]>
Commit | Line | Data |
---|---|---|
1c79356b A |
1 | /* $KAME: natpt_tslot.c,v 1.8 2000/03/25 07:23:56 sumikawa Exp $ */ |
2 | ||
3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | |
6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | |
15 | * 3. Neither the name of the project nor the names of its contributors | |
16 | * may be used to endorse or promote products derived from this software | |
17 | * without specific prior written permission. | |
18 | * | |
19 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
20 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
23 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
25 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
26 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
27 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
29 | * SUCH DAMAGE. | |
30 | */ | |
31 | ||
32 | #include <sys/param.h> | |
33 | #include <sys/kernel.h> | |
34 | #include <sys/malloc.h> | |
35 | #include <sys/socket.h> | |
36 | #include <sys/syslog.h> | |
37 | #include <sys/systm.h> | |
38 | ||
39 | #include <net/if.h> | |
40 | ||
41 | #include <netinet/in_systm.h> | |
42 | #include <netinet/in.h> | |
43 | #include <netinet/ip.h> | |
44 | #include <netinet/ip_icmp.h> | |
45 | #include <netinet/tcp.h> | |
46 | #include <netinet/tcp_fsm.h> | |
47 | #include <netinet/udp.h> | |
48 | ||
49 | #include <netinet6/in6_var.h> | |
50 | #include <netinet/ip6.h> | |
51 | #if !defined(__NetBSD__) && (!defined(__FreeBSD__) || (__FreeBSD__ < 3)) && !defined(__APPLE__) | |
52 | #include <netinet6/tcp6.h> | |
53 | #endif | |
54 | ||
55 | #include <netinet6/natpt_defs.h> | |
56 | #include <netinet6/natpt_list.h> | |
57 | #include <netinet6/natpt_soctl.h> | |
58 | #include <netinet6/natpt_var.h> | |
59 | ||
60 | ||
61 | /* | |
62 | * | |
63 | */ | |
64 | ||
65 | static Cell *_insideHash [NATPT_MAXHASH]; | |
66 | static Cell *_outsideHash[NATPT_MAXHASH]; | |
67 | ||
68 | static Cell *tSlotEntry; | |
69 | static int tSlotEntryMax; | |
70 | static int tSlotEntryUsed; | |
71 | ||
72 | static time_t tSlotTimer; | |
73 | static time_t maxTTLany; | |
74 | static time_t maxTTLicmp; | |
75 | static time_t maxTTLudp; | |
76 | static time_t maxTTLtcp; | |
77 | ||
78 | static time_t _natpt_TCPT_2MSL; | |
79 | static time_t _natpt_tcp_maxidle; | |
80 | ||
81 | extern struct in6_addr natpt_prefix; | |
82 | extern struct in6_addr natpt_prefixmask; | |
83 | extern struct in6_addr faith_prefix; | |
84 | extern struct in6_addr faith_prefixmask; | |
85 | ||
86 | static struct pAddr *fillupOutgoingV6local __P((struct _cSlot *, struct _cv *, struct pAddr *)); | |
87 | static struct pAddr *fillupOutgoingV6Remote __P((struct _cSlot *, struct _cv *, struct pAddr *)); | |
88 | ||
89 | static struct _tSlot *registTSlotEntry __P((struct _tSlot *)); | |
90 | static void _expireTSlot __P((void *)); | |
91 | static void _expireTSlotEntry __P((struct timeval *)); | |
92 | static void _removeTSlotEntry __P((struct _cell *, struct _cell *)); | |
93 | static int _removeHash __P((struct _cell *(*table)[], int, caddr_t)); | |
94 | ||
95 | static int _hash_ip4 __P((struct _cv *)); | |
96 | static int _hash_ip6 __P((struct _cv *)); | |
97 | static int _hash_pat4 __P((struct pAddr *)); | |
98 | static int _hash_pat6 __P((struct pAddr *)); | |
99 | static int _hash_sockaddr4 __P((struct sockaddr_in *)); | |
100 | static int _hash_sockaddr6 __P((struct sockaddr_in6 *)); | |
101 | static int _hash_pjw __P((u_char *, int)); | |
102 | ||
103 | ||
104 | #if defined(__FreeBSD__) && __FreeBSD__ >= 3 | |
105 | static MALLOC_DEFINE(M_NATPT, "NATPT", "Network Address Translation - Protocol Translation"); | |
106 | #endif | |
107 | ||
108 | ||
109 | /* | |
110 | * | |
111 | */ | |
112 | ||
113 | struct _tSlot * | |
114 | lookingForIncomingV4Hash(struct _cv *cv) | |
115 | { | |
116 | register Cell *p; | |
117 | register struct _tSlot *ats; | |
