MFP4:

restrict the utilization of direct pointers to the content of ip packet. These modifications are functionally nop()s thus can be merged with no side effects.
author: piso <piso@FreeBSD.org> 2008-03-06 21:50:41 +0000
committer: piso <piso@FreeBSD.org> 2008-03-06 21:50:41 +0000
commit: 5f33f90d24e8c6aa3689da010e33cf37f17155f7 (patch)
tree: e1a9424168a96098f55aa0944676e9c680eb8076
parent: ad2b8c2d06f61008d2506c5967e2710e156623bf (diff)
download: FreeBSD-src-5f33f90d24e8c6aa3689da010e33cf37f17155f7.zip
FreeBSD-src-5f33f90d24e8c6aa3689da010e33cf37f17155f7.tar.gz
7 files changed, 67 insertions, 77 deletions
diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c
index ed500e1..dbc384f 100644
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@@ -170,48 +170,42 @@ a timeout period.
 */
 
 /* Local prototypes */
-static void	TcpMonitorIn(struct ip *, struct alias_link *);
+static void	TcpMonitorIn(u_char, struct alias_link *);
 
-static void	TcpMonitorOut(struct ip *, struct alias_link *);
+static void	TcpMonitorOut(u_char, struct alias_link *);
 
 
 static void
-TcpMonitorIn(struct ip *pip, struct alias_link *lnk)
+TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
 {
-	struct tcphdr *tc;
-
-	tc = (struct tcphdr *)ip_next(pip);
 
 	switch (GetStateIn(lnk)) {
 	case ALIAS_TCP_STATE_NOT_CONNECTED:
-		if (tc->th_flags & TH_RST)
+		if (th_flags & TH_RST)
 			SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED);
-		else if (tc->th_flags & TH_SYN)
+		else if (th_flags & TH_SYN)
 			SetStateIn(lnk, ALIAS_TCP_STATE_CONNECTED);
 		break;
 	case ALIAS_TCP_STATE_CONNECTED:
-		if (tc->th_flags & (TH_FIN | TH_RST))
+		if (th_flags & (TH_FIN | TH_RST))
 			SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED);
 		break;
 	}
 }
 
 static void
-TcpMonitorOut(struct ip *pip, struct alias_link *lnk)
+TcpMonitorOut(u_char th_flags, struct alias_link *lnk)
 {
-	struct tcphdr *tc;
-
-	tc = (struct tcphdr *)ip_next(pip);
 
 	switch (GetStateOut(lnk)) {
 	case ALIAS_TCP_STATE_NOT_CONNECTED:
-		if (tc->th_flags & TH_RST)
+		if (th_flags & TH_RST)
 			SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED);
-		else if (tc->th_flags & TH_SYN)
+		else if (th_flags & TH_SYN)
 			SetStateOut(lnk, ALIAS_TCP_STATE_CONNECTED);
 		break;
 	case ALIAS_TCP_STATE_CONNECTED:
-		if (tc->th_flags & (TH_FIN | TH_RST))
+		if (th_flags & (TH_FIN | TH_RST))
 			SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED);
 		break;
 	}
@@ -646,7 +640,7 @@ IcmpAliasOut(struct libalias *la, struct ip *pip, int create)
 }
 
 
-
+// XXX ip free
 static int
 ProtoAliasIn(struct libalias *la, struct ip *pip)
 {
@@ -679,7 +673,7 @@ ProtoAliasIn(struct libalias *la, struct ip *pip)
 	return (PKT_ALIAS_IGNORED);
 }
 
-
+// XXX ip free
 static int
 ProtoAliasOut(struct libalias *la, struct ip *pip, int create)
 {
@@ -930,7 +924,8 @@ TcpAliasIn(struct libalias *la, struct ip *pip)
 		if (GetAckModified(lnk) == 1) {
 			int delta;
 
-			delta = GetDeltaAckIn(pip, lnk);
+			tc = (struct tcphdr *)ip_next(pip);
+			delta = GetDeltaAckIn(tc->th_ack, lnk);
 			if (delta != 0) {
 				accumulate += twowords(&tc->th_ack);
 				tc->th_ack = htonl(ntohl(tc->th_ack) - delta);
@@ -954,7 +949,8 @@ TcpAliasIn(struct libalias *la, struct ip *pip)
 		ADJUST_CHECKSUM(accumulate, pip->ip_sum);
 
