[apple/xnu.git] / bsd / netinet6 / natpt_rule.c

/*	$KAME: natpt_rule.c,v 1.9 2000/03/25 07:23:56 sumikawa Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/errno.h>
#include <sys/param.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/syslog.h>
#include <sys/systm.h>

#include <net/if.h>

#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>

#include <netinet/ip6.h>
#if (defined(__FreeBSD__) && __FreeBSD__ < 3) || defined(__bsdi__)
#include <netinet6/tcp6.h>
#endif

#include <netinet6/natpt_defs.h>
#include <netinet6/natpt_list.h>
#include <netinet6/natpt_log.h>
#include <netinet6/natpt_soctl.h>
#include <netinet6/natpt_var.h>


/*
 *
 */

Cell		*natptStatic;		/* list of struct _cSlot	*/
Cell		*natptDynamic;		/* list of struct _cSlot	*/
Cell		*natptFaith;		/* list of struct _cSlot	*/

int		 matchIn4addr		__P((struct _cv *, struct pAddr *));
int		 matchIn6addr		__P((struct _cv *, struct pAddr *));
static void	 _flushPtrRules		__P((struct _cell **));


extern	struct in6_addr	 faith_prefix;
extern	struct in6_addr	 faith_prefixmask;
extern	struct in6_addr	 natpt_prefix;
extern	struct in6_addr	 natpt_prefixmask;

extern	void	in4_len2mask __P((struct in_addr *, int));
extern	void	in6_len2mask __P((struct in6_addr *, int));


/*
 *
 */

struct _cSlot	*
lookingForIncomingV4Rule(struct _cv *cv)
{
    Cell		*p;
    struct _cSlot	*acs;

    for (p = natptStatic; p; p = CDR(p))
    {
	acs = (struct _cSlot *)CAR(p);
	if ((acs->dir == NATPT_INBOUND)
	    && ((acs->proto == 0)
		|| (acs->proto == cv->ip_payload))
	    && (matchIn4addr(cv, &acs->remote) != 0))
	    return (acs);
    }

    for (p = natptDynamic; p; p = CDR(p))
    {
	acs = (struct _cSlot *)CAR(p);
	if ((acs->dir == NATPT_INBOUND)
	    && ((acs->proto == 0)
		|| (acs->proto == cv->ip_payload))
	    && (matchIn4addr(cv, &acs->remote) != 0))
	    return (acs);
    }

    return (NULL);
}


struct _cSlot	*
lookingForOutgoingV4Rule(struct _cv *cv)
{
    Cell		*p;
    struct _cSlot	*acs;

    for (p = natptStatic; p; p = CDR(p))
    {
	acs = (struct _cSlot *)CAR(p);

	if ((acs->dir == NATPT_OUTBOUND)
	    && (matchIn4addr(cv, &acs->local) != 0))
	    return (acs);
    }

    for (p = natptDynamic; p; p = CDR(p))
    {
	acs = (struct _cSlot *)CAR(p);
	if ((acs->dir == NATPT_OUTBOUND)
	    && (matchIn4addr(cv, &acs->local) != 0))
	    return (acs);
    }

    return (NULL);
}


struct _cSlot	*
lookingForIncomingV6Rule(struct _cv *cv)
{
    Cell		*p;
    struct _cSlot	*acs;

    for (p = natptStatic; p; p = CDR(p))
    {	
	acs = (struct _cSlot *)CAR(p);
	if ((acs->dir == NATPT_INBOUND)
	    && (matchIn6addr(cv, &acs->remote)) != 0)
	    return (acs);
    }

    for (p = natptDynamic; p; p = CDR(p))
    {	
	acs = (struct _cSlot *)CAR(p);
	if ((acs->dir == NATPT_INBOUND)
	    && (matchIn6addr(cv, &acs->remote)) != 0)
	    return (acs);
    }

    return (NULL);
}


struct _cSlot	*
lookingForOutgoingV6Rule(struct _cv *cv)
{
    Cell		*p;
    struct _cSlot	*acs;

