diff options
32 files changed, 2142 insertions, 1474 deletions
diff --git a/lib/libalias/Makefile b/lib/libalias/Makefile index f262be1..87b3e9a 100644 --- a/lib/libalias/Makefile +++ b/lib/libalias/Makefile @@ -6,7 +6,7 @@ SHLIB_MAJOR= 4 MAN= libalias.3 SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \ alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \ - alias_util.c + alias_util.c alias_old.c INCS= alias.h .include <bsd.lib.mk> diff --git a/lib/libalias/alias.c b/lib/libalias/alias.c index cf93a74..fab7045 100644 --- a/lib/libalias/alias.c +++ b/lib/libalias/alias.c @@ -247,26 +247,26 @@ the gateway machine or other machines on a local area network. /* Local prototypes */ -static int IcmpAliasIn1(struct ip *); -static int IcmpAliasIn2(struct ip *); -static int IcmpAliasIn (struct ip *); +static int IcmpAliasIn1(struct libalias *, struct ip *); +static int IcmpAliasIn2(struct libalias *, struct ip *); +static int IcmpAliasIn (struct libalias *, struct ip *); -static int IcmpAliasOut1(struct ip *); -static int IcmpAliasOut2(struct ip *); -static int IcmpAliasOut (struct ip *); +static int IcmpAliasOut1(struct libalias *, struct ip *); +static int IcmpAliasOut2(struct libalias *, struct ip *); +static int IcmpAliasOut (struct libalias *, struct ip *); -static int ProtoAliasIn(struct ip *); -static int ProtoAliasOut(struct ip *); +static int ProtoAliasIn(struct libalias *, struct ip *); +static int ProtoAliasOut(struct libalias *, struct ip *); -static int UdpAliasOut(struct ip *); -static int UdpAliasIn (struct ip *); +static int UdpAliasOut(struct libalias *, struct ip *); +static int UdpAliasIn (struct libalias *, struct ip *); -static int TcpAliasOut(struct ip *, int); -static int TcpAliasIn (struct ip *); +static int TcpAliasOut(struct libalias *, struct ip *, int); +static int TcpAliasIn (struct libalias *, struct ip *); static int -IcmpAliasIn1(struct ip *pip) +IcmpAliasIn1(struct libalias *la, struct ip *pip) { /* De-alias incoming echo and timestamp replies. @@ -278,7 +278,7 @@ IcmpAliasIn1(struct ip *pip) ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Get source address from ICMP data field and restore original data */ - link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); + link = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); if (link != NULL) { u_short original_id; @@ -312,7 +312,7 @@ IcmpAliasIn1(struct ip *pip) } static int -IcmpAliasIn2(struct ip *pip) +IcmpAliasIn2(struct libalias *la, struct ip *pip) { /* Alias incoming ICMP error messages containing @@ -332,16 +332,16 @@ IcmpAliasIn2(struct ip *pip) ic2 = (struct icmp *) ud; if (ip->ip_p == IPPROTO_UDP) - link = FindUdpTcpIn(ip->ip_dst, ip->ip_src, + link = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, ud->uh_dport, ud->uh_sport, IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) - link = FindUdpTcpIn(ip->ip_dst, ip->ip_src, + link = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, tc->th_dport, tc->th_sport, IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - link = FindIcmpIn(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); + link = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); else link = NULL; } else @@ -430,13 +430,13 @@ fragment contained in ICMP data section */ static int -IcmpAliasIn(struct ip *pip) +IcmpAliasIn(struct libalias *la, struct ip *pip) { int iresult; struct icmp *ic; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); @@ -448,18 +448,18 @@ IcmpAliasIn(struct ip *pip) case ICMP_TSTAMPREPLY: if (ic->icmp_code == 0) { - iresult = IcmpAliasIn1(pip); + iresult = IcmpAliasIn1(la, pip); } break; case ICMP_UNREACH: case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - iresult = IcmpAliasIn2(pip); + iresult = IcmpAliasIn2(la, pip); break; case ICMP_ECHO: case ICMP_TSTAMP: - iresult = IcmpAliasIn1(pip); + iresult = IcmpAliasIn1(la, pip); break; } return(iresult); @@ -467,7 +467,7 @@ IcmpAliasIn(struct ip *pip) static int -IcmpAliasOut1(struct ip *pip) +IcmpAliasOut1(struct libalias *la, struct ip *pip) { /* Alias outgoing echo and timestamp requests. @@ -479,7 +479,7 @@ IcmpAliasOut1(struct ip *pip) ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Save overwritten data for when echo packet returns */ - link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); + link = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); if (link != NULL) { u_short alias_id; @@ -514,7 +514,7 @@ IcmpAliasOut1(struct ip *pip) static int -IcmpAliasOut2(struct ip *pip) +IcmpAliasOut2(struct libalias *la, struct ip *pip) { /* Alias outgoing ICMP error messages containing @@ -534,16 +534,16 @@ IcmpAliasOut2(struct ip *pip) ic2 = (struct icmp *) ud; if (ip->ip_p == IPPROTO_UDP) - link = FindUdpTcpOut(ip->ip_dst, ip->ip_src, + link = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, ud->uh_dport, ud->uh_sport, IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) - link = FindUdpTcpOut(ip->ip_dst, ip->ip_src, + link = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, tc->th_dport, tc->th_sport, IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - link = FindIcmpOut(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); + link = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); else link = NULL; } else @@ -634,13 +634,13 @@ fragment contained in ICMP data section */ static int -IcmpAliasOut(struct ip *pip) +IcmpAliasOut(struct libalias *la, struct ip *pip) { int iresult; struct icmp *ic; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); @@ -652,18 +652,18 @@ IcmpAliasOut(struct ip *pip) case ICMP_TSTAMP: if (ic->icmp_code == 0) { - iresult = IcmpAliasOut1(pip); + iresult = IcmpAliasOut1(la, pip); } break; case ICMP_UNREACH: case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - iresult = IcmpAliasOut2(pip); + iresult = IcmpAliasOut2(la, pip); break; case ICMP_ECHOREPLY: case ICMP_TSTAMPREPLY: - iresult = IcmpAliasOut1(pip); + iresult = IcmpAliasOut1(la, pip); } return(iresult); } @@ -671,7 +671,7 @@ IcmpAliasOut(struct ip *pip) static int -ProtoAliasIn(struct ip *pip) +ProtoAliasIn(struct libalias *la, struct ip *pip) { /* Handle incoming IP packets. The @@ -682,10 +682,10 @@ ProtoAliasIn(struct ip *pip) struct alias_link *link; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; - link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p); + link = FindProtoIn(la, pip->ip_src, pip->ip_dst, pip->ip_p); if (link != NULL) { struct in_addr original_address; @@ -706,7 +706,7 @@ ProtoAliasIn(struct ip *pip) static int -ProtoAliasOut(struct ip *pip) +ProtoAliasOut(struct libalias *la, struct ip *pip) { /* Handle outgoing IP packets. The @@ -716,10 +716,10 @@ ProtoAliasOut(struct ip *pip) struct alias_link *link; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; - link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p); + link = FindProtoOut(la, pip->ip_src, pip->ip_dst, pip->ip_p); if (link != NULL) { struct in_addr alias_address; @@ -740,18 +740,18 @@ ProtoAliasOut(struct ip *pip) static int -UdpAliasIn(struct ip *pip) +UdpAliasIn(struct libalias *la, struct ip *pip) { struct udphdr *ud; struct alias_link *link; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2)); - link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, + link = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, IPPROTO_UDP, 1); if (link != NULL) @@ -770,14 +770,14 @@ UdpAliasIn(struct ip *pip) /* Special processing for IP encoding protocols */ if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER) - AliasHandleCUSeeMeIn(pip, original_address); + AliasHandleCUSeeMeIn(la, pip, original_address); /* If NETBIOS Datagram, It should be alias address in UDP Data, too */ else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER || ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER) - r = AliasHandleUdpNbt(pip, link, &original_address, ud->uh_dport); + r = AliasHandleUdpNbt(la, pip, link, &original_address, ud->uh_dport); else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER || ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER) - r = AliasHandleUdpNbtNS(pip, link, &alias_address, &alias_port, + r = AliasHandleUdpNbtNS(la, pip, link, &alias_address, &alias_port, &original_address, &ud->uh_dport); /* If UDP checksum is not zero, then adjust since destination port */ @@ -814,18 +814,18 @@ UdpAliasIn(struct ip *pip) } static int -UdpAliasOut(struct ip *pip) +UdpAliasOut(struct libalias *la, struct ip *pip) { struct udphdr *ud; struct alias_link *link; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2)); - link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, + link = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, IPPROTO_UDP, 1); if (link != NULL) @@ -838,14 +838,14 @@ UdpAliasOut(struct ip *pip) /* Special processing for IP encoding protocols */ if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER) - AliasHandleCUSeeMeOut(pip, link); + AliasHandleCUSeeMeOut(la, pip, link); /* If NETBIOS Datagram, It should be alias address in UDP Data, too */ else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER || ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER) - AliasHandleUdpNbt(pip, link, &alias_address, alias_port); + AliasHandleUdpNbt(la, pip, link, &alias_address, alias_port); else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER || ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER) - AliasHandleUdpNbtNS(pip, link, &pip->ip_src, &ud->uh_sport, + AliasHandleUdpNbtNS(la, pip, link, &pip->ip_src, &ud->uh_sport, &alias_address, &alias_port); /* * We don't know in advance what TID the TFTP server will choose, @@ -853,7 +853,7 @@ UdpAliasOut(struct ip *pip) * that will match any TID from a given destination. */ else if (ntohs(ud->uh_dport) == TFTP_PORT_NUMBER) - FindRtspOut(pip->ip_src, pip->ip_dst, + FindRtspOut(la, pip->ip_src, pip->ip_dst, ud->uh_sport, alias_port, IPPROTO_UDP); /* If UDP checksum is not zero, adjust since source port is */ @@ -892,17 +892,17 @@ UdpAliasOut(struct ip *pip) static int -TcpAliasIn(struct ip *pip) +TcpAliasIn(struct libalias *la, struct ip *pip) { struct tcphdr *tc; struct alias_link *link; tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); - link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, + link = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, - !(packetAliasMode & PKT_ALIAS_PROXY_ONLY)); + !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); if (link != NULL) { struct in_addr alias_address; @@ -916,10 +916,10 @@ TcpAliasIn(struct ip *pip) /* Special processing for IP encoding protocols */ if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) - AliasHandlePptpIn(pip, link); - else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort - || ntohs(tc->th_sport) == skinnyPort)) - AliasHandleSkinny(pip, link); + AliasHandlePptpIn(la, pip, link); + else if (la->skinnyPort != 0 && (ntohs(tc->th_dport) == la->skinnyPort + || ntohs(tc->th_sport) == la->skinnyPort)) + AliasHandleSkinny(la, pip, link); alias_address = GetAliasAddress(link); original_address = GetOriginalAddress(link); @@ -1008,7 +1008,7 @@ TcpAliasIn(struct ip *pip) } static int -TcpAliasOut(struct ip *pip, int maxpacketsize) +TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize) { int proxy_type; u_short dest_port; @@ -1020,9 +1020,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); - proxy_type = ProxyCheck(pip, &proxy_server_address, &proxy_server_port); + proxy_type = ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port); - if (proxy_type == 0 && (packetAliasMode & PKT_ALIAS_PROXY_ONLY)) + if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)) return PKT_ALIAS_OK; /* If this is a transparent proxy, save original destination, @@ -1058,7 +1058,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) ADJUST_CHECKSUM(accumulate, pip->ip_sum); } - link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, + link = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, 1); if (link !=NULL) @@ -1075,7 +1075,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) { SetProxyPort(link, dest_port); SetProxyAddress(link, dest_address); - ProxyModify(link, pip, maxpacketsize, proxy_type); + ProxyModify(la, link, pip, maxpacketsize, proxy_type); tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); } @@ -1089,21 +1089,21 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) /* Special processing for IP encoding protocols */ if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER) - AliasHandleFtpOut(pip, link, maxpacketsize); + AliasHandleFtpOut(la, pip, link, maxpacketsize); else if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1 || ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2) - AliasHandleIrcOut(pip, link, maxpacketsize); + AliasHandleIrcOut(la, pip, link, maxpacketsize); else if (ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_1 || ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_1 || ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_2 || ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_2) - AliasHandleRtspOut(pip, link, maxpacketsize); + AliasHandleRtspOut(la, pip, link, maxpacketsize); else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) - AliasHandlePptpOut(pip, link); - else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort - || ntohs(tc->th_dport) == skinnyPort)) - AliasHandleSkinny(pip, link); + AliasHandlePptpOut(la, pip, link); + else if (la->skinnyPort != 0 && (ntohs(tc->th_sport) == la->skinnyPort + || ntohs(tc->th_dport) == la->skinnyPort)) + AliasHandleSkinny(la, pip, link); /* Adjust TCP checksum since source port is being aliased */ /* and source address is being altered */ @@ -1171,16 +1171,16 @@ saved and recalled when a header fragment is seen. */ /* Local prototypes */ -static int FragmentIn(struct ip *); -static int FragmentOut(struct ip *); +static int FragmentIn(struct libalias *, struct ip *); +static int FragmentOut(struct libalias *, struct ip *); static int -FragmentIn(struct ip *pip) +FragmentIn(struct libalias *la, struct ip *pip) { struct alias_link *link; - link = FindFragmentIn2(pip->ip_src, pip->ip_dst, pip->ip_id); + link = FindFragmentIn2(la, pip->ip_src, pip->ip_dst, pip->ip_id); if (link != NULL) { struct in_addr original_address; @@ -1199,11 +1199,11 @@ FragmentIn(struct ip *pip) static int -FragmentOut(struct ip *pip) +FragmentOut(struct libalias *la, struct ip *pip) { struct in_addr alias_address; - alias_address = FindAliasAddress(pip->ip_src); + alias_address = FindAliasAddress(la, pip->ip_src); DifferentialChecksum(&pip->ip_sum, (u_short *) &alias_address, (u_short *) &pip->ip_src, @@ -1232,14 +1232,14 @@ FragmentOut(struct ip *pip) int -PacketAliasSaveFragment(char *ptr) +LibAliasSaveFragment(struct libalias *la, char *ptr) { int iresult; struct alias_link *link; struct ip *pip; pip = (struct ip *) ptr; - link = AddFragmentPtrLink(pip->ip_src, pip->ip_id); + link = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id); iresult = PKT_ALIAS_ERROR; if (link != NULL) { @@ -1251,14 +1251,14 @@ PacketAliasSaveFragment(char *ptr) char * -PacketAliasGetFragment(char *ptr) +LibAliasGetFragment(struct libalias *la, char *ptr) { struct alias_link *link; char *fptr; struct ip *pip; pip = (struct ip *) ptr; - link = FindFragmentPtr(pip->ip_src, pip->ip_id); + link = FindFragmentPtr(la, pip->ip_src, pip->ip_id); if (link != NULL) { GetFragmentPtr(link, &fptr); @@ -1275,7 +1275,7 @@ PacketAliasGetFragment(char *ptr) void -PacketAliasFragmentIn(char *ptr, /* Points to correctly de-aliased +LibAliasFragmentIn(struct libalias *la, char *ptr, /* Points to correctly de-aliased header fragment */ char *ptr_fragment /* Points to fragment which must be de-aliased */ @@ -1296,21 +1296,21 @@ PacketAliasFragmentIn(char *ptr, /* Points to correctly de-aliased int -PacketAliasIn(char *ptr, int maxpacketsize) +LibAliasIn(struct libalias *la, char *ptr, int maxpacketsize) { struct in_addr alias_addr; struct ip *pip; int iresult; - if (packetAliasMode & PKT_ALIAS_REVERSE) { - packetAliasMode &= ~PKT_ALIAS_REVERSE; + if (la->packetAliasMode & PKT_ALIAS_REVERSE) { + la->packetAliasMode &= ~PKT_ALIAS_REVERSE; iresult = PacketAliasOut(ptr, maxpacketsize); - packetAliasMode |= PKT_ALIAS_REVERSE; + la->packetAliasMode |= PKT_ALIAS_REVERSE; return iresult; } - HouseKeeping(); - ClearCheckNewLink(); + HouseKeeping(la); + ClearCheckNewLink(la); pip = (struct ip *) ptr; alias_addr = pip->ip_dst; @@ -1325,23 +1325,23 @@ PacketAliasIn(char *ptr, int maxpacketsize) switch (pip->ip_p) { case IPPROTO_ICMP: - iresult = IcmpAliasIn(pip); + iresult = IcmpAliasIn(la, pip); break; case IPPROTO_UDP: - iresult = UdpAliasIn(pip); + iresult = UdpAliasIn(la, pip); break; case IPPROTO_TCP: - iresult = TcpAliasIn(pip); + iresult = TcpAliasIn(la, pip); break; case IPPROTO_GRE: - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY || - AliasHandlePptpGreIn(pip) == 0) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY || + AliasHandlePptpGreIn(la, pip) == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasIn(pip); + iresult = ProtoAliasIn(la, pip); break; default: - iresult = ProtoAliasIn(pip); + iresult = ProtoAliasIn(la, pip); break; } @@ -1349,7 +1349,7 @@ PacketAliasIn(char *ptr, int maxpacketsize) { struct alias_link *link; - link = FindFragmentIn1(pip->ip_src, alias_addr, pip->ip_id); + link = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id); if (link != NULL) { iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT; @@ -1363,7 +1363,7 @@ PacketAliasIn(char *ptr, int maxpacketsize) } else { - iresult = FragmentIn(pip); + iresult = FragmentIn(la, pip); } return(iresult); @@ -1386,7 +1386,7 @@ PacketAliasIn(char *ptr, int maxpacketsize) #define UNREG_ADDR_C_UPPER 0xc0a8ffff int -PacketAliasOut(char *ptr, /* valid IP packet */ +LibAliasOut(struct libalias *la, char *ptr, /* valid IP packet */ int maxpacketsize /* How much the packet data may grow (FTP and IRC inline changes) */ ) @@ -1395,15 +1395,15 @@ PacketAliasOut(char *ptr, /* valid IP packet */ struct in_addr addr_save; struct ip *pip; - if (packetAliasMode & PKT_ALIAS_REVERSE) { - packetAliasMode &= ~PKT_ALIAS_REVERSE; + if (la->packetAliasMode & PKT_ALIAS_REVERSE) { + la->packetAliasMode &= ~PKT_ALIAS_REVERSE; iresult = PacketAliasIn(ptr, maxpacketsize); - packetAliasMode |= PKT_ALIAS_REVERSE; + la->packetAliasMode |= PKT_ALIAS_REVERSE; return iresult; } - HouseKeeping(); - ClearCheckNewLink(); + HouseKeeping(la); + ClearCheckNewLink(la); pip = (struct ip *) ptr; /* Defense against mangled packets */ @@ -1411,8 +1411,8 @@ PacketAliasOut(char *ptr, /* valid IP packet */ || (pip->ip_hl<<2) > maxpacketsize) return PKT_ALIAS_IGNORED; - addr_save = GetDefaultAliasAddress(); - if (packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY) + addr_save = GetDefaultAliasAddress(la); + if (la->packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY) { u_long addr; int iclass; @@ -1428,12 +1428,12 @@ PacketAliasOut(char *ptr, /* valid IP packet */ if (iclass == 0) { - SetDefaultAliasAddress(pip->ip_src); + SetDefaultAliasAddress(la, pip->ip_src); } } - else if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + else if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) { - SetDefaultAliasAddress(pip->ip_src); + SetDefaultAliasAddress(la, pip->ip_src); } iresult = PKT_ALIAS_IGNORED; @@ -1442,36 +1442,36 @@ PacketAliasOut(char *ptr, /* valid IP packet */ switch (pip->ip_p) { case IPPROTO_ICMP: - iresult = IcmpAliasOut(pip); + iresult = IcmpAliasOut(la, pip); break; case IPPROTO_UDP: - iresult = UdpAliasOut(pip); + iresult = UdpAliasOut(la, pip); break; case IPPROTO_TCP: - iresult = TcpAliasOut(pip, maxpacketsize); + iresult = TcpAliasOut(la, pip, maxpacketsize); break; case IPPROTO_GRE: - if (AliasHandlePptpGreOut(pip) == 0) + if (AliasHandlePptpGreOut(la, pip) == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasOut(pip); + iresult = ProtoAliasOut(la, pip); break; default: - iresult = ProtoAliasOut(pip); + iresult = ProtoAliasOut(la, pip); break; } } else { - iresult = FragmentOut(pip); + iresult = FragmentOut(la, pip); } - SetDefaultAliasAddress(addr_save); + SetDefaultAliasAddress(la, addr_save); return(iresult); } int -PacketUnaliasOut(char *ptr, /* valid IP packet */ +LibAliasUnaliasOut(struct libalias *la, char *ptr, /* valid IP packet */ int maxpacketsize /* for error checking */ ) { @@ -1495,15 +1495,15 @@ PacketUnaliasOut(char *ptr, /* valid IP packet */ /* Find a link */ if (pip->ip_p == IPPROTO_UDP) - link = FindUdpTcpIn(pip->ip_dst, pip->ip_src, + link = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, ud->uh_dport, ud->uh_sport, IPPROTO_UDP, 0); else if (pip->ip_p == IPPROTO_TCP) - link = FindUdpTcpIn(pip->ip_dst, pip->ip_src, + link = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, tc->th_dport, tc->th_sport, IPPROTO_TCP, 0); else if (pip->ip_p == IPPROTO_ICMP) - link = FindIcmpIn(pip->ip_dst, pip->ip_src, ic->icmp_id, 0); + link = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0); else link = NULL; diff --git a/lib/libalias/alias.h b/lib/libalias/alias.h index b0c75c9..d714126 100644 --- a/lib/libalias/alias.h +++ b/lib/libalias/alias.h @@ -39,7 +39,37 @@ #ifndef _ALIAS_H_ #define _ALIAS_H_ -/* The external interface to libalias, the packet aliasing engine. */ +/* + * The external interface to libalias, the packet aliasing engine. + * + * There are two sets of functions: + * + * PacketAlias*() the old API which doesn't take an instance pointer + * and therefore can only have one packet engine at a time. + * + * LibAlias*() the new API which takes as first argument a pointer to + * the instance of the packet aliasing engine. + * + * The functions otherwise correspond to each other one for one, except + * for the LibAliasUnaliasOut()/PacketUnaliasOut() function which were + * were misnamed in the old API. + */ + +/* + * The instance structure + */ +struct libalias; + +/* + * An anonymous structure, a pointer to which is returned from + * PacketAliasRedirectAddr(), PacketAliasRedirectPort() or + * PacketAliasRedirectProto(), passed to PacketAliasAddServer(), + * and freed by PacketAliasRedirectDelete(). + */ +struct alias_link; + + +/* OLD API */ /* Initialization and control functions. */ void PacketAliasInit(void); @@ -57,13 +87,6 @@ int PacketUnaliasOut(char *_ptr, int _maxpacketsize); /* Port and address redirection functions. */ -/* - * An anonymous structure, a pointer to which is returned from - * PacketAliasRedirectAddr(), PacketAliasRedirectPort() or - * PacketAliasRedirectProto(), passed to PacketAliasAddServer(), - * and freed by PacketAliasRedirectDelete(). - */ -struct alias_link; int PacketAliasAddServer(struct alias_link *_link, struct in_addr _addr, unsigned short _port); @@ -96,6 +119,61 @@ void PacketAliasSetTarget(struct in_addr _target_addr); /* Transparent proxying routines. */ int PacketAliasProxyRule(const char *_cmd); +/* NEW API */ + +/* Initialization and control functions. */ +struct libalias *LibAliasInit(struct libalias *); +void LibAliasSetAddress(struct libalias *, struct in_addr _addr); +void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num); +void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port); +unsigned int + LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask); +void LibAliasUninit(struct libalias *); + +/* Packet Handling functions. */ +int LibAliasIn(struct libalias *, char *_ptr, int _maxpacketsize); +int LibAliasOut(struct libalias *, char *_ptr, int _maxpacketsize); +int LibAliasUnaliasOut(struct libalias *, char *_ptr, int _maxpacketsize); + +/* Port and address redirection functions. */ + +int LibAliasAddServer(struct libalias *, struct alias_link *_link, + struct in_addr _addr, unsigned short _port); +struct alias_link * + LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr, + struct in_addr _alias_addr); +int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_link); +void LibAliasRedirectDelete(struct libalias *, struct alias_link *_link); +struct alias_link * + LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr, + unsigned short _src_port, struct in_addr _dst_addr, + unsigned short _dst_port, struct in_addr _alias_addr, + unsigned short _alias_port, unsigned char _proto); +struct alias_link * + LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr, + struct in_addr _dst_addr, struct in_addr _alias_addr, + unsigned char _proto); + +/* Fragment Handling functions. */ +void LibAliasFragmentIn(struct libalias *, char *_ptr, char *_ptr_fragment); +char *LibAliasGetFragment(struct libalias *, char *_ptr); +int LibAliasSaveFragment(struct libalias *, char *_ptr); + +/* Miscellaneous functions. */ +int LibAliasCheckNewLink(struct libalias *); +unsigned short + LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes); +void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr); + +/* Transparent proxying routines. */ +int LibAliasProxyRule(struct libalias *, const char *_cmd); + + +/* + * Mode flags and other constants. + */ + + /* Mode flags, set using PacketAliasSetMode() */ /* diff --git a/lib/libalias/alias_cuseeme.c b/lib/libalias/alias_cuseeme.c index 27d1c65d..455973f 100644 --- a/lib/libalias/alias_cuseeme.c +++ b/lib/libalias/alias_cuseeme.c @@ -29,6 +29,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include <stdio.h> #include <sys/types.h> #include <netinet/in_systm.h> #include <netinet/in.h> @@ -66,7 +67,7 @@ struct client_info { }; void -AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link) +AliasHandleCUSeeMeOut(struct libalias *la, struct ip *pip, struct alias_link *link) { struct udphdr *ud; @@ -79,7 +80,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link) if (cu->addr) cu->addr = (u_int32_t)GetAliasAddress(link).s_addr; - cu_link = FindUdpTcpOut(pip->ip_src, GetDestAddress(link), + cu_link = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(link), ud->uh_dport, 0, IPPROTO_UDP, 1); #ifndef NO_FW_PUNCH @@ -90,7 +91,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link) } void -AliasHandleCUSeeMeIn(struct ip *pip, struct in_addr original_addr) +AliasHandleCUSeeMeIn(struct libalias *la, struct ip *pip, struct in_addr original_addr) { struct in_addr alias_addr; struct udphdr *ud; diff --git a/lib/libalias/alias_db.c b/lib/libalias/alias_db.c index e53e94d..92f8814 100644 --- a/lib/libalias/alias_db.c +++ b/lib/libalias/alias_db.c @@ -167,16 +167,14 @@ __FBSDID("$FreeBSD$"); #include "alias_local.h" +static LIST_HEAD(, libalias) instancehead = LIST_HEAD_INITIALIZER(instancehead); + /* Constants (note: constants are also defined near relevant functions or structs) */ -/* Sizes of input and output link tables */ -#define LINK_TABLE_OUT_SIZE 101 -#define LINK_TABLE_IN_SIZE 4001 - /* Parameters used for cleanup of expired links */ #define ALIAS_CLEANUP_INTERVAL_SECS 60 #define ALIAS_CLEANUP_MAX_SPOKES 30 @@ -283,6 +281,7 @@ struct server /* LSNAT server pool (circular list) */ struct alias_link /* Main data structure */ { + struct libalias *la; struct in_addr src_addr; /* Address and port information */ struct in_addr dst_addr; struct in_addr alias_addr; @@ -330,83 +329,6 @@ struct alias_link /* Main data structure */ } data; }; - - - - -/* Global Variables - - The global variables listed here are only accessed from - within alias_db.c and so are prefixed with the static - designation. -*/ - -int packetAliasMode; /* Mode flags */ - /* - documented in alias.h */ - -static struct in_addr aliasAddress; /* Address written onto source */ - /* field of IP packet. */ - -static struct in_addr targetAddress; /* IP address incoming packets */ - /* are sent to if no aliasing */ - /* link already exists */ - -static struct in_addr nullAddress; /* Used as a dummy parameter for */ - /* some function calls */ -static LIST_HEAD(, alias_link) -linkTableOut[LINK_TABLE_OUT_SIZE]; /* Lookup table of pointers to */ - /* chains of link records. Each */ -static LIST_HEAD(, alias_link) /* link record is doubly indexed */ -linkTableIn[LINK_TABLE_IN_SIZE]; /* into input and output lookup */ - /* tables. */ - -static int icmpLinkCount; /* Link statistics */ -static int udpLinkCount; -static int tcpLinkCount; -static int pptpLinkCount; -static int protoLinkCount; -static int fragmentIdLinkCount; -static int fragmentPtrLinkCount; -static int sockCount; - -static int cleanupIndex; /* Index to chain of link table */ - /* being inspected for old links */ - -static int timeStamp; /* System time in seconds for */ - /* current packet */ - -static int lastCleanupTime; /* Last time IncrementalCleanup() */ - /* was called */ - -static int houseKeepingResidual; /* used by HouseKeeping() */ - -static int deleteAllLinks; /* If equal to zero, DeleteLink() */ - /* will not remove permanent links */ - -static FILE *monitorFile; /* File descriptor for link */ - /* statistics monitoring file */ - -static int newDefaultLink; /* Indicates if a new aliasing */ - /* link has been created after a */ - /* call to PacketAliasIn/Out(). */ - -#ifndef NO_FW_PUNCH -static int fireWallFD = -1; /* File descriptor to be able to */ - /* control firewall. Opened by */ - /* PacketAliasSetMode on first */ - /* setting the PKT_ALIAS_PUNCH_FW */ - /* flag. */ -#endif - -unsigned int skinnyPort = 0; /* TCP port used by the Skinny */ - /* protocol. */ - - - - - - - /* Internal utility routines (used only in alias_db.c) Lookup table starting points: @@ -429,18 +351,18 @@ static u_int StartPointOut(struct in_addr, struct in_addr, static int SeqDiff(u_long, u_long); -static void ShowAliasStats(void); +static void ShowAliasStats(struct libalias *); #ifndef NO_FW_PUNCH /* Firewall control */ -static void InitPunchFW(void); -static void UninitPunchFW(void); +static void InitPunchFW(struct libalias *la); +static void UninitPunchFW(struct libalias *la); static void ClearFWHole(struct alias_link *link); #endif /* Log file control */ -static void InitPacketAliasLog(void); -static void UninitPacketAliasLog(void); +static void InitPacketAliasLog(struct libalias *la); +static void UninitPacketAliasLog(struct libalias *la); static u_int StartPointIn(struct in_addr alias_addr, @@ -490,31 +412,32 @@ SeqDiff(u_long x, u_long y) static void -ShowAliasStats(void) +ShowAliasStats(struct libalias *la) { /* Used for debugging */ - if (monitorFile) + if (la->monitorFile) { - fprintf(monitorFile, "icmp=%d, udp=%d, tcp=%d, pptp=%d, proto=%d, frag_id=%d frag_ptr=%d", - icmpLinkCount, - udpLinkCount, - tcpLinkCount, - pptpLinkCount, - protoLinkCount, - fragmentIdLinkCount, - fragmentPtrLinkCount); - - fprintf(monitorFile, " / tot=%d (sock=%d)\n", - icmpLinkCount + udpLinkCount - + tcpLinkCount - + pptpLinkCount - + protoLinkCount - + fragmentIdLinkCount - + fragmentPtrLinkCount, - sockCount); - - fflush(monitorFile); + fprintf(la->monitorFile, + "icmp=%d, udp=%d, tcp=%d, pptp=%d, proto=%d, frag_id=%d frag_ptr=%d", + la->icmpLinkCount, + la->udpLinkCount, + la->tcpLinkCount, + la->pptpLinkCount, + la->protoLinkCount, + la->fragmentIdLinkCount, + la->fragmentPtrLinkCount); + + fprintf(la->monitorFile, " / tot=%d (sock=%d)\n", + la->icmpLinkCount + la->udpLinkCount + + la->tcpLinkCount + + la->pptpLinkCount + + la->protoLinkCount + + la->fragmentIdLinkCount + + la->fragmentPtrLinkCount, + la->sockCount); + + fflush(la->monitorFile); } } @@ -544,18 +467,18 @@ Port search: */ /* Local prototypes */ -static int GetNewPort(struct alias_link *, int); +static int GetNewPort(struct libalias *, struct alias_link *, int); -static u_short GetSocket(u_short, int *, int); +static u_short GetSocket(struct libalias *, u_short, int *, int); -static void CleanupAliasData(void); +static void CleanupAliasData(struct libalias *); -static void IncrementalCleanup(void); +static void IncrementalCleanup(struct libalias *); static void DeleteLink(struct alias_link *); static struct alias_link * -AddLink(struct in_addr, struct in_addr, struct in_addr, +AddLink(struct libalias *, struct in_addr, struct in_addr, struct in_addr, u_short, u_short, int, int); static struct alias_link * @@ -564,10 +487,10 @@ ReLink(struct alias_link *, u_short, u_short, int, int); static struct alias_link * -FindLinkOut(struct in_addr, struct in_addr, u_short, u_short, int, int); +FindLinkOut(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int); static struct alias_link * -FindLinkIn(struct in_addr, struct in_addr, u_short, u_short, int, int); +FindLinkIn(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int); #define ALIAS_PORT_BASE 0x08000 @@ -586,7 +509,7 @@ FindLinkIn(struct in_addr, struct in_addr, u_short, u_short, int, int); unused triplets: (dest addr, dest port, alias port). */ static int -GetNewPort(struct alias_link *link, int alias_port_param) +GetNewPort(struct libalias *la, struct alias_link *link, int alias_port_param) { int i; int max_trials; @@ -611,7 +534,7 @@ GetNewPort(struct alias_link *link, int alias_port_param) */ max_trials = GET_NEW_PORT_MAX_ATTEMPTS; - if (packetAliasMode & PKT_ALIAS_SAME_PORTS) + if (la->packetAliasMode & PKT_ALIAS_SAME_PORTS) { /* * When the PKT_ALIAS_SAME_PORTS option is @@ -652,7 +575,7 @@ GetNewPort(struct alias_link *link, int alias_port_param) int go_ahead; struct alias_link *search_result; - search_result = FindLinkIn(link->dst_addr, link->alias_addr, + search_result = FindLinkIn(la, link->dst_addr, link->alias_addr, link->dst_port, port_net, link->link_type, 0); @@ -666,12 +589,12 @@ GetNewPort(struct alias_link *link, int alias_port_param) if (go_ahead) { - if ((packetAliasMode & PKT_ALIAS_USE_SOCKETS) + if ((la->packetAliasMode & PKT_ALIAS_USE_SOCKETS) && (link->flags & LINK_PARTIALLY_SPECIFIED) && ((link->link_type == LINK_TCP) || (link->link_type == LINK_UDP))) { - if (GetSocket(port_net, &link->sockfd, link->link_type)) + if (GetSocket(la, port_net, &link->sockfd, link->link_type)) { link->alias_port = port_net; return(0); @@ -699,7 +622,7 @@ GetNewPort(struct alias_link *link, int alias_port_param) static u_short -GetSocket(u_short port_net, int *sockfd, int link_type) +GetSocket(struct libalias *la, u_short port_net, int *sockfd, int link_type) { int err; int sock; @@ -736,7 +659,7 @@ GetSocket(u_short port_net, int *sockfd, int link_type) sizeof(sock_addr)); if (err == 0) { - sockCount++; + la->sockCount++; *sockfd = sock; return(1); } @@ -755,7 +678,8 @@ GetSocket(u_short port_net, int *sockfd, int link_type) looks for unused triplets: (dest addr, dest port, alias port). */ int -FindNewPortGroup(struct in_addr dst_addr, +FindNewPortGroup(struct libalias *la, + struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, u_short dst_port, @@ -791,7 +715,7 @@ FindNewPortGroup(struct in_addr dst_addr, */ max_trials = GET_NEW_PORT_MAX_ATTEMPTS; - if (packetAliasMode & PKT_ALIAS_SAME_PORTS) { + if (la->packetAliasMode & PKT_ALIAS_SAME_PORTS) { /* * When the ALIAS_SAME_PORTS option is * chosen, the first try will be the @@ -818,7 +742,7 @@ FindNewPortGroup(struct in_addr dst_addr, struct alias_link *search_result; for (j = 0; j < port_count; j++) - if (0 != (search_result = FindLinkIn(dst_addr, alias_addr, + if (0 != (search_result = FindLinkIn(la, dst_addr, alias_addr, dst_port, htons(port_sys + j), link_type, 0))) break; @@ -845,7 +769,7 @@ FindNewPortGroup(struct in_addr dst_addr, } static void -CleanupAliasData(void) +CleanupAliasData(struct libalias *la) { struct alias_link *link; int i, icount; @@ -853,7 +777,7 @@ CleanupAliasData(void) icount = 0; for (i=0; i<LINK_TABLE_OUT_SIZE; i++) { - link = LIST_FIRST(&linkTableOut[i]); + link = LIST_FIRST(&la->linkTableOut[i]); while (link != NULL) { struct alias_link *link_next; @@ -864,25 +788,25 @@ CleanupAliasData(void) } } - cleanupIndex =0; + la->cleanupIndex =0; } static void -IncrementalCleanup(void) +IncrementalCleanup(struct libalias *la) { int icount; struct alias_link *link; icount = 0; - link = LIST_FIRST(&linkTableOut[cleanupIndex++]); + link = LIST_FIRST(&la->linkTableOut[la->cleanupIndex++]); while (link != NULL) { int idelta; struct alias_link *link_next; link_next = LIST_NEXT(link, list_out); - idelta = timeStamp - link->timestamp; + idelta = la->timeStamp - link->timestamp; switch (link->link_type) { case LINK_TCP: @@ -910,16 +834,17 @@ IncrementalCleanup(void) link = link_next; } - if (cleanupIndex == LINK_TABLE_OUT_SIZE) - cleanupIndex = 0; + if (la->cleanupIndex == LINK_TABLE_OUT_SIZE) + la->cleanupIndex = 0; } static void DeleteLink(struct alias_link *link) { + struct libalias *la = link->la; /* Don't do anything if the link is marked permanent */ - if (deleteAllLinks == 0 && link->flags & LINK_PERMANENT) + if (la->deleteAllLinks == 0 && link->flags & LINK_PERMANENT) return; #ifndef NO_FW_PUNCH @@ -947,7 +872,7 @@ DeleteLink(struct alias_link *link) /* Close socket, if one has been allocated */ if (link->sockfd != -1) { - sockCount--; + la->sockCount--; close(link->sockfd); } @@ -955,30 +880,30 @@ DeleteLink(struct alias_link *link) switch(link->link_type) { case LINK_ICMP: - icmpLinkCount--; + la->icmpLinkCount--; break; case LINK_UDP: - udpLinkCount--; + la->udpLinkCount--; break; case LINK_TCP: - tcpLinkCount--; + la->tcpLinkCount--; free(link->data.tcp); break; case LINK_PPTP: - pptpLinkCount--; + la->pptpLinkCount--; break; case LINK_FRAGMENT_ID: - fragmentIdLinkCount--; + la->fragmentIdLinkCount--; break; case LINK_FRAGMENT_PTR: - fragmentPtrLinkCount--; + la->fragmentPtrLinkCount--; if (link->data.frag_ptr != NULL) free(link->data.frag_ptr); break; case LINK_ADDR: break; default: - protoLinkCount--; + la->protoLinkCount--; break; } @@ -986,15 +911,15 @@ DeleteLink(struct alias_link *link) free(link); /* Write statistics, if logging enabled */ - if (packetAliasMode & PKT_ALIAS_LOG) + if (la->packetAliasMode & PKT_ALIAS_LOG) { - ShowAliasStats(); + ShowAliasStats(la); } } static struct alias_link * -AddLink(struct in_addr src_addr, +AddLink(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, @@ -1009,6 +934,7 @@ AddLink(struct in_addr src_addr, if (link != NULL) { /* Basic initialization */ + link->la = la; link->src_addr = src_addr; link->dst_addr = dst_addr; link->alias_addr = alias_addr; @@ -1021,7 +947,7 @@ AddLink(struct in_addr src_addr, link->sockfd = -1; link->flags = 0; link->pflags = 0; - link->timestamp = timeStamp; + link->timestamp = la->timeStamp; /* Expiration time */ switch (link_type) @@ -1058,7 +984,7 @@ AddLink(struct in_addr src_addr, link->flags |= LINK_UNKNOWN_DEST_PORT; /* Determine alias port */ - if (GetNewPort(link, alias_port_param) != 0) + if (GetNewPort(la, link, alias_port_param) != 0) { free(link); return(NULL); @@ -1070,10 +996,10 @@ AddLink(struct in_addr src_addr, struct tcp_dat *aux_tcp; case LINK_ICMP: - icmpLinkCount++; + la->icmpLinkCount++; break; case LINK_UDP: - udpLinkCount++; + la->udpLinkCount++; break; case LINK_TCP: aux_tcp = malloc(sizeof(struct tcp_dat)); @@ -1081,7 +1007,7 @@ AddLink(struct in_addr src_addr, { int i; - tcpLinkCount++; + la->tcpLinkCount++; aux_tcp->state.in = ALIAS_TCP_STATE_NOT_CONNECTED; aux_tcp->state.out = ALIAS_TCP_STATE_NOT_CONNECTED; aux_tcp->state.index = 0; @@ -1102,29 +1028,29 @@ AddLink(struct in_addr src_addr, } break; case LINK_PPTP: - pptpLinkCount++; + la->pptpLinkCount++; break; case LINK_FRAGMENT_ID: - fragmentIdLinkCount++; + la->fragmentIdLinkCount++; break; case LINK_FRAGMENT_PTR: - fragmentPtrLinkCount++; + la->fragmentPtrLinkCount++; break; case LINK_ADDR: break; default: - protoLinkCount++; + la->protoLinkCount++; break; } /* Set up pointers for output lookup table */ start_point = StartPointOut(src_addr, dst_addr, src_port, dst_port, link_type); - LIST_INSERT_HEAD(&linkTableOut[start_point], link, list_out); + LIST_INSERT_HEAD(&la->linkTableOut[start_point], link, list_out); /* Set up pointers for input lookup table */ start_point = StartPointIn(alias_addr, link->alias_port, link_type); - LIST_INSERT_HEAD(&linkTableIn[start_point], link, list_in); + LIST_INSERT_HEAD(&la->linkTableIn[start_point], link, list_in); } else { @@ -1134,9 +1060,9 @@ AddLink(struct in_addr src_addr, #endif } - if (packetAliasMode & PKT_ALIAS_LOG) + if (la->packetAliasMode & PKT_ALIAS_LOG) { - ShowAliasStats(); + ShowAliasStats(la); } return(link); @@ -1153,8 +1079,9 @@ ReLink(struct alias_link *old_link, int link_type) /* port will be automatically */ { /* chosen. If greater than */ struct alias_link *new_link; /* zero, equal to alias port */ + struct libalias *la = old_link->la; - new_link = AddLink(src_addr, dst_addr, alias_addr, + new_link = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, alias_port_param, link_type); #ifndef NO_FW_PUNCH @@ -1169,7 +1096,7 @@ ReLink(struct alias_link *old_link, } static struct alias_link * -_FindLinkOut(struct in_addr src_addr, +_FindLinkOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short dst_port, @@ -1180,7 +1107,7 @@ _FindLinkOut(struct in_addr src_addr, struct alias_link *link; i = StartPointOut(src_addr, dst_addr, src_port, dst_port, link_type); - LIST_FOREACH(link, &linkTableOut[i], list_out) + LIST_FOREACH(link, &la->linkTableOut[i], list_out) { if (link->src_addr.s_addr == src_addr.s_addr && link->server == NULL @@ -1189,7 +1116,7 @@ _FindLinkOut(struct in_addr src_addr, && link->src_port == src_port && link->link_type == link_type) { - link->timestamp = timeStamp; + link->timestamp = la->timeStamp; break; } } @@ -1199,16 +1126,16 @@ _FindLinkOut(struct in_addr src_addr, { if (dst_port != 0 && dst_addr.s_addr != INADDR_ANY) { - link = _FindLinkOut(src_addr, dst_addr, src_port, 0, + link = _FindLinkOut(la, src_addr, dst_addr, src_port, 0, link_type, 0); if (link == NULL) - link = _FindLinkOut(src_addr, nullAddress, src_port, + link = _FindLinkOut(la, src_addr, la->nullAddress, src_port, dst_port, link_type, 0); } if (link == NULL && (dst_port != 0 || dst_addr.s_addr != INADDR_ANY)) { - link = _FindLinkOut(src_addr, nullAddress, src_port, 0, + link = _FindLinkOut(la, src_addr, la->nullAddress, src_port, 0, link_type, 0); } if (link != NULL) @@ -1224,7 +1151,7 @@ _FindLinkOut(struct in_addr src_addr, } static struct alias_link * -FindLinkOut(struct in_addr src_addr, +FindLinkOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short dst_port, @@ -1233,7 +1160,7 @@ FindLinkOut(struct in_addr src_addr, { struct alias_link *link; - link = _FindLinkOut(src_addr, dst_addr, src_port, dst_port, + link = _FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, replace_partial_links); if (link == NULL) @@ -1242,10 +1169,10 @@ FindLinkOut(struct in_addr src_addr, specified as using the default source address (i.e. device interface address) without knowing in advance what that address is. */ - if (aliasAddress.s_addr != INADDR_ANY && - src_addr.s_addr == aliasAddress.s_addr) + if (la->aliasAddress.s_addr != INADDR_ANY && + src_addr.s_addr == la->aliasAddress.s_addr) { - link = _FindLinkOut(nullAddress, dst_addr, src_port, dst_port, + link = _FindLinkOut(la, la->nullAddress, dst_addr, src_port, dst_port, link_type, replace_partial_links); } } @@ -1255,7 +1182,7 @@ FindLinkOut(struct in_addr src_addr, static struct alias_link * -_FindLinkIn(struct in_addr dst_addr, +_FindLinkIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short dst_port, u_short alias_port, @@ -1287,7 +1214,7 @@ _FindLinkIn(struct in_addr dst_addr, /* Search loop */ start_point = StartPointIn(alias_addr, alias_port, link_type); - LIST_FOREACH(link, &linkTableIn[start_point], list_in) + LIST_FOREACH(link, &la->linkTableIn[start_point], list_in) { int flags; @@ -1343,7 +1270,7 @@ _FindLinkIn(struct in_addr dst_addr, if (link_fully_specified != NULL) { - link_fully_specified->timestamp = timeStamp; + link_fully_specified->timestamp = la->timeStamp; link = link_fully_specified; } else if (link_unknown_dst_port != NULL) @@ -1380,7 +1307,7 @@ _FindLinkIn(struct in_addr dst_addr, } static struct alias_link * -FindLinkIn(struct in_addr dst_addr, +FindLinkIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short dst_port, u_short alias_port, @@ -1389,7 +1316,7 @@ FindLinkIn(struct in_addr dst_addr, { struct alias_link *link; - link = _FindLinkIn(dst_addr, alias_addr, dst_port, alias_port, + link = _FindLinkIn(la, dst_addr, alias_addr, dst_port, alias_port, link_type, replace_partial_links); if (link == NULL) @@ -1398,10 +1325,10 @@ FindLinkIn(struct in_addr dst_addr, specified as using the default aliasing address (i.e. device interface address) without knowing in advance what that address is. */ - if (aliasAddress.s_addr != INADDR_ANY && - alias_addr.s_addr == aliasAddress.s_addr) + if (la->aliasAddress.s_addr != INADDR_ANY && + alias_addr.s_addr == la->aliasAddress.s_addr) { - link = _FindLinkIn(dst_addr, nullAddress, dst_port, alias_port, + link = _FindLinkIn(la, dst_addr, la->nullAddress, dst_port, alias_port, link_type, replace_partial_links); } } @@ -1430,22 +1357,22 @@ FindLinkIn(struct in_addr dst_addr, struct alias_link * -FindIcmpIn(struct in_addr dst_addr, +FindIcmpIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short id_alias, int create) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, id_alias, LINK_ICMP, 0); - if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; - target_addr = FindOriginalAddress(alias_addr); - link = AddLink(target_addr, dst_addr, alias_addr, + target_addr = FindOriginalAddress(la, alias_addr); + link = AddLink(la, target_addr, dst_addr, alias_addr, id_alias, NO_DEST_PORT, id_alias, LINK_ICMP); } @@ -1455,22 +1382,22 @@ FindIcmpIn(struct in_addr dst_addr, struct alias_link * -FindIcmpOut(struct in_addr src_addr, +FindIcmpOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short id, int create) { struct alias_link * link; - link = FindLinkOut(src_addr, dst_addr, + link = FindLinkOut(la, src_addr, dst_addr, id, NO_DEST_PORT, LINK_ICMP, 0); if (link == NULL && create) { struct in_addr alias_addr; - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, + alias_addr = FindAliasAddress(la, src_addr); + link = AddLink(la, src_addr, dst_addr, alias_addr, id, NO_DEST_PORT, GET_ALIAS_ID, LINK_ICMP); } @@ -1480,19 +1407,19 @@ FindIcmpOut(struct in_addr src_addr, struct alias_link * -FindFragmentIn1(struct in_addr dst_addr, +FindFragmentIn1(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short ip_id) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID, 0); if (link == NULL) { - link = AddLink(nullAddress, dst_addr, alias_addr, + link = AddLink(la, la->nullAddress, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID); } @@ -1502,53 +1429,53 @@ FindFragmentIn1(struct in_addr dst_addr, struct alias_link * -FindFragmentIn2(struct in_addr dst_addr, /* Doesn't add a link if one */ +FindFragmentIn2(struct libalias *la, struct in_addr dst_addr, /* Doesn't add a link if one */ struct in_addr alias_addr, /* is not found. */ u_short ip_id) { - return FindLinkIn(dst_addr, alias_addr, + return FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID, 0); } struct alias_link * -AddFragmentPtrLink(struct in_addr dst_addr, +AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr, u_short ip_id) { - return AddLink(nullAddress, dst_addr, nullAddress, + return AddLink(la, la->nullAddress, dst_addr, la->nullAddress, NO_SRC_PORT, NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR); } struct alias_link * -FindFragmentPtr(struct in_addr dst_addr, +FindFragmentPtr(struct libalias *la, struct in_addr dst_addr, u_short ip_id) { - return FindLinkIn(dst_addr, nullAddress, + return FindLinkIn(la, dst_addr, la->nullAddress, NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR, 0); } struct alias_link * -FindProtoIn(struct in_addr dst_addr, +FindProtoIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_char proto) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, 0, proto, 1); - if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; - target_addr = FindOriginalAddress(alias_addr); - link = AddLink(target_addr, dst_addr, alias_addr, + target_addr = FindOriginalAddress(la, alias_addr); + link = AddLink(la, target_addr, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, 0, proto); } @@ -1558,13 +1485,13 @@ FindProtoIn(struct in_addr dst_addr, struct alias_link * -FindProtoOut(struct in_addr src_addr, +FindProtoOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_char proto) { struct alias_link *link; - link = FindLinkOut(src_addr, dst_addr, + link = FindLinkOut(la, src_addr, dst_addr, NO_SRC_PORT, NO_DEST_PORT, proto, 1); @@ -1572,8 +1499,8 @@ FindProtoOut(struct in_addr src_addr, { struct in_addr alias_addr; - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, + alias_addr = FindAliasAddress(la, src_addr); + link = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, 0, proto); } @@ -1583,7 +1510,7 @@ FindProtoOut(struct in_addr src_addr, struct alias_link * -FindUdpTcpIn(struct in_addr dst_addr, +FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short dst_port, u_short alias_port, @@ -1606,16 +1533,16 @@ FindUdpTcpIn(struct in_addr dst_addr, break; } - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, dst_port, alias_port, link_type, create); - if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; - target_addr = FindOriginalAddress(alias_addr); - link = AddLink(target_addr, dst_addr, alias_addr, + target_addr = FindOriginalAddress(la, alias_addr); + link = AddLink(la, target_addr, dst_addr, alias_addr, alias_port, dst_port, alias_port, link_type); } @@ -1625,7 +1552,7 @@ FindUdpTcpIn(struct in_addr dst_addr, struct alias_link * -FindUdpTcpOut(struct in_addr src_addr, +FindUdpTcpOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short dst_port, @@ -1648,14 +1575,14 @@ FindUdpTcpOut(struct in_addr src_addr, break; } - link = FindLinkOut(src_addr, dst_addr, src_port, dst_port, link_type, create); + link = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, create); if (link == NULL && create) { struct in_addr alias_addr; - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, + alias_addr = FindAliasAddress(la, src_addr); + link = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, GET_ALIAS_PORT, link_type); } @@ -1665,14 +1592,14 @@ FindUdpTcpOut(struct in_addr src_addr, struct alias_link * -AddPptp(struct in_addr src_addr, +AddPptp(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, struct in_addr alias_addr, u_int16_t src_call_id) { struct alias_link *link; - link = AddLink(src_addr, dst_addr, alias_addr, + link = AddLink(la, src_addr, dst_addr, alias_addr, src_call_id, 0, GET_ALIAS_PORT, LINK_PPTP); @@ -1681,7 +1608,7 @@ AddPptp(struct in_addr src_addr, struct alias_link * -FindPptpOutByCallId(struct in_addr src_addr, +FindPptpOutByCallId(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_int16_t src_call_id) { @@ -1689,7 +1616,7 @@ FindPptpOutByCallId(struct in_addr src_addr, struct alias_link *link; i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP); - LIST_FOREACH(link, &linkTableOut[i], list_out) + LIST_FOREACH(link, &la->linkTableOut[i], list_out) if (link->link_type == LINK_PPTP && link->src_addr.s_addr == src_addr.s_addr && link->dst_addr.s_addr == dst_addr.s_addr && @@ -1701,7 +1628,7 @@ FindPptpOutByCallId(struct in_addr src_addr, struct alias_link * -FindPptpOutByPeerCallId(struct in_addr src_addr, +FindPptpOutByPeerCallId(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_int16_t dst_call_id) { @@ -1709,7 +1636,7 @@ FindPptpOutByPeerCallId(struct in_addr src_addr, struct alias_link *link; i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP); - LIST_FOREACH(link, &linkTableOut[i], list_out) + LIST_FOREACH(link, &la->linkTableOut[i], list_out) if (link->link_type == LINK_PPTP && link->src_addr.s_addr == src_addr.s_addr && link->dst_addr.s_addr == dst_addr.s_addr && @@ -1721,7 +1648,7 @@ FindPptpOutByPeerCallId(struct in_addr src_addr, struct alias_link * -FindPptpInByCallId(struct in_addr dst_addr, +FindPptpInByCallId(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_int16_t dst_call_id) { @@ -1729,7 +1656,7 @@ FindPptpInByCallId(struct in_addr dst_addr, struct alias_link *link; i = StartPointIn(alias_addr, 0, LINK_PPTP); - LIST_FOREACH(link, &linkTableIn[i], list_in) + LIST_FOREACH(link, &la->linkTableIn[i], list_in) if (link->link_type == LINK_PPTP && link->dst_addr.s_addr == dst_addr.s_addr && link->alias_addr.s_addr == alias_addr.s_addr && @@ -1741,13 +1668,13 @@ FindPptpInByCallId(struct in_addr dst_addr, struct alias_link * -FindPptpInByPeerCallId(struct in_addr dst_addr, +FindPptpInByPeerCallId(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_int16_t alias_call_id) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, 0/* any */, alias_call_id, LINK_PPTP, 0); @@ -1757,7 +1684,7 @@ FindPptpInByPeerCallId(struct in_addr dst_addr, struct alias_link * -FindRtspOut(struct in_addr src_addr, +FindRtspOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short alias_port, @@ -1779,14 +1706,14 @@ FindRtspOut(struct in_addr src_addr, break; } - link = FindLinkOut(src_addr, dst_addr, src_port, 0, link_type, 1); + link = FindLinkOut(la, src_addr, dst_addr, src_port, 0, link_type, 1); if (link == NULL) { struct in_addr alias_addr; - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, + alias_addr = FindAliasAddress(la, src_addr); + link = AddLink(la, src_addr, dst_addr, alias_addr, src_port, 0, alias_port, link_type); } @@ -1796,22 +1723,22 @@ FindRtspOut(struct in_addr src_addr, struct in_addr -FindOriginalAddress(struct in_addr alias_addr) +FindOriginalAddress(struct libalias *la, struct in_addr alias_addr) { struct alias_link *link; - link = FindLinkIn(nullAddress, alias_addr, + link = FindLinkIn(la, la->nullAddress, alias_addr, 0, 0, LINK_ADDR, 0); if (link == NULL) { - newDefaultLink = 1; - if (targetAddress.s_addr == INADDR_ANY) + la->newDefaultLink = 1; + if (la->targetAddress.s_addr == INADDR_ANY) return alias_addr; - else if (targetAddress.s_addr == INADDR_NONE) - return (aliasAddress.s_addr != INADDR_ANY) ? - aliasAddress : alias_addr; + else if (la->targetAddress.s_addr == INADDR_NONE) + return (la->aliasAddress.s_addr != INADDR_ANY) ? + la->aliasAddress : alias_addr; else - return targetAddress; + return la->targetAddress; } else { @@ -1822,8 +1749,8 @@ FindOriginalAddress(struct in_addr alias_addr) link->server = link->server->next; return (src_addr); } else if (link->src_addr.s_addr == INADDR_ANY) - return (aliasAddress.s_addr != INADDR_ANY) ? - aliasAddress : alias_addr; + return (la->aliasAddress.s_addr != INADDR_ANY) ? + la->aliasAddress : alias_addr; else return link->src_addr; } @@ -1831,22 +1758,22 @@ FindOriginalAddress(struct in_addr alias_addr) struct in_addr -FindAliasAddress(struct in_addr original_addr) +FindAliasAddress(struct libalias *la, struct in_addr original_addr) { struct alias_link *link; - link = FindLinkOut(original_addr, nullAddress, + link = FindLinkOut(la, original_addr, la->nullAddress, 0, 0, LINK_ADDR, 0); if (link == NULL) { - return (aliasAddress.s_addr != INADDR_ANY) ? - aliasAddress : original_addr; + return (la->aliasAddress.s_addr != INADDR_ANY) ? + la->aliasAddress : original_addr; } else { if (link->alias_addr.s_addr == INADDR_ANY) - return (aliasAddress.s_addr != INADDR_ANY) ? - aliasAddress : original_addr; + return (la->aliasAddress.s_addr != INADDR_ANY) ? + la->aliasAddress : original_addr; else return link->alias_addr; } @@ -1960,7 +1887,7 @@ struct in_addr GetOriginalAddress(struct alias_link *link) { if (link->src_addr.s_addr == INADDR_ANY) - return aliasAddress; + return link->la->aliasAddress; else return(link->src_addr); } @@ -1977,23 +1904,23 @@ struct in_addr GetAliasAddress(struct alias_link *link) { if (link->alias_addr.s_addr == INADDR_ANY) - return aliasAddress; + return link->la->aliasAddress; else return link->alias_addr; } struct in_addr -GetDefaultAliasAddress() +GetDefaultAliasAddress(struct libalias *la) { - return aliasAddress; + return la->aliasAddress; } void -SetDefaultAliasAddress(struct in_addr alias_addr) +SetDefaultAliasAddress(struct libalias *la, struct in_addr alias_addr) { - aliasAddress = alias_addr; + la->aliasAddress = alias_addr; } @@ -2225,9 +2152,9 @@ SetExpire(struct alias_link *link, int expire) } void -ClearCheckNewLink(void) +ClearCheckNewLink(struct libalias *la) { - newDefaultLink = 0; + la->newDefaultLink = 0; } void @@ -2247,11 +2174,12 @@ GetProtocolFlags(struct alias_link *link) void SetDestCallId(struct alias_link *link, u_int16_t cid) { + struct libalias *la = link->la; - deleteAllLinks = 1; + la->deleteAllLinks = 1; link = ReLink(link, link->src_addr, link->dst_addr, link->alias_addr, link->src_port, cid, link->alias_port, link->link_type); - deleteAllLinks = 0; + la->deleteAllLinks = 0; } @@ -2272,7 +2200,7 @@ SetDestCallId(struct alias_link *link, u_int16_t cid) */ void -HouseKeeping(void) +HouseKeeping(struct libalias *la) { int i, n, n100; struct timeval tv; @@ -2284,11 +2212,11 @@ HouseKeeping(void) * waste timeline by making system calls. */ gettimeofday(&tv, &tz); - timeStamp = tv.tv_sec; + la->timeStamp = tv.tv_sec; /* Compute number of spokes (output table link chains) to cover */ - n100 = LINK_TABLE_OUT_SIZE * 100 + houseKeepingResidual; - n100 *= timeStamp - lastCleanupTime; + n100 = LINK_TABLE_OUT_SIZE * 100 + la->houseKeepingResidual; + n100 *= la->timeStamp - la->lastCleanupTime; n100 /= ALIAS_CLEANUP_INTERVAL_SECS; n = n100/100; @@ -2297,19 +2225,19 @@ HouseKeeping(void) if (n > ALIAS_CLEANUP_MAX_SPOKES) { n = ALIAS_CLEANUP_MAX_SPOKES; - lastCleanupTime = timeStamp; - houseKeepingResidual = 0; + la->lastCleanupTime = la->timeStamp; + la->houseKeepingResidual = 0; for (i=0; i<n; i++) - IncrementalCleanup(); + IncrementalCleanup(la); } else if (n > 0) { - lastCleanupTime = timeStamp; - houseKeepingResidual = n100 - 100*n; + la->lastCleanupTime = la->timeStamp; + la->houseKeepingResidual = n100 - 100*n; for (i=0; i<n; i++) - IncrementalCleanup(); + IncrementalCleanup(la); } else if (n < 0) { @@ -2317,21 +2245,21 @@ HouseKeeping(void) fprintf(stderr, "PacketAlias/HouseKeeping(): "); fprintf(stderr, "something unexpected in time values\n"); #endif - lastCleanupTime = timeStamp; - houseKeepingResidual = 0; + la->lastCleanupTime = la->timeStamp; + la->houseKeepingResidual = 0; } } /* Init the log file and enable logging */ static void -InitPacketAliasLog(void) +InitPacketAliasLog(struct libalias *la) { - if ((~packetAliasMode & PKT_ALIAS_LOG) - && (monitorFile = fopen("/var/log/alias.log", "w"))) + if ((~la->packetAliasMode & PKT_ALIAS_LOG) + && (la->monitorFile = fopen("/var/log/alias.log", "w"))) { - packetAliasMode |= PKT_ALIAS_LOG; - fprintf(monitorFile, + la->packetAliasMode |= PKT_ALIAS_LOG; + fprintf(la->monitorFile, "PacketAlias/InitPacketAliasLog: Packet alias logging enabled.