![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ip_proxy.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Apple XNU] / XNU / bsd / netinet|
Return to ip_proxy.c CVS log | Up to [Apple XNU] / XNU / bsd / netinet |
1.1 ! root 1: /* ! 2: * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. ! 3: * ! 4: * @APPLE_LICENSE_HEADER_START@ ! 5: * ! 6: * The contents of this file constitute Original Code as defined in and ! 7: * are subject to the Apple Public Source License Version 1.1 (the ! 8: * "License"). You may not use this file except in compliance with the ! 9: * License. Please obtain a copy of the License at ! 10: * http://www.apple.com/publicsource and read it before using this file. ! 11: * ! 12: * This Original Code and all software distributed under the License are ! 13: * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER ! 14: * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, ! 15: * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, ! 16: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the ! 17: * License for the specific language governing rights and limitations ! 18: * under the License. ! 19: * ! 20: * @APPLE_LICENSE_HEADER_END@ ! 21: */ ! 22: /* ! 23: * Copyright (C) 1997 by Darren Reed. ! 24: * ! 25: * Redistribution and use in source and binary forms are permitted ! 26: * provided that this notice is preserved and due credit is given ! 27: * to the original author and the contributors. ! 28: */ ! 29: #if !defined(lint) ! 30: #endif ! 31: ! 32: #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) ! 33: # define _KERNEL ! 34: #endif ! 35: ! 36: #if !defined(_KERNEL) && !defined(KERNEL) ! 37: # include <stdio.h> ! 38: # include <string.h> ! 39: # include <stdlib.h> ! 40: #endif ! 41: #include <sys/errno.h> ! 42: #include <sys/types.h> ! 43: #include <sys/param.h> ! 44: #include <sys/time.h> ! 45: #include <sys/file.h> ! 46: #if !defined(__FreeBSD__) ! 47: # include <sys/ioctl.h> ! 48: #endif ! 49: #include <sys/fcntl.h> ! 50: #include <sys/uio.h> ! 51: #ifndef linux ! 52: # include <sys/protosw.h> ! 53: #endif ! 54: #include <sys/socket.h> ! 55: #if defined(_KERNEL) ! 56: # if !defined(linux) ! 57: # include <sys/systm.h> ! 58: # else ! 59: # include <linux/string.h> ! 60: # endif ! 61: #endif ! 62: #if !defined(__SVR4) && !defined(__svr4__) ! 63: # ifndef linux ! 64: # include <sys/mbuf.h> ! 65: # endif ! 66: #else ! 67: # include <sys/byteorder.h> ! 68: # include <sys/dditypes.h> ! 69: # include <sys/stream.h> ! 70: # include <sys/kmem.h> ! 71: #endif ! 72: #if __FreeBSD__ > 2 ! 73: # include <sys/queue.h> ! 74: # include <sys/malloc.h> ! 75: #endif ! 76: #include <net/if.h> ! 77: #ifdef sun ! 78: # include <net/af.h> ! 79: #endif ! 80: #include <net/route.h> ! 81: #include <netinet/in.h> ! 82: #include <netinet/in_systm.h> ! 83: #include <netinet/ip.h> ! 84: #ifndef linux ! 85: # include <netinet/ip_var.h> ! 86: #endif ! 87: #include <netinet/tcp.h> ! 88: #include <netinet/udp.h> ! 89: #include <netinet/ip_icmp.h> ! 90: #include "netinet/ip_compat.h" ! 91: #include <netinet/tcpip.h> ! 92: #include "netinet/ip_fil.h" ! 93: #include "netinet/ip_proxy.h" ! 94: #include "netinet/ip_nat.h" ! 95: #include "netinet/ip_state.h" ! 96: ! 97: #ifndef MIN ! 98: #define MIN(a,b) (((a)<(b))?(a):(b)) ! 99: #endif ! 100: ! 101: static ap_session_t *ap_find __P((ip_t *, tcphdr_t *)); ! 