    for (p = natptStatic; p; p = CDR(p))
    {	
	acs = (struct _cSlot *)CAR(p);
	if ((acs->dir == NATPT_OUTBOUND)
	    && ((acs->proto == 0)
		|| (acs->proto == cv->ip_payload))
	    && (matchIn6addr(cv, &acs->local)) != 0)
	    return (acs);
    }

    for (p = natptDynamic; p; p = CDR(p))
    {	
	acs = (struct _cSlot *)CAR(p);
	if ((acs->dir == NATPT_OUTBOUND)
	    && ((acs->proto == 0)
		|| (acs->proto == cv->ip_payload))
	    && (matchIn6addr(cv, &acs->local)) != 0)
	    return (acs);
    }

    for (p = natptFaith; p; p = CDR(p))
    {	
	acs = (struct _cSlot *)CAR(p);
	if ((acs->dir == NATPT_OUTBOUND)
	    && ((acs->proto == 0)
		|| (acs->proto == cv->ip_payload))
	    && (matchIn6addr(cv, &acs->local)) != 0)
	    return (acs);
    }

    return (NULL);
}


int
matchIn4addr(struct _cv *cv4, struct pAddr *from)
{
    struct in_addr	in4from = cv4->_ip._ip4->ip_src;
    struct in_addr	in4masked;

    if (from->sa_family != AF_INET)
	return (0);

    switch (from->ad.type)
    {
      case ADDR_ANY:						goto port;

      case ADDR_SINGLE:
	if (in4from.s_addr == from->in4Addr.s_addr)		goto port;
	return (0);

      case ADDR_MASK:
	in4masked.s_addr = in4from.s_addr & from->in4Mask.s_addr;
	if (in4masked.s_addr == from->in4Addr.s_addr)		goto port;
	return (0);

      case ADDR_RANGE:
	if ((in4from.s_addr >= from->in4RangeStart.s_addr)
	    && (in4from.s_addr <= from->in4RangeEnd.s_addr))	goto port;
	return (0);

      default:
	return (0);
    }

port:;
    if ((cv4->ip_payload != IPPROTO_UDP)
	&& (cv4->ip_payload != IPPROTO_TCP))			return (1);

    if (from->_port0 == 0)					return (1);

    if (from->_port1 == 0)
    {
	if ((cv4->_payload._tcp4->th_dport == from->_port0))	return (1);
    }
    else
    {
	u_short	dport = ntohs(cv4->_payload._tcp4->th_dport);
	u_short	port0 = ntohs(from->_port0);
	u_short	port1 = ntohs(from->_port1);

	if ((dport >= port0)
	    && (dport <= port1))				return (1);
    }

    return (0);
}


int
matchIn6addr(struct _cv *cv6, struct pAddr *from)
{
    struct in6_addr		*in6from = &cv6->_ip._ip6->ip6_src;
    struct in6_addr		 in6masked;

    if (from->sa_family != AF_INET6)
	return (0);

    switch (from->ad.type)
    {
      case ADDR_ANY:						goto port;

      case ADDR_SINGLE:
	if (IN6_ARE_ADDR_EQUAL(in6from, &from->in6Addr))	goto port;
	return (0);

      case ADDR_MASK:
	in6masked.s6_addr32[0] = in6from->s6_addr32[0] & from->in6Mask.s6_addr32[0];
	in6masked.s6_addr32[1] = in6from->s6_addr32[1] & from->in6Mask.s6_addr32[1];
	in6masked.s6_addr32[2] = in6from->s6_addr32[2] & from->in6Mask.s6_addr32[2];
	in6masked.s6_addr32[3] = in6from->s6_addr32[3] & from->in6Mask.s6_addr32[3];
	
	if (IN6_ARE_ADDR_EQUAL(&in6masked, &from->in6Addr))	goto port;
	return (0);

      default:
	return (0);
    }

port:;
    if ((cv6->ip_payload != IPPROTO_UDP)
	&& (cv6->ip_payload != IPPROTO_TCP))			return (1);

    if (from->_port0 == 0)					return (1);

    if (from->_port1 == 0)
    {
	if (cv6->_payload._tcp6->th_dport == from->_port0)	return (1);
    }
    else
    {
	u_short	dport = ntohs(cv6->_payload._tcp6->th_dport);
#ifdef UnusedVariable
	u_short	port0 = ntohs(from->_port0);
	u_short	port1 = ntohs(from->_port1);
#endif

