PERFORCE change 136444 for review
Paolo Pisati
piso at FreeBSD.org
Fri Feb 29 19:48:12 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=136444
Change 136444 by piso at piso_ferret on 2008/02/28 17:28:35
Toss away the previous modifications to make libalias mbuf safe:
as i can't find the nat/samba share bug, the only thing i can
do is to restart from a vanilla kernel, and reapply one by one all
the patches.
Affected files ...
.. //depot/projects/soc2005/libalias/lib/msun/src/e_rem_pio2.c#3 edit
.. //depot/projects/soc2005/libalias/lib/msun/src/e_rem_pio2f.c#3 edit
.. //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#13 edit
.. //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#53 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias.c#61 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias.h#15 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_cuseeme.c#17 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_db.c#26 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_dummy.c#16 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_ftp.c#20 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_irc.c#22 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_local.h#28 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_mod.c#28 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_mod.h#25 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_nbt.c#16 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_pptp.c#16 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_proxy.c#24 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_skinny.c#15 edit
.. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_smedia.c#20 edit
Differences ...
==== //depot/projects/soc2005/libalias/lib/msun/src/e_rem_pio2.c#3 (text+ko) ====
@@ -14,7 +14,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/msun/src/e_rem_pio2.c,v 1.17 2008/02/25 18:28:58 bde Exp $");
+__FBSDID("$FreeBSD: src/lib/msun/src/e_rem_pio2.c,v 1.18 2008/02/28 16:22:36 bde Exp $");
/* __ieee754_rem_pio2(x,y)
*
@@ -126,7 +126,7 @@
}
}
}
- if(ix<=0x413921fb) { /* |x| ~<= 2^19*(pi/2), medium size */
+ if(ix<0x413921fb) { /* |x| ~< 2^20*(pi/2), medium size */
medium:
/* Use a specialized rint() to get fn. Assume round-to-nearest. */
STRICT_ASSIGN(double,fn,x*invpio2+0x1.8p52);
==== //depot/projects/soc2005/libalias/lib/msun/src/e_rem_pio2f.c#3 (text+ko) ====
@@ -15,7 +15,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/msun/src/e_rem_pio2f.c,v 1.28 2008/02/25 22:19:17 bde Exp $");
+__FBSDID("$FreeBSD: src/lib/msun/src/e_rem_pio2f.c,v 1.29 2008/02/28 16:22:36 bde Exp $");
/* __ieee754_rem_pio2f(x,y)
*
@@ -38,8 +38,8 @@
static const double
half = 5.00000000000000000000e-01, /* 0x3FE00000, 0x00000000 */
invpio2 = 6.36619772367581382433e-01, /* 0x3FE45F30, 0x6DC9C883 */
-pio2_1 = 1.57079632673412561417e+00, /* 0x3FF921FB, 0x54400000 */
-pio2_1t = 6.07710050650619224932e-11; /* 0x3DD0B461, 0x1A626331 */
+pio2_1 = 1.57079631090164184570e+00, /* 0x3FF921FB, 0x50000000 */
+pio2_1t = 1.58932547735281966916e-08; /* 0x3E5110b4, 0x611A6263 */
#ifdef INLINE_REM_PIO2F
extern inline
@@ -55,7 +55,7 @@
GET_FLOAT_WORD(hx,x);
ix = hx&0x7fffffff;
/* 33+53 bit pi is good enough for medium size */
- if(ix<=0x49490f80) { /* |x| ~<= 2^19*(pi/2), medium size */
+ if(ix<0x4dc90fdb) { /* |x| ~< 2^28*(pi/2), medium size */
/* Use a specialized rint() to get fn. Assume round-to-nearest. */
STRICT_ASSIGN(double,fn,x*invpio2+0x1.8p52);
fn = fn-0x1.8p52;
==== //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#13 (text+ko) ====
@@ -254,6 +254,7 @@
struct mbuf *m;
struct ip *ip;
int rval, error = 0;
+ char *c;
/* We have no required hooks. */
if (!(priv->flags & NGNAT_CONNECTED)) {