118 | register struct ip *ip4; | |
119 | ||
120 | int hv = _hash_ip4(cv); | |
121 | ||
122 | for (p = _outsideHash[hv]; p; p = CDR(p)) | |
123 | { | |
124 | ats = (struct _tSlot *)CAR(p); | |
125 | ||
126 | if ((ats->remote.ip_p != IPPROTO_IPV4) | |
127 | || (cv->ip_payload != ats->ip_payload)) continue; | |
128 | ||
129 | if ((cv->ip_payload == IPPROTO_TCP) | |
130 | || (cv->ip_payload == IPPROTO_UDP)) | |
131 | { | |
132 | if (cv->_payload._tcp4->th_sport!= ats->remote._dport) continue; | |
133 | if (cv->_payload._tcp4->th_dport!= ats->remote._sport) continue; | |
134 | } | |
135 | ||
136 | ip4 = cv->_ip._ip4; | |
137 | if ((ip4->ip_src.s_addr == ats->remote.in4dst.s_addr) | |
138 | && (ip4->ip_dst.s_addr == ats->remote.in4src.s_addr)) | |
139 | return (ats); | |
140 | } | |
141 | ||
142 | return (NULL); | |
143 | } | |
144 | ||
145 | ||
146 | struct _tSlot * | |
147 | lookingForOutgoingV4Hash(struct _cv *cv) | |
148 | { | |
149 | register Cell *p; | |
150 | register struct _tSlot *ats; | |
151 | register struct ip *ip4; | |
152 | ||
153 | int hv = _hash_ip4(cv); | |
154 | ||
155 | for (p = _insideHash[hv]; p; p = CDR(p)) | |
156 | { | |
157 | ats = (struct _tSlot *)CAR(p); | |
158 | ||
159 | if ((ats->local.ip_p != IPPROTO_IPV4) | |
160 | || (cv->ip_payload != ats->ip_payload)) continue; | |
161 | ||
162 | if ((cv->ip_payload == IPPROTO_TCP) | |
163 | || (cv->ip_payload == IPPROTO_UDP)) | |
164 | { | |
165 | if (cv->_payload._tcp4->th_sport != ats->local._dport) continue; | |
166 | if (cv->_payload._tcp4->th_dport != ats->local._sport) continue; | |
167 | } | |
168 | ||
169 | ip4 = cv->_ip._ip4; | |
170 | if ((ip4->ip_src.s_addr == ats->local.in4dst.s_addr) | |
171 | && (ip4->ip_dst.s_addr == ats->local.in4src.s_addr)) | |
172 | return (ats); | |
173 | } | |
174 | ||
175 | return (NULL); | |
176 | } | |
177 | ||
178 | ||
179 | struct _tSlot * | |
180 | lookingForIncomingV6Hash(struct _cv *cv) | |
181 | { | |
182 | register Cell *p; | |
183 | register struct _tSlot *ats; | |
184 | register struct ip6_hdr *ip6; | |
185 | ||
186 | int hv = _hash_ip6(cv); | |
187 | ||
188 | for (p = _outsideHash[hv]; p; p = CDR(p)) | |
189 | { | |
190 | ats = (struct _tSlot *)CAR(p); | |
191 | ||
192 | if ((ats->remote.ip_p != IPPROTO_IPV6) | |
193 | || (cv->ip_payload != ats->ip_payload)) continue; | |
194 | ||
195 | if ((cv->ip_payload == IPPROTO_TCP) | |
196 | || (cv->ip_payload == IPPROTO_UDP)) | |
197 | { | |
198 | if (cv->_payload._tcp6->th_sport != ats->remote._dport) continue; | |
199 | if (cv->_payload._tcp6->th_dport != ats->remote._sport) continue; | |
200 | } | |
201 | ||
202 | ip6 = cv->_ip._ip6; | |
203 | if ((IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &ats->remote.in6dst)) | |
204 | && (IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &ats->remote.in6src))) | |
205 | return (ats); | |
206 | } | |
207 | ||
208 | return (NULL); | |
209 | } | |
210 | ||
211 | ||
212 | struct _tSlot * | |
213 | lookingForOutgoingV6Hash(struct _cv *cv) | |
214 | { | |
215 | register Cell *p; | |
216 | register struct _tSlot *ats; | |
217 | register struct ip6_hdr *ip6; | |
218 | ||
219 | int hv = _hash_ip6(cv); | |
220 | ||
221 | for (p = _insideHash[hv]; p; p = CDR(p)) | |
222 | { | |
223 | ats = (struct _tSlot *)CAR(p); | |
224 | ||
225 | if ((ats->local.ip_p != IPPROTO_IPV6) | |
226 | || (cv->ip_payload != ats->ip_payload)) continue; | |
227 | ||
228 | if ((cv->ip_payload == IPPROTO_TCP) | |
229 | || (cv->ip_payload == IPPROTO_UDP)) | |
230 | { | |
231 | if (cv->_payload._tcp6->th_sport != ats->local._dport) continue; | |
232 | if (cv->_payload._tcp6->th_dport != ats->local._sport) continue; | |
233 | } | |
234 | ||
235 | ip6 = cv->_ip._ip6; | |
236 | if ((IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &ats->local.in6dst)) | |
237 | && (IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &ats->local.in6src))) | |
238 | return (ats); | |