	if ((dport >= from->_port0)
	    && (dport <= from->_port1))				return (1);
    }


    return (0);
}
/*
 *
 */

int
_natptEnableTrans(caddr_t addr)
{
    char	Wow[64];

    sprintf(Wow, "map enable");
    natpt_logMsg(LOG_INFO, Wow, strlen(Wow));

    ip6_protocol_tr = 1;
    return (0);
}


int
_natptDisableTrans(caddr_t addr)
{
    char	Wow[64];

    sprintf(Wow, "map disable");
    natpt_logMsg(LOG_INFO, Wow, strlen(Wow));

    ip6_protocol_tr = 0;
    return (0);
}


int
_natptSetRule(caddr_t addr)
{
    struct natpt_msgBox	*mbx = (struct natpt_msgBox *)addr;
    struct _cSlot	*cst;
    Cell		**anchor;

#if	0
    if (((ifb = natpt_asIfBox(mbx->m_ifName)) == NULL)
      && ((ifb = natpt_setIfBox(mbx->m_ifName)) == NULL))
     return (ENXIO);
#endif

    if (mbx->flags == NATPT_FAITH)
	return (_natptSetFaithRule(addr));

    MALLOC(cst, struct _cSlot *, sizeof(struct _cSlot), M_TEMP, M_WAITOK);
    copyin(mbx->freight, cst, sizeof(struct _cSlot));

    {
	struct pAddr	*from;

	from = &cst->local;
	if (cst->dir == NATPT_INBOUND)
	    from = &cst->remote;

	if (from->sa_family == AF_INET)
	{
	    in4_len2mask(&from->in4Mask, cst->prefix);
	    from->in4Addr.s_addr &= from->in4Mask.s_addr;
	}
	else
	{
	    in6_len2mask(&from->in6Mask, cst->prefix);
	    from->in6Addr.s6_addr32[0]
		= from->in6Addr.s6_addr32[0] & from->in6Mask.s6_addr32[0];
	    from->in6Addr.s6_addr32[1]
		= from->in6Addr.s6_addr32[1] & from->in6Mask.s6_addr32[1];
	    from->in6Addr.s6_addr32[2]
		= from->in6Addr.s6_addr32[2] & from->in6Mask.s6_addr32[2];
	    from->in6Addr.s6_addr32[3]
		= from->in6Addr.s6_addr32[3] & from->in6Mask.s6_addr32[3];
	}
    }

    natpt_log(LOG_CSLOT, LOG_DEBUG, (void *)cst, sizeof(struct _cSlot));

    anchor = &natptStatic;
    if (cst->flags == NATPT_DYNAMIC)
	anchor = &natptDynamic;

    LST_hookup_list(anchor, cst);

    return (0);
}


int
_natptSetFaithRule(caddr_t addr)
{
    struct natpt_msgBox	*mbx = (struct natpt_msgBox *)addr;
    struct _cSlot	*cst;

    MALLOC(cst, struct _cSlot *, sizeof(struct _cSlot), M_TEMP, M_WAITOK);
    copyin(mbx->freight, cst, sizeof(struct _cSlot));

    LST_hookup_list(&natptFaith, cst);

    return (0);
}


int
_natptFlushRule(caddr_t addr)
{
    struct natpt_msgBox	*mbx = (struct natpt_msgBox *)addr;

    if (mbx->flags & FLUSH_STATIC)
	_flushPtrRules(&natptStatic);

    if (mbx->flags & FLUSH_DYNAMIC)
	_flushPtrRules(&natptDynamic);

    return (0);
}


int
_natptSetPrefix(caddr_t addr)
{
    struct natpt_msgBox	*mbx = (struct natpt_msgBox *)addr;
    struct pAddr	*load;