\n"); } } @@ -2339,13 +2267,13 @@ InitPacketAliasLog(void) /* Close the log-file and disable logging. */ static void -UninitPacketAliasLog(void) +UninitPacketAliasLog(struct libalias *la) { - if (monitorFile) { - fclose(monitorFile); - monitorFile = NULL; + if (la->monitorFile) { + fclose(la->monitorFile); + la->monitorFile = NULL; } - packetAliasMode &= ~PKT_ALIAS_LOG; + la->packetAliasMode &= ~PKT_ALIAS_LOG; } @@ -2374,7 +2302,7 @@ UninitPacketAliasLog(void) /* Redirection from a specific public addr:port to a private addr:port */ struct alias_link * -PacketAliasRedirectPort(struct in_addr src_addr, u_short src_port, +LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, u_short src_port, struct in_addr dst_addr, u_short dst_port, struct in_addr alias_addr, u_short alias_port, u_char proto) @@ -2398,7 +2326,7 @@ PacketAliasRedirectPort(struct in_addr src_addr, u_short src_port, return NULL; } - link = AddLink(src_addr, dst_addr, alias_addr, + link = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, alias_port, link_type); @@ -2419,7 +2347,7 @@ PacketAliasRedirectPort(struct in_addr src_addr, u_short src_port, /* Add server to the pool of servers */ int -PacketAliasAddServer(struct alias_link *link, struct in_addr addr, u_short port) +LibAliasAddServer(struct libalias *la, struct alias_link *link, struct in_addr addr, u_short port) { struct server *server; @@ -2450,14 +2378,14 @@ PacketAliasAddServer(struct alias_link *link, struct in_addr addr, u_short port) /* Redirect packets of a given IP protocol from a specific public address to a private address */ struct alias_link * -PacketAliasRedirectProto(struct in_addr src_addr, +LibAliasRedirectProto(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, struct in_addr alias_addr, u_char proto) { struct alias_link *link; - link = AddLink(src_addr, dst_addr, alias_addr, + link = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, 0, proto); @@ -2478,12 +2406,12 @@ PacketAliasRedirectProto(struct in_addr src_addr, /* Static address translation */ struct alias_link * -PacketAliasRedirectAddr(struct in_addr src_addr, +LibAliasRedirectAddr(struct libalias *la, struct in_addr src_addr, struct in_addr alias_addr) { struct alias_link *link; - link = AddLink(src_addr, nullAddress, alias_addr, + link = AddLink(la, src_addr, la->nullAddress, alias_addr, 0, 0, 0, LINK_ADDR); @@ -2505,7 +2433,7 @@ PacketAliasRedirectAddr(struct in_addr src_addr, /* Mark the aliasing link dynamic */ int -PacketAliasRedirectDynamic(struct alias_link *link) +LibAliasRedirectDynamic(struct libalias *la, struct alias_link *link) { if (link->flags & LINK_PARTIALLY_SPECIFIED) @@ -2518,99 +2446,116 @@ PacketAliasRedirectDynamic(struct alias_link *link) void -PacketAliasRedirectDelete(struct alias_link *link) +LibAliasRedirectDelete(struct libalias *la, struct alias_link *link) { /* This is a dangerous function to put in the API, because an invalid pointer can crash the program. */ - deleteAllLinks = 1; + la->deleteAllLinks = 1; DeleteLink(link); - deleteAllLinks = 0; + la->deleteAllLinks = 0; } void -PacketAliasSetAddress(struct in_addr addr) +LibAliasSetAddress(struct libalias *la, struct in_addr addr) { - if (packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE - && aliasAddress.s_addr != addr.s_addr) - CleanupAliasData(); + if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE + && la->aliasAddress.s_addr != addr.s_addr) + CleanupAliasData(la); - aliasAddress = addr; + la->aliasAddress = addr; } void -PacketAliasSetTarget(struct in_addr target_addr) +LibAliasSetTarget(struct libalias *la, struct in_addr target_addr) { - targetAddress = target_addr; + la->targetAddress = target_addr; } +static void +finishoff(void) +{ -void -PacketAliasInit(void) + while(!LIST_EMPTY(&instancehead)) + LibAliasUninit(LIST_FIRST(&instancehead)); +} + +struct libalias * +LibAliasInit(struct libalias *la) { int i; struct timeval tv; struct timezone tz; - static int firstCall = 1; - if (firstCall == 1) + if (la == NULL) { + la = calloc(sizeof *la, 1); + if (la == NULL) + return (la); + if (LIST_EMPTY(&instancehead)) + atexit(finishoff); + LIST_INSERT_HEAD(&instancehead, la, instancelist); + gettimeofday(&tv, &tz); - timeStamp = tv.tv_sec; - lastCleanupTime = tv.tv_sec; - houseKeepingResidual = 0; + la->timeStamp = tv.tv_sec; + la->lastCleanupTime = tv.tv_sec; + la->houseKeepingResidual = 0; for (i=0; i<LINK_TABLE_OUT_SIZE; i++) - LIST_INIT(&linkTableOut[i]); + LIST_INIT(&la->linkTableOut[i]); for (i=0; i<LINK_TABLE_IN_SIZE; i++) - LIST_INIT(&linkTableIn[i]); + LIST_INIT(&la->linkTableIn[i]); - atexit(PacketAliasUninit); - firstCall = 0; } else { - deleteAllLinks = 1; - CleanupAliasData(); - deleteAllLinks = 0; + la->deleteAllLinks = 1; + CleanupAliasData(la); + la->deleteAllLinks = 0; } - aliasAddress.s_addr = INADDR_ANY; - targetAddress.s_addr = INADDR_ANY; + la->aliasAddress.s_addr = INADDR_ANY; + la->targetAddress.s_addr = INADDR_ANY; - icmpLinkCount = 0; - udpLinkCount = 0; - tcpLinkCount = 0; - pptpLinkCount = 0; - protoLinkCount = 0; - fragmentIdLinkCount = 0; - fragmentPtrLinkCount = 0; - sockCount = 0; + la->icmpLinkCount = 0; + la->udpLinkCount = 0; + la->tcpLinkCount = 0; + la->pptpLinkCount = 0; + la->protoLinkCount = 0; + la->fragmentIdLinkCount = 0; + la->fragmentPtrLinkCount = 0; + la->sockCount = 0; - cleanupIndex =0; + la->cleanupIndex =0; - packetAliasMode = PKT_ALIAS_SAME_PORTS + la->packetAliasMode = PKT_ALIAS_SAME_PORTS | PKT_ALIAS_USE_SOCKETS | PKT_ALIAS_RESET_ON_ADDR_CHANGE; +#ifndef NO_FW_PUNCH + la->fireWallFD = -1; +#endif + return (la); } void -PacketAliasUninit(void) { - deleteAllLinks = 1; - CleanupAliasData(); - deleteAllLinks = 0; - UninitPacketAliasLog(); +LibAliasUninit(struct libalias *la) { + la->deleteAllLinks = 1; + CleanupAliasData(la); + la->deleteAllLinks = 0; + UninitPacketAliasLog(la); #ifndef NO_FW_PUNCH - UninitPunchFW(); + UninitPunchFW(la); #endif + LIST_REMOVE(la, instancelist); + free(la); } - /* Change mode for some operations */ unsigned int -PacketAliasSetMode( +LibAliasSetMode( + struct libalias *la, unsigned int flags, /* Which state to bring flags to */ unsigned int mask /* Mask of which flags to affect (use 0 to do a probe for flag values) */ @@ -2619,34 +2564,34 @@ PacketAliasSetMode( /* Enable logging? */ if (flags & mask & PKT_ALIAS_LOG) { - InitPacketAliasLog(); /* Do the enable */ + InitPacketAliasLog(la); /* Do the enable */ } else /* _Disable_ logging? */ if (~flags & mask & PKT_ALIAS_LOG) { - UninitPacketAliasLog(); + UninitPacketAliasLog(la); } #ifndef NO_FW_PUNCH /* Start punching holes in the firewall? */ if (flags & mask & PKT_ALIAS_PUNCH_FW) { - InitPunchFW(); + InitPunchFW(la); } else /* Stop punching holes in the firewall? */ if (~flags & mask & PKT_ALIAS_PUNCH_FW) { - UninitPunchFW(); + UninitPunchFW(la); } #endif /* Other flags can be set/cleared without special action */ - packetAliasMode = (flags & mask) | (packetAliasMode & ~mask); - return packetAliasMode; + la->packetAliasMode = (flags & mask) | (la->packetAliasMode & ~mask); + return la->packetAliasMode; } int -PacketAliasCheckNewLink(void) +LibAliasCheckNewLink(struct libalias *la) { - return newDefaultLink; + return la->newDefaultLink; } @@ -2739,58 +2684,63 @@ fill_rule(void *buf, int bufsize, int rulenum, } #endif /* IPFW2 */ -static void ClearAllFWHoles(void); +static void ClearAllFWHoles(struct libalias *la); -static int fireWallBaseNum; /* The first firewall entry free for our use */ -static int fireWallNumNums; /* How many entries can we use? */ -static int fireWallActiveNum; /* Which entry did we last use? */ -static char *fireWallField; /* bool array for entries */ -#define fw_setfield(field, num) \ +#define fw_setfield(la, field, num) \ do { \ - (field)[(num) - fireWallBaseNum] = 1; \ + (field)[(num) - la->fireWallBaseNum] = 1; \ } /*lint -save -e717 */ while(0) /*lint -restore */ -#define fw_clrfield(field, num) \ + +#define fw_clrfield(la, field, num) \ do { \ - (field)[(num) - fireWallBaseNum] = 0; \ + (field)[(num) - la->fireWallBaseNum] = 0; \ } /*lint -save -e717 */ while(0) /*lint -restore */ -#define fw_tstfield(field, num) ((field)[(num) - fireWallBaseNum]) + +#define fw_tstfield(la, field, num) ((field)[(num) - la->fireWallBaseNum]) static void -InitPunchFW(void) { - fireWallField = malloc(fireWallNumNums); - if (fireWallField) { - memset(fireWallField, 0, fireWallNumNums); - if (fireWallFD < 0) { - fireWallFD = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); +InitPunchFW(struct libalias *la) +{ + + la->fireWallField = malloc(la->fireWallNumNums); + if (la->fireWallField) { + memset(la->fireWallField, 0, la->fireWallNumNums); + if (la->fireWallFD < 0) { + la->fireWallFD = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); } - ClearAllFWHoles(); - fireWallActiveNum = fireWallBaseNum; + ClearAllFWHoles(la); + la->fireWallActiveNum = la->fireWallBaseNum; } } static void -UninitPunchFW(void) { - ClearAllFWHoles(); - if (fireWallFD >= 0) - close(fireWallFD); - fireWallFD = -1; - if (fireWallField) - free(fireWallField); - fireWallField = NULL; - packetAliasMode &= ~PKT_ALIAS_PUNCH_FW; +UninitPunchFW(struct libalias *la) +{ + ClearAllFWHoles(la); + if (la->fireWallFD >= 0) + close(la->fireWallFD); + la->fireWallFD = -1; + if (la->fireWallField) + free(la->fireWallField); + la->fireWallField = NULL; + la->packetAliasMode &= ~PKT_ALIAS_PUNCH_FW; } /* Make a certain link go through the firewall */ void -PunchFWHole(struct alias_link *link) { +PunchFWHole(struct alias_link *link) +{ + struct libalias *la; int r; /* Result code */ struct ip_fw rule; /* On-the-fly built rule */ int fwhole; /* Where to punch hole */ + la = link->la; + /* Don't do anything unless we are asked to */ - if ( !(packetAliasMode & PKT_ALIAS_PUNCH_FW) || - fireWallFD < 0 || + if ( !(la->packetAliasMode & PKT_ALIAS_PUNCH_FW) || + la->fireWallFD < 0 || link->link_type != LINK_TCP) return; @@ -2799,20 +2749,20 @@ PunchFWHole(struct alias_link *link) { /** Build rule **/ /* Find empty slot */ - for (fwhole = fireWallActiveNum; - fwhole < fireWallBaseNum + fireWallNumNums && - fw_tstfield(fireWallField, fwhole); + for (fwhole = la->fireWallActiveNum; + fwhole < la->fireWallBaseNum + la->fireWallNumNums && + fw_tstfield(la, la->fireWallField, fwhole); fwhole++) ; - if (fwhole == fireWallBaseNum + fireWallNumNums) { - for (fwhole = fireWallBaseNum; - fwhole < fireWallActiveNum && - fw_tstfield(fireWallField, fwhole); + if (fwhole == la->fireWallBaseNum + la->fireWallNumNums) { + for (fwhole = la->fireWallBaseNum; + fwhole < la->fireWallActiveNum && + fw_tstfield(la, la->fireWallField, fwhole); fwhole++) ; - if (fwhole == fireWallActiveNum) { + if (fwhole == la->fireWallActiveNum) { /* No rule point empty - we can't punch more holes. */ - fireWallActiveNum = fireWallBaseNum; + la->fireWallActiveNum = la->fireWallBaseNum; #ifdef DEBUG fprintf(stderr, "libalias: Unable to create firewall hole!\n"); #endif @@ -2820,7 +2770,7 @@ PunchFWHole(struct alias_link *link) { } } /* Start next search at next position */ - fireWallActiveNum = fwhole+1; + la->fireWallActiveNum = fwhole+1; /* * generate two rules of the form @@ -2837,7 +2787,7 @@ PunchFWHole(struct alias_link *link) { O_ACCEPT, IPPROTO_TCP, GetOriginalAddress(link), ntohs(GetOriginalPort(link)), GetDestAddress(link), ntohs(GetDestPort(link)) ); - r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); + r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); if (r) err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)"); @@ -2845,7 +2795,7 @@ PunchFWHole(struct alias_link *link) { O_ACCEPT, IPPROTO_TCP, GetDestAddress(link), ntohs(GetDestPort(link)), GetOriginalAddress(link), ntohs(GetOriginalPort(link)) ); - r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); + r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); if (r) err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)"); } @@ -2889,13 +2839,18 @@ PunchFWHole(struct alias_link *link) { #endif /* !IPFW2 */ /* Indicate hole applied */ link->data.tcp->fwhole = fwhole; - fw_setfield(fireWallField, fwhole); + fw_setfield(la, la->fireWallField, fwhole); } /* Remove a hole in a firewall associated with a particular alias link. Calling this too often is harmless. */ static void -ClearFWHole(struct alias_link *link) { +ClearFWHole(struct alias_link *link) +{ + + struct libalias *la; + + la = link->la; if (link->link_type == LINK_TCP) { int fwhole = link->data.tcp->fwhole; /* Where is the firewall hole? */ struct ip_fw rule; @@ -2905,7 +2860,7 @@ ClearFWHole(struct alias_link *link) { memset(&rule, 0, sizeof rule); /* useless for ipfw2 */ #if IPFW2 - while (!setsockopt(fireWallFD, IPPROTO_IP, IP_FW_DEL, + while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &fwhole, sizeof fwhole)) ; #else /* !IPFW2 */ @@ -2914,25 +2869,25 @@ ClearFWHole(struct alias_link *link) { &rule, sizeof rule)) ; #endif /* !IPFW2 */ - fw_clrfield(fireWallField, fwhole); + fw_clrfield(la, la->fireWallField, fwhole); link->data.tcp->fwhole = -1; } } /* Clear out the entire range dedicated to firewall holes. */ static void -ClearAllFWHoles(void) { +ClearAllFWHoles(struct libalias *la) { struct ip_fw rule; /* On-the-fly built rule */ int i; - if (fireWallFD < 0) + if (la->fireWallFD < 0) return; memset(&rule, 0, sizeof rule); - for (i = fireWallBaseNum; i < fireWallBaseNum + fireWallNumNums; i++) { + for (i = la->fireWallBaseNum; i < la->fireWallBaseNum + la->fireWallNumNums; i++) { #if IPFW2 int r = i; - while (!setsockopt(fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, sizeof r)) + while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, sizeof r)) ; #else /* !IPFW2 */ rule.fw_number = i; @@ -2940,19 +2895,20 @@ ClearAllFWHoles(void) { ; #endif /* !IPFW2 */ } - memset(fireWallField, 0, fireWallNumNums); + /* XXX: third arg correct here ? /phk */ + memset(la->fireWallField, 0, la->fireWallNumNums); } #endif void -PacketAliasSetFWBase(unsigned int base, unsigned int num) { +LibAliasSetFWBase(struct libalias *la, unsigned int base, unsigned int num) { #ifndef NO_FW_PUNCH - fireWallBaseNum = base; - fireWallNumNums = num; + la->fireWallBaseNum = base; + la->fireWallNumNums = num; #endif } void -PacketAliasSetSkinnyPort(unsigned int port) { - skinnyPort = port; +LibAliasSetSkinnyPort(struct libalias *la, unsigned int port) { + la->skinnyPort = port; } diff --git a/lib/libalias/alias_ftp.c b/lib/libalias/alias_ftp.c index efc78c7..08693a7 100644 --- a/lib/libalias/alias_ftp.c +++ b/lib/libalias/alias_ftp.c @@ -94,17 +94,15 @@ enum ftp_message_type { FTP_UNKNOWN_MESSAGE }; -static int ParseFtpPortCommand(char *, int); -static int ParseFtpEprtCommand(char *, int); -static int ParseFtp227Reply(char *, int); -static int ParseFtp229Reply(char *, int); -static void NewFtpMessage(struct ip *, struct alias_link *, int, int); - -static struct in_addr true_addr; /* in network byte order. */ -static u_short true_port; /* in host byte order. */ +static int ParseFtpPortCommand(struct libalias *la, char *, int); +static int ParseFtpEprtCommand(struct libalias *la, char *, int); +static int ParseFtp227Reply(struct libalias *la, char *, int); +static int ParseFtp229Reply(struct libalias *la, char *, int); +static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int); void AliasHandleFtpOut( +struct libalias *la, struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link, /* The link to go through (aliased port) */ int maxpacketsize /* The maximum size this packet can grow to (including headers) */) @@ -136,24 +134,24 @@ int maxpacketsize /* The maximum size this packet can grow to (including header /* * When aliasing a client, check for the PORT/EPRT command. */ - if (ParseFtpPortCommand(sptr, dlen)) + if (ParseFtpPortCommand(la, sptr, dlen)) ftp_message_type = FTP_PORT_COMMAND; - else if (ParseFtpEprtCommand(sptr, dlen)) + else if (ParseFtpEprtCommand(la, sptr, dlen)) ftp_message_type = FTP_EPRT_COMMAND; } else { /* * When aliasing a server, check for the 227/229 reply. */ - if (ParseFtp227Reply(sptr, dlen)) + if (ParseFtp227Reply(la, sptr, dlen)) ftp_message_type = FTP_227_REPLY; - else if (ParseFtp229Reply(sptr, dlen)) { + else if (ParseFtp229Reply(la, sptr, dlen)) { ftp_message_type = FTP_229_REPLY; - true_addr.s_addr = pip->ip_src.s_addr; + la->true_addr.s_addr = pip->ip_src.s_addr; } } if (ftp_message_type != FTP_UNKNOWN_MESSAGE) - NewFtpMessage(pip, link, maxpacketsize, ftp_message_type); + NewFtpMessage(la, pip, link, maxpacketsize, ftp_message_type); } /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */ @@ -170,7 +168,7 @@ int maxpacketsize /* The maximum size this packet can grow to (including header } static int -ParseFtpPortCommand(char *sptr, int dlen) +ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen) { char ch; int i, state; @@ -228,15 +226,15 @@ ParseFtpPortCommand(char *sptr, int dlen) } if (state == 13) { - true_addr.s_addr = htonl(addr); - true_port = port; + la->true_addr.s_addr = htonl(addr); + la->true_port = port; return 1; } else return 0; } static int -ParseFtpEprtCommand(char *sptr, int dlen) +ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen) { char ch, delim; int i, state; @@ -315,15 +313,15 @@ ParseFtpEprtCommand(char *sptr, int dlen) } if (state == 13) { - true_addr.s_addr = htonl(addr); - true_port = port; + la->true_addr.s_addr = htonl(addr); + la->true_port = port; return 1; } else return 0; } static int -ParseFtp227Reply(char *sptr, int dlen) +ParseFtp227Reply(struct libalias *la, char *sptr, int dlen) { char ch; int i, state; @@ -381,15 +379,15 @@ ParseFtp227Reply(char *sptr, int dlen) } if (state == 13) { - true_port = port; - true_addr.s_addr = htonl(addr); + la->true_port = port; + la->true_addr.s_addr = htonl(addr); return 1; } else return 0; } static int -ParseFtp229Reply(char *sptr, int dlen) +ParseFtp229Reply(struct libalias *la, char *sptr, int dlen) { char ch, delim; int i, state; @@ -452,14 +450,14 @@ ParseFtp229Reply(char *sptr, int dlen) } if (state == 7) { - true_port = port; + la->true_port = port; return 1; } else return 0; } static void -NewFtpMessage(struct ip *pip, +NewFtpMessage(struct libalias *la, struct ip *pip, struct alias_link *link, int maxpacketsize, int ftp_message_type) @@ -467,15 +465,15 @@ NewFtpMessage(struct ip *pip, struct alias_link *ftp_link; /* Security checks. */ - if (pip->ip_src.s_addr != true_addr.s_addr) + if (pip->ip_src.s_addr != la->true_addr.s_addr) return; - if (true_port < IPPORT_RESERVED) + if (la->true_port < IPPORT_RESERVED) return; /* Establish link to address and port found in FTP control message. */ - ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link), - htons(true_port), 0, IPPROTO_TCP, 1); + ftp_link = FindUdpTcpOut(la, la->true_addr, GetDestAddress(link), + htons(la->true_port), 0, IPPROTO_TCP, 1); if (ftp_link != NULL) { diff --git a/lib/libalias/alias_irc.c b/lib/libalias/alias_irc.c index 02a2bb2..3b2ff92 100644 --- a/lib/libalias/alias_irc.c +++ b/lib/libalias/alias_irc.c @@ -65,7 +65,8 @@ __FBSDID("$FreeBSD$"); void -AliasHandleIrcOut(struct ip *pip, /* IP packet to examine */ +AliasHandleIrcOut(struct libalias *la, + struct ip *pip, /* IP packet to examine */ struct alias_link *link, /* Which link are we on? */ int maxsize /* Maximum size of IP packet including headers */ ) @@ -246,7 +247,7 @@ lFOUND_CTCP: /* Steal the FTP_DATA_PORT - it doesn't really matter, and this would probably allow it through at least _some_ firewalls. */ - dcc_link = FindUdpTcpOut(true_addr, destaddr, + dcc_link = FindUdpTcpOut(la, true_addr, destaddr, true_port, 0, IPPROTO_TCP, 1); DBprintf(("Got a DCC link\n")); diff --git a/lib/libalias/alias_local.h b/lib/libalias/alias_local.h index d207f9f..0ed289a 100644 --- a/lib/libalias/alias_local.h +++ b/lib/libalias/alias_local.h @@ -46,6 +46,92 @@ #ifndef _ALIAS_LOCAL_H_ #define _ALIAS_LOCAL_H_ +#include <sys/queue.h> + +/* Sizes of input and output link tables */ +#define LINK_TABLE_OUT_SIZE 101 +#define LINK_TABLE_IN_SIZE 4001 + +struct proxy_entry; + +struct libalias { + LIST_ENTRY(libalias) instancelist; + + int packetAliasMode; /* Mode flags */ + /* - documented in alias.h */ + + struct in_addr aliasAddress; /* Address written onto source */ + /* field of IP packet. */ + + struct in_addr targetAddress; /* IP address incoming packets */ + /* are sent to if no aliasing */ + /* link already exists */ + + struct in_addr nullAddress; /* Used as a dummy parameter for */ + /* some function calls */ + + LIST_HEAD(, alias_link) linkTableOut[LINK_TABLE_OUT_SIZE]; + /* Lookup table of pointers to */ + /* chains of link records. Each */ + + LIST_HEAD(, alias_link) linkTableIn[LINK_TABLE_IN_SIZE]; + /* link record is doubly indexed */ + /* into input and output lookup */ + /* tables. */ + + /* Link statistics */ + int icmpLinkCount; + int udpLinkCount; + int tcpLinkCount; + int pptpLinkCount; + int protoLinkCount; + int fragmentIdLinkCount; + int fragmentPtrLinkCount; + int sockCount; + + int cleanupIndex; /* Index to chain of link table */ + /* being inspected for old links */ + + int timeStamp; /* System time in seconds for */ + /* current packet */ + + int lastCleanupTime; /* Last time IncrementalCleanup() */ + /* was called */ + + int houseKeepingResidual; /* used by HouseKeeping() */ + + int deleteAllLinks; /* If equal to zero, DeleteLink() */ + /* will not remove permanent links */ + + FILE *monitorFile; /* File descriptor for link */ + /* statistics monitoring file */ + + int newDefaultLink; /* Indicates if a new aliasing */ + /* link has been created after a */ + /* call to PacketAliasIn/Out(). */ + +#ifndef NO_FW_PUNCH + int fireWallFD; /* File