From nobody Fri Apr 18 15:12:20 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZfJCS2kLKz5sxPq; Fri, 18 Apr 2025 15:12:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZfJCS1hNkz3nFF; Fri, 18 Apr 2025 15:12:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744989140; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Bopkws0HLLRXj0KC68zj/42W1qxG1bwDd/jJYgsDjmA=; b=YD14SExR+SaVNhpbohBhLyWglNoLsq1kzYrDhcOMT+QqJ9n8dgXFR0RK/7rWeRWINKfZ6m exoHIqrHK/BX3czwyjmglBgRftOzbSNPqB/uIPiw+YmmHL9/RRL6VUIt77wN0O7okfBPD2 nDfnhHqnEuiLP2C9tzXGka/hmSh3kfR0mxCe/FJPoFtgIyLVNmY8n+b+LJh0vCz6LmnrWz 20IOH2anYaFXzVu43qwVjc1tJ6WCS/oOfm7m2wfODYDErB069aZZd7RGztM88/Z+gs1J+D NNcE3U8pzM9751DH7HOB3Jmw/qxvQb1RIiofHinKl7NF42LWoGmTzcUNLQM2kQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1744989140; a=rsa-sha256; cv=none; b=v+QehZPamjFN9cdJo5Ttgkacz5NTRTJCpR2Hf9bT4EmObeybceOAE/umG9AYu4UfytKm5K N7OsTRb8xmXpkAtrjmoYc4B6CdS/QyYyOUrxnYv7TE2KKuZJfeK77PEaqj5IXs9jkbPXgj BT1jtqyEHupfAwkbe8jwRIaLyY8jkGJZZaN4pyPo+eOmRTd52lJNi3PFDOzbYuW2RpFCcd rybduh+b4HIU2rGfXvgliXpicV7fdAHrexfzLMrrvFNFJMjH2S0A7pK37K5gnqUZtbhtyy Va7D2hvuu0zlyeq9eP/urBljh77FKIB0oX2laE490gpb+J6b2r3yDGSFJQCLBQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744989140; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Bopkws0HLLRXj0KC68zj/42W1qxG1bwDd/jJYgsDjmA=; b=rm5DhK41ytm0UXnWXOy9CD+/dplL2HjVXXbr8rKKv61VTsn+7zYdPmQ16hidyQfc+jRuKX 52Jcdpp7G+ZuJBPiIEGTQKPz0lc03N98tNqm/qB0QBdb6vkjiRW9IDBg/F9FG4a+zUINTT Q/70ehuqHURy4qTrbqSQ4YJ4BLFLle/xwWNyCUeqDJ/SapizrQVhmSKMuDuXOc8qjSe2KD zQMwf8ac7lWpvnUsxuQap9Yjgqpx3Ou32Q8s06RoYxduCnBXdf1Upxo3R/aO7u+5xzVegb eLqAftBRU91Qdz8CKD7StUvY3HwLf11BDP3CnU7IkWeobIjrFk4Q4aHWUwP+WA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZfJCS0mCwzfy5; Fri, 18 Apr 2025 15:12:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53IFCKfr065656; Fri, 18 Apr 2025 15:12:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53IFCKGn065651; Fri, 18 Apr 2025 15:12:20 GMT (envelope-from git) Date: Fri, 18 Apr 2025 15:12:20 GMT Message-Id: <202504181512.53IFCKGn065651@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: fb2ea26f3c36 - main - libalias: Handle GetNewPort() errors properly List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fb2ea26f3c3681f5ef639af9c798a631d800864b Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=fb2ea26f3c3681f5ef639af9c798a631d800864b commit fb2ea26f3c3681f5ef639af9c798a631d800864b Author: Mark Johnston AuthorDate: 2025-04-18 13:37:46 +0000 Commit: Mark Johnston CommitDate: 2025-04-18 15:11:51 +0000 libalias: Handle GetNewPort() errors properly AddLink() fails when memory allocation fails or no free port is available; both are error conditions. However, functions such as FindUdpTcpIn() were converting such failures to PKT_ALIAS_IGNORED, which effectively means, "pass the packet without translation," which isn't what we want. Fix the problem by making sure that AddLink() errors are converted to PKT_ALIAS_ERROR where appropriate. The diff is a bit large but is mostly mechanical: functions like TcpAliasOut() are converted to return a result code, and an additional out-parameter is added to return the alias_link pointer. Reported by: Yuxiang Yang Tested by: Yuxiang Yang MFC after: 2 months Differential Revision: https://reviews.freebsd.org/D47778 --- sys/netinet/libalias/alias.c | 164 +++++++++++++++++++++--------------- sys/netinet/libalias/alias_db.c | 88 +++++++++++++------ sys/netinet/libalias/alias_irc.c | 4 +- sys/netinet/libalias/alias_local.h | 26 +++--- sys/netinet/libalias/alias_skinny.c | 4 +- sys/netinet/libalias/alias_smedia.c | 4 +- 6 files changed, 178 insertions(+), 112 deletions(-) diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c index 