 /* Monitor TCP connection state */
-		TcpMonitorIn(pip, lnk);
+		tc = (struct tcphdr *)ip_next(pip);
+		TcpMonitorIn(tc->th_flags, lnk);
 
 		return (PKT_ALIAS_OK);
 	}
@@ -976,8 +972,9 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
 	tc = (struct tcphdr *)ip_next(pip);
 
 	if (create)
-		proxy_type =
-		    ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port);
+		proxy_type = ProxyCheck(la, &proxy_server_address, 
+		    &proxy_server_port, pip->ip_src, pip->ip_dst, 
+		    tc->th_dport, pip->ip_p);
 	else
 		proxy_type = 0;
 
@@ -1036,7 +1033,8 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
 		alias_address = GetAliasAddress(lnk);
 
 /* Monitor TCP connection state */
-		TcpMonitorOut(pip, lnk);
+		tc = (struct tcphdr *)ip_next(pip);
+		TcpMonitorOut(tc->th_flags, lnk);
 		
 		/* Walk out chain. */		
 		error = find_handler(OUT, TCP, la, pip, &ad);
@@ -1052,8 +1050,9 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
 /* Modify sequence number if necessary */
 		if (GetAckModified(lnk) == 1) {
 			int delta;
-
-			delta = GetDeltaSeqOut(pip, lnk);
+			
+			tc = (struct tcphdr *)ip_next(pip);
+			delta = GetDeltaSeqOut(tc->th_seq, lnk);
 			if (delta != 0) {
 				accumulate += twowords(&tc->th_seq);
 				tc->th_seq = htonl(ntohl(tc->th_seq) + delta);
@@ -1093,7 +1092,7 @@ saved and recalled when a header fragment is seen.
 static int	FragmentIn(struct libalias *, struct ip *);
 static int	FragmentOut(struct libalias *, struct ip *);
 
-
+// XXX ip free
 static int
 FragmentIn(struct libalias *la, struct ip *pip)
 {
@@ -1114,7 +1113,7 @@ FragmentIn(struct libalias *la, struct ip *pip)
 	return (PKT_ALIAS_UNRESOLVED_FRAGMENT);
 }
 
-
+// XXX ip free
 static int
 FragmentOut(struct libalias *la, struct ip *pip)
 {
@@ -1146,7 +1145,7 @@ FragmentOut(struct libalias *la, struct ip *pip)
 (prototypes in alias.h)
 */
 
-
+// XXX ip free
 int
 LibAliasSaveFragment(struct libalias *la, char *ptr)
 {
@@ -1166,7 +1165,7 @@ LibAliasSaveFragment(struct libalias *la, char *ptr)
 	return (iresult);
 }
 
-
+// XXX ip free
 char           *
 LibAliasGetFragment(struct libalias *la, char *ptr)
 {
@@ -1188,7 +1187,7 @@ LibAliasGetFragment(struct libalias *la, char *ptr)
 	return (fptr);
 }
 
-
+// XXX ip free
 void
 LibAliasFragmentIn(struct libalias *la, char *ptr,	/* Points to correctly
 							 * de-aliased header
diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c
index 958e87b..9a7d3a5 100644
--- a/sys/netinet/libalias/alias_db.c
+++ b/sys/netinet/libalias/alias_db.c
@@ -2005,9 +2005,9 @@ GetAckModified(struct alias_link *lnk)
 	return (lnk->data.tcp->state.ack_modified);
 }
 
-
+// XXX ip free
 int
-GetDeltaAckIn(struct ip *pip, struct alias_link *lnk)
+GetDeltaAckIn(u_long ack, struct alias_link *lnk)
 {
 /*
 Find out how much the ACK number has been altered for an incoming
@@ -2016,12 +2016,7 @@ packet size was altered is searched.
 */
 
 	int i;
-	struct tcphdr *tc;
 	int delta, ack_diff_min;
-	u_long ack;
-
-	tc = ip_next(pip);
-	ack = tc->th_ack;
 
 	delta = 0;
 	ack_diff_min = -1;
@@ -2049,9 +2044,9 @@ packet size was altered is searched.
 	return (delta);
 }
 
-
+// XXX ip free
 int
-GetDeltaSeqOut(struct ip *pip, struct alias_link *lnk)
+GetDeltaSeqOut(u_long seq, struct alias_link *lnk)
 {
 /*
 Find out how much the sequence number has been altered for an outgoing
@@ -2060,12 +2055,7 @@ packet size was altered is searched.
 */
 
 	int i;
-	struct tcphdr *tc;
 	int delta, seq_diff_min;
-	u_long seq;
-
-	tc = ip_next(pip);
-	seq = tc->th_seq;
 
 	delta = 0;
 	seq_diff_min = -1;
@@ -2093,9 +2083,10 @@ packet size was altered is searched.
 	return (delta);
 }
 