102: static ap_session_t *ap_new_session __P((aproxy_t *, ip_t *, tcphdr_t *, ! 103: fr_info_t *, nat_t *)); ! 104: ! 105: static int ap_matchsrcdst __P((ap_session_t *aps, struct in_addr src, ! 106: struct in_addr dst, void *tcp, u_short sport, ! 107: u_short dport)); ! 108: ! 109: #define AP_SESS_SIZE 53 ! 110: ! 111: #if defined(_KERNEL) && !defined(linux) ! 112: #include "netinet/ip_ftp_pxy.c" ! 113: #endif ! 114: ! 115: ap_session_t *ap_sess_tab[AP_SESS_SIZE]; ! 116: aproxy_t ap_proxies[] = { ! 117: #if IPF_FTP_PROXY ! 118: { "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, ippr_ftp_in, ippr_ftp_out }, ! 119: #endif ! 120: { "", '\0', 0, 0, NULL, NULL } ! 121: }; ! 122: ! 123: ! 124: int ap_ok(ip, tcp, nat) ! 125: ip_t *ip; ! 126: tcphdr_t *tcp; ! 127: ipnat_t *nat; ! 128: { ! 129: aproxy_t *apr = nat->in_apr; ! 130: u_short dport = nat->in_dport; ! 131: ! 132: if (!apr || (apr && (apr->apr_flags & APR_DELETE)) || ! 133: (ip->ip_p != apr->apr_p)) ! 134: return 0; ! 135: if ((tcp && (tcp->th_dport != dport)) || (!tcp && dport)) ! 136: return 0; ! 137: return 1; ! 138: } ! 139: ! 140: ! 141: static int ! 142: ap_matchsrcdst(aps, src, dst, tcp, sport, dport) ! 143: ap_session_t *aps; ! 144: struct in_addr src, dst; ! 145: void *tcp; ! 146: u_short sport, dport; ! 147: { ! 148: if (aps->aps_dst.s_addr == dst.s_addr) { ! 149: if ((aps->aps_src.s_addr == src.s_addr) && ! 150: (!tcp || (sport == aps->aps_sport) && ! 151: (dport == aps->aps_dport))) ! 152: return 1; ! 153: } else if (aps->aps_dst.s_addr == src.s_addr) { ! 154: if ((aps->aps_src.s_addr == dst.s_addr) && ! 155: (!tcp || (sport == aps->aps_dport) && ! 156: (dport == aps->aps_sport))) ! 157: return 1; ! 158: } ! 159: return 0; ! 160: } ! 161: ! 162: ! 163: static ap_session_t *ap_find(ip, tcp) ! 164: ip_t *ip; ! 165: tcphdr_t *tcp; ! 166: { ! 167: register u_char p = ip->ip_p; ! 168: register ap_session_t *aps; ! 169: register u_short sp, dp; ! 170: register u_long hv; ! 171: struct in_addr src, dst; ! 172: ! 173: src = ip->ip_src, dst = ip->ip_dst; ! 174: sp = dp = 0; /* XXX gcc -Wunitialized */ ! 175: ! 176: hv = ip->ip_src.s_addr ^ ip->ip_dst.s_addr; ! 177: hv *= 651733; ! 178: if (tcp) { ! 179: sp = tcp->th_sport; ! 180: dp = tcp->th_dport; ! 181: hv ^= (sp + dp); ! 182: hv *= 5; ! 183: } ! 184: hv %= AP_SESS_SIZE; ! 185: ! 186: for (aps = ap_sess_tab[hv]; aps; aps = aps->aps_next) ! 187: if ((aps->aps_p == p) && ! 188: ap_matchsrcdst(aps, src, dst, tcp, sp, dp)) ! 189: break; ! 190: return aps; ! 191: } ! 192: ! 193: ! 194: /* ! 195: * Allocate a new application proxy structure and fill it in with the ! 196: * relevant details. call the init function once complete, prior to ! 197: * returning. ! 198: */ ! 199: static ap_session_t *ap_new_session(apr, ip, tcp, fin, nat) ! 200: aproxy_t *apr; ! 201: ip_t *ip; ! 202: tcphdr_t *tcp; ! 203: fr_info_t *fin; ! 204: nat_t *nat; ! 205: { ! 206: register ap_session_t *aps; ! 207: u_short dport; ! 208: u_long hv; ! 209: ! 210: if (!apr || (apr && (apr->apr_flags & APR_DELETE)) || ! 211: (ip->ip_p != apr->apr_p)) ! 212: return NULL; ! 213: dport = nat->nat_ptr->in_dport; ! 214: if ((tcp && (tcp->th_dport != dport)) || (!tcp && dport)) ! 215: return NULL; ! 216: ! 217: hv = ip->ip_src.s_addr ^ ip->ip_dst.s_addr; ! 218: hv *= 651733; ! 219: if (tcp) { ! 220: hv ^= (tcp->th_sport + tcp->th_dport); ! 221: hv *= 5; ! 222: } ! 223: hv %= AP_SESS_SIZE; ! 