@@ -267,7 +268,7 @@
m = NGI_M(item);
- if ((m = m_pullup(m, sizeof(struct ip))) == NULL) {
+ if ((m = m_megapullup(m, m->m_pkthdr.len)) == NULL) {
NGI_M(item) = NULL; /* avoid double free */
NG_FREE_ITEM(item);
return (ENOBUFS);
@@ -275,49 +276,33 @@
NGI_M(item) = m;
+ c = mtod(m, char *);
ip = mtod(m, struct ip *);
KASSERT(m->m_pkthdr.len == ntohs(ip->ip_len),
("ng_nat: ip_len != m_pkthdr.len"));
if (hook == priv->in) {
- rval = LibAliasIn(priv->lib, &m, 0);
+ rval = LibAliasIn(priv->lib, c, MCLBYTES);
if (rval != PKT_ALIAS_OK &&
rval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
- NGI_M(item) = m;
NG_FREE_ITEM(item);
return (EINVAL);
}
} else if (hook == priv->out) {
- rval = LibAliasOut(priv->lib, &m, 0);
+ rval = LibAliasOut(priv->lib, c, MCLBYTES);
if (rval != PKT_ALIAS_OK) {
- NGI_M(item) = m;
NG_FREE_ITEM(item);
return (EINVAL);
}
} else
panic("ng_nat: unknown hook!\n");
- if ((m = m_pullup(m, sizeof(struct ip))) == NULL) {
- NGI_M(item) = NULL; /* avoid double free */
- NG_FREE_ITEM(item);
- return (ENOBUFS);
- }
- ip = mtod(m, struct ip *);
- m->m_pkthdr.len = ntohs(ip->ip_len);
+ m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len);
if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
- ip->ip_p == IPPROTO_TCP) {
- struct tcphdr *th;
-
- if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct tcphdr)))
- == NULL) {
- NGI_M(item) = NULL; /* avoid double free */
- NG_FREE_ITEM(item);
- return (ENOBUFS);
- }
- ip = mtod(m, struct ip *);
- th = (struct tcphdr *)((caddr_t)ip +
+ ip->ip_p == IPPROTO_TCP) {
+ struct tcphdr *th = (struct tcphdr *)((caddr_t)ip +
(ip->ip_hl << 2));
/*
@@ -357,7 +342,7 @@
ip->ip_len = htons(ip->ip_len);
}
}
- NGI_M(item) = m;
+
send:
if (hook == priv->in)
NG_FWD_ITEM_HOOK(error, item, priv->out);
==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#53 (text+ko) ====
@@ -122,7 +122,6 @@
static int fw_verbose;
static int verbose_limit;
-static int ldebug;
static struct callout ipfw_timeout;
static uma_zone_t ipfw_dyn_rule_zone;
@@ -196,8 +195,6 @@
&fw_verbose, 0, "Log matches to ipfw rules");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW,
&verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");
-SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, libalias_debug, CTLFLAG_RW,
- &ldebug, 0, "LibAlias debug code");
/*
* Description of dynamic rules.
@@ -2242,66 +2239,6 @@
}
#endif
-int
-m_csum(struct mbuf **m, struct libalias *la);
-
-int
-m_csum(struct mbuf **m, struct libalias *la)
-{
- struct ip *pip;
- //struct tcphdr *th;
- int off, len, sum = 0;
- //u_short *ptr;
-
- *m = m_pullup(*m, sizeof(struct ip));
- pip = mtod(*m, struct ip *);
- off = pip->ip_hl << 2;
- len = ntohs(pip->ip_len);
- if (ldebug != 0)
- printf("off: %u len: %u\n", off, len);
- if (pip->ip_p == IPPROTO_TCP) {
- /*
- m = m_pullup(m, off + sizeof(struct tcphdr));
- pip = mtod(m, struct ip *);
- th = (struct tcphdr *)&(((char *)pip)[off]);
- off += th->th_off << 2;
- */
- } else if (pip->ip_p == IPPROTO_UDP) {
- /* udp hdr is of fixed size - no opts */
- off += 8;
- } else {
- if (ldebug != 0)
- printf("unkown protocol: %u\n", pip->ip_p);
- return (-1);
- }
- if (len == off)
- return (0);
- if (len < off) {
- if (ldebug != 0)
- printf("len < off: %u, %u\n", len, off);
- return (-1);
- }
- /*
- len -= off;
- m_copydata(m, off, len, la->buff);
- ptr = (u_short *)la->buff;
- sum = 0;
- while (len > 1) {
- sum += *ptr++;
- len -= 2;
- }
- if (len == 1) {
- oddbyte = 0;
- ((u_char *) & oddbyte)[0] = *(u_char *) ptr;
- ((u_char *) & oddbyte)[1] = 0;
- sum += oddbyte;
- }
- sum = (sum >> 16) + (sum & 0xffff);
- sum += (sum >> 16);
- */
- return (~sum);
-}
-
/*
* The main check routine for the firewall.
