PKT_ALIAS_IGNORED
code).
.El
.Ed
.Pp
@ -647,25 +638,17 @@ access, or to restrict access to certain external machines.
.Ed
.Pp
.Ft struct alias_link *
.Fo PacketAliasRedirectPptp
.Fo PacketAliasRedirectProto
.Fa "struct in_addr local_addr"
.Fa "struct in_addr remote_addr"
.Fa "struct in_addr alias_addr"
.Fa "u_char proto"
.Fc
.Bd -ragged -offset indent
This function specifies that any Point to Point Tunneling Protocol
(PPTP) traffic from a given remote address to an alias address be
This function specifies that any IP packet with protocol number of
.Fa proto
from a given remote address to an alias address be
redirected to a specified local address.
Currently supported PPTP protocols include:
.Pp
.Bl -tag -width "IPPROTO_GRE" -compact
.It IPPROTO_GRE
Generic Routing Encapsulation (RFC 1702)
.It IPPROTO_ESP
IP Encapsulating Security Payload (RFC 1827)
.It IPPROTO_AH
IP Authentication Header (RFC 1826)
.El
.Pp
If
.Fa local_addr
@ -678,16 +661,16 @@ is to be used.
Even if
.Fn PacketAliasSetAddress
is called to change the address after
.Fn PacketAliasRedirectPptp
.Fn PacketAliasRedirectProto
is called, a zero reference will track this change.
.Pp
If
.Fa remote_addr
is zero, this indicates to redirect PPTP packets from any remote address.
is zero, this indicates to redirect packets from any remote address.
Non-zero remote addresses can sometimes be useful for firewalling.
.Pp
If two calls to
.Fn PacketAliasRedirectPptp
.Fn PacketAliasRedirectProto
overlap in their address specifications, then the most recent call
will have precedence.
.Pp
@ -713,10 +696,8 @@ then PPTP aliasing is disabled.
.Pp
.Bf -symbolic
This function is made obsolete by
.Fn PacketAliasRedirectPptp
and
.Dv PKT_ALIAS_DENY_PPTP
mode bit, and is provided only for backward compatibility.
.Fn PacketAliasRedirectProto ,
and is provided only for backward compatibility.
.Ef
.Ed
.Sh FRAGMENT HANDLING