239 | } | |
240 | ||
241 | return (NULL); | |
242 | } | |
243 | ||
244 | ||
245 | struct _tSlot * | |
246 | internIncomingV4Hash(int sess, struct _cSlot *acs, struct _cv *cv4) | |
247 | { | |
248 | int s, hv4, hv6; | |
249 | struct pAddr *local, *remote; | |
250 | struct _tSlot *ats; | |
251 | ||
252 | MALLOC(ats, struct _tSlot *, sizeof(struct _tSlot), M_TEMP, M_NOWAIT); | |
253 | if (ats == NULL) | |
254 | { | |
255 | printf("ENOBUFS in internIncomingV4Hash %d\n", __LINE__); | |
256 | return (NULL); | |
257 | } | |
258 | ||
259 | bzero(ats, sizeof(struct _tSlot)); | |
260 | ||
261 | local = &ats->local; | |
262 | remote = &ats->remote; | |
263 | ||
264 | #ifdef NATPT_NAT | |
265 | if (acs->local.sa_family == AF_INET) | |
266 | { | |
267 | local->ip_p = IPPROTO_IPV4; | |
268 | local->sa_family = AF_INET; | |
269 | local->in4src = cv4->_ip._ip4->ip_src; | |
270 | local->in4dst = acs->local.in4Addr; | |
271 | if ((cv4->ip_payload == IPPROTO_TCP) | |
272 | || (cv4->ip_payload == IPPROTO_UDP)) | |
273 | { | |
274 | local->_sport = cv4->_payload._tcp4->th_sport; | |
275 | local->_dport = cv4->_payload._tcp4->th_dport; | |
276 | if (acs->map & NATPT_PORT_MAP) | |
277 | { | |
278 | local->_dport = acs->local._port0; | |
279 | } | |
280 | } | |
281 | } | |
282 | else | |
283 | #else | |
284 | { | |
285 | local->ip_p = IPPROTO_IPV6; | |
286 | local->sa_family = AF_INET6; | |
287 | local->in6src = natpt_prefix; | |
288 | local->in6src.s6_addr32[3] = cv4->_ip._ip4->ip_src.s_addr; | |
289 | local->in6dst = acs->local.in6src; | |
290 | if ((cv4->ip_payload == IPPROTO_TCP) | |
291 | || (cv4->ip_payload == IPPROTO_UDP)) | |
292 | { | |
293 | local->_sport = cv4->_payload._tcp4->th_sport; | |
294 | local->_dport = cv4->_payload._tcp4->th_dport; | |
295 | ||
296 | if (acs->map & NATPT_PORT_MAP) | |
297 | { | |
298 | local->_dport = acs->local._port0; | |
299 | } | |
300 | } | |
301 | } | |
302 | #endif | |
303 | ||
304 | remote = &ats->remote; | |
305 | remote->ip_p = IPPROTO_IPV4; | |
306 | remote->sa_family = AF_INET; | |
307 | remote->in4src = acs->remote.in4src; | |
308 | remote->in4dst = cv4->_ip._ip4->ip_src; | |
309 | if (acs->remote.ad.type == ADDR_ANY) | |
310 | { | |
311 | remote->in4src = cv4->_ip._ip4->ip_dst; | |
312 | } | |
313 | ||
314 | if ((cv4->ip_payload == IPPROTO_TCP) | |
315 | || (cv4->ip_payload == IPPROTO_UDP)) | |
316 | { | |
317 | remote->_sport = cv4->_payload._tcp4->th_dport; | |
318 | remote->_dport = cv4->_payload._tcp4->th_sport; | |
319 | } | |
320 | ||
321 | ats->ip_payload = cv4->ip_payload; | |
322 | ats->session = sess; | |
323 | registTSlotEntry(ats); /* XXX */ | |
324 | ||
325 | hv4 = _hash_pat4(remote); | |
326 | #ifdef NATPT_NAT | |
327 | if (acs->local.sa_family == AF_INET) | |
328 | hv6 = _hash_pat4(local); | |
329 | else | |
330 | #else | |
331 | hv6 = _hash_pat6(local); | |
332 | #endif | |
333 | ||
334 | s = splnet(); | |
335 | LST_hookup_list(&_insideHash [hv6], ats); | |
336 | LST_hookup_list(&_outsideHash[hv4], ats); | |
337 | splx(s); | |
338 | ||
339 | return (ats); | |
340 | } | |
341 | ||
342 | ||
343 | struct _tSlot * | |
344 | internOutgoingV4Hash(int sess, struct _cSlot *acs, struct _cv *cv4) | |
345 | { | |
346 | int s, hv4, hv6; | |
347 | struct pAddr *local, *remote; | |
348 | struct _tSlot *ats; | |
349 | ||
350 | MALLOC(ats, struct _tSlot *, sizeof(struct _tSlot), M_TEMP, M_NOWAIT); | |
351 | if (ats == NULL) | |
352 | { | |
353 | printf("ENOBUFS in internOutgoingV4Hash %d\n", __LINE__); | |
354 | return (NULL); | |
355 | } | |
356 | ||
357 | bzero(ats, sizeof(struct _tSlot)); | |
358 | ||
359 | local = &ats->local; | |
360 | local->ip_p = IPPROTO_IPV4; | |
361 | local->sa_family = AF_INET; | |
362 | if ((cv4->ip_payload == IPPROTO_TCP) | |
363 | || (cv4->ip_payload == IPPROTO_UDP)) | |
364 | { | |
365 | local->_sport = cv4->_payload._tcp4->th_dport; | |
366 | local->_dport = cv4->_payload._tcp4->th_sport; | |