224: ! 225: KMALLOC(aps, ap_session_t *, sizeof(*aps)); ! 226: if (!aps) ! 227: return NULL; ! 228: bzero((char *)aps, sizeof(*aps)); ! 229: aps->aps_apr = apr; ! 230: aps->aps_src = ip->ip_src; ! 231: aps->aps_dst = ip->ip_dst; ! 232: aps->aps_p = ip->ip_p; ! 233: aps->aps_tout = 1200; /* XXX */ ! 234: if (tcp) { ! 235: aps->aps_sport = tcp->th_sport; ! 236: aps->aps_dport = tcp->th_dport; ! 237: } ! 238: aps->aps_data = NULL; ! 239: aps->aps_psiz = 0; ! 240: aps->aps_next = ap_sess_tab[hv]; ! 241: ap_sess_tab[hv] = aps; ! 242: (void) (*apr->apr_init)(fin, ip, tcp, aps, nat); ! 243: return aps; ! 244: } ! 245: ! 246: ! 247: /* ! 248: * check to see if a packet should be passed through an active proxy routine ! 249: * if one has been setup for it. ! 250: */ ! 251: int ap_check(ip, tcp, fin, nat) ! 252: ip_t *ip; ! 253: tcphdr_t *tcp; ! 254: fr_info_t *fin; ! 255: nat_t *nat; ! 256: { ! 257: ap_session_t *aps; ! 258: aproxy_t *apr; ! 259: int err; ! 260: ! 261: if (!(fin->fin_fi.fi_fl & FI_TCPUDP)) ! 262: tcp = NULL; ! 263: ! 264: if ((aps = ap_find(ip, tcp)) || ! 265: (aps = ap_new_session(nat->nat_ptr->in_apr, ip, tcp, fin, nat))) { ! 266: if (ip->ip_p == IPPROTO_TCP) { ! 267: /* ! 268: * verify that the checksum is correct. If not, then ! 269: * don't do anything with this packet. ! 270: */ ! 271: if (tcp->th_sum != fr_tcpsum(*(mb_t **)fin->fin_mp, ! 272: ip, tcp, ip->ip_len)) { ! 273: frstats[fin->fin_out].fr_tcpbad++; ! 274: return -1; ! 275: } ! 276: fr_tcp_age(&aps->aps_tout, aps->aps_state, ip, fin, ! 277: tcp->th_sport == aps->aps_sport); ! 278: } ! 279: ! 280: apr = aps->aps_apr; ! 281: err = 0; ! 282: if (fin->fin_out) { ! 283: if (apr->apr_outpkt) ! 284: err = (*apr->apr_outpkt)(fin, ip, tcp, ! 285: aps, nat); ! 286: } else { ! 287: if (apr->apr_inpkt) ! 288: err = (*apr->apr_inpkt)(fin, ip, tcp, ! 289: aps, nat); ! 290: } ! 291: if (err == 2) { ! 292: tcp->th_sum = fr_tcpsum(*(mb_t **)fin->fin_mp, ip, ! 293: tcp, ip->ip_len); ! 294: err = 0; ! 295: } ! 296: return err; ! 297: } ! 298: return -1; ! 299: } ! 300: ! 301: ! 302: aproxy_t *ap_match(pr, name) ! 303: u_char pr; ! 304: char *name; ! 305: { ! 306: aproxy_t *ap; ! 307: ! 308: for (ap = ap_proxies; ap->apr_p; ap++) ! 309: if ((ap->apr_p == pr) && ! 310: !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { ! 311: ap->apr_ref++; ! 312: return ap; ! 313: } ! 314: return NULL; ! 315: } ! 316: ! 317: ! 318: void ap_free(ap) ! 319: aproxy_t *ap; ! 320: { ! 321: ap->apr_ref--; ! 322: } ! 323: ! 324: ! 325: void aps_free(aps) ! 326: ap_session_t *aps; ! 327: { ! 328: if (aps->aps_data && aps->aps_psiz) ! 329: KFREES(aps->aps_data, aps->aps_psiz); ! 330: KFREE(aps); ! 331: } ! 332: ! 333: ! 334: void ap_unload() ! 335: { ! 336: ap_session_t *aps; ! 337: int i; ! 338: ! 339: for (i = 0; i < AP_SESS_SIZE; i++) ! 340: while ((aps = ap_sess_tab[i])) { ! 341: ap_sess_tab[i] = aps->aps_next; ! 342: aps_free(aps); ! 343: } ! 344: } ! 345: ! 346: ! 347: void ap_expire() ! 348: { ! 349: ap_session_t *aps, **apsp; ! 350: int i; ! 351: ! 352: for (i = 0; i < AP_SESS_SIZE; i++) ! 353: for (apsp = &ap_sess_tab[i]; (aps = *apsp); ) { ! 354: aps->aps_tout--; ! 355: if (!aps->aps_tout) { ! 356: ap_sess_tab[i] = aps->aps_next; ! 357: aps_free(aps); ! 358: *apsp = aps->aps_next; ! 359: } else ! 360: apsp = &aps->aps_next; ! 361: } ! 362: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.