*
@@ -3547,6 +3484,7 @@
#ifdef IPFIREWALL_NAT
case O_NAT: {
struct cfg_nat *t;
+ struct mbuf *mcl;
/* XXX - libalias duct tape */
int ldt, nat_id;
char *c;
@@ -3566,17 +3504,15 @@
((ipfw_insn_nat *)cmd)->nat =
t;
}
- if ((m = m_pullup(m, sizeof(struct ip))) ==
+ if ((mcl = m_megapullup(m, m->m_pkthdr.len)) ==
NULL)
goto badnat;
- ip = mtod(m, struct ip *);
+ ip = mtod(mcl, struct ip *);
if (args->eh == NULL) {
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
}
- if (ldebug != 0)
- printf("payload csum: %u\n",
- m_csum(&m, t->lib));
+
/*
* XXX - Libalias checksum offload 'duct tape':
*
@@ -3625,44 +3561,28 @@
* it can handle delayed checksum and tso)
*/
- if (m->m_pkthdr.rcvif == NULL &&
- m->m_pkthdr.csum_flags &
+ if (mcl->m_pkthdr.rcvif == NULL &&
+ mcl->m_pkthdr.csum_flags &
CSUM_DELAY_DATA)
ldt = 1;
- /*printf("-----------START HERE-----------"
- "---------------------------------\n");
- printf("m->m_len: %u m->m_pkthdr.len: %u\n"
- "m->m_next: %p\n", m->m_len,
- m->m_pkthdr.len, m->m_next);
- */
+ c = mtod(mcl, char *);
if (oif == NULL)
- retval = LibAliasIn(t->lib, &m, 0);
+ retval = LibAliasIn(t->lib, c,
+ MCLBYTES);
else
- retval = LibAliasOut(t->lib, &m, 0);
+ retval = LibAliasOut(t->lib, c,
+ MCLBYTES);
if (retval != PKT_ALIAS_OK) {
/* XXX - should i add some logging? */
- m_free(m);
+ m_free(mcl);
badnat:
- printf("badnat ");
- if (oif == NULL)
- printf("LibAliasIn()");
- else
- printf("LibAliasOut()");
- printf("\n");
args->m = NULL;
retval = IP_FW_DENY;
goto done;
}
- /*printf("m->m_len: %u m->m_pkthdr.len: %u\n"
- "m->m_next: %p\n", m->m_len,
- m->m_pkthdr.len, m->m_next);*/
- if ((m = m_pullup(m, sizeof(struct ip))) ==
- NULL)
- goto badnat;
- ip = mtod(m, struct ip *);
- //printf("ip->ip_id: %u\n", ntohs(ip->ip_id));
- m->m_pkthdr.len = ntohs(ip->ip_len);
+ mcl->m_pkthdr.len = mcl->m_len =
+ ntohs(ip->ip_len);
/*
* XXX - libalias checksum offload
@@ -3673,12 +3593,8 @@
ip->ip_p == IPPROTO_TCP) {
struct tcphdr *th;
- if ((m = m_pullup(m, (ip->ip_hl << 2) +
- sizeof(struct tcphdr))) == NULL)
- goto badnat;
- ip = mtod(m, struct ip *);
th = (struct tcphdr *)(ip + 1);
- if (th->th_x2)
+ if (th->th_x2)
ldt = 1;
}
@@ -3697,12 +3613,6 @@
switch (ip->ip_p) {
case IPPROTO_TCP:
- if ((m = m_pullup(m,
- (ip->ip_hl << 2) +
- sizeof(struct tcphdr))) ==
- NULL)
- goto badnat;
- ip = mtod(m, struct ip *);
th = (struct tcphdr *)(ip + 1);
/*
* Maybe it was set in
@@ -3710,56 +3620,38 @@
*/
th->th_x2 = 0;
th->th_sum = cksum;
- m->m_pkthdr.csum_data =
+ mcl->m_pkthdr.csum_data =
offsetof(struct tcphdr,
th_sum);
break;
case IPPROTO_UDP:
- if ((m = m_pullup(m,
- (ip->ip_hl << 2) +
- sizeof(struct udphdr))) ==
- NULL)
- goto badnat;
- ip = mtod(m, struct ip *);
uh = (struct udphdr *)(ip + 1);
uh->uh_sum = cksum;
- m->m_pkthdr.csum_data =
+ mcl->m_pkthdr.csum_data =
offsetof(struct udphdr,
uh_sum);
- break;
+ break;
}
/*
* No hw checksum offloading: do it
* by ourself.