367 | } | |
368 | ||
369 | local->in4src = cv4->_ip._ip4->ip_dst; | |
370 | local->in4dst = cv4->_ip._ip4->ip_src; | |
371 | ||
372 | remote = &ats->remote; | |
373 | #ifdef NATPT_NAT | |
374 | if (acs->remote.sa_family == AF_INET) | |
375 | { | |
376 | remote->ip_p = IPPROTO_IPV4; | |
377 | remote->sa_family = AF_INET; | |
378 | if ((cv4->ip_payload == IPPROTO_TCP) | |
379 | || (cv4->ip_payload == IPPROTO_UDP)) | |
380 | { | |
381 | remote->_sport = cv4->_payload._tcp4->th_sport; | |
382 | remote->_dport = cv4->_payload._tcp4->th_dport; | |
383 | } | |
384 | remote->in4src = acs->remote.in4src; | |
385 | remote->in4dst = cv4->_ip._ip4->ip_dst; | |
386 | } | |
387 | else | |
388 | #else /* need check */ | |
389 | { | |
390 | remote->ip_p = IPPROTO_IPV6; | |
391 | remote->sa_family = AF_INET6; | |
392 | if ((cv4->ip_payload == IPPROTO_TCP) | |
393 | || (cv4->ip_payload == IPPROTO_UDP)) | |
394 | { | |
395 | remote->_sport = cv4->_payload._tcp4->th_sport; | |
396 | remote->_dport = cv4->_payload._tcp4->th_dport; | |
397 | } | |
398 | ||
399 | if (acs->flags == NATPT_FAITH) | |
400 | { | |
401 | struct in6_ifaddr *ia6; | |
402 | ||
403 | remote->in6dst.s6_addr32[0] = faith_prefix.s6_addr32[0]; | |
404 | remote->in6dst.s6_addr32[1] = faith_prefix.s6_addr32[1]; | |
405 | remote->in6dst.s6_addr32[3] = cv4->_ip._ip4->ip_dst.s_addr; | |
406 | ||
407 | ia6 = in6_ifawithscope(natpt_ip6src, &remote->in6dst); | |
408 | remote->in6src = ia6->ia_addr.sin6_addr; | |
409 | } | |
410 | else | |
411 | { | |
412 | remote->in6src.s6_addr32[3] = cv4->_ip._ip4->ip_src.s_addr; | |
413 | remote->in6dst = acs->remote.in6src; | |
414 | } | |
415 | } | |
416 | #endif | |
417 | ||
418 | ats->ip_payload = cv4->ip_payload; | |
419 | ats->session = sess; | |
420 | registTSlotEntry(ats); /* XXX */ | |
421 | ||
422 | hv4 = _hash_pat4(local); | |
423 | #ifdef NATPT_NAT | |
424 | if (acs->remote.sa_family == AF_INET) | |
425 | hv6 = _hash_pat4(remote); | |
426 | else | |
427 | #else | |
428 | hv6 = _hash_pat6(remote); | |
429 | #endif | |
430 | ||
431 | s = splnet(); | |
432 | LST_hookup_list(&_insideHash [hv4], ats); | |
433 | LST_hookup_list(&_outsideHash[hv6], ats); | |
434 | splx(s); | |
435 | ||
436 | return (ats); | |
437 | } | |
438 | ||
439 | ||
440 | struct _tSlot * | |
441 | internIncomingV6Hash(int sess, struct _cSlot *acs, struct _cv *cv6) | |
442 | { | |
443 | int s, hv4, hv6; | |
444 | struct pAddr *local, *remote; | |
445 | struct _tSlot *ats; | |
446 | ||
447 | MALLOC(ats, struct _tSlot *, sizeof(struct _tSlot), M_TEMP, M_NOWAIT); | |
448 | if (ats == NULL) | |
449 | { | |
450 | printf("ENOBUFS in internIncomingV6Hash %d\n", __LINE__); | |
451 | return (NULL); | |
452 | } | |
453 | ||
454 | bzero(ats, sizeof(struct _tSlot)); | |
455 | ||
456 | local = &ats->local; | |
457 | local->ip_p = IPPROTO_IPV4; | |
458 | local->sa_family = AF_INET; | |
459 | if ((cv6->ip_payload == IPPROTO_TCP) | |
460 | || (cv6->ip_payload == IPPROTO_UDP)) | |
461 | { | |
462 | local->_sport = cv6->_payload._tcp6->th_sport; | |
463 | local->_dport = cv6->_payload._tcp6->th_dport; | |
464 | } | |
465 | local->in4src = acs->local.in4src; | |
466 | local->in4dst.s_addr = cv6->_ip._ip6->ip6_dst.s6_addr32[3]; | |
467 | local->sa_family = AF_INET; | |
468 | local->ip_p = IPPROTO_IPV4; | |
469 | ||
470 | remote = &ats->remote; | |
471 | remote->ip_p = IPPROTO_IPV6; | |
472 | if ((cv6->ip_payload == IPPROTO_TCP) | |
473 | || (cv6->ip_payload == IPPROTO_UDP)) | |
474 | { | |
475 | remote->_sport = cv6->_payload._tcp6->th_dport; | |
476 | remote->_dport = cv6->_payload._tcp6->th_sport; | |
477 | } | |
478 | remote->in6src = cv6->_ip._ip6->ip6_dst; | |
479 | remote->in6dst = acs->remote.in6dst; | |
480 | remote->sa_family = AF_INET6; | |
481 | remote->ip_p = IPPROTO_IPV6; | |
482 | ||
483 | ats->ip_payload = cv6->ip_payload; | |
484 | ats->session = sess; | |