    MALLOC(load, struct pAddr *, sizeof(struct pAddr), M_TEMP, M_WAITOK);
    copyin(mbx->freight, load, SZSIN6 * 2);

    if (mbx->flags & PREFIX_FAITH)
    {
	faith_prefix	 =  load->addr[0].in6;
	faith_prefixmask =  load->addr[1].in6;
	
	natpt_logIN6addr(LOG_INFO, "FAITH prefix: ", &faith_prefix);
	natpt_logIN6addr(LOG_INFO, "FAITH prefixmask: ", &faith_prefixmask);
    }
    else if (mbx->flags & PREFIX_NATPT)
    {
	natpt_prefix	 =  load->addr[0].in6;
	natpt_prefixmask =  load->addr[1].in6;

	natpt_logIN6addr(LOG_INFO, "NATPT prefix: ", &natpt_prefix);
	natpt_logIN6addr(LOG_INFO, "NATPT prefixmask: ", &natpt_prefixmask);
    }

    FREE(load, M_TEMP);
    return (0);
}


int
_natptBreak()
{
    printf("break");

    return (0);
}


/*
 *
 */

static void
_flushPtrRules(struct _cell **anchor)
{
    struct _cell	*p0, *p1;
    struct _cSlot	*cslt;

    p0 = *anchor;
    while (p0)
    {
	p1 = p0;
	p0 = CDR(p0);