*/
- if ((m->m_pkthdr.csum_flags &
+ if ((mcl->m_pkthdr.csum_flags &
CSUM_DELAY_DATA) == 0) {
- in_delayed_cksum(m);
- m->m_pkthdr.csum_flags &=
+ in_delayed_cksum(mcl);
+ mcl->m_pkthdr.csum_flags &=
~CSUM_DELAY_DATA;
}
ip->ip_len = htons(ip->ip_len);
}
- if (ldebug != 0)
- printf("payload csum: %u\n",
- m_csum(&m, t->lib));
- if ((m = m_pullup(m, sizeof(struct ip))) ==
- NULL)
- goto badnat;
- ip = mtod(m, struct ip *);
if (args->eh == NULL) {
ip->ip_len = ntohs(ip->ip_len);
ip->ip_off = ntohs(ip->ip_off);
}
- args->m = m;
+ args->m = mcl;
retval = IP_FW_NAT;
- /*printf("m->m_len: %u m->m_pkthdr.len: %u\n"
- "m->m_next: %p\n", m->m_len,
- m->m_pkthdr.len, m->m_next);
- printf("-------------------------------"
- "---------------------------------\n");*/
goto done;
}
#endif
==== //depot/projects/soc2005/libalias/sys/netinet/libalias/alias.c#61 (text+ko) ====
@@ -170,42 +170,48 @@
*/
/* Local prototypes */
-static void TcpMonitorIn(struct alias_link *, u_char th_flags);
+static void TcpMonitorIn(struct ip *, struct alias_link *);
-static void TcpMonitorOut(struct alias_link *, u_char th_flags);
+static void TcpMonitorOut(struct ip *, struct alias_link *);
static void
-TcpMonitorIn(struct alias_link *lnk, u_char th_flags)
+TcpMonitorIn(struct ip *pip, struct alias_link *lnk)
{
+ struct tcphdr *tc;
+ tc = (struct tcphdr *)ip_next(pip);
+
switch (GetStateIn(lnk)) {
case ALIAS_TCP_STATE_NOT_CONNECTED:
- if (th_flags & TH_RST)
+ if (tc->th_flags & TH_RST)
SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED);
- else if (th_flags & TH_SYN)
+ else if (tc->th_flags & TH_SYN)
SetStateIn(lnk, ALIAS_TCP_STATE_CONNECTED);
break;
case ALIAS_TCP_STATE_CONNECTED:
- if (th_flags & (TH_FIN | TH_RST))
+ if (tc->th_flags & (TH_FIN | TH_RST))
SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED);
break;
}
}
static void
-TcpMonitorOut(struct alias_link *lnk, u_char th_flags)
+TcpMonitorOut(struct ip *pip, struct alias_link *lnk)
{
+ struct tcphdr *tc;
+ tc = (struct tcphdr *)ip_next(pip);
+
switch (GetStateOut(lnk)) {
case ALIAS_TCP_STATE_NOT_CONNECTED:
- if (th_flags & TH_RST)
+ if (tc->th_flags & TH_RST)
SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED);
- else if (th_flags & TH_SYN)
+ else if (tc->th_flags & TH_SYN)
SetStateOut(lnk, ALIAS_TCP_STATE_CONNECTED);
break;
case ALIAS_TCP_STATE_CONNECTED:
- if (th_flags & (TH_FIN | TH_RST))
+ if (tc->th_flags & (TH_FIN | TH_RST))
SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED);
break;
}
@@ -258,32 +264,33 @@
/* Local prototypes */
static int IcmpAliasIn1(struct libalias *, struct ip *);
static int IcmpAliasIn2(struct libalias *, struct ip *);
-static int IcmpAliasIn(struct libalias *, pkt_t);
+static int IcmpAliasIn(struct libalias *, struct ip *);
static int IcmpAliasOut1(struct libalias *, struct ip *, int create);
static int IcmpAliasOut2(struct libalias *, struct ip *);
-static int IcmpAliasOut(struct libalias *, pkt_t, int create);
