PERFORCE change 139106 for review

Paolo Pisati piso at FreeBSD.org
Mon Mar 31 16:32:15 PDT 2008


http://perforce.freebsd.org/chv.cgi?CH=139106

Change 139106 by piso at piso_newluxor on 2008/03/31 23:31:45

	Reassemble fragments before passing it to libalias.
	While here, do not accept packet coming from L2 in 
	nat action.
	Not working yet.

Affected files ...

.. //depot/projects/soc2005/libalias/sys/netinet/ip_fw_nat.c#6 edit

Differences ...

==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw_nat.c#6 (text+ko) ====

@@ -249,13 +249,46 @@
 	/* XXX - libalias duct tape */
 	int ldt, retval;
 
+	/* ipfw_nat works only at layer 3 */
+	if (args->eh != NULL) {
+		// XXX get out
+	}		
+
 	ldt = 0;
 	retval = 0;
 	if ((m = m_pullup(m, sizeof(struct ip))) ==
 	    NULL)
 		goto badnat;
 	ip = mtod(m, struct ip *);
-	if (args->eh == NULL) {
+	if (ip->ip_off & (IP_MF | IP_OFFMASK)) {
+		struct mbuf *reass = NULL;
+
+		/* Reassemble packet. */
+		//reass = ip_reass(m);
+
+		/*
+		 * IP header checksum fixup after reassembly and leave header
+		 * in network byte order.
+		 */
+		if (reass != NULL) {
+			int hlen;
+			
+			ip = mtod(reass, struct ip *);
+			hlen = ip->ip_hl << 2;
+			ip->ip_len = htons(ip->ip_len);
+			ip->ip_off = htons(ip->ip_off);
+			ip->ip_sum = 0;
+			if (hlen == sizeof(struct ip))
+				ip->ip_sum = in_cksum_hdr(ip);
+			else
+				ip->ip_sum = in_cksum(reass, hlen);
+			m = reass;
+		} else {
+			printf("fragment found\n");
+			m = NULL;
+			goto badnat;
+		}
+	} else {
 		ip->ip_len = htons(ip->ip_len);
 		ip->ip_off = htons(ip->ip_off);
 	}
@@ -320,8 +353,11 @@
 	else
 		retval = LibAliasOut(t->lib, &m,
 		    MCLBYTES);
-	if (retval != PKT_ALIAS_OK &&
-	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
+	if (retval != PKT_ALIAS_OK) {
+		if (retval & 
+		    (PKT_ALIAS_FOUND_HEADER_FRAGMENT | 
+			PKT_ALIAS_UNRESOLVED_FRAGMENT))
+			printf("fragment in libalias?!?!\n"); // XXX panic?!?!
 		printf("retval: %d", retval);
 		/* XXX - should i add some logging? */
 		m_free(m);
@@ -406,11 +442,8 @@
 		}
 		ip->ip_len = htons(ip->ip_len);
 	}
-
-	if (args->eh == NULL) {
-		ip->ip_len = ntohs(ip->ip_len);
-		ip->ip_off = ntohs(ip->ip_off);
-	}
+	ip->ip_len = ntohs(ip->ip_len);
+	ip->ip_off = ntohs(ip->ip_off);
 
 	args->m = m;
 	return (IP_FW_NAT);


More information about the p4-projects mailing list