	cslt = (struct _cSlot *)CAR(p1);
	FREE(cslt, M_TEMP);
	LST_free(p1);
    }

    *anchor = NULL;
}
Commit	Line	Data
1c79356b A	1	/* $KAME: natpt_rule.c,v 1.9 2000/03/25 07:23:56 sumikawa Exp $ */
	2
	3	/*
	4	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the name of the project nor the names of its contributors
	16	* may be used to endorse or promote products derived from this software
	17	* without specific prior written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*/
	31
	32	#include <sys/errno.h>
	33	#include <sys/param.h>
	34	#include <sys/malloc.h>
	35	#include <sys/mbuf.h>
	36	#include <sys/socket.h>
	37	#include <sys/syslog.h>
	38	#include <sys/systm.h>
	39
	40	#include <net/if.h>
	41
	42	#include <netinet/in.h>
	43	#include <netinet/in_systm.h>
	44	#include <netinet/ip.h>
	45	#include <netinet/tcp.h>
	46
	47	#include <netinet/ip6.h>
	48	#if (defined(__FreeBSD__) && __FreeBSD__ < 3) \|\| defined(__bsdi__)
	49	#include <netinet6/tcp6.h>
	50	#endif
	51
	52	#include <netinet6/natpt_defs.h>
	53	#include <netinet6/natpt_list.h>
	54	#include <netinet6/natpt_log.h>
	55	#include <netinet6/natpt_soctl.h>
	56	#include <netinet6/natpt_var.h>
	57
	58
	59	/*
	60	*
	61	*/
	62
	63	Cell natptStatic; / list of struct _cSlot */
	64	Cell natptDynamic; / list of struct _cSlot */
65	Cell natptFaith; / list of struct _cSlot */
66
67	int matchIn4addr __P((struct _cv , struct pAddr ));
68	int matchIn6addr __P((struct _cv , struct pAddr ));
69	static void _flushPtrRules __P((struct _cell **));
70
71
72	extern struct in6_addr faith_prefix;
73	extern struct in6_addr faith_prefixmask;
74	extern struct in6_addr natpt_prefix;
75	extern struct in6_addr natpt_prefixmask;
76
77	extern void in4_len2mask __P((struct in_addr *, int));
78	extern void in6_len2mask __P((struct in6_addr *, int));
79
80
81	/*
82	*
83	*/
84
85	struct _cSlot *
86	lookingForIncomingV4Rule(struct _cv *cv)
87	{
88	Cell *p;
89	struct _cSlot *acs;
90
91	for (p = natptStatic; p; p = CDR(p))
92	{
93	acs = (struct _cSlot *)CAR(p);
94	if ((acs->dir == NATPT_INBOUND)
95	&& ((acs->proto == 0)
96	\|\| (acs->proto == cv->ip_payload))
97	&& (matchIn4addr(cv, &acs->remote) != 0))
98	return (acs);
99	}
100
101	for (p = natptDynamic; p; p = CDR(p))
102	{
103	acs = (struct _cSlot *)CAR(p);
104	if ((acs->dir == NATPT_INBOUND)
105	&& ((acs->proto == 0)
106	\|\| (acs->proto == cv->ip_payload))
107	&& (matchIn4addr(cv, &acs->remote) != 0))
108	return (acs);
109	}
110
111	return (NULL);
112	}
113
114
115	struct _cSlot *
116	lookingForOutgoingV4Rule(struct _cv *cv)
117	{
118	Cell *p;
119	struct _cSlot *acs;
120
121	for (p = natptStatic; p; p = CDR(p))
122	{
123	acs = (struct _cSlot *)CAR(p);
124
125	if ((acs->dir == NATPT_OUTBOUND)
126	&& (matchIn4addr(cv, &acs->local) != 0))
127	return (acs);
128	}
129
130	for (p = natptDynamic; p; p = CDR(p))
131	{
132	acs = (struct _cSlot *)CAR(p);
133	if ((acs->dir == NATPT_OUTBOUND)
134	&& (matchIn4addr(cv, &acs->local) != 0))
135	return (acs);
136	}
137
138	return (NULL);
139	}
140
141
142	struct _cSlot *
143	lookingForIncomingV6Rule(struct _cv *cv)
144	{
145	Cell *p;
146	struct _cSlot *acs;
147
148	for (p = natptStatic; p; p = CDR(p))
149	{
150	acs = (struct _cSlot *)CAR(p);
151	if ((acs->dir == NATPT_INBOUND)
152	&& (matchIn6addr(cv, &acs->remote)) != 0)
153	return (acs);
154	}
155
156	for (p = natptDynamic; p; p = CDR(p))
157	{
158	acs = (struct _cSlot *)CAR(p);
159	if ((acs->dir == NATPT_INBOUND)
160	&& (matchIn6addr(cv, &acs->remote)) != 0)
161	return (acs);
162	}
163
164	return (NULL);
165	}
166
167
168	struct _cSlot *
169	lookingForOutgoingV6Rule(struct _cv *cv)
170	{
171	Cell *p;
172	struct _cSlot *acs;
173