485 | registTSlotEntry(ats); /* XXX */ | |
486 | ||
487 | hv6 = _hash_pat6(remote); | |
488 | hv4 = _hash_pat4(local); | |
489 | ||
490 | s = splnet(); | |
491 | LST_hookup_list(&_outsideHash[hv6], ats); | |
492 | LST_hookup_list(&_insideHash [hv4], ats); | |
493 | splx(s); | |
494 | ||
495 | return (ats); | |
496 | } | |
497 | ||
498 | ||
499 | struct _tSlot * | |
500 | internOutgoingV6Hash(int sess, struct _cSlot *acs, struct _cv *cv6) | |
501 | { | |
502 | int s, hv4, hv6; | |
503 | struct pAddr *local, *remote; | |
504 | struct _tSlot *ats; | |
505 | ||
506 | natpt_logIp6(LOG_DEBUG, cv6->_ip._ip6); | |
507 | ||
508 | MALLOC(ats, struct _tSlot *, sizeof(struct _tSlot), M_TEMP, M_NOWAIT); | |
509 | if (ats == NULL) | |
510 | { | |
511 | printf("ENOBUFS in internOutgoingV6Hash %d\n", __LINE__); | |
512 | return (NULL); | |
513 | } | |
514 | ||
515 | bzero(ats, sizeof(struct _tSlot)); | |
516 | ||
517 | local = fillupOutgoingV6local(acs, cv6, &ats->local); | |
518 | if ((remote = fillupOutgoingV6Remote(acs, cv6, &ats->remote)) == 0) | |
519 | { | |
520 | FREE(ats, M_TEMP); | |
521 | return (NULL); | |
522 | } | |
523 | ||
524 | ats->ip_payload = cv6->ip_payload; | |
525 | ats->session = sess; | |
526 | registTSlotEntry(ats); /* XXX */ | |
527 | ||
528 | hv6 = _hash_pat6(local); | |
529 | hv4 = _hash_pat4(remote); | |
530 | ||
531 | s = splnet(); | |
532 | LST_hookup_list(&_insideHash [hv6], ats); | |
533 | LST_hookup_list(&_outsideHash[hv4], ats); | |
534 | splx(s); | |
535 | ||
536 | return (ats); | |
537 | } | |
538 | ||
539 | ||
540 | struct _tSlot * | |
541 | checkTraceroute6Return(struct _cv *cv4) | |
542 | { | |
543 | int hv; | |
544 | Cell *p; | |
545 | struct ip *icmpip4; | |
546 | struct udphdr *icmpudp4; | |
547 | struct sockaddr_in src, dst; | |
548 | struct _tSlot *ats; | |
549 | ||
550 | if ((cv4->ip_payload != IPPROTO_ICMP) | |
551 | || ((cv4->_payload._icmp4->icmp_type != ICMP_UNREACH) | |
552 | && (cv4->_payload._icmp4->icmp_type != ICMP_TIMXCEED))) | |
553 | return (NULL); | |
554 | ||
555 | icmpip4 = &cv4->_payload._icmp4->icmp_ip; | |
556 | if (icmpip4->ip_p != IPPROTO_UDP) | |
557 | return (NULL); | |
558 | ||
559 | #ifdef fixSuMiReICMPBug | |
560 | icmpip4->ip_src.s_addr = ICMPSRC; /* XXX */ | |
561 | #endif | |
562 | ||
563 | icmpudp4 = (struct udphdr *)((caddr_t)icmpip4 + (icmpip4->ip_hl << 2)); | |
564 | ||
565 | bzero(&src, sizeof(struct sockaddr_in)); | |
566 | bzero(&dst, sizeof(struct sockaddr_in)); | |
567 | src.sin_addr = icmpip4->ip_src; | |
568 | src.sin_port = icmpudp4->uh_sport; | |
569 | dst.sin_addr = icmpip4->ip_dst; | |
570 | dst.sin_port = icmpudp4->uh_dport; | |
571 | hv = ((_hash_sockaddr4(&src) + _hash_sockaddr4(&dst)) % NATPT_MAXHASH); | |
572 | for (p = _outsideHash[hv]; p; p = CDR(p)) | |
573 | { | |
574 | ats = (struct _tSlot *)CAR(p); | |
575 | ||
576 | if (ats->remote.ip_p != IPPROTO_IPV4) continue; | |
577 | if (ats->ip_payload != IPPROTO_UDP) continue; | |
578 | ||
579 | if (icmpip4->ip_src.s_addr != ats->remote.in4src.s_addr) continue; | |
580 | if (icmpip4->ip_dst.s_addr != ats->remote.in4dst.s_addr) continue; | |
581 | ||
582 | if (icmpudp4->uh_sport != ats->remote._sport) continue; | |
583 | if (icmpudp4->uh_dport != ats->remote._dport) continue; | |
584 | ||
585 | cv4->flags |= NATPT_TRACEROUTE; | |
586 | return (ats); | |
587 | } | |
588 | ||
589 | return (NULL); | |
590 | } | |
591 | ||
592 | ||
593 | static struct pAddr * | |
594 | fillupOutgoingV6local(struct _cSlot *acs, struct _cv *cv6, struct pAddr *local) | |
595 | { | |
596 | local->ip_p = IPPROTO_IPV6; | |
597 | local->sa_family = AF_INET6; | |
598 | local->in6src = cv6->_ip._ip6->ip6_dst; | |
599 | local->in6dst = cv6->_ip._ip6->ip6_src; | |
600 | ||
601 | if ((cv6->ip_payload == IPPROTO_TCP) | |
602 | || (cv6->ip_payload == IPPROTO_UDP)) | |
603 | { | |
604 | local->_sport = cv6->_payload._tcp6->th_dport; | |