-
+// XXX ip free
 void
-AddSeq(struct ip *pip, struct alias_link *lnk, int delta)
+AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, u_short ip_len, 
+    u_long th_seq, u_int th_off)
 {
 /*
 When a TCP packet has been altered in length, save this
@@ -2103,19 +2094,16 @@ information in a circular list.  If enough packets have
 been altered, then this list will begin to overwrite itself.
 */
 
-	struct tcphdr *tc;
 	struct ack_data_record x;
 	int hlen, tlen, dlen;
 	int i;
 
-	tc = ip_next(pip);
-
-	hlen = (pip->ip_hl + tc->th_off) << 2;
-	tlen = ntohs(pip->ip_len);
+	hlen = (ip_hl + th_off) << 2;
+	tlen = ntohs(ip_len);
 	dlen = tlen - hlen;
 
-	x.ack_old = htonl(ntohl(tc->th_seq) + dlen);
-	x.ack_new = htonl(ntohl(tc->th_seq) + dlen + delta);
+	x.ack_old = htonl(ntohl(th_seq) + dlen);
+	x.ack_new = htonl(ntohl(th_seq) + dlen + delta);
 	x.delta = delta;
 	x.active = 1;
 
diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c
index 68134af..b90fd9f 100644
--- a/sys/netinet/libalias/alias_ftp.c
+++ b/sys/netinet/libalias/alias_ftp.c
@@ -734,8 +734,10 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
 			int delta;
 
 			SetAckModified(lnk);
-			delta = GetDeltaSeqOut(pip, lnk);
-			AddSeq(pip, lnk, delta + slen - dlen);
+			tc = (struct tcphdr *)ip_next(pip);				
+			delta = GetDeltaSeqOut(tc->th_seq, lnk);
+			AddSeq(lnk, delta + slen - dlen, pip->ip_hl, 
+			    pip->ip_len, tc->th_seq, tc->th_off);
 		}
 
 /* Revise IP header */
diff --git a/sys/netinet/libalias/alias_irc.c b/sys/netinet/libalias/alias_irc.c
index 5aa80e6..ae8ce2a3 100644
--- a/sys/netinet/libalias/alias_irc.c
+++ b/sys/netinet/libalias/alias_irc.c
@@ -432,8 +432,10 @@ lPACKET_DONE:
 			int delta;
 
 			SetAckModified(lnk);
-			delta = GetDeltaSeqOut(pip, lnk);
-			AddSeq(pip, lnk, delta + copyat + iCopy - dlen);
+			tc = (struct tcphdr *)ip_next(pip);				
+			delta = GetDeltaSeqOut(tc->th_seq, lnk);
+			AddSeq(lnk, delta + copyat + iCopy - dlen, pip->ip_hl,
+			    pip->ip_len, tc->th_seq, tc->th_off);
 		}
 
 		/* Revise IP header */
diff --git a/sys/netinet/libalias/alias_local.h b/sys/netinet/libalias/alias_local.h
index 2abcb69..2a7449a 100644
--- a/sys/netinet/libalias/alias_local.h
+++ b/sys/netinet/libalias/alias_local.h
@@ -298,9 +298,10 @@ u_short		GetProxyPort(struct alias_link *_lnk);
 void		SetProxyPort(struct alias_link *_lnk, u_short _port);
 void		SetAckModified(struct alias_link *_lnk);
 int		GetAckModified(struct alias_link *_lnk);
-int		GetDeltaAckIn(struct ip *_pip, struct alias_link *_lnk);
-int		GetDeltaSeqOut(struct ip *_pip, struct alias_link *_lnk);
-void		AddSeq    (struct ip *_pip, struct alias_link *_lnk, int _delta);
+int		GetDeltaAckIn(u_long, struct alias_link *_lnk);
+int             GetDeltaSeqOut(u_long, struct alias_link *lnk);
+void            AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, 
+		    u_short ip_len, u_long th_seq, u_int th_off);
 void		SetExpire (struct alias_link *_lnk, int _expire);
 void		ClearCheckNewLink(struct libalias *la);
 void		SetProtocolFlags(struct alias_link *_lnk, int _pflags);
@@ -320,8 +321,9 @@ void		HouseKeeping(struct libalias *);
 
