summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordarrenr <darrenr@FreeBSD.org>2002-03-19 11:30:21 +0000
committerdarrenr <darrenr@FreeBSD.org>2002-03-19 11:30:21 +0000
commit2cfa1faf2bddf1c2e15ba7b53d344287e9bac019 (patch)
tree0627c864dc747607ad117960a86d9b5bbb5312da
parent3e3a2565b18d6ea97d2e39775019ea818e96f149 (diff)
parent556707698ec4ad5f069aadf43f197993b46fab21 (diff)
downloadFreeBSD-src-2cfa1faf2bddf1c2e15ba7b53d344287e9bac019.zip
FreeBSD-src-2cfa1faf2bddf1c2e15ba7b53d344287e9bac019.tar.gz
This commit was generated by cvs2svn to compensate for changes in r92680,
which included commits to RCS files with non-trunk default branches.
-rw-r--r--sys/contrib/ipfilter/netinet/ip_h323_pxy.c275
-rw-r--r--sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c292
-rw-r--r--sys/contrib/ipfilter/netinet/ip_netbios_pxy.c109
3 files changed, 676 insertions, 0 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_h323_pxy.c b/sys/contrib/ipfilter/netinet/ip_h323_pxy.c
new file mode 100644
index 0000000..14aa47b
--- /dev/null
+++ b/sys/contrib/ipfilter/netinet/ip_h323_pxy.c
@@ -0,0 +1,275 @@
+/*
+ * Copyright 2001, QNX Software Systems Ltd. All Rights Reserved
+ *
+ * This source code has been published by QNX Software Systems Ltd. (QSSL).
+ * However, any use, reproduction, modification, distribution or transfer of
+ * this software, or any software which includes or is based upon any of this
+ * code, is only permitted under the terms of the QNX Open Community License
+ * version 1.0 (see licensing.qnx.com for details) or as otherwise expressly
+ * authorized by a written license agreement from QSSL. For more information,
+ * please email licensing@qnx.com.
+ *
+ */
+
+/*
+ * Simple H.323 proxy
+ *
+ * by xtang@canada.com
+ * ported to ipfilter 3.4.20 by Michael Grant mg-ipf@grant.org
+ */
+
+#if __FreeBSD_version >= 220000 && defined(_KERNEL)
+# include <sys/fcntl.h>
+# include <sys/filio.h>
+#else
+# include <sys/ioctl.h>
+#endif
+
+#define IPF_H323_PROXY
+
+int ippr_h323_init __P((void));
+int ippr_h323_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+void ippr_h323_del __P((ap_session_t *));
+int ippr_h323_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+int ippr_h323_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+
+int ippr_h245_init __P((void));
+int ippr_h245_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+int ippr_h245_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+int ippr_h245_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+
+static frentry_t h323_fr;
+#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
+extern KRWLOCK_T ipf_nat;
+#endif
+
+static int find_port __P((int, u_char *, int datlen, int *, u_short *));
+
+
+static int find_port(ipaddr, data, datlen, off, port)
+int ipaddr;
+unsigned char *data;
+int datlen, *off;
+unsigned short *port;
+{
+ if (datlen < 6)
+ return -1;
+
+ *port = 0;
+ for (*off = 0; *off <= datlen - 6; *off = *off + 1) {
+ if (ipaddr == *(int *)(data + *off))
+ {
+ *port = (*(data + *off + 4) << 8) + *(data + *off +5);
+ break;
+ }
+ }
+ return (*off > datlen - 6) ? -1 : 0;
+}
+
+/*
+ * Initialize local structures.