descriptor to be able to */ + /* control firewall. Opened by */ + /* PacketAliasSetMode on first */ + /* setting the PKT_ALIAS_PUNCH_FW */ + /* flag. */ + int fireWallBaseNum; /* The first firewall entry free for our use */ + int fireWallNumNums; /* How many entries can we use? */ + int fireWallActiveNum; /* Which entry did we last use? */ + char *fireWallField; /* bool array for entries */ +#endif + + unsigned int skinnyPort; /* TCP port used by the Skinny */ + /* protocol. */ + + struct proxy_entry *proxyList; + + struct in_addr true_addr; /* in network byte order. */ + u_short true_port; /* in host byte order. */ + +}; + /* Macros */ /* @@ -71,10 +157,6 @@ } \ } while (0) -/* Globals */ - -extern int packetAliasMode; -extern unsigned int skinnyPort; /* Prototypes */ @@ -86,58 +168,58 @@ void DifferentialChecksum(u_short *_cksum, u_short *_new, u_short *_old, /* Internal data access */ struct alias_link * - FindIcmpIn(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _id_alias, int _create); struct alias_link * - FindIcmpOut(struct in_addr _src_addr, struct in_addr _dst_addr, + FindIcmpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_short _id, int _create); struct alias_link * - FindFragmentIn1(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindFragmentIn1(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); struct alias_link * - FindFragmentIn2(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindFragmentIn2(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); struct alias_link * - AddFragmentPtrLink(struct in_addr _dst_addr, u_short _ip_id); + AddFragmentPtrLink(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); struct alias_link * - FindFragmentPtr(struct in_addr _dst_addr, u_short _ip_id); + FindFragmentPtr(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); struct alias_link * - FindProtoIn(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindProtoIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_char _proto); struct alias_link * - FindProtoOut(struct in_addr _src_addr, struct in_addr _dst_addr, + FindProtoOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_char _proto); struct alias_link * - FindUdpTcpIn(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _dst_port, u_short _alias_port, u_char _proto, int _create); struct alias_link * - FindUdpTcpOut(struct in_addr _src_addr, struct in_addr _dst_addr, + FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_short _src_port, u_short _dst_port, u_char _proto, int _create); struct alias_link * - AddPptp(struct in_addr _src_addr, struct in_addr _dst_addr, + AddPptp(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, struct in_addr _alias_addr, u_int16_t _src_call_id); struct alias_link * - FindPptpOutByCallId(struct in_addr _src_addr, + FindPptpOutByCallId(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _src_call_id); struct alias_link * - FindPptpInByCallId(struct in_addr _dst_addr, + FindPptpInByCallId(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_int16_t _dst_call_id); struct alias_link * - FindPptpOutByPeerCallId(struct in_addr _src_addr, + FindPptpOutByPeerCallId(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _dst_call_id); struct alias_link * - FindPptpInByPeerCallId(struct in_addr _dst_addr, + FindPptpInByPeerCallId(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_int16_t _alias_call_id); struct alias_link * - FindRtspOut(struct in_addr _src_addr, struct in_addr _dst_addr, + FindRtspOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_short _src_port, u_short _alias_port, u_char _proto); struct in_addr - FindOriginalAddress(struct in_addr _alias_addr); + FindOriginalAddress(struct libalias *la, struct in_addr _alias_addr); struct in_addr - FindAliasAddress(struct in_addr _original_addr); + FindAliasAddress(struct libalias *la, struct in_addr _original_addr); /* External data access/modification */ -int FindNewPortGroup(struct in_addr _dst_addr, struct in_addr _alias_addr, +int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _src_port, u_short _dst_port, u_short _port_count, u_char _proto, u_char _align); void GetFragmentAddr(struct alias_link *_link, struct in_addr *_src_addr); @@ -155,8 +237,8 @@ struct in_addr struct in_addr GetAliasAddress(struct alias_link *_link); struct in_addr - GetDefaultAliasAddress(void); -void SetDefaultAliasAddress(struct in_addr _alias_addr); + GetDefaultAliasAddress(struct libalias *la); +void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr); u_short GetOriginalPort(struct alias_link *_link); u_short GetAliasPort(struct alias_link *_link); struct in_addr @@ -170,7 +252,7 @@ int GetDeltaAckIn(struct ip *_pip, struct alias_link *_link); int GetDeltaSeqOut(struct ip *_pip, struct alias_link *_link); void AddSeq(struct ip *_pip, struct alias_link *_link, int _delta); void SetExpire(struct alias_link *_link, int _expire); -void ClearCheckNewLink(void); +void ClearCheckNewLink(struct libalias *la); void SetProtocolFlags(struct alias_link *_link, int _pflags); int GetProtocolFlags(struct alias_link *_link); void SetDestCallId(struct alias_link *_link, u_int16_t _cid); @@ -179,47 +261,47 @@ void PunchFWHole(struct alias_link *_link); #endif /* Housekeeping function */ -void HouseKeeping(void); +void HouseKeeping(struct libalias *); /* Tcp specfic routines */ /* lint -save -library Suppress flexelint warnings */ /* FTP routines */ -void AliasHandleFtpOut(struct ip *_pip, struct alias_link *_link, +void AliasHandleFtpOut(struct libalias *la, struct ip *_pip, struct alias_link *_link, int _maxpacketsize); /* IRC routines */ -void AliasHandleIrcOut(struct ip *_pip, struct alias_link *_link, +void AliasHandleIrcOut(struct libalias *la, struct ip *_pip, struct alias_link *_link, int _maxsize); /* RTSP routines */ -void AliasHandleRtspOut(struct ip *_pip, struct alias_link *_link, +void AliasHandleRtspOut(struct libalias *la, struct ip *_pip, struct alias_link *_link, int _maxpacketsize); /* PPTP routines */ -void AliasHandlePptpOut(struct ip *_pip, struct alias_link *_link); -void AliasHandlePptpIn(struct ip *_pip, struct alias_link *_link); -int AliasHandlePptpGreOut(struct ip *_pip); -int AliasHandlePptpGreIn(struct ip *_pip); +void AliasHandlePptpOut(struct libalias *la, struct ip *_pip, struct alias_link *_link); +void AliasHandlePptpIn(struct libalias *la, struct ip *_pip, struct alias_link *_link); +int AliasHandlePptpGreOut(struct libalias *la, struct ip *_pip); +int AliasHandlePptpGreIn(struct libalias *la, struct ip *_pip); /* NetBIOS routines */ -int AliasHandleUdpNbt(struct ip *_pip, struct alias_link *_link, +int AliasHandleUdpNbt(struct libalias *la, struct ip *_pip, struct alias_link *_link, struct in_addr *_alias_address, u_short _alias_port); -int AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link, +int AliasHandleUdpNbtNS(struct libalias *la, struct ip *_pip, struct alias_link *_link, struct in_addr *_alias_address, u_short *_alias_port, struct in_addr *_original_address, u_short *_original_port); /* CUSeeMe routines */ -void AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link); -void AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr); +void AliasHandleCUSeeMeOut(struct libalias *la, struct ip *_pip, struct alias_link *_link); +void AliasHandleCUSeeMeIn(struct libalias *la, struct ip *_pip, struct in_addr _original_addr); /* Skinny routines */ -void AliasHandleSkinny(struct ip *_pip, struct alias_link *_link); +void AliasHandleSkinny(struct libalias *la, struct ip *_pip, struct alias_link *_link); /* Transparent proxy routines */ -int ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr, +int ProxyCheck(struct libalias *la, struct ip *_pip, struct in_addr *_proxy_server_addr, u_short *_proxy_server_port); -void ProxyModify(struct alias_link *_link, struct ip *_pip, +void ProxyModify(struct libalias *la, struct alias_link *_link, struct ip *_pip, int _maxpacketsize, int _proxy_type); enum alias_tcp_state { diff --git a/lib/libalias/alias_nbt.c b/lib/libalias/alias_nbt.c index 508bf51..9ff9cf0 100644 --- a/lib/libalias/alias_nbt.c +++ b/lib/libalias/alias_nbt.c @@ -196,6 +196,7 @@ static u_char *AliasHandleName ( u_char *p, char *pmax ) { #define DGM_NEGATIVE_RES 0x16 int AliasHandleUdpNbt( + struct libalias *la, struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link, struct in_addr *alias_address, @@ -612,6 +613,7 @@ AliasHandleResource( } int AliasHandleUdpNbtNS( + struct libalias *la, struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link, struct in_addr *alias_address, diff --git a/lib/libalias/alias_old.c b/lib/libalias/alias_old.c new file mode 100644 index 0000000..51e6f32 --- /dev/null +++ b/lib/libalias/alias_old.c @@ -0,0 +1,205 @@ +/*- + * Copyright (c) 2004 Poul-Henning Kamp <phk@FreeBSD.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <stdlib.h> +#include <sys/types.h> +#include <netinet/in.h> +#include <alias.h> + +/* + * These functions are for backwards compatibility and because apps may + * be linked against shlib versions, they have to be actual functions, + * we cannot inline them. + */ + +static struct libalias *la; + +void +PacketAliasInit(void) +{ + + la = LibAliasInit(la); +} + +void +PacketAliasSetAddress(struct in_addr _addr) +{ + + LibAliasSetAddress(la, _addr); +} + +void +PacketAliasSetFWBase(unsigned int _base, unsigned int _num) +{ + + LibAliasSetFWBase(la, _base, _num); +} + +void +PacketAliasSetSkinnyPort(unsigned int _port) +{ + + LibAliasSetSkinnyPort(la, _port); +} + +unsigned int +PacketAliasSetMode(unsigned int _flags, unsigned int _mask) +{ + + return LibAliasSetMode(la, _flags, _mask); +} + +void +PacketAliasUninit(void) +{ + + LibAliasUninit(la); + la = NULL; +} + +int +PacketAliasIn(char *_ptr, int _maxpacketsize) +{ + return LibAliasIn(la, _ptr, _maxpacketsize); +} + +int +PacketAliasOut(char *_ptr, int _maxpacketsize) +{ + + return LibAliasOut(la, _ptr, _maxpacketsize); +} + +int +PacketUnaliasOut(char *_ptr, int _maxpacketsize) +{ + + return LibAliasUnaliasOut(la, _ptr, _maxpacketsize); +} + +int +PacketAliasAddServer(struct alias_link *_link, + struct in_addr _addr, unsigned short _port) +{ + + return LibAliasAddServer(la, _link, _addr, _port); +} + +struct alias_link * +PacketAliasRedirectAddr(struct in_addr _src_addr, + struct in_addr _alias_addr) +{ + + return LibAliasRedirectAddr(la, _src_addr, _alias_addr); +} + + +int +PacketAliasRedirectDynamic(struct alias_link *_link) +{ + + return LibAliasRedirectDynamic(la, _link); +} + +void +PacketAliasRedirectDelete(struct alias_link *_link) +{ + + LibAliasRedirectDelete(la, _link); +} + +struct alias_link * +PacketAliasRedirectPort(struct in_addr _src_addr, + unsigned short _src_port, struct in_addr _dst_addr, + unsigned short _dst_port, struct in_addr _alias_addr, + unsigned short _alias_port, unsigned char _proto) +{ + + return LibAliasRedirectPort(la, _src_addr, _src_port, _dst_addr, + _dst_port, _alias_addr, _alias_port, _proto); +} + +struct alias_link * +PacketAliasRedirectProto(struct in_addr _src_addr, + struct in_addr _dst_addr, struct in_addr _alias_addr, + unsigned char _proto) +{ + + return LibAliasRedirectProto(la, _src_addr, _dst_addr, _alias_addr, + _proto); +} + +void +PacketAliasFragmentIn(char *_ptr, char *_ptr_fragment) +{ + + LibAliasFragmentIn(la, _ptr, _ptr_fragment); +} + +char * +PacketAliasGetFragment(char *_ptr) +{ + + return LibAliasGetFragment(la, _ptr); +} + +int +PacketAliasSaveFragment(char *_ptr) +{ + return LibAliasSaveFragment(la, _ptr); +} + +int +PacketAliasCheckNewLink(void) +{ + + return LibAliasCheckNewLink(la); +} + +unsigned short +PacketAliasInternetChecksum(unsigned short *_ptr, int _nbytes) +{ + + return LibAliasInternetChecksum(la, _ptr, _nbytes); +} + +void +PacketAliasSetTarget(struct in_addr _target_addr) +{ + + LibAliasSetTarget(la, _target_addr); +} + +/* Transparent proxying routines. */ +int +PacketAliasProxyRule(const char *_cmd) +{ + + return LibAliasProxyRule(la, _cmd); +} diff --git a/lib/libalias/alias_pptp.c b/lib/libalias/alias_pptp.c index 2d3d9ac..946ae2f 100644 --- a/lib/libalias/alias_pptp.c +++ b/lib/libalias/alias_pptp.c @@ -145,7 +145,8 @@ static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *); void -AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ +AliasHandlePptpOut(struct libalias *la, + struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link) /* The PPTP control link */ { struct alias_link *pptp_link; @@ -165,13 +166,13 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ case PPTP_InCallRequest: case PPTP_InCallReply: /* Establish PPTP link for address and Call ID found in control message. */ - pptp_link = AddPptp(GetOriginalAddress(link), GetDestAddress(link), + pptp_link = AddPptp(la, GetOriginalAddress(link), GetDestAddress(link), GetAliasAddress(link), cptr->cid1); break; case PPTP_CallClearRequest: case PPTP_CallDiscNotify: /* Find PPTP link for address and Call ID found in control message. */ - pptp_link = FindPptpOutByCallId(GetOriginalAddress(link), + pptp_link = FindPptpOutByCallId(la, GetOriginalAddress(link), GetDestAddress(link), cptr->cid1); break; @@ -208,7 +209,8 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ } void -AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */ +AliasHandlePptpIn(struct libalias *la, + struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link) /* The PPTP control link */ { struct alias_link *pptp_link; @@ -234,7 +236,7 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */ pcall_id = &cptr->cid2; break; case PPTP_CallDiscNotify: /* Connection closed. */ - pptp_link = FindPptpInByCallId(GetDestAddress(link), + pptp_link = FindPptpInByCallId(la, GetDestAddress(link), GetAliasAddress(link), cptr->cid1); if (pptp_link != NULL) @@ -245,7 +247,7 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */ } /* Find PPTP link for address and Call ID found in PPTP Control Msg */ - pptp_link = FindPptpInByPeerCallId(GetDestAddress(link), + pptp_link = FindPptpInByPeerCallId(la, GetDestAddress(link), GetAliasAddress(link), *pcall_id); @@ -311,7 +313,7 @@ AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch int -AliasHandlePptpGreOut(struct ip *pip) +AliasHandlePptpGreOut(struct libalias *la, struct ip *pip) { GreHdr *gr; struct alias_link *link; @@ -322,7 +324,7 @@ AliasHandlePptpGreOut(struct ip *pip) if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) return (-1); - link = FindPptpOutByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id); + link = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); if (link != NULL) { struct in_addr alias_addr = GetAliasAddress(link); @@ -339,7 +341,7 @@ AliasHandlePptpGreOut(struct ip *pip) int -AliasHandlePptpGreIn(struct ip *pip) +AliasHandlePptpGreIn(struct libalias *la, struct ip *pip) { GreHdr *gr; struct alias_link *link; @@ -350,7 +352,7 @@ AliasHandlePptpGreIn(struct ip *pip) if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) return (-1); - link = FindPptpInByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id); + link = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); if (link != NULL) { struct in_addr src_addr = GetOriginalAddress(link); diff --git a/lib/libalias/alias_proxy.c b/lib/libalias/alias_proxy.c index b9a9798..8eb728a 100644 --- a/lib/libalias/alias_proxy.c +++ b/lib/libalias/alias_proxy.c @@ -86,6 +86,7 @@ __FBSDID("$FreeBSD$"); */ struct proxy_entry { + struct libalias *la; #define PROXY_TYPE_ENCODE_NONE 1 #define PROXY_TYPE_ENCODE_TCPSTREAM 2 #define PROXY_TYPE_ENCODE_IPHDR 3 @@ -113,8 +114,6 @@ struct proxy_entry File scope variables */ -static struct proxy_entry *proxyList; - /* Local (static) functions: @@ -138,9 +137,9 @@ static struct proxy_entry *proxyList; static int IpMask(int, struct in_addr *); static int IpAddr(char *, struct in_addr *); static int IpPort(char *, int, int *); -static void RuleAdd(struct proxy_entry *); +static void RuleAdd(struct libalias *la, struct proxy_entry *); static void RuleDelete(struct proxy_entry *); -static int RuleNumberDelete(int); +static int RuleNumberDelete(struct libalias *la, int); static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int); static void ProxyEncodeIpHeader(struct ip *, int); @@ -197,22 +196,23 @@ IpPort(char *s, int proto, int *port) } void -RuleAdd(struct proxy_entry *entry) +RuleAdd(struct libalias *la, struct proxy_entry *entry) { int rule_index; struct proxy_entry *ptr; struct proxy_entry *ptr_last; - if (proxyList == NULL) + if (la->proxyList == NULL) { - proxyList = entry; + la->proxyList = entry; entry->last = NULL; entry->next = NULL; return; } + entry->la = la; rule_index = entry->rule_index; - ptr = proxyList; + ptr = la->proxyList; ptr_last = NULL; while (ptr != NULL) { @@ -220,10 +220,10 @@ RuleAdd(struct proxy_entry *entry) { if (ptr_last == NULL) { - entry->next = proxyList; + entry->next = la->proxyList; entry->last = NULL; - proxyList->last = entry; - proxyList = entry; + la->proxyList->last = entry; + la->proxyList = entry; return; } @@ -245,10 +245,13 @@ RuleAdd(struct proxy_entry *entry) static void RuleDelete(struct proxy_entry *entry) { + struct libalias *la; + + la = entry->la; if (entry->last != NULL) entry->last->next = entry->next; else - proxyList = entry->next; + la->proxyList = entry->next; if (entry->next != NULL) entry->next->last = entry->last; @@ -257,13 +260,13 @@ RuleDelete(struct proxy_entry *entry) } static int -RuleNumberDelete(int rule_index) +RuleNumberDelete(struct libalias *la, int rule_index) { int err; struct proxy_entry *ptr; err = -1; - ptr = proxyList; + ptr = la->proxyList; while (ptr != NULL) { struct proxy_entry *ptr_next; @@ -447,7 +450,7 @@ ProxyEncodeIpHeader(struct ip *pip, */ int -ProxyCheck(struct ip *pip, +ProxyCheck(struct libalias *la, struct ip *pip, struct in_addr *proxy_server_addr, u_short *proxy_server_port) { @@ -461,7 +464,7 @@ ProxyCheck(struct ip *pip, dst_port = ((struct tcphdr *) ((char *) pip + (pip->ip_hl << 2))) ->th_dport; - ptr = proxyList; + ptr = la->proxyList; while (ptr != NULL) { u_short proxy_port; @@ -493,7 +496,7 @@ ProxyCheck(struct ip *pip, } void -ProxyModify(struct alias_link *link, +ProxyModify(struct libalias *la, struct alias_link *link, struct ip *pip, int maxpacketsize, int proxy_type) @@ -516,7 +519,7 @@ ProxyModify(struct alias_link *link, */ int -PacketAliasProxyRule(const char *cmd) +LibAliasProxyRule(struct libalias *la, const char *cmd) { /* * This function takes command strings of the form: @@ -694,7 +697,7 @@ PacketAliasProxyRule(const char *cmd) n = sscanf(token, "%d", &rule_to_delete); if (n != 1) return -1; - err = RuleNumberDelete(rule_to_delete); + err = RuleNumberDelete(la, rule_to_delete); if (err) return -1; return 0; @@ -831,7 +834,7 @@ PacketAliasProxyRule(const char *cmd) proxy_entry->src_mask = src_mask; proxy_entry->dst_mask = dst_mask; - RuleAdd(proxy_entry); + RuleAdd(la, proxy_entry); return 0; } diff --git a/lib/libalias/alias_skinny.c b/lib/libalias/alias_skinny.c index 055c05b..d674893 100644 --- a/lib/libalias/alias_skinny.c +++ b/lib/libalias/alias_skinny.c @@ -173,7 +173,7 @@ alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip, } static int -alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack, +alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opnrcvch_ack, struct ip * pip, struct tcphdr *tc, struct alias_link *link, u_int32_t *localIpAddr, ConvDirection direction) @@ -186,7 +186,7 @@ alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack, localPort = opnrcvch_ack->port; null_addr.s_addr = INADDR_ANY; - opnrcv_link = FindUdpTcpOut(pip->ip_src, null_addr, + opnrcv_link = FindUdpTcpOut(la, pip->ip_src, null_addr, htons((u_short) opnrcvch_ack->port), 0, IPPROTO_UDP, 1); opnrcvch_ack->ipAddr = (u_int32_t) GetAliasAddress(opnrcv_link).s_addr; @@ -199,7 +199,7 @@ alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack, } void -AliasHandleSkinny(struct ip *pip, struct alias_link *link) +AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *link) { int hlen, tlen, dlen; struct tcphdr *tc; @@ -220,9 +220,9 @@ AliasHandleSkinny(struct ip *pip, struct alias_link *link) * handle the scenario where the call manager is on the inside, and * the calling phone is on the global outside. */ - if (ntohs(tc->th_dport) == skinnyPort) { + if (ntohs(tc->th_dport) == la->skinnyPort) { direction = ClientToServer; - } else if (ntohs(tc->th_sport) == skinnyPort) { + } else if (ntohs(tc->th_sport) == la->skinnyPort) { direction = ServerToClient; } else { #ifdef DEBUG @@ -306,7 +306,7 @@ AliasHandleSkinny(struct ip *pip, struct alias_link *link) "PacketAlias/Skinny: Received open rcv channel msg\n"); #endif opnrcvchn_ack = (struct OpenReceiveChannelAck *) & sd->msgId; - alias_skinny_opnrcvch_ack(opnrcvchn_ack, pip, tc, link, &lip, direction); + alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, link, &lip, direction); } break; case START_MEDIATX: diff --git a/lib/libalias/alias_smedia.c b/lib/libalias/alias_smedia.c index a3ba7ae..600563ce 100644 --- a/lib/libalias/alias_smedia.c +++ b/lib/libalias/alias_smedia.c @@ -137,7 +137,7 @@ search_string(char *data, int dlen, const char *search_str) } static int -alias_rtsp_out(struct ip *pip, +alias_rtsp_out(struct libalias *la, struct ip *pip, struct alias_link *link, char *data, const char *port_str) @@ -221,8 +221,8 @@ alias_rtsp_out(struct ip *pip, /* Find an even numbered port number base that satisfies the contiguous number of ports we need */ null_addr.s_addr = 0; - if (0 == (salias = FindNewPortGroup(null_addr, - FindAliasAddress(pip->ip_src), + if (0 == (salias = FindNewPortGroup(la, null_addr, + FindAliasAddress(la, pip->ip_src), sport, 0, RTSP_PORT_GROUP, IPPROTO_UDP, 1))) { @@ -235,7 +235,7 @@ alias_rtsp_out(struct ip *pip, base_alias = ntohs(salias); for (j = 0; j < RTSP_PORT_GROUP; j++) { /* Establish link to port found in RTSP packet */ - rtsp_link = FindRtspOut(GetOriginalAddress(link), null_addr, + rtsp_link = FindRtspOut(la, GetOriginalAddress(link), null_addr, htons(base_port + j), htons(base_alias + j), IPPROTO_UDP); if (rtsp_link != NULL) { @@ -319,7 +319,7 @@ alias_rtsp_out(struct ip *pip, /* Support the protocol used by early versions of RealPlayer */ static int -alias_pna_out(struct ip *pip, +alias_pna_out(struct libalias *la, struct ip *pip, struct alias_link *link, char *data, int dlen) @@ -343,7 +343,7 @@ alias_pna_out(struct ip *pip, } if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) { memcpy(&port, work, 2); - pna_links = FindUdpTcpOut(pip->ip_src, GetDestAddress(link), + pna_links = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(link), port, 0, IPPROTO_UDP, 1); if (pna_links != NULL) { #ifndef NO_FW_PUNCH @@ -366,7 +366,7 @@ alias_pna_out(struct ip *pip, } void -AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize) +AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *link, int maxpacketsize) { int hlen, tlen, dlen; struct tcphdr *tc; @@ -390,13 +390,13 @@ AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize) if (dlen >= strlen(setup)) { if (memcmp(data, setup, strlen(setup)) == 0) { - alias_rtsp_out(pip, link, data, client_port_str); + alias_rtsp_out(la, pip, link, data, client_port_str); return; } } if (dlen >= strlen(pna)) { if (memcmp(data, pna, strlen(pna)) == 0) { - alias_pna_out(pip, link, data, dlen); + alias_pna_out(la, pip, link, data, dlen); } } @@ -424,7 +424,7 @@ AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize) if ((dlen - i) >= strlen(okstr)) { if (memcmp(&data[i], okstr, strlen(okstr)) == 0) - alias_rtsp_out(pip, link, data, server_port_str); + alias_rtsp_out(la, pip, link, data, server_port_str); } } diff --git a/lib/libalias/alias_util.c b/lib/libalias/alias_util.c index d6b40a2..1bba075 100644 --- a/lib/libalias/alias_util.c +++ b/lib/libalias/alias_util.c @@ -50,6 +50,7 @@ then these routines will give a result of zero (useful for testing purposes); */ +#include <stdio.h> #include <sys/types.h> #include <netinet/in_systm.h> #include <netinet/in.h> @@ -60,7 +61,7 @@ purposes); #include "alias_local.h" u_short -PacketAliasInternetChecksum(u_short *ptr, int nbytes) +LibAliasInternetChecksum(struct libalias *la, u_short *ptr, int nbytes) { int sum, oddbyte; diff --git a/lib/libalias/libalias.3 b/lib/libalias/libalias.3 index e5ef09e..fc58e9a 100644 --- a/lib/libalias/libalias.3 +++ b/lib/libalias/libalias.3 @@ -67,24 +67,26 @@ of the kernel, without any access to private kernel data structure, but the source code can also be ported to a kernel environment. .Sh INITIALIZATION AND CONTROL One special function, -.Fn PacketAliasInit , -must always be called before any packet handling may be performed. +.Fn LibAliasInit , +must always be called before any packet handling may be performed and +the returned instance pointer passed to all the other functions. Normally, the -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress function is called afterwards, to set the default aliasing address. In addition, the operating mode of the packet aliasing engine can be customized by calling -.Fn PacketAliasSetMode . +.Fn LibAliasSetMode . .Pp -.Ft void -.Fn PacketAliasInit void +.Ft "struct libalias *" +.Fn LibAliasInit "struct libalias *" .Bd -ragged -offset indent -This function has no arguments or return value and is used to initialize +This function is used to initialize internal data structures. +When called first time a NULL pointer should be passed as argument. The following mode bits are always set after calling -.Fn PacketAliasInit . +.Fn LibAliasInit . See the description of -.Fn PacketAliasSetMode +.Fn LibAliasSetMode below for the meaning of these mode bits. .Pp .Bl -item -offset indent -compact @@ -99,19 +101,19 @@ below for the meaning of these mode bits. This function will always return the packet aliasing engine to the same initial state. The -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress function is normally called afterwards, and any desired changes from the default mode bits listed above require a call to -.Fn PacketAliasSetMode . +.Fn LibAliasSetMode . .Pp It is mandatory that this function be called at the beginning of a program prior to any packet handling. .Ed .Pp .Ft void -.Fn PacketAliasUninit void +.Fn LibAliasUninit "struct libalias *" .Bd -ragged -offset indent -This function has no arguments or return value and is used to clear any +This function has no return value and is used to clear any resources attached to internal data structures. .Pp This functions should be called when a program stops using the aliasing @@ -120,18 +122,17 @@ To provide backwards compatibility and extra security, it is added to the .Xr atexit 3 chain by -.Fn PacketAliasInit . -Calling it multiple times is harmless. +.Fn LibAliasInit . .Ed .Pp .Ft void -.Fn PacketAliasSetAddress "struct in_addr addr" +.Fn LibAliasSetAddress "struct libalias *" "struct in_addr addr" .Bd -ragged -offset indent This function sets the source address to which outgoing packets from the local area network are aliased. All outgoing packets are re-mapped to this address unless overridden by a static address mapping established by -.Fn PacketAliasRedirectAddr . +.Fn LibAliasRedirectAddr . If this function is not called, and no static rules match, an outgoing packet retains its source address. .Pp @@ -153,7 +154,7 @@ It is mandatory that this function be called prior to any packet handling. .Ed .Pp .Ft unsigned int -.Fn PacketAliasSetMode "unsigned int flags" "unsigned int mask" +.Fn LibAliasSetMode "struct libalias *" "unsigned int flags" "unsigned int mask" .Bd -ragged -offset indent This function sets or clears mode bits according to the value of @@ -174,7 +175,7 @@ Mainly useful for debugging when the log file is viewed continuously with .It Dv PKT_ALIAS_DENY_INCOMING If this mode bit is set, all incoming packets associated with new TCP connections or new UDP transactions will be marked for being ignored -.Fn ( PacketAliasIn +.Fn ( LibAliasIn returns .Dv PKT_ALIAS_IGNORED code) @@ -214,7 +215,7 @@ The registered subnet is fully accessible to the outside world, so traffic from it does not need to be passed through the packet aliasing engine. .It Dv PKT_ALIAS_RESET_ON_ADDR_CHANGE When this mode bit is set and -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is called to change the aliasing address, the internal link table of the packet aliasing engine will be cleared. This operating mode is useful for @@ -238,7 +239,7 @@ To cater to unexpected death of a program using changing the state of the flag will clear the entire firewall range allocated for holes. This will also happen on the initial call to -.Fn PacketAliasSetFWBase . +.Fn LibAliasSetFWBase . This call must happen prior to setting this flag. .It Dv PKT_ALIAS_REVERSE This option makes @@ -252,13 +253,13 @@ This option tells to obey transparent proxy rules only. Normal packet aliasing is not performed. See -.Fn PacketAliasProxyRule +.Fn LibAliasProxyRule below for details. .El .Ed .Pp .Ft void -.Fn PacketAliasSetFWBase "unsigned int base" "unsigned int num" +.Fn LibAliasSetFWBase "struct libalias *" "unsigned int base" "unsigned int num" .Bd -ragged -offset indent Set firewall range allocated for punching firewall holes (with the .Dv PKT_ALIAS_PUNCH_FW @@ -267,7 +268,7 @@ The range will be cleared for all rules on initialization. .Ed .Pp .Ft void -.Fn PacketAliasSkinnyPort "unsigned int port" +.Fn LibAliasSkinnyPort "struct libalias *" "unsigned int port" .Bd -ragged -offset indent Set the TCP port used by the Skinny Station protocol. Skinny is used by Cisco IP phones to communicate with @@ -282,18 +283,18 @@ The calling program is responsible for receiving and sending packets via network interfaces. .Pp Along with -.Fn PacketAliasInit +.Fn LibAliasInit and -.Fn PacketAliasSetAddress , +.Fn LibAliasSetAddress , the two packet handling functions, -.Fn PacketAliasIn +.Fn LibAliasIn and -.Fn PacketAliasOut , +.Fn LibAliasOut , comprise minimal set of functions needed for a basic IP masquerading implementation. .Pp .Ft int -.Fn PacketAliasIn "char *buffer" "int maxpacketsize" +.Fn LibAliasIn "struct libalias *" "char *buffer" "int maxpacketsize" .Bd -ragged -offset indent An incoming packet coming from a remote machine to the local network is de-aliased by this function. @@ -315,26 +316,26 @@ type is not handled or if incoming packets for new connections are being ignored (if .Dv PKT_ALIAS_DENY_INCOMING mode bit was set by -.Fn PacketAliasSetMode ) . +.Fn LibAliasSetMode ) . .It Dv PKT_ALIAS_UNRESOLVED_FRAGMENT This is returned when a fragment cannot be resolved because the header fragment has not been sent yet. In this situation, fragments must be saved with -.Fn PacketAliasSaveFragment +.Fn LibAliasSaveFragment until a header fragment is found. .It Dv PKT_ALIAS_FOUND_HEADER_FRAGMENT The packet aliasing process was successful, and a header fragment was found. This is a signal to retrieve any unresolved fragments with -.Fn PacketAliasGetFragment +.Fn LibAliasGetFragment and de-alias them with -.Fn PacketAliasFragmentIn . +.Fn LibAliasFragmentIn . .It Dv PKT_ALIAS_ERROR An internal error within the packet aliasing engine occurred. .El .Ed .Pp .Ft int -.Fn PacketAliasOut "char *buffer" "int maxpacketsize" +.Fn LibAliasOut "struct libalias *" "char *buffer" "int maxpacketsize" .Bd -ragged -offset indent An outgoing packet coming from the local network to a remote machine is aliased by this function. @@ -369,7 +370,8 @@ Individual ports can be re-mapped or static network address translations can be designated. .Pp .Ft struct alias_link * -.Fo PacketAliasRedirectPort +.Fo LibAliasRedirectPort +.Fa "struct libalias *" .Fa "struct in_addr local_addr" .Fa "u_short local_port" .Fa "struct in_addr remote_addr" @@ -396,12 +398,12 @@ or .Fa alias_addr is zero, this indicates that the packet aliasing address as established by -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is to be used. Even if -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is called to change the address after -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort is called, a zero reference will track this change. .Pp If the link is further set up to operate for a load sharing, then @@ -409,7 +411,7 @@ If the link is further set up to operate for a load sharing, then and .Fa local_port are ignored, and are selected dynamically from the server pool, as described in -.Fn PacketAliasAddServer +.Fn LibAliasAddServer below. .Pp If @@ -422,12 +424,12 @@ port number. Almost always, the remote port specification will be zero, but non-zero remote addresses can sometimes be useful for firewalling. If two calls to -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort overlap in their address/port specifications, then the most recent call will have precedence. .Pp This function returns a pointer which can subsequently be used by -.Fn PacketAliasRedirectDelete . +.Fn LibAliasRedirectDelete . If .Dv NULL is returned, then the function call did not complete successfully. @@ -443,7 +445,8 @@ data type. .Ed .Pp .Ft struct alias_link * -.Fo PacketAliasRedirectAddr +.Fo LibAliasRedirectAddr +.Fa "struct libalias *" .Fa "struct in_addr local_addr" .Fa "struct in_addr alias_addr" .Fc @@ -462,22 +465,22 @@ If or .Fa alias_addr is zero, this indicates that the packet aliasing address as established by -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is to be used. Even if -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is called to change the address after -.Fn PacketAliasRedirectAddr +.Fn LibAliasRedirectAddr is called, a zero reference will track this change. .Pp If the link is further set up to operate for a load sharing, then .Fa local_addr is ignored, and is selected dynamically from the server pool, as described in -.Fn PacketAliasAddServer +.Fn LibAliasAddServer below. .Pp If subsequent calls to -.Fn PacketAliasRedirectAddr +.Fn LibAliasRedirectAddr use the same aliasing address, all new incoming traffic to this aliasing address will be redirected to the local address made in the last function call. @@ -485,11 +488,11 @@ New traffic generated by any of the local machines, designated in the several function calls, will be aliased to the same address. Consider the following example: .Bd -literal -offset indent -PacketAliasRedirectAddr(inet_aton("192.168.0.2"), +LibAliasRedirectAddr(inet_aton("192.168.0.2"), inet_aton("141.221.254.101")); -PacketAliasRedirectAddr(inet_aton("192.168.0.3"), +LibAliasRedirectAddr(inet_aton("192.168.0.3"), inet_aton("141.221.254.101")); -PacketAliasRedirectAddr(inet_aton("192.168.0.4"), +LibAliasRedirectAddr(inet_aton("192.168.0.4"), inet_aton("141.221.254.101")); .Ed .Pp @@ -502,19 +505,20 @@ from 192.168.0.2, 192.168.0.3 and 192.168.0.4 will appear to come from Any incoming connections to 141.221.254.101 will be directed to 192.168.0.4. .Pp Any calls to -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort will have precedence over address mappings designated by -.Fn PacketAliasRedirectAddr . +.Fn LibAliasRedirectAddr . .Pp This function returns a pointer which can subsequently be used by -.Fn PacketAliasRedirectDelete . +.Fn LibAliasRedirectDelete . If .Dv NULL is returned, then the function call did not complete successfully. .Ed .Pp .Ft int -.Fo PacketAliasAddServer +.Fo LibAliasAddServer +.Fa "struct libalias *" .Fa "struct alias_link *link" .Fa "struct in_addr addr" .Fa "u_short port" @@ -541,17 +545,17 @@ the host. First, the .Fa link is created by either -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort or -.Fn PacketAliasRedirectAddr . +.Fn LibAliasRedirectAddr . Then, -.Fn PacketAliasAddServer +.Fn LibAliasAddServer is called multiple times to add entries to the .Fa link Ns 's server pool. .Pp For links created with -.Fn PacketAliasRedirectAddr , +.Fn LibAliasRedirectAddr , the .Fa port argument is ignored and could have any value, e.g. htons(~0). @@ -560,10 +564,10 @@ This function returns 0 on success, \-1 otherwise. .Ed .Pp .Ft int -.Fn PacketAliasRedirectDynamic "struct alias_link *link" +.Fn LibAliasRedirectDynamic "struct libalias *" "struct alias_link *link" .Bd -ragged -offset indent This function marks the specified static redirect rule entered by -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort as dynamic. This can be used to e.g. dynamically redirect a single TCP connection, after which the rule is removed. @@ -579,23 +583,23 @@ This function returns 0 on success, \-1 otherwise. .Ed .Pp .Ft void -.Fn PacketAliasRedirectDelete "struct alias_link *link" +.Fn LibAliasRedirectDelete "struct libalias *" "struct alias_link *link" .Bd -ragged -offset indent This function will delete a specific static redirect rule entered by -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort or -.Fn PacketAliasRedirectAddr . +.Fn LibAliasRedirectAddr . The parameter .Fa link is the pointer returned by either of the redirection functions. If an invalid pointer is passed to -.Fn PacketAliasRedirectDelete , +.Fn LibAliasRedirectDelete , then a program crash or unpredictable operation could result, so it is necessary to be careful using this function. .Ed .Pp .Ft int -.Fn PacketAliasProxyRule "const char *cmd" +.Fn LibAliasProxyRule "struct libalias *" "const char *cmd" .Bd -ragged -offset indent The passed .Fa cmd @@ -640,14 +644,14 @@ specification is mandatory unless the command is being used. .It Cm rule Ar index Normally, each call to -.Fn PacketAliasProxyRule +.Fn LibAliasProxyRule inserts the next rule at the start of a linear list of rules. If an .Ar index is specified, the new rule will be checked after all rules with lower indices. Calls to -.Fn PacketAliasProxyRule +.Fn LibAliasProxyRule that do not specify a rule are assigned rule 0. .It Cm delete Ar index This token and its argument MUST NOT be used with any other tokens. @@ -688,7 +692,8 @@ access, or to restrict access to certain external machines. .Ed .Pp .Ft struct alias_link * -.Fo PacketAliasRedirectProto +.Fo LibAliasRedirectProto +.Fa "struct libalias *" .Fa "struct in_addr local_addr" .Fa "struct in_addr remote_addr" .Fa "struct in_addr alias_addr" @@ -706,12 +711,12 @@ or .Fa alias_addr is zero, this indicates that the packet aliasing address as established by -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is to be used. Even if -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is called to change the address after -.Fn PacketAliasRedirectProto +.Fn LibAliasRedirectProto is called, a zero reference will track this change. .Pp If @@ -720,12 +725,12 @@ is zero, this indicates to redirect packets from any remote address. Non-zero remote addresses can sometimes be useful for firewalling. .Pp If two calls to -.Fn PacketAliasRedirectProto +.Fn LibAliasRedirectProto overlap in their address specifications, then the most recent call will have precedence. .Pp This function returns a pointer which can subsequently be used by -.Fn PacketAliasRedirectDelete . +.Fn LibAliasRedirectDelete . If .Dv NULL is returned, then the function call did not complete successfully. @@ -734,11 +739,11 @@ is returned, then the function call did not complete successfully. The functions in this section are used to deal with incoming fragments. .Pp Outgoing fragments are handled within -.Fn PacketAliasOut +.Fn LibAliasOut by changing the address according to any applicable mapping set by -.Fn PacketAliasRedirectAddr , +.Fn LibAliasRedirectAddr , or the default aliasing address set by -.Fn PacketAliasSetAddress . +.Fn LibAliasSetAddress . .Pp Incoming fragments are handled in one of two ways. If the header of a fragmented IP packet has already been seen, then all @@ -748,10 +753,10 @@ Fragments which arrive before the header are saved and then retrieved once the header fragment has been resolved. .Pp .Ft int -.Fn PacketAliasSaveFragment "char *ptr" +.Fn LibAliasSaveFragment "struct libalias *" "char *ptr" .Bd -ragged -offset indent When -.Fn PacketAliasIn +.Fn LibAliasIn returns .Dv PKT_ALIAS_UNRESOLVED_FRAGMENT , this function can be used to save the pointer to the unresolved fragment. @@ -773,33 +778,33 @@ if there was an