+static int IcmpAliasOut(struct libalias *, struct ip *, int create);
static int ProtoAliasIn(struct libalias *, struct ip *);
static int ProtoAliasOut(struct libalias *, struct ip *, int create);
-static int UdpAliasIn(struct libalias *, pkt_t);
-static int UdpAliasOut(struct libalias *, pkt_t, int create);
+static int UdpAliasIn(struct libalias *, struct ip *);
+static int UdpAliasOut(struct libalias *, struct ip *, int create);
-static int TcpAliasIn(struct libalias *, pkt_t);
-static int TcpAliasOut(struct libalias *, pkt_t, int, int create);
+static int TcpAliasIn(struct libalias *, struct ip *);
+static int TcpAliasOut(struct libalias *, struct ip *, int, int create);
static int
IcmpAliasIn1(struct libalias *la, struct ip *pip)
{
- struct alias_link *lnk;
- struct icmp *ic;
+
LIBALIAS_LOCK_ASSERT(la);
/*
De-alias incoming echo and timestamp replies.
Alias incoming echo and timestamp requests.
*/
+ struct alias_link *lnk;
+ struct icmp *ic;
ic = (struct icmp *)ip_next(pip);
@@ -321,6 +328,8 @@
static int
IcmpAliasIn2(struct libalias *la, struct ip *pip)
{
+
+ LIBALIAS_LOCK_ASSERT(la);
/*
Alias incoming ICMP error messages containing
IP header and first 64 bits of datagram.
@@ -331,7 +340,6 @@
struct tcphdr *tc;
struct alias_link *lnk;
- LIBALIAS_LOCK_ASSERT(la);
ic = (struct icmp *)ip_next(pip);
ip = &ic->icmp_ip;
@@ -420,10 +428,9 @@
static int
-IcmpAliasIn(struct libalias *la, pkt_t ptr)
+IcmpAliasIn(struct libalias *la, struct ip *pip)
{
int iresult;
- struct ip *pip;
struct icmp *ic;
LIBALIAS_LOCK_ASSERT(la);
@@ -431,12 +438,9 @@
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return (PKT_ALIAS_OK);
- iresult = PKT_ALIAS_IGNORED;
- PULLUP_ICMPHDR(pip, ptr);
- if (pip == NULL)
- return (iresult);
ic = (struct icmp *)ip_next(pip);
+ iresult = PKT_ALIAS_IGNORED;
switch (ic->icmp_type) {
case ICMP_ECHOREPLY:
case ICMP_TSTAMPREPLY:
@@ -448,9 +452,6 @@
case ICMP_SOURCEQUENCH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
- PULLUP_ICMPIP64(pip, ptr, ic);
- if (pip == NULL)
- return (iresult);
iresult = IcmpAliasIn2(la, pip);
break;
case ICMP_ECHO:
@@ -609,11 +610,10 @@
static int
-IcmpAliasOut(struct libalias *la, pkt_t ptr, int create)
+IcmpAliasOut(struct libalias *la, struct ip *pip, int create)
{
int iresult;
struct icmp *ic;
- struct ip *pip;
LIBALIAS_LOCK_ASSERT(la);
(void)create;
@@ -622,12 +622,9 @@
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return (PKT_ALIAS_OK);
- iresult = PKT_ALIAS_IGNORED;
- PULLUP_ICMPHDR(pip, ptr);
- if (pip == NULL)
- return (iresult);
ic = (struct icmp *)ip_next(pip);
+ iresult = PKT_ALIAS_IGNORED;
switch (ic->icmp_type) {
case ICMP_ECHO:
case ICMP_TSTAMP:
@@ -639,9 +636,6 @@
case ICMP_SOURCEQUENCH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
- PULLUP_ICMPIP64(pip, ptr, ic);
- if (pip == NULL)
- return (iresult);
iresult = IcmpAliasOut2(la, pip);
break;
case ICMP_ECHOREPLY:
@@ -721,9 +715,8 @@
static int
-UdpAliasIn(struct libalias *la, pkt_t ptr)
+UdpAliasIn(struct libalias *la, struct ip *pip)