+ */
+int ippr_h323_init()
+{
+ bzero((char *)&h323_fr, sizeof(h323_fr));
+ h323_fr.fr_ref = 1;
+ h323_fr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
+
+ return 0;
+}
+
+
+int ippr_h323_new(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ aps->aps_data = NULL;
+ aps->aps_psiz = 0;
+
+ return 0;
+}
+
+
+void ippr_h323_del(aps)
+ap_session_t *aps;
+{
+ int i;
+ ipnat_t *ipn;
+
+ if (aps->aps_data) {
+ for (i = 0, ipn = aps->aps_data;
+ i < (aps->aps_psiz / sizeof(ipnat_t));
+ i++, ipn = (ipnat_t *)((char *)ipn + sizeof(*ipn)))
+ {
+ /*
+ * Check the comment in ippr_h323_in() function,
+ * just above nat_ioctl() call.
+ * We are lucky here because this function is not
+ * called with ipf_nat locked.
+ */
+ if (nat_ioctl((caddr_t)ipn, SIOCRMNAT, FWRITE) == -1) {
+ /* log the error */
+ }
+ }
+ KFREES(aps->aps_data, aps->aps_psiz);
+ }
+ return;
+}
+
+
+int ippr_h323_out(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ return 0;
+}
+
+
+int ippr_h323_in(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ int ipaddr, off, datlen;
+ unsigned short port;
+ unsigned char *data;
+ tcphdr_t *tcp;
+
+ tcp = (tcphdr_t *)fin->fin_dp;
+ ipaddr = ip->ip_src.s_addr;
+
+ data = (unsigned char *)tcp + (tcp->th_off << 2);
+ datlen = ip->ip_len - (ip->ip_hl << 2) - (tcp->th_off << 2);
+ if (find_port(ipaddr, data, datlen, &off, &port) == 0) {
+ ipnat_t *ipn;
+ char *newarray;
+
+ /* setup a nat rule to set a h245 proxy on tcp-port "port"
+ * it's like:
+ * map <if> <inter_ip>/<mask> -> <gate_ip>/<mask> proxy port <port> <port>/tcp
+ */
+ KMALLOCS(newarray, char *, aps->aps_psiz + sizeof(*ipn));
+ if (newarray == NULL) {
+ return -1;
+ }
+ ipn = (ipnat_t *)&newarray[aps->aps_psiz];
+ bcopy(nat->nat_ptr, ipn, sizeof(ipnat_t));
+ strncpy(ipn->in_plabel, "h245", APR_LABELLEN);
+
+ ipn->in_inip = nat->nat_inip.s_addr;
+ ipn->in_inmsk = 0xffffffff;
+ ipn->in_dport = htons(port);
+ /*
+ * we got a problem here. we need to call nat_ioctl() to add
+ * the h245 proxy rule, but since we already hold (READ locked)
+ * the nat table rwlock (ipf_nat), if we go into nat_ioctl(),
+ * it will try to WRITE lock it. This will causing dead lock
+ * on RTP.
+ *
+ * The quick & dirty solution here is release the read lock,
+ * call nat_ioctl() and re-lock it.
+ * A (maybe better) solution is do a UPGRADE(), and instead
+ * of calling nat_ioctl(), we add the nat rule ourself.