7858e4d2b9f3..6758813f6a21 100644 --- a/sys/netinet/libalias/alias.c +++ b/sys/netinet/libalias/alias.c @@ -290,13 +290,14 @@ IcmpAliasIn1(struct libalias *la, struct ip *pip) { struct alias_link *lnk; struct icmp *ic; + int ret; LIBALIAS_LOCK_ASSERT(la); ic = (struct icmp *)ip_next(pip); /* Get source address from ICMP data field and restore original data */ - lnk = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); - if (lnk != NULL) { + ret = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1, &lnk); + if (ret == PKT_ALIAS_OK) { u_short original_id; int accumulate; @@ -319,10 +320,8 @@ IcmpAliasIn1(struct libalias *la, struct ip *pip) &original_address, &pip->ip_dst, 2); pip->ip_dst = original_address; } - - return (PKT_ALIAS_OK); } - return (PKT_ALIAS_IGNORED); + return (ret); } /* @@ -337,6 +336,7 @@ IcmpAliasIn2(struct libalias *la, struct ip *pip) struct udphdr *ud; struct tcphdr *tc; struct alias_link *lnk; + int ret; LIBALIAS_LOCK_ASSERT(la); ic = (struct icmp *)ip_next(pip); @@ -346,18 +346,26 @@ IcmpAliasIn2(struct libalias *la, struct ip *pip) tc = (struct tcphdr *)ip_next(ip); ic2 = (struct icmp *)ip_next(ip); - if (ip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, + if (ip->ip_p == IPPROTO_UDP) { + ret = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); - else if (ip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, + IPPROTO_UDP, 0, &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + } else if (ip->ip_p == IPPROTO_TCP) { + ret = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); - else if (ip->ip_p == IPPROTO_ICMP) { - if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); - else + IPPROTO_TCP, 0, &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + } else if (ip->ip_p == IPPROTO_ICMP) { + if (ic2->icmp_type == ICMP_ECHO || + ic2->icmp_type == ICMP_TSTAMP) { + ret = FindIcmpIn(la, ip->ip_dst, ip->ip_src, + ic2->icmp_id, 0, &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + } else lnk = NULL; } else lnk = NULL; @@ -479,13 +487,15 @@ IcmpAliasOut1(struct libalias *la, struct ip *pip, int create) { struct alias_link *lnk; struct icmp *ic; + int ret; LIBALIAS_LOCK_ASSERT(la); ic = (struct icmp *)ip_next(pip); /* Save overwritten data for when echo packet returns */ - lnk = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, create); - if (lnk != NULL) { + ret = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, create, + &lnk); + if (ret == PKT_ALIAS_OK) { u_short alias_id; int accumulate; @@ -508,10 +518,8 @@ IcmpAliasOut1(struct libalias *la, struct ip *pip, int create) &alias_address, &pip->ip_src, 2); pip->ip_src = alias_address; } - - return (PKT_ALIAS_OK); } - return (PKT_ALIAS_IGNORED); + return (ret); } /* @@ -526,6 +534,7 @@ IcmpAliasOut2(struct libalias *la, struct ip *pip) struct udphdr *ud; struct tcphdr *tc; struct alias_link *lnk; + int ret; LIBALIAS_LOCK_ASSERT(la); ic = (struct icmp *)ip_next(pip); @@ -535,18 +544,26 @@ IcmpAliasOut2(struct libalias *la, struct ip *pip) tc = (struct tcphdr *)ip_next(ip); ic2 = (struct icmp *)ip_next(ip); - if (ip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, + if (ip->ip_p == IPPROTO_UDP) { + ret = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); - else if (ip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, + IPPROTO_UDP, 0, &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + } else if (ip->ip_p == IPPROTO_TCP) { + ret = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); - else if (ip->ip_p == IPPROTO_ICMP) { - if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); - else + IPPROTO_TCP, 0, &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + } else if (ip->ip_p == IPPROTO_ICMP) { + if (ic2->icmp_type == ICMP_ECHO || + ic2->icmp_type == ICMP_TSTAMP) { + ret = FindIcmpOut(la, ip->ip_dst, ip->ip_src, + ic2->icmp_id, 0, &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + } else lnk = NULL; } else lnk = NULL; @@ -661,14 +678,15 @@ ProtoAliasIn(struct libalias *la, struct in_addr ip_src, struct ip *pip, u_char ip_p, u_short *ip_sum) { struct alias_link *lnk; + int ret; LIBALIAS_LOCK_ASSERT(la); /* Return if proxy-only mode is enabled */ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); - lnk = FindProtoIn(la, ip_src, pip->ip_dst, ip_p); - if (lnk != NULL) { + ret = FindProtoIn(la, ip_src, pip->ip_dst, ip_p, &lnk); + if (ret == PKT_ALIAS_OK) { struct in_addr original_address; original_address = GetOriginalAddress(lnk); @@ -677,10 +695,8 @@ ProtoAliasIn(struct libalias *la, struct in_addr ip_src, DifferentialChecksum(ip_sum, &original_address, &pip->ip_dst, 2); pip->ip_dst = original_address; - - return (PKT_ALIAS_OK); } - return (PKT_ALIAS_IGNORED); + return (ret); } /* @@ -693,6 +709,7 @@ ProtoAliasOut(struct libalias *la, struct ip *pip, struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create) { struct alias_link *lnk; + int ret; LIBALIAS_LOCK_ASSERT(la); @@ -703,8 +720,8 @@ ProtoAliasOut(struct libalias *la, struct ip *pip, if (!create) return (PKT_ALIAS_IGNORED); - lnk = FindProtoOut(la, pip->ip_src, ip_dst, ip_p); - if (lnk != NULL) { + ret = FindProtoOut(la, pip->ip_src, ip_dst, ip_p, &lnk); + if (ret == PKT_ALIAS_OK) { struct in_addr alias_address; alias_address = GetAliasAddress(lnk); @@ -713,10 +730,8 @@ ProtoAliasOut(struct libalias *la, struct ip *pip, DifferentialChecksum(ip_sum, &alias_address, &pip->ip_src, 2); pip->ip_src = alias_address; - - return (PKT_ALIAS_OK); } - return (PKT_ALIAS_IGNORED); + return (ret); } #define MF_ISSET(_pip) (ntohs((_pip)->ip_off) & IP_MF) @@ -745,6 +760,7 @@ UdpAliasIn(struct libalias *la, struct ip *pip) { struct udphdr *ud; struct alias_link *lnk; + int ret; LIBALIAS_LOCK_ASSERT(la); @@ -752,10 +768,12 @@ UdpAliasIn(struct libalias *la, struct ip *pip) if (ud == NULL) return (PKT_ALIAS_IGNORED); - lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, + ret = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); - if (lnk != NULL) { + IPPROTO_UDP, !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY), &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + { struct in_addr alias_address; struct in_addr original_address; struct in_addr proxy_address; @@ -828,7 +846,6 @@ UdpAliasIn(struct libalias *la, struct ip *pip) return (PKT_ALIAS_OK); } - return (PKT_ALIAS_IGNORED); } static int @@ -840,7 +857,7 @@ UdpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) struct in_addr proxy_server_address; u_short dest_port; u_short proxy_server_port; - int proxy_type; + int proxy_type, ret; LIBALIAS_LOCK_ASSERT(la); @@ -877,10 +894,12 @@ UdpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) pip->ip_dst = proxy_server_address; ud->uh_dport = proxy_server_port; } - lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, + ret = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, create); - if (lnk != NULL) { + IPPROTO_UDP, create, &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + { u_short alias_port; struct in_addr alias_address; struct alias_data ad = { @@ -930,7 +949,6 @@ UdpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) return (PKT_ALIAS_OK); } - return (PKT_ALIAS_IGNORED); } static int @@ -939,6 +957,7 @@ TcpAliasIn(struct libalias *la, struct ip *pip) struct tcphdr *tc; struct alias_link *lnk; size_t dlen; + int ret; LIBALIAS_LOCK_ASSERT(la); @@ -947,11 +966,12 @@ TcpAliasIn(struct libalias *la, struct ip *pip) return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); - lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, + ret = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, - !