605 | local->_dport = cv6->_payload._tcp6->th_sport; | |
606 | } | |
607 | ||
608 | return (local); | |
609 | } | |
610 | ||
611 | ||
612 | static struct pAddr * | |
613 | fillupOutgoingV6Remote(struct _cSlot *acs, struct _cv *cv6, struct pAddr *remote) | |
614 | { | |
615 | remote->ip_p = IPPROTO_IPV4; | |
616 | remote->sa_family = AF_INET; | |
617 | remote->in4src = acs->remote.in4src; | |
618 | remote->in4dst.s_addr = cv6->_ip._ip6->ip6_dst.s6_addr32[3]; | |
619 | ||
620 | if ((cv6->ip_payload == IPPROTO_TCP) | |
621 | || (cv6->ip_payload == IPPROTO_UDP)) | |
622 | { | |
623 | remote->_sport = cv6->_payload._tcp6->th_sport; | |
624 | remote->_dport = cv6->_payload._tcp6->th_dport; | |
625 | ||
626 | /* | |
627 | * In case mappoing port number, | |
628 | * acs->remote.port[0..1] has source port mapping range (from command line). | |
629 | * remote->port[0..1] has actual translation slot info. | |
630 | */ | |
631 | if (acs->map & NATPT_PORT_MAP_DYNAMIC) | |
632 | { | |
633 | int firsttime = 0; | |
634 | u_short cport, sport, eport; | |
635 | struct pAddr pata; /* pata.{s,d}port hold network byte order */ | |
636 | ||
637 | cport = ntohs(acs->cport); | |
638 | sport = ntohs(acs->remote._sport); | |
639 | eport = ntohs(acs->remote._eport); | |
640 | ||
641 | if (cport == 0) | |
642 | cport = sport - 1; | |
643 | ||
644 | bzero(&pata, sizeof(pata)); | |
645 | pata.ip_p = IPPROTO_IPV4; | |
646 | pata.sa_family = AF_INET; | |
647 | pata.in4src = acs->remote.in4src; | |
648 | pata.in4dst.s_addr = cv6->_ip._ip6->ip6_dst.s6_addr32[3]; | |
649 | pata._dport = remote->_dport; | |
650 | ||
651 | for (;;) | |
652 | { | |
653 | while (++cport <= eport) | |
654 | { | |
655 | pata._sport = htons(cport); | |
656 | if (_outsideHash[_hash_pat4(&pata)] == NULL) | |
657 | goto found; | |
658 | } | |
659 | ||
660 | if (firsttime == 0) | |
661 | firsttime++, | |
662 | cport = sport - 1; | |
663 | else | |
664 | return (NULL); | |
665 | } | |
666 | ||
667 | found:; | |
668 | remote->_sport = acs->cport = htons(cport); | |
669 | } | |
670 | } | |
671 | ||
672 | return (remote); | |
673 | } | |
674 | ||
675 | ||
676 | static struct _tSlot * | |
677 | registTSlotEntry(struct _tSlot *ats) | |
678 | { | |
679 | int s; | |
680 | Cell *p; | |
681 | struct timeval atv; | |
682 | ||
683 | if (tSlotEntryUsed >= tSlotEntryMax) | |
684 | return (NULL); | |
685 | ||
686 | tSlotEntryUsed++; | |
687 | ||
688 | microtime(&atv); | |
689 | ats->tstamp = atv.tv_sec; | |
690 | ||
691 | p = LST_cons(ats, NULL); | |
692 | ||
693 | s = splnet(); | |
694 | ||
695 | if (tSlotEntry == NULL) | |
696 | tSlotEntry = p; | |
697 | else | |
698 | CDR(p) = tSlotEntry, tSlotEntry = p; | |
699 | ||
700 | splx(s); | |
701 | ||
702 | return (ats); | |
703 | } | |
704 | ||
705 | ||
706 | /* | |
707 | * | |
708 | */ | |
709 | ||
710 | static void | |
711 | _expireTSlot(void *ignored_arg) | |
712 | { | |
713 | struct timeval atv; | |
714 | #ifdef __APPLE__ | |
715 | boolean_t funnel_state; | |
716 | funnel_state = thread_set_funneled(TRUE); | |
717 | #endif | |
718 | ||
719 | timeout(_expireTSlot, (caddr_t)0, tSlotTimer); | |
720 | microtime(&atv); | |
721 | ||
722 | _expireTSlotEntry(&atv); | |
723 | #ifdef __APPLE__ | |
724 | (void) thread_set_funneled(funnel_state); | |
725 | #endif | |
726 | } | |
727 | ||
728 | ||
729 | static void | |
730 | _expireTSlotEntry(struct timeval *atv) | |
731 | { | |
732 | struct _cell *p0, *p1, *q; | |
733 | struct _tSlot *tsl; | |
734 | ||
735 | p0 = tSlotEntry; | |
736 | q = NULL; | |
737 | while (p0) | |
738 | { | |
739 | tsl = (struct _tSlot *)CAR(p0); | |
740 | p1 = CDR(p0); | |
741 | ||
742 | switch (tsl->ip_payload) | |
743 | { | |
744 | case IPPROTO_ICMP: | |
745 | if ((atv->tv_sec - tsl->tstamp) >= maxTTLicmp) | |
746 | _removeTSlotEntry(p0, q); | |
747 | break; | |
748 | ||
749 | case IPPROTO_UDP: | |
750 | if ((atv->tv_sec - tsl->tstamp) >= maxTTLudp) | |