+ */
+ RWLOCK_EXIT(&ipf_nat);
+ if (nat_ioctl((caddr_t)ipn, SIOCADNAT, FWRITE) == -1) {
+ READ_ENTER(&ipf_nat);
+ return -1;
+ }
+ READ_ENTER(&ipf_nat);
+ bcopy(aps->aps_data, newarray, aps->aps_psiz);
+ KFREES(aps->aps_data, aps->aps_psiz);
+ aps->aps_data = newarray;
+ aps->aps_psiz += sizeof(*ipn);
+ }
+ return 0;
+}
+
+
+int ippr_h245_init()
+{
+ return 0;
+}
+
+
+int ippr_h245_new(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ aps->aps_data = NULL;
+ aps->aps_psiz = 0;
+ return 0;
+}
+
+
+int ippr_h245_out(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ int ipaddr, off, datlen;
+ u_short port;
+ unsigned char *data;
+ tcphdr_t *tcp;
+
+ tcp = (tcphdr_t *)fin->fin_dp;
+ ipaddr = nat->nat_inip.s_addr;
+ data = (unsigned char *)tcp + (tcp->th_off << 2);
+ datlen = ip->ip_len - fin->fin_hlen - (tcp->th_off << 2);
+ if (find_port(ipaddr, data, datlen, &off, &port) == 0) {
+ fr_info_t fi;
+ nat_t *ipn;
+
+/* port = htons(port); */
+ ipn = nat_outlookup(fin->fin_ifp, IPN_UDP, IPPROTO_UDP,
+ ip->ip_src, ip->ip_dst, 1);
+ if (ipn == NULL) {
+ struct ip newip;
+ struct udphdr udp;
+
+ bcopy(ip, &newip, sizeof(newip));
+ newip.ip_len = fin->fin_hlen + sizeof(udp);
+ newip.ip_p = IPPROTO_UDP;
+ newip.ip_src = nat->nat_inip;
+
+ bzero(&udp, sizeof(udp));
+ udp.uh_sport = port;
+
+ bcopy(fin, &fi, sizeof(fi));
+ fi.fin_fi.fi_p = IPPROTO_UDP;
+ fi.fin_data[0] = port;
+ fi.fin_data[1] = 0;
+ fi.fin_dp = (char *)&udp;
+
+ ipn = nat_new(&fi, &newip, nat->nat_ptr, NULL,
+ IPN_UDP|FI_W_DPORT, NAT_OUTBOUND);
+ if (ipn != NULL) {
+ ipn->nat_ptr->in_hits++;
+#ifdef IPFILTER_LOG
+ nat_log(ipn, (u_int)(nat->nat_ptr->in_redir));
+#endif
+ *(int *)(data + off) = ip->ip_src.s_addr;
+ *(short *)(data + off + 4) = ipn->nat_outport;
+ }
+ }
+ }
+ return 0;
+}
+
+
+int ippr_h245_in(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ return 0;
+}
diff --git a/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c b/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c
new file mode 100644
index 0000000..40ce131
--- /dev/null
+++ b/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c
@@ -0,0 +1,292 @@
+/*
+ * Simple ISAKMP transparent proxy for in-kernel use. For use with the NAT
+ * code.
+ *
+ * $Id: ip_ipsec_pxy.c,v 1.1.2.10 2002/01/13 04:58:29 darrenr Exp $
+ *
+ */
+#define IPF_IPSEC_PROXY
+
+
+int ippr_ipsec_init __P((void));
+int ippr_ipsec_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+void ippr_ipsec_del __P((ap_session_t *));
+int ippr_ipsec_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+int ippr_ipsec_match __P((fr_info_t *, ap_session_t *, nat_t *));
+
+static frentry_t ipsecfr;
+
+
+static char ipsec_buffer[1500];
+
+/*
+ * RCMD application proxy initialization.
+ */
+int ippr_ipsec_init()
+{
+ bzero((char *)&ipsecfr, sizeof(ipsecfr));
+ ipsecfr.fr_ref = 1;
+ ipsecfr.fr_flags = FR_OUTQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
+ return 0;
+}
+
+
+/*
+ * Setup for a new IPSEC proxy.
+ */
+int ippr_ipsec_new(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ ipsec_pxy_t *ipsec;
+ fr_info_t fi;
+ ipnat_t *ipn;
+ char *ptr;
+ int p, off, dlen;
+ mb_t *m;
+
+ bzero(ipsec_buffer, sizeof(ipsec_buffer));
+ off = fin->fin_hlen + sizeof(udphdr_t);
+#ifdef _KERNEL
+# if SOLARIS
+ m = fin->fin_qfm;
+
+ dlen = msgdsize(m) - off;
+ if (dlen < 16)
+ return -1;
+ copyout_mblk(m, off, MIN(sizeof(ipsec_buffer), dlen), ipsec_buffer);
+# else
+ m = *(mb_t **)fin->fin_mp;
+ dlen = mbufchainlen(m) - off;
+ if (dlen < 16)
+ return -1;
+ m_copydata(m, off, MIN(sizeof(ipsec_buffer), dlen), ipsec_buffer);
+# endif
+#else
+ m = *(mb_t **)fin->fin_mp;
+ dlen = ip->ip_len - off;
+ ptr = (char *)m;
+ ptr += off;
+ bcopy(ptr, ipsec_buffer, MIN(sizeof(ipsec_buffer), dlen));
+#endif
+
+ /*
+ * Because _new() gets called from nat_new(), ipf_nat is held with a
+ * write lock so pass rw=1 to nat_outlookup().