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); - if (lnk != NULL) { + !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY), + &lnk); + if (ret == PKT_ALIAS_OK) { struct in_addr alias_address; struct in_addr original_address; struct in_addr proxy_address; @@ -1057,13 +1077,13 @@ TcpAliasIn(struct libalias *la, struct ip *pip) return (PKT_ALIAS_OK); } - return (PKT_ALIAS_IGNORED); + return (ret); } static int TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) { - int proxy_type; + int proxy_type, ret; u_short dest_port; u_short proxy_server_port; size_t dlen; @@ -1108,12 +1128,12 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) accumulate -= twowords(&pip->ip_dst); ADJUST_CHECKSUM(accumulate, pip->ip_sum); } - lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, + ret = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, - IPPROTO_TCP, create); - if (lnk == NULL) - return (PKT_ALIAS_IGNORED); - if (lnk != NULL) { + IPPROTO_TCP, create, &lnk); + if (ret != PKT_ALIAS_OK) + return (ret); + { u_short alias_port; struct in_addr alias_address; int accumulate; @@ -1177,7 +1197,6 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) return (PKT_ALIAS_OK); } - return (PKT_ALIAS_IGNORED); } /* Fragment Handling @@ -1581,17 +1600,24 @@ LibAliasUnaliasOut(struct libalias *la, ic = (struct icmp *)ip_next(pip); /* Find a link */ - if (pip->ip_p == IPPROTO_UDP) - lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, + if (pip->ip_p == IPPROTO_UDP) { + iresult = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, ud->uh_dport, ud->uh_sport, - IPPROTO_UDP, 0); - else if (pip->ip_p == IPPROTO_TCP) - lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, + IPPROTO_UDP, 0, &lnk); + if (iresult != PKT_ALIAS_OK) + goto getout; + } else if (pip->ip_p == IPPROTO_TCP) { + iresult = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, tc->th_dport, tc->th_sport, - IPPROTO_TCP, 0); - else if (pip->ip_p == IPPROTO_ICMP) - lnk = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0); - else + IPPROTO_TCP, 0, &lnk); + if (iresult != PKT_ALIAS_OK) + goto getout; + } else if (pip->ip_p == IPPROTO_ICMP) { + iresult = FindIcmpIn(la, pip->ip_dst, pip->ip_src, + ic->icmp_id, 0, &lnk); + if (iresult != PKT_ALIAS_OK) + goto getout; + } else lnk = NULL; /* Change it from an aliased packet to an unaliased packet */ diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index b09e41935d93..732adb8afa83 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -1049,15 +1049,19 @@ FindLinkByInternalEndpoint(struct libalias *la, struct in_addr src_addr, (prototypes in alias_local.h) */ -struct alias_link * +int FindIcmpIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short id_alias, - int create) + int create, + struct alias_link **lnkp) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + *lnkp = NULL; + lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, id_alias, LINK_ICMP, 0); @@ -1068,19 +1072,26 @@ FindIcmpIn(struct libalias *la, struct in_addr dst_addr, lnk = AddLink(la, target_addr, dst_addr, alias_addr, id_alias, NO_DEST_PORT, id_alias, LINK_ICMP); + if (lnk == NULL) + return (PKT_ALIAS_ERROR); } - return (lnk); + *lnkp = lnk; + return (lnk != NULL ? PKT_ALIAS_OK : PKT_ALIAS_IGNORED); } -struct alias_link * +int FindIcmpOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short id, - int create) + int create, + struct alias_link **lnkp) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + *lnkp = NULL; + lnk = FindLinkOut(la, src_addr, dst_addr, id, NO_DEST_PORT, LINK_ICMP, 0); @@ -1091,8 +1102,11 @@ FindIcmpOut(struct libalias *la, struct