 /* Transparent proxy routines */
 int
-ProxyCheck(struct libalias *la, struct ip *_pip, struct in_addr *_proxy_server_addr,
-    u_short * _proxy_server_port);
+ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr,
+    u_short * proxy_server_port, struct in_addr src_addr, 
+    struct in_addr dst_addr, u_short dst_port, u_char ip_p);
 void
 ProxyModify(struct libalias *la, struct alias_link *_lnk, struct ip *_pip,
     int _maxpacketsize, int _proxy_type);
diff --git a/sys/netinet/libalias/alias_proxy.c b/sys/netinet/libalias/alias_proxy.c
index d7efb4b..4e11d4d 100644
--- a/sys/netinet/libalias/alias_proxy.c
+++ b/sys/netinet/libalias/alias_proxy.c
@@ -453,8 +453,10 @@ ProxyEncodeTcpStream(struct alias_link *lnk,
 		int delta;
 
 		SetAckModified(lnk);
-		delta = GetDeltaSeqOut(pip, lnk);
-		AddSeq(pip, lnk, delta + slen);
+		tc = (struct tcphdr *)ip_next(pip);			
+		delta = GetDeltaSeqOut(tc->th_seq, lnk);
+		AddSeq(lnk, delta + slen, pip->ip_hl, pip->ip_len, tc->th_seq,
+		    tc->th_off);
 	}
 
 /* Update IP header packet length and checksum */
@@ -561,20 +563,13 @@ ProxyEncodeIpHeader(struct ip *pip,
 */
 
 int
-ProxyCheck(struct libalias *la, struct ip *pip,
-    struct in_addr *proxy_server_addr,
-    u_short * proxy_server_port)
+ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr,
+    u_short * proxy_server_port, struct in_addr src_addr, 
+    struct in_addr dst_addr, u_short dst_port, u_char ip_p)
 {
-	u_short dst_port;
-	struct in_addr src_addr;
-	struct in_addr dst_addr;
 	struct proxy_entry *ptr;
 
 	LIBALIAS_LOCK_ASSERT(la);
-	src_addr = pip->ip_src;
-	dst_addr = pip->ip_dst;
-	dst_port = ((struct tcphdr *)ip_next(pip))
-	    ->th_dport;
 
 	ptr = la->proxyList;
 	while (ptr != NULL) {
@@ -582,7 +577,7 @@ ProxyCheck(struct libalias *la, struct ip *pip,
 
 		proxy_port = ptr->proxy_port;
 		if ((dst_port == proxy_port || proxy_port == 0)
-		    && pip->ip_p == ptr->proto
+		    && ip_p == ptr->proto
 		    && src_addr.s_addr != ptr->server_addr.s_addr) {
 			struct in_addr src_addr_masked;
 			struct in_addr dst_addr_masked;
diff --git a/sys/netinet/libalias/alias_smedia.c b/sys/netinet/libalias/alias_smedia.c
index cf372b0..e748ad7 100644
--- a/sys/netinet/libalias/alias_smedia.c
+++ b/sys/netinet/libalias/alias_smedia.c
@@ -404,8 +404,10 @@ alias_rtsp_out(struct libalias *la, struct ip *pip,
 	memcpy(data, newdata, new_dlen);
 
 	SetAckModified(lnk);
-	delta = GetDeltaSeqOut(pip, lnk);
-	AddSeq(pip, lnk, delta + new_dlen - dlen);
+	tc = (struct tcphdr *)ip_next(pip);
+	delta = GetDeltaSeqOut(tc->th_seq, lnk);
+	AddSeq(lnk, delta + new_dlen - dlen, pip->ip_hl, pip->ip_len, 
+	    tc->th_seq, tc->th_off);
 
 	new_len = htons(hlen + new_dlen);
 	DifferentialChecksum(&pip->ip_sum,
author	piso <piso@FreeBSD.org>	2008-03-06 21:50:41 +0000
committer	piso <piso@FreeBSD.org>	2008-03-06 21:50:41 +0000
commit	5f33f90d24e8c6aa3689da010e33cf37f17155f7 (patch)
tree	e1a9424168a96098f55aa0944676e9c680eb8076
parent	ad2b8c2d06f61008d2506c5967e2710e156623bf (diff)
download	FreeBSD-src-5f33f90d24e8c6aa3689da010e33cf37f17155f7.zip FreeBSD-src-5f33f90d24e8c6aa3689da010e33cf37f17155f7.tar.gz