{
- struct ip *pip;
struct udphdr *ud;
struct alias_link *lnk;
@@ -732,9 +725,6 @@
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return (PKT_ALIAS_OK);
- PULLUP_UDPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
ud = (struct udphdr *)ip_next(pip);
lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
@@ -761,11 +751,8 @@
alias_port = ud->uh_dport;
ud->uh_dport = GetOriginalPort(lnk);
- error = find_handler(IN, UDP, la, ptr, &ad);
- PULLUP_IPUDPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
- ud = (struct udphdr *)ip_next(pip);
+ /* Walk out chain. */
+ error = find_handler(IN, UDP, la, pip, &ad);
/* If UDP checksum is not zero, then adjust since destination port */
/* is being unaliased and destination address is being altered. */
@@ -793,9 +780,8 @@
}
static int
-UdpAliasOut(struct libalias *la, pkt_t ptr, int create)
+UdpAliasOut(struct libalias *la, struct ip *pip, int create)
{
- struct ip *pip;
struct udphdr *ud;
struct alias_link *lnk;
int error;
@@ -805,9 +791,6 @@
if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return (PKT_ALIAS_OK);
- PULLUP_UDPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
ud = (struct udphdr *)ip_next(pip);
lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,
@@ -829,11 +812,8 @@
alias_address = GetAliasAddress(lnk);
alias_port = GetAliasPort(lnk);
- error = find_handler(OUT, UDP, la, ptr, &ad);
- PULLUP_IPUDPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
- ud = (struct udphdr *)ip_next(pip);
+ /* Walk out chain. */
+ error = find_handler(OUT, UDP, la, pip, &ad);
/* If UDP checksum is not zero, adjust since source port is */
/* being aliased and source address is being altered */
@@ -862,16 +842,12 @@
static int
-TcpAliasIn(struct libalias *la, pkt_t ptr)
+TcpAliasIn(struct libalias *la, struct ip *pip)
{
- struct ip *pip;
struct tcphdr *tc;
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- PULLUP_TCPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
tc = (struct tcphdr *)ip_next(pip);
lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
@@ -902,11 +878,8 @@
.maxpktsize = 0
};
- error = find_handler(IN, TCP, la, ptr, &ad);
- PULLUP_IPTCPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
- tc = (struct tcphdr *)ip_next(pip);
+ /* Walk out chain. */
+ error = find_handler(IN, TCP, la, pip, &ad);
alias_address = GetAliasAddress(lnk);
original_address = GetOriginalAddress(lnk);
@@ -957,7 +930,7 @@
if (GetAckModified(lnk) == 1) {
int delta;
- delta = GetDeltaAckIn(lnk, tc->th_ack);
+ delta = GetDeltaAckIn(pip, lnk);
if (delta != 0) {
accumulate += twowords(&tc->th_ack);
tc->th_ack = htonl(ntohl(tc->th_ack) - delta);
@@ -981,7 +954,7 @@
ADJUST_CHECKSUM(accumulate, pip->ip_sum);
/* Monitor TCP connection state */
- TcpMonitorIn(lnk, tc->th_flags);
+ TcpMonitorIn(pip, lnk);
return (PKT_ALIAS_OK);
}
@@ -989,28 +962,22 @@
}
static int
-TcpAliasOut(struct libalias *la, pkt_t ptr, int maxpacketsize, int create)
+TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
{
int proxy_type, error;
- u_short dest_port, src_port;
+ u_short dest_port;
u_short proxy_server_port;
struct in_addr dest_address;
struct in_addr proxy_server_address;
- struct ip *pip;
struct tcphdr *tc;
struct alias_link *lnk;
LIBALIAS_LOCK_ASSERT(la);
- PULLUP_TCPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
tc = (struct tcphdr *)ip_next(pip);
- dest_port = tc->th_dport;
- src_port = tc->th_sport;
if (create)
- proxy_type = ProxyCheck(la, pip, &proxy_server_address,
- &proxy_server_port, dest_port);
+ proxy_type =
+ ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port);
else
proxy_type = 0;
@@ -1019,6 +986,7 @@
/* If this is a transparent proxy, save original destination,
then alter the destination and adjust checksums */
+ dest_port = tc->th_dport;
dest_address = pip->ip_dst;
if (proxy_type != 0) {
int accumulate;
@@ -1060,11 +1028,7 @@
if (proxy_type != 0) {
SetProxyPort(lnk, dest_port);
SetProxyAddress(lnk, dest_address);
- ProxyModify(la, lnk, ptr, maxpacketsize, proxy_type,
- src_port);
- PULLUP_IPTCPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
+ ProxyModify(la, lnk, pip, maxpacketsize, proxy_type);
tc = (struct tcphdr *)ip_next(pip);
}
/* Get alias address and port */
@@ -1072,13 +1036,10 @@
alias_address = GetAliasAddress(lnk);
/* Monitor TCP connection state */
- TcpMonitorOut(lnk, tc->th_flags);
+ TcpMonitorOut(pip, lnk);
- error = find_handler(OUT, TCP, la, ptr, &ad);
- PULLUP_IPTCPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
- tc = (struct tcphdr *)ip_next(pip);
+ /* Walk out chain. */
+ error = find_handler(OUT, TCP, la, pip, &ad);
/* Adjust TCP checksum since source port is being aliased */
/* and source address is being altered */
@@ -1092,7 +1053,7 @@
if (GetAckModified(lnk) == 1) {
int delta;
- delta = GetDeltaSeqOut(lnk, tc->th_seq);
+ delta = GetDeltaSeqOut(pip, lnk);
if (delta != 0) {
accumulate += twowords(&tc->th_seq);
tc->th_seq = htonl(ntohl(tc->th_seq) + delta);
@@ -1187,20 +1148,16 @@
int
-LibAliasSaveFragment(struct libalias *la, pkt_t ptr)
+LibAliasSaveFragment(struct libalias *la, char *ptr)
{
int iresult;
struct alias_link *lnk;
struct ip *pip;
LIBALIAS_LOCK(la);
+ pip = (struct ip *)ptr;
+ lnk = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id);
iresult = PKT_ALIAS_ERROR;
- PULLUP_IPHDR(pip, ptr);
- if (pip == NULL) {
- LIBALIAS_UNLOCK(la);
- return (iresult);
- }
- lnk = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id);
if (lnk != NULL) {
SetFragmentPtr(lnk, ptr);
iresult = PKT_ALIAS_OK;
@@ -1209,27 +1166,16 @@
return (iresult);
}
-#ifdef _KERNEL
-struct mbuf *
-#else
-char *
-#endif
-LibAliasGetFragment(struct libalias *la, pkt_t ptr)
+
+char *
+LibAliasGetFragment(struct libalias *la, char *ptr)
{
struct alias_link *lnk;
-#ifdef _KERNEL
- struct mbuf *fptr;
-#else
char *fptr;
-#endif
struct ip *pip;
LIBALIAS_LOCK(la);
- PULLUP_IPHDR(pip, ptr);
- if (pip == NULL) {
- LIBALIAS_UNLOCK(la);
- return (NULL);