+ */
+ if (nat_outlookup(fin, 0, IPPROTO_ESP, nat->nat_inip,
+ ip->ip_dst, 1) != NULL)
+ return -1;
+
+ aps->aps_psiz = sizeof(*ipsec);
+ KMALLOCS(aps->aps_data, ipsec_pxy_t *, sizeof(*ipsec));
+ if (aps->aps_data == NULL)
+ return -1;
+
+ ipsec = aps->aps_data;
+ bzero((char *)ipsec, sizeof(*ipsec));
+
+ /*
+ * Create NAT rule against which the tunnel/transport mapping is
+ * created. This is required because the current NAT rule does not
+ * describe ESP but UDP instead.
+ */
+ ipn = &ipsec->ipsc_rule;
+ ipn->in_ifp = fin->fin_ifp;
+ ipn->in_apr = NULL;
+ ipn->in_use = 1;
+ ipn->in_hits = 1;
+ ipn->in_nip = ntohl(nat->nat_outip.s_addr);
+ ipn->in_ippip = 1;
+ ipn->in_inip = nat->nat_inip.s_addr;
+ ipn->in_inmsk = 0xffffffff;
+ ipn->in_outip = nat->nat_outip.s_addr;
+ ipn->in_outmsk = 0xffffffff;
+ ipn->in_srcip = fin->fin_saddr;
+ ipn->in_srcmsk = 0xffffffff;
+ ipn->in_redir = NAT_MAP;
+ bcopy(nat->nat_ptr->in_ifname, ipn->in_ifname, sizeof(ipn->in_ifname));
+ ipn->in_p = IPPROTO_ESP;
+
+ bcopy((char *)fin, (char *)&fi, sizeof(fi));
+ fi.fin_fi.fi_p = IPPROTO_ESP;
+ fi.fin_fr = &ipsecfr;
+ fi.fin_data[0] = 0;
+ fi.fin_data[1] = 0;
+ p = ip->ip_p;
+ ip->ip_p = IPPROTO_ESP;
+ fi.fin_fl &= ~FI_TCPUDP;
+
+ ptr = ipsec_buffer;
+ bcopy(ptr, ipsec->ipsc_icookie, sizeof(ipsec_cookie_t));
+ ptr += sizeof(ipsec_cookie_t);
+ bcopy(ptr, ipsec->ipsc_rcookie, sizeof(ipsec_cookie_t));
+ /*
+ * The responder cookie should only be non-zero if the initiator
+ * cookie is non-zero. Therefore, it is safe to assume(!) that the
+ * cookies are both set after copying if the responder is non-zero.
+ */
+ if ((ipsec->ipsc_rcookie[0]|ipsec->ipsc_rcookie[1]) != 0)
+ ipsec->ipsc_rckset = 1;
+ else
+ nat->nat_age = 60; /* 30 seconds */
+
+ ipsec->ipsc_nat = nat_new(&fi, ip, ipn, &ipsec->ipsc_nat, FI_IGNOREPKT,
+ NAT_OUTBOUND);
+ if (ipsec->ipsc_nat != NULL) {
+ fi.fin_data[0] = 0;
+ fi.fin_data[1] = 0;
+ ipsec->ipsc_state = fr_addstate(ip, &fi, &ipsec->ipsc_state,
+ FI_IGNOREPKT|FI_NORULE);
+ }
+ ip->ip_p = p;
+ return 0;
+}
+
+
+/*
+ * For outgoing IKE packets. refresh timeouts for NAT & stat entries, if
+ * we can. If they have disappeared, recreate them.