174	for (p = natptStatic; p; p = CDR(p))
175	{
176	acs = (struct _cSlot *)CAR(p);
177	if ((acs->dir == NATPT_OUTBOUND)
178	&& ((acs->proto == 0)
179	\|\| (acs->proto == cv->ip_payload))
180	&& (matchIn6addr(cv, &acs->local)) != 0)
181	return (acs);
182	}
183
184	for (p = natptDynamic; p; p = CDR(p))
185	{
186	acs = (struct _cSlot *)CAR(p);
187	if ((acs->dir == NATPT_OUTBOUND)
188	&& ((acs->proto == 0)
189	\|\| (acs->proto == cv->ip_payload))
190	&& (matchIn6addr(cv, &acs->local)) != 0)
191	return (acs);
192	}
193
194	for (p = natptFaith; p; p = CDR(p))
195	{
196	acs = (struct _cSlot *)CAR(p);
197	if ((acs->dir == NATPT_OUTBOUND)
198	&& ((acs->proto == 0)
199	\|\| (acs->proto == cv->ip_payload))
200	&& (matchIn6addr(cv, &acs->local)) != 0)
201	return (acs);
202	}
203
204	return (NULL);
205	}
206
207
208	int
209	matchIn4addr(struct _cv cv4, struct pAddr from)
210	{
211	struct in_addr in4from = cv4->_ip._ip4->ip_src;
212	struct in_addr in4masked;
213
214	if (from->sa_family != AF_INET)
215	return (0);
216
217	switch (from->ad.type)
218	{
219	case ADDR_ANY: goto port;
220
221	case ADDR_SINGLE:
222	if (in4from.s_addr == from->in4Addr.s_addr) goto port;
223	return (0);
224
225	case ADDR_MASK:
226	in4masked.s_addr = in4from.s_addr & from->in4Mask.s_addr;
227	if (in4masked.s_addr == from->in4Addr.s_addr) goto port;
228	return (0);
229
230	case ADDR_RANGE:
231	if ((in4from.s_addr >= from->in4RangeStart.s_addr)
232	&& (in4from.s_addr <= from->in4RangeEnd.s_addr)) goto port;
233	return (0);
234
235	default:
236	return (0);
237	}
238
239	port:;
240	if ((cv4->ip_payload != IPPROTO_UDP)
241	&& (cv4->ip_payload != IPPROTO_TCP)) return (1);
242
243	if (from->_port0 == 0) return (1);
244
245	if (from->_port1 == 0)
246	{
247	if ((cv4->_payload._tcp4->th_dport == from->_port0)) return (1);
248	}
249	else
250	{
251	u_short dport = ntohs(cv4->_payload._tcp4->th_dport);
252	u_short port0 = ntohs(from->_port0);
253	u_short port1 = ntohs(from->_port1);
254
255	if ((dport >= port0)
256	&& (dport <= port1)) return (1);
257	}
258
259	return (0);
260	}
261
262
263	int
264	matchIn6addr(struct _cv cv6, struct pAddr from)
265	{
266	struct in6_addr *in6from = &cv6->_ip._ip6->ip6_src;
267	struct in6_addr in6masked;
268
269	if (from->sa_family != AF_INET6)
270	return (0);
271
272	switch (from->ad.type)
273	{
274	case ADDR_ANY: goto port;
275
276	case ADDR_SINGLE:
277	if (IN6_ARE_ADDR_EQUAL(in6from, &from->in6Addr)) goto port;
278	return (0);
279
280	case ADDR_MASK:
281	in6masked.s6_addr32[0] = in6from->s6_addr32[0] & from->in6Mask.s6_addr32[0];
282	in6masked.s6_addr32[1] = in6from->s6_addr32[1] & from->in6Mask.s6_addr32[1];
283	in6masked.s6_addr32[2] = in6from->s6_addr32[2] & from->in6Mask.s6_addr32[2];
284	in6masked.s6_addr32[3] = in6from->s6_addr32[3] & from->in6Mask.s6_addr32[3];
285
286	if (IN6_ARE_ADDR_EQUAL(&in6masked, &from->in6Addr)) goto port;
287	return (0);
288
289	default:
290	return (0);
291	}
292
293	port:;
294	if ((cv6->ip_payload != IPPROTO_UDP)
295	&& (cv6->ip_payload != IPPROTO_TCP)) return (1);
296
297	if (from->_port0 == 0) return (1);
298
299	if (from->_port1 == 0)
300	{
301	if (cv6->_payload._tcp6->th_dport == from->_port0) return (1);
302	}
303	else
304	{
305	u_short dport = ntohs(cv6->_payload._tcp6->th_dport);
306	#ifdef UnusedVariable
307	u_short port0 = ntohs(from->_port0);
308	u_short port1 = ntohs(from->_port1);
309	#endif
310
311	if ((dport >= from->_port0)
312	&& (dport <= from->_port1)) return (1);
313	}
314
315
316	return (0);
317	}
318	/*
319	*
320	*/
321
322	int
323	_natptEnableTrans(caddr_t addr)
324	{
325	char Wow[64];
326
327	sprintf(Wow, "map enable");
328	natpt_logMsg(LOG_INFO, Wow, strlen(Wow));