- }
+ pip = (struct ip *)ptr;
lnk = FindFragmentPtr(la, pip->ip_src, pip->ip_id);
if (lnk != NULL) {
GetFragmentPtr(lnk, &fptr);
@@ -1242,11 +1188,12 @@
return (fptr);
}
+
void
-LibAliasFragmentIn(struct libalias *la, pkt_t ptr, /* Points to correctly
+LibAliasFragmentIn(struct libalias *la, char *ptr, /* Points to correctly
* de-aliased header
* fragment */
- pkt_t ptr_fragment /* Points to fragment which must be
+ char *ptr_fragment /* Points to fragment which must be
* de-aliased */
)
{
@@ -1254,17 +1201,10 @@
struct ip *fpip;
LIBALIAS_LOCK(la);
- PULLUP_IPHDR(pip, ptr);
- if (pip == NULL) {
- LIBALIAS_UNLOCK(la);
- return;
- }
- PULLUP_IPHDR(fpip, ptr_fragment);
- if (fpip == NULL) {
- LIBALIAS_UNLOCK(la);
- return;
- }
(void)la;
+ pip = (struct ip *)ptr;
+ fpip = (struct ip *)ptr_fragment;
+
DifferentialChecksum(&fpip->ip_sum,
&pip->ip_dst, &fpip->ip_dst, 2);
fpip->ip_dst = pip->ip_dst;
@@ -1273,14 +1213,14 @@
/* Local prototypes */
static int
-LibAliasOutLocked(struct libalias *la, pkt_t ptr,
+LibAliasOutLocked(struct libalias *la, char *ptr,
int maxpacketsize, int create);
static int
-LibAliasInLocked(struct libalias *la, pkt_t ptr,
+LibAliasInLocked(struct libalias *la, char *ptr,
int maxpacketsize);
int
-LibAliasIn(struct libalias *la, pkt_t ptr, int maxpacketsize)
+LibAliasIn(struct libalias *la, char *ptr, int maxpacketsize)
{
int res;
@@ -1291,13 +1231,12 @@
}
static int
-LibAliasInLocked(struct libalias *la, pkt_t ptr, int maxpacketsize)
+LibAliasInLocked(struct libalias *la, char *ptr, int maxpacketsize)
{
struct in_addr alias_addr;
struct ip *pip;
int iresult;
- iresult = PKT_ALIAS_IGNORED;
if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
iresult = LibAliasOutLocked(la, ptr, maxpacketsize, 1);
@@ -1306,28 +1245,27 @@
}
HouseKeeping(la);
ClearCheckNewLink(la);
- PULLUP_IPHDR(pip, ptr);
- if (pip == NULL)
- goto getout;
+ pip = (struct ip *)ptr;
alias_addr = pip->ip_dst;
/* Defense against mangled packets */
- if (maxpacketsize != 0) {
- if (ntohs(pip->ip_len) > maxpacketsize
- || (pip->ip_hl << 2) > maxpacketsize)
- goto getout;
+ if (ntohs(pip->ip_len) > maxpacketsize
+ || (pip->ip_hl << 2) > maxpacketsize) {
+ iresult = PKT_ALIAS_IGNORED;
+ goto getout;
}
+ iresult = PKT_ALIAS_IGNORED;
if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) {
switch (pip->ip_p) {
case IPPROTO_ICMP:
- iresult = IcmpAliasIn(la, ptr);
+ iresult = IcmpAliasIn(la, pip);
break;
case IPPROTO_UDP:
- iresult = UdpAliasIn(la, ptr);
+ iresult = UdpAliasIn(la, pip);
break;
case IPPROTO_TCP:
- iresult = TcpAliasIn(la, ptr);
+ iresult = TcpAliasIn(la, pip);
break;
case IPPROTO_GRE: {
int error;
@@ -1341,29 +1279,23 @@
.maxpktsize = 0
};
- error = find_handler(IN, IP, la, ptr, &ad);
- PULLUP_IPHDR(pip, ptr);
- if (pip == NULL)
- return (PKT_ALIAS_IGNORED);
+ /* Walk out chain. */
+ error = find_handler(IN, IP, la, pip, &ad);
if (error == 0)
iresult = PKT_ALIAS_OK;
else
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list