PERFORCE change 139106 for review
Paolo Pisati
piso at FreeBSD.org
Mon Mar 31 16:32:15 PDT 2008
http://perforce.freebsd.org/chv.cgi?CH=139106
Change 139106 by piso at piso_newluxor on 2008/03/31 23:31:45
Reassemble fragments before passing it to libalias.
While here, do not accept packet coming from L2 in
nat action.
Not working yet.
Affected files ...
.. //depot/projects/soc2005/libalias/sys/netinet/ip_fw_nat.c#6 edit
Differences ...
==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw_nat.c#6 (text+ko) ====
@@ -249,13 +249,46 @@
/* XXX - libalias duct tape */
int ldt, retval;
+ /* ipfw_nat works only at layer 3 */
+ if (args->eh != NULL) {
+ // XXX get out
+ }
+
ldt = 0;
retval = 0;
if ((m = m_pullup(m, sizeof(struct ip))) ==
NULL)
goto badnat;
ip = mtod(m, struct ip *);
- if (args->eh == NULL) {
+ if (ip->ip_off & (IP_MF | IP_OFFMASK)) {
+ struct mbuf *reass = NULL;
+
+ /* Reassemble packet. */
+ //reass = ip_reass(m);
+
+ /*
+ * IP header checksum fixup after reassembly and leave header
+ * in network byte order.
+ */
+ if (reass != NULL) {
+ int hlen;
+
+ ip = mtod(reass, struct ip *);
+ hlen = ip->ip_hl << 2;
+ ip->ip_len = htons(ip->ip_len);
+ ip->ip_off = htons(ip->ip_off);
+ ip->ip_sum = 0;
+ if (hlen == sizeof(struct ip))
+ ip->ip_sum = in_cksum_hdr(ip);
+ else
+ ip->ip_sum = in_cksum(reass, hlen);
+ m = reass;
+ } else {
+ printf("fragment found\n");
+ m = NULL;
+ goto badnat;
+ }
+ } else {
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
}
@@ -320,8 +353,11 @@
else
retval = LibAliasOut(t->lib, &m,
MCLBYTES);
- if (retval != PKT_ALIAS_OK &&
- retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
+ if (retval != PKT_ALIAS_OK) {
+ if (retval &
+ (PKT_ALIAS_FOUND_HEADER_FRAGMENT |
+ PKT_ALIAS_UNRESOLVED_FRAGMENT))
+ printf("fragment in libalias?!?!\n"); // XXX panic?!?!
printf("retval: %d", retval);
/* XXX - should i add some logging? */
m_free(m);
@@ -406,11 +442,8 @@
}
ip->ip_len = htons(ip->ip_len);
}
-
- if (args->eh == NULL) {
- ip->ip_len = ntohs(ip->ip_len);
- ip->ip_off = ntohs(ip->ip_off);
- }
+ ip->ip_len = ntohs(ip->ip_len);
+ ip->ip_off = ntohs(ip->ip_off);
args->m = m;
return (IP_FW_NAT);
More information about the p4-projects
mailing list