751 | _removeTSlotEntry(p0, q); | |
752 | break; | |
753 | ||
754 | case IPPROTO_TCP: | |
755 | switch (tsl->suit.tcp->_state) | |
756 | { | |
757 | case TCPS_CLOSED: | |
758 | if ((atv->tv_sec - tsl->tstamp) >= _natpt_TCPT_2MSL) | |
759 | _removeTSlotEntry(p0, q); | |
760 | break; | |
761 | ||
762 | case TCPS_SYN_SENT: | |
763 | case TCPS_SYN_RECEIVED: | |
764 | if ((atv->tv_sec - tsl->tstamp) >= _natpt_tcp_maxidle) | |
765 | _removeTSlotEntry(p0, q); | |
766 | break; | |
767 | ||
768 | case TCPS_ESTABLISHED: | |
769 | if ((atv->tv_sec - tsl->tstamp) >= maxTTLtcp) | |
770 | _removeTSlotEntry(p0, q); | |
771 | break; | |
772 | ||
773 | case TCPS_FIN_WAIT_1: | |
774 | case TCPS_FIN_WAIT_2: | |
775 | if ((atv->tv_sec - tsl->tstamp) >= _natpt_tcp_maxidle) | |
776 | _removeTSlotEntry(p0, q); | |
777 | break; | |
778 | ||
779 | case TCPS_TIME_WAIT: | |
780 | if ((atv->tv_sec - tsl->tstamp) >= _natpt_TCPT_2MSL) | |
781 | _removeTSlotEntry(p0, q); | |
782 | break; | |
783 | ||
784 | default: | |
785 | if ((atv->tv_sec - tsl->tstamp) >= maxTTLtcp) | |
786 | _removeTSlotEntry(p0, q); | |
787 | break; | |
788 | } | |
789 | break; | |
790 | ||
791 | default: | |
792 | if ((atv->tv_sec - tsl->tstamp) >= maxTTLany) | |
793 | _removeTSlotEntry(p0, q); | |
794 | break; | |
795 | } | |
796 | ||
797 | if (CAR(p0) != CELL_FREE_MARKER) /* p0 may not removed */ | |
798 | q = p0; | |
799 | ||
800 | p0 = p1; | |
801 | } | |
802 | } | |
803 | ||
804 | ||
805 | static void | |
806 | _removeTSlotEntry(struct _cell *p, struct _cell *q) | |
807 | { | |
808 | int s; | |
809 | int hvin, hvout; | |
810 | struct _tSlot *tsl = (struct _tSlot *)CAR(p); | |
811 | ||
812 | if ((tsl->ip_payload == IPPROTO_TCP) | |
813 | && (tsl->suit.tcp != NULL)) | |
814 | { | |
815 | FREE(tsl->suit.tcp, M_NATPT); | |
816 | } | |
817 | ||
818 | if (tsl->local.ip_p == IPPROTO_IPV4) | |
819 | hvin = _hash_pat4(&tsl->local); | |
820 | else | |
821 | hvin = _hash_pat6(&tsl->local); | |
822 | ||
823 | if (tsl->remote.ip_p == IPPROTO_IPV4) | |
824 | hvout = _hash_pat4(&tsl->remote); | |
825 | else | |
826 | hvout = _hash_pat6(&tsl->remote); | |
827 | ||
828 | s = splnet(); | |
829 | ||
830 | _removeHash(&_insideHash, hvin, (caddr_t)tsl); | |
831 | _removeHash(&_outsideHash, hvout, (caddr_t)tsl); | |
832 | ||
833 | if (q != NULL) | |
834 | CDR(q) = CDR(p); | |
835 | else | |
836 | tSlotEntry = CDR(p); | |
837 | ||
838 | splx(s); | |
839 | ||
840 | LST_free(p); | |
841 | FREE(tsl, M_NATPT); | |
842 | ||
843 | tSlotEntryUsed--; | |
844 | } | |
845 | ||
846 | ||
847 | static int | |
848 | _removeHash(Cell *(*table)[], int hv, caddr_t node) | |
849 | { | |
850 | register Cell *p, *q; | |
851 | ||
852 | if ((p = (*table)[hv]) == NULL) | |
853 | return (0); | |
854 | ||
855 | if (CDR(p) == NULL) | |
856 | { | |
857 | if (CAR(p) == (Cell *)node) | |
858 | { | |
859 | LST_free(p); | |
860 | (*table)[hv] = NULL; | |
861 | } | |
862 | return (0); | |
863 | } | |
864 | ||
865 | for (p = (*table)[hv], q = NULL; p; q = p, p = CDR(p)) | |
866 | { | |
867 | if (CAR(p) != (Cell *)node) | |
868 | continue; | |
869 | ||
870 | if (q == NULL) | |
871 | (*table)[hv] = CDR(p); | |
872 | else | |
873 | CDR(q) = CDR(p); | |
874 | ||
875 | LST_free(p); | |
876 | return (0); | |
877 | } | |
878 | ||
879 | return (0); | |
880 | } | |
881 | ||
882 | ||
883 | /* | |
884 | * | |
885 | */ | |
886 | ||
887 | static int | |
888 | _hash_ip4(struct _cv *cv) | |
889 | { | |
890 | struct ip *ip; | |
891 | struct sockaddr_in src, dst; | |
892 | ||
893 | bzero(&src, sizeof(struct sockaddr_in)); | |
894 | bzero(&dst, sizeof(struct sockaddr_in)); | |
895 | ||
896 | ip = cv->_ip._ip4; | |
897 | src.sin_addr = ip->ip_src; | |
898 | dst.sin_addr = ip->ip_dst; | |
899 | ||
900 | if ((ip->ip_p == IPPROTO_TCP) || (ip->ip_p == IPPROTO_UDP)) | |
901 | { | |
902 | struct tcphdr *tcp = cv->_payload._tcp4; | |
903 | ||
904 | src.sin_port = tcp->th_sport; | |