+ */
+int ippr_ipsec_out(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ ipsec_pxy_t *ipsec;
+ fr_info_t fi;
+ int p;
+
+ bcopy((char *)fin, (char *)&fi, sizeof(fi));
+ fi.fin_fi.fi_p = IPPROTO_ESP;
+ fi.fin_fr = &ipsecfr;
+ fi.fin_data[0] = 0;
+ fi.fin_data[1] = 0;
+ p = ip->ip_p;
+ ip->ip_p = IPPROTO_ESP;
+ fi.fin_fl &= ~FI_TCPUDP;
+
+ ipsec = aps->aps_data;
+ if (ipsec != NULL) {
+ /*
+ * Update NAT timeout/create NAT if missing.
+ */
+ if (ipsec->ipsc_rckset == 0)
+ nat->nat_age = 60; /* 30 seconds */
+ if (ipsec->ipsc_nat != NULL)
+ ipsec->ipsc_nat->nat_age = nat->nat_age;
+ else
+ ipsec->ipsc_nat = nat_new(&fi, ip, &ipsec->ipsc_rule,
+ &ipsec->ipsc_nat,
+ FI_IGNOREPKT, NAT_OUTBOUND);
+
+ /*
+ * Update state timeout/create state if missing.
+ */
+ READ_ENTER(&ipf_state);
+ if (ipsec->ipsc_state != NULL) {
+ ipsec->ipsc_state->is_age = nat->nat_age;
+ RWLOCK_EXIT(&ipf_state);
+ } else {
+ RWLOCK_EXIT(&ipf_state);
+ fi.fin_data[0] = 0;
+ fi.fin_data[1] = 0;
+ ipsec->ipsc_state = fr_addstate(ip, &fi,
+ &ipsec->ipsc_state,
+ FI_IGNOREPKT|FI_NORULE);
+ }
+ }
+ ip->ip_p = p;
+ return 0;
+}
+
+
+/*
+ * This extends the NAT matching to be based on the cookies associated with
+ * a session and found at the front of IKE packets. The cookies are always
+ * in the same order (not reversed depending on packet flow direction as with
+ * UDP/TCP port numbers).
+ */
+int ippr_ipsec_match(fin, aps, nat)
+fr_info_t *fin;
+ap_session_t *aps;
+nat_t *nat;
+{
+ ipsec_pxy_t *ipsec;
+ u_32_t cookies[4];
+ mb_t *m;
+ int off;
+
+ if ((fin->fin_dlen < sizeof(cookies)) || (fin->fin_fl & FI_FRAG))
+ return -1;
+
+ ipsec = aps->aps_data;
+ off = fin->fin_hlen + sizeof(udphdr_t);
+#ifdef _KERNEL
+# if SOLARIS
+ m = fin->fin_qfm;
+
+ copyout_mblk(m, off, sizeof(cookies), (char *)cookies);
+# else
+ m = *(mb_t **)fin->fin_mp;
+ m_copydata(m, off, sizeof(cookies), (char *)cookies);
+# endif
+#else
+ m = *(mb_t **)fin->fin_mp;
+ bcopy((char *)m + off, cookies, sizeof(cookies));
+#endif
+
+ if ((cookies[0] != ipsec->ipsc_icookie[0]) ||
+ (cookies[1] != ipsec->ipsc_icookie[1]))
+ return -1;
+
+ if (ipsec->ipsc_rckset == 0) {
+ if ((cookies[2]|cookies[3]) == 0) {
+ nat->nat_age = 60; /* 30 seconds */
+ return 0;
+ }
+ ipsec->ipsc_rckset = 1;
+ ipsec->ipsc_rcookie[0] = cookies[2];
+ ipsec->ipsc_rcookie[1] = cookies[3];
+ return 0;
+ }
+
+ if ((cookies[2] != ipsec->ipsc_rcookie[0]) ||
+ (cookies[3] != ipsec->ipsc_rcookie[1]))
+ return -1;
+ return 0;
+}
+
+
+/*
+ * clean up after ourselves.