in_addr src_addr, lnk = AddLink(la, src_addr, dst_addr, alias_addr, id, NO_DEST_PORT, GET_ALIAS_ID, LINK_ICMP); + if (lnk == NULL) + return (PKT_ALIAS_ERROR); } - return (lnk); + *lnkp = lnk; + return (lnk != NULL ? PKT_ALIAS_OK : PKT_ALIAS_IGNORED); } struct alias_link * @@ -1146,18 +1160,21 @@ FindFragmentPtr(struct libalias *la, struct in_addr dst_addr, LINK_FRAGMENT_PTR, 0); } -struct alias_link * +int FindProtoIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, - u_char proto) + u_char proto, + struct alias_link **lnkp) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + *lnkp = NULL; + lnk = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, 0, proto, 1); - if (lnk == NULL && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; @@ -1165,22 +1182,28 @@ FindProtoIn(struct libalias *la, struct in_addr dst_addr, lnk = AddLink(la, target_addr, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, 0, proto); + if (lnk == NULL) + return (PKT_ALIAS_ERROR); } - return (lnk); + *lnkp = lnk; + return (lnk != NULL ? PKT_ALIAS_OK : PKT_ALIAS_IGNORED); } -struct alias_link * +int FindProtoOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, - u_char proto) + u_char proto, + struct alias_link **lnkp) { struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + *lnkp = NULL; + lnk = FindLinkOut(la, src_addr, dst_addr, NO_SRC_PORT, NO_DEST_PORT, proto, 1); - if (lnk == NULL) { struct in_addr alias_addr; @@ -1188,22 +1211,29 @@ FindProtoOut(struct libalias *la, struct in_addr src_addr, lnk = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, 0, proto); + if (lnk == NULL) + return (PKT_ALIAS_ERROR); } - return (lnk); + *lnkp = lnk; + return (lnk != NULL ? PKT_ALIAS_OK : PKT_ALIAS_IGNORED); } -struct alias_link * +int FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short dst_port, u_short alias_port, u_char proto, - int create) + int create, + struct alias_link **lnkp) { int link_type; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + *lnkp = NULL; + switch (proto) { case IPPROTO_UDP: link_type = LINK_UDP; @@ -1212,8 +1242,7 @@ FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr, link_type = LINK_TCP; break; default: - return (NULL); - break; + return (PKT_ALIAS_IGNORED); } lnk = FindLinkIn(la, dst_addr, alias_addr, @@ -1227,22 +1256,30 @@ FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr, lnk = AddLink(la, target_addr, dst_addr, alias_addr, alias_port, dst_port, alias_port, link_type); + if (lnk == NULL) + return (PKT_ALIAS_ERROR); + } - return (lnk); + *lnkp = lnk; + return (lnk != NULL ? PKT_ALIAS_OK : PKT_ALIAS_IGNORED); } -struct alias_link * +int FindUdpTcpOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short dst_port, u_char proto, - int create) + int create, + struct alias_link **lnkp) { int link_type; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + + *lnkp = NULL; + switch (proto) { case IPPROTO_UDP: link_type = LINK_UDP; @@ -1251,12 +1288,10 @@ FindUdpTcpOut(struct libalias *la, struct in_addr src_addr, link_type = LINK_TCP; break; default: - return (NULL); - break; + return (PKT_ALIAS_IGNORED); } lnk = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, create); - if (lnk == NULL && create) { struct in_addr alias_addr; @@ -1264,8 +1299,11 @@ FindUdpTcpOut(struct libalias *la, struct in_addr src_addr, lnk = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, GET_ALIAS_PORT, link_type); + if (lnk == NULL) + return (PKT_ALIAS_ERROR); } - return (lnk); + *lnkp = lnk; + return (lnk != NULL ? PKT_ALIAS_OK : PKT_ALIAS_IGNORED); } struct alias_link * diff --git a/sys/netinet/libalias/alias_irc.c b/sys/netinet/libalias/alias_irc.c index e063a67c2902..30cee74fff21 100644 --- a/sys/netinet/libalias/alias_irc.c +++ b/sys/netinet/libalias/alias_irc.c @@ -360,9 +360,9 @@ AliasHandleIrcOut(struct libalias *la, * matter, and this would probably allow it through * at least _some_ firewalls. */ - dcc_lnk = FindUdpTcpOut(la, true_addr, destaddr, + (void)FindUdpTcpOut(la, true_addr, destaddr, true_port, 0, - IPPROTO_TCP, 1); + IPPROTO_TCP, 1, &dcc_lnk); DBprintf(("Got a DCC link\n")); if (dcc_lnk) { struct in_addr alias_address; /* Address from aliasing */ diff --git a/sys/netinet/libalias/alias_local.h b/sys/netinet/libalias/alias_local.h index ef6c89e675d6..7c1dcb0c8eb0 100644 --- a/sys/netinet/libalias/alias_local.h +++ b/sys/netinet/libalias/alias_local.h @@ -239,12 +239,12 @@ struct alias_link * AddLink(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, u_short dst_port, int alias_param, int link_type); -struct alias_link * +int FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _id_alias, int _create); -struct alias_link * + u_short _id_alias, int _create, struct alias_link **_lnkp); +int FindIcmpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_short _id, int _create); + u_short _id, int _create, struct alias_link **_lnkp); struct alias_link * FindFragmentIn1(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); @@ -255,18 +255,20 @@ struct alias_link * AddFragmentPtrLink(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); struct alias_link * FindFragmentPtr(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); -struct alias_link * +int FindProtoIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_char _proto); -struct alias_link * + u_char _proto, struct alias_link **_lnkp); +int FindProtoOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_char _proto); -struct alias_link * + u_char _proto, struct alias_link **_lnkp); +int FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, - u_short _dst_port, u_short _alias_port, u_char _proto, int _create); -struct alias_link * + u_short _dst_port, u_short _alias_port, u_char _proto, int _create, + struct alias_link **_lnkp); +int FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, - u_short _src_port, u_short _dst_port, u_char _proto, int _create); + u_short _src_port, u_short _dst_port, u_char _proto, int _create, + struct alias_link **_lnkp); struct alias_link * AddPptp(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, struct in_addr _alias_addr, u_int16_t _src_call_id); diff --git a/sys/netinet/libalias/alias_skinny.c b/sys/netinet/libalias/alias_skinny.c index d12046d7953f..fd9e15d3ad40 100644 --- a/sys/netinet/libalias/alias_skinny.c +++ b/sys/netinet/libalias/alias_skinny.c @@ -279,9 +279,9 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn *localIpAddr = (u_int32_t)opnrcvch_ack->ipAddr; null_addr.s_addr = INADDR_ANY; - opnrcv_lnk = FindUdpTcpOut(la, pip->ip_src, null_addr, + (void)FindUdpTcpOut(la, pip->ip_src, null_addr, htons((u_short) opnrcvch_ack->port), 0, - IPPROTO_UDP, 1); + IPPROTO_UDP, 1, &opnrcv_lnk); opnrcvch_ack->ipAddr = (u_int32_t)GetAliasAddress(opnrcv_lnk).s_addr; opnrcvch_ack->port = (u_int32_t)ntohs(GetAliasPort(opnrcv_lnk)); diff --git a/sys/netinet/libalias/alias_smedia.c b/sys/netinet/libalias/alias_smedia.c index 1c4ee0970a53..badd75a45c61 100644 --- a/sys/netinet/libalias/alias_smedia.c +++ b/sys/netinet/libalias/alias_smedia.c @@ -435,8 +435,8 @@ alias_pna_out(struct libalias *la, struct ip *pip, if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) { memcpy(&port, work, 2); - pna_links = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(lnk), - port, 0, IPPROTO_UDP, 1); + (void)FindUdpTcpOut(la, pip->ip_src, GetDestAddress(lnk), + port, 0, IPPROTO_UDP, 1, &pna_links); if (pna_links != NULL) { #ifndef NO_FW_PUNCH /* Punch hole in firewall */