329
330	ip6_protocol_tr = 1;
331	return (0);
332	}
333
334
335	int
336	_natptDisableTrans(caddr_t addr)
337	{
338	char Wow[64];
339
340	sprintf(Wow, "map disable");
341	natpt_logMsg(LOG_INFO, Wow, strlen(Wow));
342
343	ip6_protocol_tr = 0;
344	return (0);
345	}
346
347
348	int
349	_natptSetRule(caddr_t addr)
350	{
351	struct natpt_msgBox mbx = (struct natpt_msgBox )addr;
352	struct _cSlot *cst;
353	Cell **anchor;
354
355	#if 0
356	if (((ifb = natpt_asIfBox(mbx->m_ifName)) == NULL)
357	&& ((ifb = natpt_setIfBox(mbx->m_ifName)) == NULL))
358	return (ENXIO);
359	#endif
360
361	if (mbx->flags == NATPT_FAITH)
362	return (_natptSetFaithRule(addr));
363
364	MALLOC(cst, struct _cSlot *, sizeof(struct _cSlot), M_TEMP, M_WAITOK);
365	copyin(mbx->freight, cst, sizeof(struct _cSlot));
366
367	{
368	struct pAddr *from;
369
370	from = &cst->local;
371	if (cst->dir == NATPT_INBOUND)
372	from = &cst->remote;
373
374	if (from->sa_family == AF_INET)
375	{
376	in4_len2mask(&from->in4Mask, cst->prefix);
377	from->in4Addr.s_addr &= from->in4Mask.s_addr;
378	}
379	else
380	{
381	in6_len2mask(&from->in6Mask, cst->prefix);
382	from->in6Addr.s6_addr32[0]
383	= from->in6Addr.s6_addr32[0] & from->in6Mask.s6_addr32[0];
384	from->in6Addr.s6_addr32[1]
385	= from->in6Addr.s6_addr32[1] & from->in6Mask.s6_addr32[1];
386	from->in6Addr.s6_addr32[2]
387	= from->in6Addr.s6_addr32[2] & from->in6Mask.s6_addr32[2];
388	from->in6Addr.s6_addr32[3]
389	= from->in6Addr.s6_addr32[3] & from->in6Mask.s6_addr32[3];
390	}
391	}
392
393	natpt_log(LOG_CSLOT, LOG_DEBUG, (void *)cst, sizeof(struct _cSlot));
394
395	anchor = &natptStatic;
396	if (cst->flags == NATPT_DYNAMIC)
397	anchor = &natptDynamic;
398
399	LST_hookup_list(anchor, cst);
400
401	return (0);
402	}
403
404
405	int
406	_natptSetFaithRule(caddr_t addr)
407	{
408	struct natpt_msgBox mbx = (struct natpt_msgBox )addr;
409	struct _cSlot *cst;
410
411	MALLOC(cst, struct _cSlot *, sizeof(struct _cSlot), M_TEMP, M_WAITOK);
412	copyin(mbx->freight, cst, sizeof(struct _cSlot));
413
414	LST_hookup_list(&natptFaith, cst);
415
416	return (0);
417	}
418
419
420	int
421	_natptFlushRule(caddr_t addr)
422	{
423	struct natpt_msgBox mbx = (struct natpt_msgBox )addr;
424
425	if (mbx->flags & FLUSH_STATIC)
426	_flushPtrRules(&natptStatic);
427
428	if (mbx->flags & FLUSH_DYNAMIC)
429	_flushPtrRules(&natptDynamic);
430
431	return (0);
432	}
433
434
435	int
436	_natptSetPrefix(caddr_t addr)
437	{
438	struct natpt_msgBox mbx = (struct natpt_msgBox )addr;
439	struct pAddr *load;
440
441	MALLOC(load, struct pAddr *, sizeof(struct pAddr), M_TEMP, M_WAITOK);
442	copyin(mbx->freight, load, SZSIN6 * 2);
443
444	if (mbx->flags & PREFIX_FAITH)
445	{
446	faith_prefix = load->addr[0].in6;
447	faith_prefixmask = load->addr[1].in6;
448
449	natpt_logIN6addr(LOG_INFO, "FAITH prefix: ", &faith_prefix);
450	natpt_logIN6addr(LOG_INFO, "FAITH prefixmask: ", &faith_prefixmask);
451	}
452	else if (mbx->flags & PREFIX_NATPT)
453	{
454	natpt_prefix = load->addr[0].in6;
455	natpt_prefixmask = load->addr[1].in6;
456
457	natpt_logIN6addr(LOG_INFO, "NATPT prefix: ", &natpt_prefix);
458	natpt_logIN6addr(LOG_INFO, "NATPT prefixmask: ", &natpt_prefixmask);
459	}
460
461	FREE(load, M_TEMP);
462	return (0);
463	}
464
465
466	int
467	_natptBreak()
468	{
469	printf("break");
470
471	return (0);
472	}
473
474
475	/*
476	*
477	*/
478
479	static void
480	_flushPtrRules(struct _cell **anchor)
481	{
482	struct _cell p0, p1;
483	struct _cSlot *cslt;
484
485	p0 = *anchor;
486	while (p0)
487	{
488	p1 = p0;
489	p0 = CDR(p0);
490
491	cslt = (struct _cSlot *)CAR(p1);
492	FREE(cslt, M_TEMP);
493	LST_free(p1);
494	}
495
496	*anchor = NULL;
497	}