+ */
+void ippr_ipsec_del(aps)
+ap_session_t *aps;
+{
+ ipsec_pxy_t *ipsec;
+
+ ipsec = aps->aps_data;
+
+ if (ipsec != NULL) {
+ /*
+ * Don't delete it from here, just schedule it to be
+ * deleted ASAP.
+ */
+ if (ipsec->ipsc_nat != NULL) {
+ ipsec->ipsc_nat->nat_age = 1;
+ ipsec->ipsc_nat->nat_ptr = NULL;
+ }
+
+ READ_ENTER(&ipf_state);
+ if (ipsec->ipsc_state != NULL)
+ ipsec->ipsc_state->is_age = 1;
+ RWLOCK_EXIT(&ipf_state);
+
+ ipsec->ipsc_state = NULL;
+ ipsec->ipsc_nat = NULL;
+ }
+}
diff --git a/sys/contrib/ipfilter/netinet/ip_netbios_pxy.c b/sys/contrib/ipfilter/netinet/ip_netbios_pxy.c
new file mode 100644
index 0000000..ee9b0c4
--- /dev/null
+++ b/sys/contrib/ipfilter/netinet/ip_netbios_pxy.c
@@ -0,0 +1,109 @@
+/*
+ * Simple netbios-dgm transparent proxy for in-kernel use.
+ * For use with the NAT code.
+ * $Id: ip_netbios_pxy.c,v 1.1.2.3 2002/01/09 09:28:37 darrenr Exp $
+ */
+
+/*-
+ * Copyright (c) 2002 Paul J. Ledbetter III
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: ip_netbios_pxy.c,v 1.1.2.3 2002/01/09 09:28:37 darrenr Exp $
+ */
+
+#define IPF_NETBIOS_PROXY
+
+int ippr_netbios_init __P((void));
+int ippr_netbios_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+
+static frentry_t netbiosfr;
+
+/*
+ * Initialize local structures.
+ */
+int ippr_netbios_init()
+{
+ bzero((char *)&netbiosfr, sizeof(netbiosfr));
+ netbiosfr.fr_ref = 1;
+ netbiosfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
+ return 0;
+}
+
+int ippr_netbios_out(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+ char dgmbuf[6];
+
+ int off, dlen;
+ udphdr_t *udp;
+ mb_t *m;
+
+ m = *(mb_t **)fin->fin_mp;
+ off = fin->fin_hlen + sizeof(udphdr_t);
+#if SOLARIS
+ dlen = msgdsize(m);
+#else
+ dlen = mbufchainlen(m);
+#endif
+ dlen -= off;
+
+ /*
+ * no net bios datagram could possibly be shorter than this
+ */
+ if (dlen < 11)
+ return 0;
+
+ udp = (udphdr_t *)fin->fin_dp;
+
+ /*
+ * move past the
+ * ip header;
+ * udp header;
+ * 4 bytes into the net bios dgm header.
+ * According to rfc1002, this should be the exact location of
+ * the source address/port
+ */
+ off += 4;
+
+ /* Copy NATed source Address/port*/
+ dgmbuf[0] = (char)((ip->ip_src.s_addr ) &0xFF);
+ dgmbuf[1] = (char)((ip->ip_src.s_addr >> 8) &0xFF);
+ dgmbuf[2] = (char)((ip->ip_src.s_addr >> 16)&0xFF);
+ dgmbuf[3] = (char)((ip->ip_src.s_addr >> 24)&0xFF);
+
+ dgmbuf[4] = (char)((udp->uh_sport )&0xFF);
+ dgmbuf[5] = (char)((udp->uh_sport >> 8)&0xFF);
+
+ /* replace data in packet */
+#if SOLARIS
+ copyin_mblk(m, off, sizeof(dgmbuf), dgmbuf);
+#else
+ m_copyback(m, off, sizeof(dgmbuf), dgmbuf);
+#endif
+
+ return 0;
+}
OpenPOWER on IntegriCloud