905 | dst.sin_port = tcp->th_dport; | |
906 | } | |
907 | ||
908 | return ((_hash_sockaddr4(&src) + _hash_sockaddr4(&dst)) % NATPT_MAXHASH); | |
909 | } | |
910 | ||
911 | ||
912 | static int | |
913 | _hash_ip6(struct _cv *cv) | |
914 | { | |
915 | struct ip6_hdr *ip6; | |
916 | struct sockaddr_in6 src, dst; | |
917 | ||
918 | bzero(&src, sizeof(struct sockaddr_in6)); | |
919 | bzero(&dst, sizeof(struct sockaddr_in6)); | |
920 | ||
921 | ip6 = cv->_ip._ip6; | |
922 | src.sin6_addr = ip6->ip6_src; | |
923 | dst.sin6_addr = ip6->ip6_dst; | |
924 | ||
925 | if ((cv->ip_payload == IPPROTO_TCP) || (cv->ip_payload == IPPROTO_UDP)) | |
926 | { | |
927 | struct tcp6hdr *tcp6 = cv->_payload._tcp6; | |
928 | ||
929 | src.sin6_port = tcp6->th_sport; | |
930 | dst.sin6_port = tcp6->th_dport; | |
931 | } | |
932 | ||
933 | return ((_hash_sockaddr6(&src) + _hash_sockaddr6(&dst)) % NATPT_MAXHASH); | |
934 | } | |
935 | ||
936 | ||
937 | static int | |
938 | _hash_pat4(struct pAddr *pat4) | |
939 | { | |
940 | struct sockaddr_in src, dst; | |
941 | ||
942 | bzero(&src, sizeof(struct sockaddr_in)); | |
943 | bzero(&dst, sizeof(struct sockaddr_in)); | |
944 | ||
945 | src.sin_port = pat4->_sport; | |
946 | src.sin_addr = pat4->in4src; | |
947 | dst.sin_port = pat4->_dport; | |
948 | dst.sin_addr = pat4->in4dst; | |
949 | ||
950 | return ((_hash_sockaddr4(&src) + _hash_sockaddr4(&dst)) % NATPT_MAXHASH); | |
951 | } | |
952 | ||
953 | ||
954 | static int | |
955 | _hash_pat6(struct pAddr *pat6) | |
956 | { | |
957 | struct sockaddr_in6 src, dst; | |
958 | ||
959 | bzero(&src, sizeof(struct sockaddr_in6)); | |
960 | bzero(&dst, sizeof(struct sockaddr_in6)); | |
961 | ||
962 | src.sin6_port = pat6->_sport; | |
963 | src.sin6_addr = pat6->in6src; | |
964 | dst.sin6_port = pat6->_dport; | |
965 | dst.sin6_addr = pat6->in6dst; | |
966 | ||
967 | return ((_hash_sockaddr6(&src) + _hash_sockaddr6(&dst)) % NATPT_MAXHASH); | |
968 | } | |
969 | ||
970 | ||
971 | static int | |
972 | _hash_sockaddr4(struct sockaddr_in *sin4) | |
973 | { | |
974 | int byte; | |
975 | ||
976 | byte = sizeof(sin4->sin_port) + sizeof(sin4->sin_addr); | |
977 | return (_hash_pjw((char *)&sin4->sin_port, byte)); | |
978 | } | |
979 | ||
980 | ||
981 | static int | |
982 | _hash_sockaddr6(struct sockaddr_in6 *sin6) | |
983 | { | |
984 | int byte; | |
985 | ||
986 | sin6->sin6_flowinfo = 0; | |
987 | byte = sizeof(sin6->sin6_port) | |
988 | + sizeof(sin6->sin6_flowinfo) | |
989 | + sizeof(sin6->sin6_addr); | |
990 | return (_hash_pjw((char *)&sin6->sin6_port, byte)); | |
991 | } | |
992 | ||
993 | ||
994 | /* CAUTION */ | |
995 | /* This hash routine is byte order sensitive. Be Careful. */ | |
996 | ||
997 | static int | |
998 | _hash_pjw(register u_char *s, int len) | |
999 | { | |
1000 | register u_int c; | |
1001 | register u_int h, g; | |
1002 | ||
1003 | for (c = h = g = 0; c < len; c++, s++) | |
1004 | { | |
1005 | h = (h << 4) + (*s); | |
1006 | if ((g = h & 0xf0000000)) | |
1007 | { | |
1008 | h ^= (g >> 24); | |
1009 | h ^= g; | |
1010 | } | |
1011 | } | |
1012 | return (h % NATPT_MAXHASH); | |
1013 | } | |
1014 | ||
1015 | ||
1016 | /* | |
1017 | * | |
1018 | */ | |
1019 | ||
1020 | void | |
1021 | init_hash() | |
1022 | { | |
1023 | bzero((caddr_t)_insideHash, sizeof(_insideHash)); | |
1024 | bzero((caddr_t)_outsideHash, sizeof(_outsideHash)); | |
1025 | } | |
1026 | ||
1027 | ||
1028 | void | |
1029 | init_tslot() | |
1030 | { | |
1031 | tSlotEntry = NULL; | |
1032 | tSlotEntryMax = MAXTSLOTENTRY; | |
1033 | tSlotEntryUsed = 0; | |
1034 | ||
1035 | tSlotTimer = 60 * hz; | |
1036 | timeout(_expireTSlot, (caddr_t)0, tSlotTimer); | |
1037 | ||
1038 | _natpt_TCPT_2MSL = 120; /* [sec] */ | |
1039 | _natpt_tcp_maxidle = 600; /* [sec] */ | |
1040 | ||
1041 | maxTTLicmp = maxTTLudp = _natpt_TCPT_2MSL; | |
1042 | maxTTLtcp = maxTTLany = 86400; /* [sec] */ | |
1043 | } |