error. .Ed .Pp .Ft char * -.Fn PacketAliasGetFragment "char *buffer" +.Fn LibAliasGetFragment "struct libalias *" "char *buffer" .Bd -ragged -offset indent This function can be used to retrieve fragment pointers saved by -.Fn PacketAliasSaveFragment . +.Fn LibAliasSaveFragment . The IP header fragment pointed to by .Fa buffer is the header fragment indicated when -.Fn PacketAliasIn +.Fn LibAliasIn returns .Dv PKT_ALIAS_FOUND_HEADER_FRAGMENT . Once a fragment pointer is retrieved, it becomes the calling program's responsibility to free the dynamically allocated memory for the fragment. .Pp The -.Fn PacketAliasGetFragment +.Fn LibAliasGetFragment function can be called sequentially until there are no more fragments available, at which time it returns .Dv NULL . .Ed .Pp .Ft void -.Fn PacketAliasFragmentIn "char *header" "char *fragment" +.Fn LibAliasFragmentIn "struct libalias *" "char *header" "char *fragment" .Bd -ragged -offset indent When a fragment is retrieved with -.Fn PacketAliasGetFragment , +.Fn LibAliasGetFragment , it can then be de-aliased with a call to -.Fn PacketAliasFragmentIn . +.Fn LibAliasFragmentIn . The .Fa header argument is the pointer to a header fragment used as a template, and @@ -808,17 +813,17 @@ is the pointer to the packet to be de-aliased. .Ed .Sh MISCELLANEOUS FUNCTIONS .Ft void -.Fn PacketAliasSetTarget "struct in_addr addr" +.Fn LibAliasSetTarget "struct libalias *" "struct in_addr addr" .Bd -ragged -offset indent When an incoming packet not associated with any pre-existing aliasing link arrives at the host machine, it will be sent to the address indicated by a call to -.Fn PacketAliasSetTarget . +.Fn LibAliasSetTarget . .Pp If this function is called with an .Dv INADDR_NONE address argument, then all new incoming packets go to the address set by -.Fn PacketAliasSetAddress . +.Fn LibAliasSetAddress . .Pp If this function is not called, or is called with an .Dv INADDR_ANY @@ -829,17 +834,17 @@ can route packets to the machine in question. .Ed .Pp .Ft int -.Fn PacketAliasCheckNewLink void +.Fn LibAliasCheckNewLink void .Bd -ragged -offset indent This function returns a non-zero value when a new aliasing link is created. In circumstances where incoming traffic is being sequentially sent to different local servers, this function can be used to trigger when -.Fn PacketAliasSetTarget +.Fn LibAliasSetTarget is called to change the default target address. .Ed .Pp .Ft u_short -.Fn PacketAliasInternetChecksum "u_short *buffer" "int nbytes" +.Fn LibAliasInternetChecksum "struct libalias *" "u_short *buffer" "int nbytes" .Bd -ragged -offset indent This is a utility function that does not seem to be available elsewhere and is included as a convenience. @@ -856,12 +861,12 @@ The 16-bit checksum field should be zeroed before computing the checksum. Checksums can also be verified by operating on a block of data including its checksum. If the checksum is valid, -.Fn PacketAliasInternetChecksum +.Fn LibAliasInternetChecksum will return zero. .Ed .Pp .Ft int -.Fn PacketUnaliasOut "char *buffer" "int maxpacketsize" +.Fn LibAliasUnaliasOut "struct libalias *" "char *buffer" "int maxpacketsize" .Bd -ragged -offset indent An outgoing packet, which has already been aliased, has its private address/port information restored by this function. diff --git a/sys/netinet/libalias/Makefile b/sys/netinet/libalias/Makefile index f262be1..87b3e9a 100644 --- a/sys/netinet/libalias/Makefile +++ b/sys/netinet/libalias/Makefile @@ -6,7 +6,7 @@ SHLIB_MAJOR= 4 MAN= libalias.3 SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \ alias_nbt.c alias_pptp.c alias_proxy.c alias_skinny.c alias_smedia.c \ - alias_util.c + alias_util.c alias_old.c INCS= alias.h .include <bsd.lib.mk> diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c index cf93a74..fab7045 100644 --- a/sys/netinet/libalias/alias.c +++ b/sys/netinet/libalias/alias.c @@ -247,26 +247,26 @@ the gateway machine or other machines on a local area network. /* Local prototypes */ -static int IcmpAliasIn1(struct ip *); -static int IcmpAliasIn2(struct ip *); -static int IcmpAliasIn (struct ip *); +static int IcmpAliasIn1(struct libalias *, struct ip *); +static int IcmpAliasIn2(struct libalias *, struct ip *); +static int IcmpAliasIn (struct libalias *, struct ip *); -static int IcmpAliasOut1(struct ip *); -static int IcmpAliasOut2(struct ip *); -static int IcmpAliasOut (struct ip *); +static int IcmpAliasOut1(struct libalias *, struct ip *); +static int IcmpAliasOut2(struct libalias *, struct ip *); +static int IcmpAliasOut (struct libalias *, struct ip *); -static int ProtoAliasIn(struct ip *); -static int ProtoAliasOut(struct ip *); +static int ProtoAliasIn(struct libalias *, struct ip *); +static int ProtoAliasOut(struct libalias *, struct ip *); -static int UdpAliasOut(struct ip *); -static int UdpAliasIn (struct ip *); +static int UdpAliasOut(struct libalias *, struct ip *); +static int UdpAliasIn (struct libalias *, struct ip *); -static int TcpAliasOut(struct ip *, int); -static int TcpAliasIn (struct ip *); +static int TcpAliasOut(struct libalias *, struct ip *, int); +static int TcpAliasIn (struct libalias *, struct ip *); static int -IcmpAliasIn1(struct ip *pip) +IcmpAliasIn1(struct libalias *la, struct ip *pip) { /* De-alias incoming echo and timestamp replies. @@ -278,7 +278,7 @@ IcmpAliasIn1(struct ip *pip) ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Get source address from ICMP data field and restore original data */ - link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); + link = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); if (link != NULL) { u_short original_id; @@ -312,7 +312,7 @@ IcmpAliasIn1(struct ip *pip) } static int -IcmpAliasIn2(struct ip *pip) +IcmpAliasIn2(struct libalias *la, struct ip *pip) { /* Alias incoming ICMP error messages containing @@ -332,16 +332,16 @@ IcmpAliasIn2(struct ip *pip) ic2 = (struct icmp *) ud; if (ip->ip_p == IPPROTO_UDP) - link = FindUdpTcpIn(ip->ip_dst, ip->ip_src, + link = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, ud->uh_dport, ud->uh_sport, IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) - link = FindUdpTcpIn(ip->ip_dst, ip->ip_src, + link = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, tc->th_dport, tc->th_sport, IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - link = FindIcmpIn(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); + link = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); else link = NULL; } else @@ -430,13 +430,13 @@ fragment contained in ICMP data section */ static int -IcmpAliasIn(struct ip *pip) +IcmpAliasIn(struct libalias *la, struct ip *pip) { int iresult; struct icmp *ic; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); @@ -448,18 +448,18 @@ IcmpAliasIn(struct ip *pip) case ICMP_TSTAMPREPLY: if (ic->icmp_code == 0) { - iresult = IcmpAliasIn1(pip); + iresult = IcmpAliasIn1(la, pip); } break; case ICMP_UNREACH: case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - iresult = IcmpAliasIn2(pip); + iresult = IcmpAliasIn2(la, pip); break; case ICMP_ECHO: case ICMP_TSTAMP: - iresult = IcmpAliasIn1(pip); + iresult = IcmpAliasIn1(la, pip); break; } return(iresult); @@ -467,7 +467,7 @@ IcmpAliasIn(struct ip *pip) static int -IcmpAliasOut1(struct ip *pip) +IcmpAliasOut1(struct libalias *la, struct ip *pip) { /* Alias outgoing echo and timestamp requests. @@ -479,7 +479,7 @@ IcmpAliasOut1(struct ip *pip) ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Save overwritten data for when echo packet returns */ - link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); + link = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); if (link != NULL) { u_short alias_id; @@ -514,7 +514,7 @@ IcmpAliasOut1(struct ip *pip) static int -IcmpAliasOut2(struct ip *pip) +IcmpAliasOut2(struct libalias *la, struct ip *pip) { /* Alias outgoing ICMP error messages containing @@ -534,16 +534,16 @@ IcmpAliasOut2(struct ip *pip) ic2 = (struct icmp *) ud; if (ip->ip_p == IPPROTO_UDP) - link = FindUdpTcpOut(ip->ip_dst, ip->ip_src, + link = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, ud->uh_dport, ud->uh_sport, IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) - link = FindUdpTcpOut(ip->ip_dst, ip->ip_src, + link = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, tc->th_dport, tc->th_sport, IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - link = FindIcmpOut(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); + link = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); else link = NULL; } else @@ -634,13 +634,13 @@ fragment contained in ICMP data section */ static int -IcmpAliasOut(struct ip *pip) +IcmpAliasOut(struct libalias *la, struct ip *pip) { int iresult; struct icmp *ic; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); @@ -652,18 +652,18 @@ IcmpAliasOut(struct ip *pip) case ICMP_TSTAMP: if (ic->icmp_code == 0) { - iresult = IcmpAliasOut1(pip); + iresult = IcmpAliasOut1(la, pip); } break; case ICMP_UNREACH: case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - iresult = IcmpAliasOut2(pip); + iresult = IcmpAliasOut2(la, pip); break; case ICMP_ECHOREPLY: case ICMP_TSTAMPREPLY: - iresult = IcmpAliasOut1(pip); + iresult = IcmpAliasOut1(la, pip); } return(iresult); } @@ -671,7 +671,7 @@ IcmpAliasOut(struct ip *pip) static int -ProtoAliasIn(struct ip *pip) +ProtoAliasIn(struct libalias *la, struct ip *pip) { /* Handle incoming IP packets. The @@ -682,10 +682,10 @@ ProtoAliasIn(struct ip *pip) struct alias_link *link; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; - link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p); + link = FindProtoIn(la, pip->ip_src, pip->ip_dst, pip->ip_p); if (link != NULL) { struct in_addr original_address; @@ -706,7 +706,7 @@ ProtoAliasIn(struct ip *pip) static int -ProtoAliasOut(struct ip *pip) +ProtoAliasOut(struct libalias *la, struct ip *pip) { /* Handle outgoing IP packets. The @@ -716,10 +716,10 @@ ProtoAliasOut(struct ip *pip) struct alias_link *link; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; - link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p); + link = FindProtoOut(la, pip->ip_src, pip->ip_dst, pip->ip_p); if (link != NULL) { struct in_addr alias_address; @@ -740,18 +740,18 @@ ProtoAliasOut(struct ip *pip) static int -UdpAliasIn(struct ip *pip) +UdpAliasIn(struct libalias *la, struct ip *pip) { struct udphdr *ud; struct alias_link *link; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2)); - link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, + link = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, IPPROTO_UDP, 1); if (link != NULL) @@ -770,14 +770,14 @@ UdpAliasIn(struct ip *pip) /* Special processing for IP encoding protocols */ if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER) - AliasHandleCUSeeMeIn(pip, original_address); + AliasHandleCUSeeMeIn(la, pip, original_address); /* If NETBIOS Datagram, It should be alias address in UDP Data, too */ else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER || ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER) - r = AliasHandleUdpNbt(pip, link, &original_address, ud->uh_dport); + r = AliasHandleUdpNbt(la, pip, link, &original_address, ud->uh_dport); else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER || ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER) - r = AliasHandleUdpNbtNS(pip, link, &alias_address, &alias_port, + r = AliasHandleUdpNbtNS(la, pip, link, &alias_address, &alias_port, &original_address, &ud->uh_dport); /* If UDP checksum is not zero, then adjust since destination port */ @@ -814,18 +814,18 @@ UdpAliasIn(struct ip *pip) } static int -UdpAliasOut(struct ip *pip) +UdpAliasOut(struct libalias *la, struct ip *pip) { struct udphdr *ud; struct alias_link *link; /* Return if proxy-only mode is enabled */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; ud = (struct udphdr *) ((char *) pip + (pip->ip_hl << 2)); - link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, + link = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, IPPROTO_UDP, 1); if (link != NULL) @@ -838,14 +838,14 @@ UdpAliasOut(struct ip *pip) /* Special processing for IP encoding protocols */ if (ntohs(ud->uh_dport) == CUSEEME_PORT_NUMBER) - AliasHandleCUSeeMeOut(pip, link); + AliasHandleCUSeeMeOut(la, pip, link); /* If NETBIOS Datagram, It should be alias address in UDP Data, too */ else if (ntohs(ud->uh_dport) == NETBIOS_DGM_PORT_NUMBER || ntohs(ud->uh_sport) == NETBIOS_DGM_PORT_NUMBER) - AliasHandleUdpNbt(pip, link, &alias_address, alias_port); + AliasHandleUdpNbt(la, pip, link, &alias_address, alias_port); else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER || ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER) - AliasHandleUdpNbtNS(pip, link, &pip->ip_src, &ud->uh_sport, + AliasHandleUdpNbtNS(la, pip, link, &pip->ip_src, &ud->uh_sport, &alias_address, &alias_port); /* * We don't know in advance what TID the TFTP server will choose, @@ -853,7 +853,7 @@ UdpAliasOut(struct ip *pip) * that will match any TID from a given destination. */ else if (ntohs(ud->uh_dport) == TFTP_PORT_NUMBER) - FindRtspOut(pip->ip_src, pip->ip_dst, + FindRtspOut(la, pip->ip_src, pip->ip_dst, ud->uh_sport, alias_port, IPPROTO_UDP); /* If UDP checksum is not zero, adjust since source port is */ @@ -892,17 +892,17 @@ UdpAliasOut(struct ip *pip) static int -TcpAliasIn(struct ip *pip) +TcpAliasIn(struct libalias *la, struct ip *pip) { struct tcphdr *tc; struct alias_link *link; tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); - link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, + link = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, - !(packetAliasMode & PKT_ALIAS_PROXY_ONLY)); + !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); if (link != NULL) { struct in_addr alias_address; @@ -916,10 +916,10 @@ TcpAliasIn(struct ip *pip) /* Special processing for IP encoding protocols */ if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) - AliasHandlePptpIn(pip, link); - else if (skinnyPort != 0 && (ntohs(tc->th_dport) == skinnyPort - || ntohs(tc->th_sport) == skinnyPort)) - AliasHandleSkinny(pip, link); + AliasHandlePptpIn(la, pip, link); + else if (la->skinnyPort != 0 && (ntohs(tc->th_dport) == la->skinnyPort + || ntohs(tc->th_sport) == la->skinnyPort)) + AliasHandleSkinny(la, pip, link); alias_address = GetAliasAddress(link); original_address = GetOriginalAddress(link); @@ -1008,7 +1008,7 @@ TcpAliasIn(struct ip *pip) } static int -TcpAliasOut(struct ip *pip, int maxpacketsize) +TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize) { int proxy_type; u_short dest_port; @@ -1020,9 +1020,9 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); - proxy_type = ProxyCheck(pip, &proxy_server_address, &proxy_server_port); + proxy_type = ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port); - if (proxy_type == 0 && (packetAliasMode & PKT_ALIAS_PROXY_ONLY)) + if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)) return PKT_ALIAS_OK; /* If this is a transparent proxy, save original destination, @@ -1058,7 +1058,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) ADJUST_CHECKSUM(accumulate, pip->ip_sum); } - link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, + link = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, 1); if (link !=NULL) @@ -1075,7 +1075,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) { SetProxyPort(link, dest_port); SetProxyAddress(link, dest_address); - ProxyModify(link, pip, maxpacketsize, proxy_type); + ProxyModify(la, link, pip, maxpacketsize, proxy_type); tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); } @@ -1089,21 +1089,21 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) /* Special processing for IP encoding protocols */ if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER) - AliasHandleFtpOut(pip, link, maxpacketsize); + AliasHandleFtpOut(la, pip, link, maxpacketsize); else if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1 || ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2) - AliasHandleIrcOut(pip, link, maxpacketsize); + AliasHandleIrcOut(la, pip, link, maxpacketsize); else if (ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_1 || ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_1 || ntohs(tc->th_dport) == RTSP_CONTROL_PORT_NUMBER_2 || ntohs(tc->th_sport) == RTSP_CONTROL_PORT_NUMBER_2) - AliasHandleRtspOut(pip, link, maxpacketsize); + AliasHandleRtspOut(la, pip, link, maxpacketsize); else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER) - AliasHandlePptpOut(pip, link); - else if (skinnyPort != 0 && (ntohs(tc->th_sport) == skinnyPort - || ntohs(tc->th_dport) == skinnyPort)) - AliasHandleSkinny(pip, link); + AliasHandlePptpOut(la, pip, link); + else if (la->skinnyPort != 0 && (ntohs(tc->th_sport) == la->skinnyPort + || ntohs(tc->th_dport) == la->skinnyPort)) + AliasHandleSkinny(la, pip, link); /* Adjust TCP checksum since source port is being aliased */ /* and source address is being altered */ @@ -1171,16 +1171,16 @@ saved and recalled when a header fragment is seen. */ /* Local prototypes */ -static int FragmentIn(struct ip *); -static int FragmentOut(struct ip *); +static int FragmentIn(struct libalias *, struct ip *); +static int FragmentOut(struct libalias *, struct ip *); static int -FragmentIn(struct ip *pip) +FragmentIn(struct libalias *la, struct ip *pip) { struct alias_link *link; - link = FindFragmentIn2(pip->ip_src, pip->ip_dst, pip->ip_id); + link = FindFragmentIn2(la, pip->ip_src, pip->ip_dst, pip->ip_id); if (link != NULL) { struct in_addr original_address; @@ -1199,11 +1199,11 @@ FragmentIn(struct ip *pip) static int -FragmentOut(struct ip *pip) +FragmentOut(struct libalias *la, struct ip *pip) { struct in_addr alias_address; - alias_address = FindAliasAddress(pip->ip_src); + alias_address = FindAliasAddress(la, pip->ip_src); DifferentialChecksum(&pip->ip_sum, (u_short *) &alias_address, (u_short *) &pip->ip_src, @@ -1232,14 +1232,14 @@ FragmentOut(struct ip *pip) int -PacketAliasSaveFragment(char *ptr) +LibAliasSaveFragment(struct libalias *la, char *ptr) { int iresult; struct alias_link *link; struct ip *pip; pip = (struct ip *) ptr; - link = AddFragmentPtrLink(pip->ip_src, pip->ip_id); + link = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id); iresult = PKT_ALIAS_ERROR; if (link != NULL) { @@ -1251,14 +1251,14 @@ PacketAliasSaveFragment(char *ptr) char * -PacketAliasGetFragment(char *ptr) +LibAliasGetFragment(struct libalias *la, char *ptr) { struct alias_link *link; char *fptr; struct ip *pip; pip = (struct ip *) ptr; - link = FindFragmentPtr(pip->ip_src, pip->ip_id); + link = FindFragmentPtr(la, pip->ip_src, pip->ip_id); if (link != NULL) { GetFragmentPtr(link, &fptr); @@ -1275,7 +1275,7 @@ PacketAliasGetFragment(char *ptr) void -PacketAliasFragmentIn(char *ptr, /* Points to correctly de-aliased +LibAliasFragmentIn(struct libalias *la, char *ptr, /* Points to correctly de-aliased header fragment */ char *ptr_fragment /* Points to fragment which must be de-aliased */ @@ -1296,21 +1296,21 @@ PacketAliasFragmentIn(char *ptr, /* Points to correctly de-aliased int -PacketAliasIn(char *ptr, int maxpacketsize) +LibAliasIn(struct libalias *la, char *ptr, int maxpacketsize) { struct in_addr alias_addr; struct ip *pip; int iresult; - if (packetAliasMode & PKT_ALIAS_REVERSE) { - packetAliasMode &= ~PKT_ALIAS_REVERSE; + if (la->packetAliasMode & PKT_ALIAS_REVERSE) { + la->packetAliasMode &= ~PKT_ALIAS_REVERSE; iresult = PacketAliasOut(ptr, maxpacketsize); - packetAliasMode |= PKT_ALIAS_REVERSE; + la->packetAliasMode |= PKT_ALIAS_REVERSE; return iresult; } - HouseKeeping(); - ClearCheckNewLink(); + HouseKeeping(la); + ClearCheckNewLink(la); pip = (struct ip *) ptr; alias_addr = pip->ip_dst; @@ -1325,23 +1325,23 @@ PacketAliasIn(char *ptr, int maxpacketsize) switch (pip->ip_p) { case IPPROTO_ICMP: - iresult = IcmpAliasIn(pip); + iresult = IcmpAliasIn(la, pip); break; case IPPROTO_UDP: - iresult = UdpAliasIn(pip); + iresult = UdpAliasIn(la, pip); break; case IPPROTO_TCP: - iresult = TcpAliasIn(pip); + iresult = TcpAliasIn(la, pip); break; case IPPROTO_GRE: - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY || - AliasHandlePptpGreIn(pip) == 0) + if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY || + AliasHandlePptpGreIn(la, pip) == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasIn(pip); + iresult = ProtoAliasIn(la, pip); break; default: - iresult = ProtoAliasIn(pip); + iresult = ProtoAliasIn(la, pip); break; } @@ -1349,7 +1349,7 @@ PacketAliasIn(char *ptr, int maxpacketsize) { struct alias_link *link; - link = FindFragmentIn1(pip->ip_src, alias_addr, pip->ip_id); + link = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id); if (link != NULL) { iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT; @@ -1363,7 +1363,7 @@ PacketAliasIn(char *ptr, int maxpacketsize) } else { - iresult = FragmentIn(pip); + iresult = FragmentIn(la, pip); } return(iresult); @@ -1386,7 +1386,7 @@ PacketAliasIn(char *ptr, int maxpacketsize) #define UNREG_ADDR_C_UPPER 0xc0a8ffff int -PacketAliasOut(char *ptr, /* valid IP packet */ +LibAliasOut(struct libalias *la, char *ptr, /* valid IP packet */ int maxpacketsize /* How much the packet data may grow (FTP and IRC inline changes) */ ) @@ -1395,15 +1395,15 @@ PacketAliasOut(char *ptr, /* valid IP packet */ struct in_addr addr_save; struct ip *pip; - if (packetAliasMode & PKT_ALIAS_REVERSE) { - packetAliasMode &= ~PKT_ALIAS_REVERSE; + if (la->packetAliasMode & PKT_ALIAS_REVERSE) { + la->packetAliasMode &= ~PKT_ALIAS_REVERSE; iresult = PacketAliasIn(ptr, maxpacketsize); - packetAliasMode |= PKT_ALIAS_REVERSE; + la->packetAliasMode |= PKT_ALIAS_REVERSE; return iresult; } - HouseKeeping(); - ClearCheckNewLink(); + HouseKeeping(la); + ClearCheckNewLink(la); pip = (struct ip *) ptr; /* Defense against mangled packets */ @@ -1411,8 +1411,8 @@ PacketAliasOut(char *ptr, /* valid IP packet */ || (pip->ip_hl<<2) > maxpacketsize) return PKT_ALIAS_IGNORED; - addr_save = GetDefaultAliasAddress(); - if (packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY) + addr_save = GetDefaultAliasAddress(la); + if (la->packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY) { u_long addr; int iclass; @@ -1428,12 +1428,12 @@ PacketAliasOut(char *ptr, /* valid IP packet */ if (iclass == 0) { - SetDefaultAliasAddress(pip->ip_src); + SetDefaultAliasAddress(la, pip->ip_src); } } - else if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) + else if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) { - SetDefaultAliasAddress(pip->ip_src); + SetDefaultAliasAddress(la, pip->ip_src); } iresult = PKT_ALIAS_IGNORED; @@ -1442,36 +1442,36 @@ PacketAliasOut(char *ptr, /* valid IP packet */ switch (pip->ip_p) { case IPPROTO_ICMP: - iresult = IcmpAliasOut(pip); + iresult = IcmpAliasOut(la, pip); break; case IPPROTO_UDP: - iresult = UdpAliasOut(pip); + iresult = UdpAliasOut(la, pip); break; case IPPROTO_TCP: - iresult = TcpAliasOut(pip, maxpacketsize); + iresult = TcpAliasOut(la, pip, maxpacketsize); break; case IPPROTO_GRE: - if (AliasHandlePptpGreOut(pip) == 0) + if (AliasHandlePptpGreOut(la, pip) == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasOut(pip); + iresult = ProtoAliasOut(la, pip); break; default: - iresult = ProtoAliasOut(pip); + iresult = ProtoAliasOut(la, pip); break; } } else { - iresult = FragmentOut(pip); + iresult = FragmentOut(la, pip); } - SetDefaultAliasAddress(addr_save); + SetDefaultAliasAddress(la, addr_save); return(iresult); } int -PacketUnaliasOut(char *ptr, /* valid IP packet */ +LibAliasUnaliasOut(struct libalias *la, char *ptr, /* valid IP packet */ int maxpacketsize /* for error checking */ ) { @@ -1495,15 +1495,15 @@ PacketUnaliasOut(char *ptr, /* valid IP packet */ /* Find a link */ if (pip->ip_p == IPPROTO_UDP) - link = FindUdpTcpIn(pip->ip_dst, pip->ip_src, + link = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, ud->uh_dport, ud->uh_sport, IPPROTO_UDP, 0); else if (pip->ip_p == IPPROTO_TCP) - link = FindUdpTcpIn(pip->ip_dst, pip->ip_src, + link = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, tc->th_dport, tc->th_sport, IPPROTO_TCP, 0); else if (pip->ip_p == IPPROTO_ICMP) - link = FindIcmpIn(pip->ip_dst, pip->ip_src, ic->icmp_id, 0); + link = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0); else link = NULL; diff --git a/sys/netinet/libalias/alias.h b/sys/netinet/libalias/alias.h index b0c75c9..d714126 100644 --- a/sys/netinet/libalias/alias.h +++ b/sys/netinet/libalias/alias.h @@ -39,7 +39,37 @@ #ifndef _ALIAS_H_ #define _ALIAS_H_ -/* The external interface to libalias, the packet aliasing engine. */ +/* + * The external interface to libalias, the packet aliasing engine. + * + * There are two sets of functions: + * + * PacketAlias*() the old API which doesn't take an instance pointer + * and therefore can only have one packet engine at a time. + * + * LibAlias*() the new API which takes as first argument a pointer to + * the instance of the packet aliasing engine. + * + * The functions otherwise correspond to each other one for one, except + * for the LibAliasUnaliasOut()/PacketUnaliasOut() function which were + * were misnamed in the old API. + */ + +/* + * The instance structure + */ +struct libalias; + +/* + * An anonymous structure, a pointer to which is returned from + * PacketAliasRedirectAddr(), PacketAliasRedirectPort() or + * PacketAliasRedirectProto(), passed to PacketAliasAddServer(), + * and freed by PacketAliasRedirectDelete(). + */ +struct alias_link; + + +/* OLD API */ /* Initialization and control functions. */ void PacketAliasInit(void); @@ -57,13 +87,6 @@ int PacketUnaliasOut(char *_ptr, int _maxpacketsize); /* Port and address redirection functions. */ -/* - * An anonymous structure, a pointer to which is returned from - * PacketAliasRedirectAddr(), PacketAliasRedirectPort() or - * PacketAliasRedirectProto(), passed to PacketAliasAddServer(), - * and freed by PacketAliasRedirectDelete(). - */ -struct alias_link; int PacketAliasAddServer(struct alias_link *_link, struct in_addr _addr, unsigned short _port); @@ -96,6 +119,61 @@ void PacketAliasSetTarget(struct in_addr _target_addr); /* Transparent proxying routines. */ int PacketAliasProxyRule(const char *_cmd); +/* NEW API */ + +/* Initialization and control functions. */ +struct libalias *LibAliasInit(struct libalias *); +void LibAliasSetAddress(struct libalias *, struct in_addr _addr); +void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num); +void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port); +unsigned int + LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask); +void LibAliasUninit(struct libalias *); + +/* Packet Handling functions. */ +int LibAliasIn(struct libalias *, char *_ptr, int _maxpacketsize); +int LibAliasOut(struct libalias *, char *_ptr, int _maxpacketsize); +int LibAliasUnaliasOut(struct libalias *, char *_ptr, int _maxpacketsize); + +/* Port and address redirection functions. */ + +int LibAliasAddServer(struct libalias *, struct alias_link *_link, + struct in_addr _addr, unsigned short _port); +struct alias_link * + LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr, + struct in_addr _alias_addr); +int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_link); +void LibAliasRedirectDelete(struct libalias *, struct alias_link *_link); +struct alias_link * + LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr, + unsigned short _src_port, struct in_addr _dst_addr, + unsigned short _dst_port, struct in_addr _alias_addr, + unsigned short _alias_port, unsigned char _proto); +struct alias_link * + LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr, + struct in_addr _dst_addr, struct in_addr _alias_addr, + unsigned char _proto); + +/* Fragment Handling functions. */ +void LibAliasFragmentIn(struct libalias *, char *_ptr, char *_ptr_fragment); +char *LibAliasGetFragment(struct libalias *, char *_ptr); +int LibAliasSaveFragment(struct libalias *, char *_ptr); + +/* Miscellaneous functions. */ +int LibAliasCheckNewLink(struct libalias *); +unsigned short + LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes); +void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr); + +/* Transparent proxying routines. */ +int LibAliasProxyRule(struct libalias *, const char *_cmd); + + +/* + * Mode flags and other constants. + */ + + /* Mode flags, set using PacketAliasSetMode() */ /* diff --git a/sys/netinet/libalias/alias_cuseeme.c b/sys/netinet/libalias/alias_cuseeme.c index 27d1c65d..455973f 100644 --- a/sys/netinet/libalias/alias_cuseeme.c +++ b/sys/netinet/libalias/alias_cuseeme.c @@ -29,6 +29,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include <stdio.h> #include <sys/types.h> #include <netinet/in_systm.h> #include <netinet/in.h> @@ -66,7 +67,7 @@ struct client_info { }; void -AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link) +AliasHandleCUSeeMeOut(struct libalias *la, struct ip *pip, struct alias_link *link) { struct udphdr *ud; @@ -79,7 +80,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link) if (cu->addr) cu->addr = (u_int32_t)GetAliasAddress(link).s_addr; - cu_link = FindUdpTcpOut(pip->ip_src, GetDestAddress(link), + cu_link = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(link), ud->uh_dport, 0, IPPROTO_UDP, 1); #ifndef NO_FW_PUNCH @@ -90,7 +91,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link) } void -AliasHandleCUSeeMeIn(struct ip *pip, struct in_addr original_addr) +AliasHandleCUSeeMeIn(struct libalias *la, struct ip *pip, struct in_addr original_addr) { struct in_addr alias_addr; struct udphdr *ud; diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index e53e94d..92f8814 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -167,16 +167,14 @@ __FBSDID("$FreeBSD$"); #include "alias_local.h" +static LIST_HEAD(, libalias) instancehead = LIST_HEAD_INITIALIZER(instancehead); + /* Constants (note: constants are also defined near relevant functions or structs) */ -/* Sizes of input and output link tables */ -#define LINK_TABLE_OUT_SIZE 101 -#define LINK_TABLE_IN_SIZE 4001 - /* Parameters used for cleanup of expired links */ #define ALIAS_CLEANUP_INTERVAL_SECS 60 #define ALIAS_CLEANUP_MAX_SPOKES 30 @@ -283,6 +281,7 @@ struct server /* LSNAT server pool (circular list) */ struct alias_link /* Main data structure */ { + struct libalias *la; struct in_addr src_addr; /* Address and port information */ struct in_addr dst_addr; struct in_addr alias_addr; @@ -330,83 +329,6 @@ struct alias_link /* Main data structure */ } data; }; - - - - -/* Global Variables - - The global variables listed here are only accessed from - within alias_db.c and so are prefixed with the static - designation. -*/ - -int packetAliasMode; /* Mode flags */ - /* - documented in alias.h */ - -static struct in_addr aliasAddress; /* Address written onto source */ - /* field of IP packet. */ - -static struct in_addr targetAddress; /* IP address incoming packets */ - /* are sent to if no aliasing */ - /* link already exists */ - -static struct in_addr nullAddress; /* Used as a dummy parameter for */ - /* some function calls */ -static LIST_HEAD(, alias_link) -linkTableOut[LINK_TABLE_OUT_SIZE]; /* Lookup table of pointers to */ - /* chains of link records. Each */ -static LIST_HEAD(, alias_link) /* link record is doubly indexed */ -linkTableIn[LINK_TABLE_IN_SIZE]; /* into input and output lookup */ - /* tables. */ - -static int icmpLinkCount; /* Link statistics */ -static int udpLinkCount; -static int tcpLinkCount; -static int pptpLinkCount; -static int protoLinkCount; -static int fragmentIdLinkCount; -static int fragmentPtrLinkCount; -static int sockCount; - -static int cleanupIndex; /* Index to chain of link table */ - /* being inspected for old links */ - -static int timeStamp; /* System time in seconds for */ - /* current packet */ - -static int lastCleanupTime; /* Last time IncrementalCleanup() */ - /* was called */ - -static int houseKeepingResidual; /* used by HouseKeeping() */ - -static int deleteAllLinks; /* If equal to zero, DeleteLink() */ - /* will not remove permanent links */ - -static FILE *monitorFile; /* File descriptor for link */ - /* statistics monitoring file */ - -static int newDefaultLink; /* Indicates if a new aliasing */ - /* link has been created after a */ - /* call to PacketAliasIn/Out(). */ - -#ifndef NO_FW_PUNCH -static int fireWallFD = -1; /* File descriptor to be able to */ - /* control firewall. Opened by */ - /* PacketAliasSetMode on first */ - /* setting the PKT_ALIAS_PUNCH_FW */ - /* flag. */ -#endif - -unsigned int skinnyPort = 0; /* TCP port used by the Skinny */ - /* protocol. */ - - - - - - - /* Internal utility routines (used only in alias_db.c) Lookup table starting points: @@ -429,18 +351,18 @@ static u_int StartPointOut(struct in_addr, struct in_addr, static int SeqDiff(u_long, u_long); -static void ShowAliasStats(void); +static void ShowAliasStats(struct libalias *); #ifndef NO_FW_PUNCH /* Firewall control */ -static void InitPunchFW(void); -static void UninitPunchFW(void); +static void InitPunchFW(struct libalias *la); +static void UninitPunchFW(struct libalias *la); static void ClearFWHole(struct alias_link *link); #endif /* Log file control */ -static void InitPacketAliasLog(void); -static void UninitPacketAliasLog(void); +static void InitPacketAliasLog(struct libalias *la); +static void UninitPacketAliasLog(struct libalias *la); static u_int StartPointIn(struct in_addr alias_addr, @@ -490,31 +412,32 @@ SeqDiff(u_long x, u_long y) static void -ShowAliasStats(void) +ShowAliasStats(struct libalias *la) { /* Used for debugging */ - if (monitorFile) + if (la->monitorFile) { - fprintf(monitorFile, "icmp=%d, udp=%d, tcp=%d, pptp=%d, proto=%d, frag_id=%d frag_ptr=%d", - icmpLinkCount, - udpLinkCount, - tcpLinkCount, - pptpLinkCount, - protoLinkCount, - fragmentIdLinkCount, - fragmentPtrLinkCount); - - fprintf(monitorFile, " / tot=%d (sock=%d)\n", - icmpLinkCount + udpLinkCount - + tcpLinkCount - + pptpLinkCount - + protoLinkCount - + fragmentIdLinkCount - + fragmentPtrLinkCount, - sockCount); - - fflush(monitorFile); + fprintf(la->monitorFile, + "icmp=%d, udp=%d, tcp=%d, pptp=%d, proto=%d, frag_id=%d frag_ptr=%d", + la->icmpLinkCount, + la->udpLinkCount, + la->tcpLinkCount, + la->pptpLinkCount, + la->protoLinkCount, + la->fragmentIdLinkCount, + la->fragmentPtrLinkCount); + + fprintf(la->monitorFile, " / tot=%d (sock=%d)\n", + la->icmpLinkCount + la->udpLinkCount + + la->tcpLinkCount + + la->pptpLinkCount + + la->protoLinkCount + + la->fragmentIdLinkCount + + la->fragmentPtrLinkCount, + la->sockCount); + + fflush(la->monitorFile); } } @@ -544,18 +467,18 @@ Port search: */ /* Local prototypes */ -static int GetNewPort(struct alias_link *, int); +static int GetNewPort(struct libalias *, struct alias_link *, int); -static u_short GetSocket(u_short, int *, int); +static u_short GetSocket(struct libalias *, u_short, int *, int); -static void CleanupAliasData(void); +static void CleanupAliasData(struct libalias *); -static void IncrementalCleanup(void); +static void IncrementalCleanup(struct libalias *); static void DeleteLink(struct alias_link *); static struct alias_link * -AddLink(struct in_addr, struct in_addr, struct in_addr, +AddLink(struct libalias *, struct in_addr, struct in_addr, struct in_addr, u_short, u_short, int, int); static struct alias_link * @@ -564,10 +487,10 @@ ReLink(struct alias_link *, u_short, u_short, int, int); static struct alias_link * -FindLinkOut(struct in_addr, struct in_addr, u_short, u_short, int, int); +FindLinkOut(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int); static struct alias_link * -FindLinkIn(struct in_addr, struct in_addr, u_short, u_short, int, int); +FindLinkIn(struct libalias *, struct in_addr, struct in_addr, u_short, u_short, int, int); #define ALIAS_PORT_BASE 0x08000 @@ -586,7 +509,7 @@ FindLinkIn(struct in_addr, struct in_addr, u_short, u_short, int, int); unused triplets: (dest addr, dest port, alias port). */ static int -GetNewPort(struct alias_link *link, int alias_port_param) +GetNewPort(struct libalias *la, struct alias_link *link, int alias_port_param) { int i; int max_trials; @@ -611,7 +534,7 @@ GetNewPort(struct alias_link *link, int alias_port_param) */ max_trials = GET_NEW_PORT_MAX_ATTEMPTS; - if (packetAliasMode & PKT_ALIAS_SAME_PORTS) + if (la->packetAliasMode & PKT_ALIAS_SAME_PORTS) { /* * When the PKT_ALIAS_SAME_PORTS option is @@ -652,7 +575,7 @@ GetNewPort(struct alias_link *link, int alias_port_param) int go_ahead; struct alias_link *search_result; - search_result = FindLinkIn(link->dst_addr, link->alias_addr, + search_result = FindLinkIn(la, link->dst_addr, link->alias_addr, link->dst_port, port_net, link->link_type, 0); @@ -666,12 +589,12 @@ GetNewPort(struct alias_link *link, int alias_port_param) if (go_ahead) { - if ((packetAliasMode & PKT_ALIAS_USE_SOCKETS) + if ((la->packetAliasMode & PKT_ALIAS_USE_SOCKETS) && (link->flags & LINK_PARTIALLY_SPECIFIED) && ((link->link_type == LINK_TCP) || (link->link_type == LINK_UDP))) { - if (GetSocket(port_net, &link->sockfd, link->link_type)) + if (GetSocket(la, port_net, &link->sockfd, link->link_type)) { link->alias_port = port_net; return(0); @@ -699,7 +622,7 @@ GetNewPort(struct alias_link *link, int alias_port_param) static u_short -GetSocket(u_short port_net, int *sockfd, int link_type) +GetSocket(struct libalias *la, u_short port_net, int *sockfd, int link_type) { int err; int sock; @@ -736,7 +659,7 @@ GetSocket(u_short port_net, int *sockfd, int link_type) sizeof(sock_addr)); if (err == 0) { - sockCount++; + la->sockCount++; *sockfd = sock; return(1); } @@ -755,7 +678,8 @@ GetSocket(u_short port_net, int *sockfd, int link_type) looks for unused triplets: (dest addr, dest port, alias port). */ int -FindNewPortGroup(struct in_addr dst_addr, +FindNewPortGroup(struct libalias *la, + struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, u_short dst_port, @@ -791,7 +715,7 @@ FindNewPortGroup(struct in_addr dst_addr, */ max_trials = GET_NEW_PORT_MAX_ATTEMPTS; - if (packetAliasMode & PKT_ALIAS_SAME_PORTS) { + if (la->packetAliasMode & PKT_ALIAS_SAME_PORTS) { /* * When the ALIAS_SAME_PORTS option is * chosen, the first try will be the @@ -818,7 +742,7 @@ FindNewPortGroup(struct in_addr dst_addr, struct alias_link *search_result; for (j = 0; j < port_count; j++) - if (0 != (search_result = FindLinkIn(dst_addr, alias_addr, + if (0 != (search_result = FindLinkIn(la, dst_addr, alias_addr, dst_port, htons(port_sys + j), link_type, 0))) break; @@ -845,7 +769,7 @@ FindNewPortGroup(struct in_addr dst_addr, } static void -CleanupAliasData(void) +CleanupAliasData(struct libalias *la) { struct alias_link *link; int i, icount; @@ -853,7 +777,7 @@ CleanupAliasData(void) icount = 0; for (i=0; i<LINK_TABLE_OUT_SIZE; i++) { - link = LIST_FIRST(&linkTableOut[i]); + link = LIST_FIRST(&la->linkTableOut[i]); while (link != NULL) { struct alias_link *link_next; @@ -864,25 +788,25 @@ CleanupAliasData(void) } } - cleanupIndex =0; + la->cleanupIndex =0; } static void -IncrementalCleanup(void) +IncrementalCleanup(struct libalias *la) { int icount; struct alias_link *link; icount = 0; - link = LIST_FIRST(&linkTableOut[cleanupIndex++]); + link = LIST_FIRST(&la->linkTableOut[la->cleanupIndex++]); while (link != NULL) { int idelta; struct alias_link *link_next; link_next = LIST_NEXT(link, list_out); - idelta = timeStamp - link->timestamp; + idelta = la->timeStamp - link->timestamp; switch (link->link_type) { case LINK_TCP: @@ -910,16 +834,17 @@ IncrementalCleanup(void) link = link_next; } - if (cleanupIndex == LINK_TABLE_OUT_SIZE) - cleanupIndex = 0; + if (la->cleanupIndex == LINK_TABLE_OUT_SIZE) + la->cleanupIndex = 0; } static void DeleteLink(struct alias_link *link) { + struct libalias *la = link->la; /* Don't do anything if the link is marked permanent */ - if (deleteAllLinks == 0 && link->flags & LINK_PERMANENT) + if (la->deleteAllLinks == 0 && link->flags & LINK_PERMANENT) return; #ifndef NO_FW_PUNCH @@ -947,7 +872,7 @@ DeleteLink(struct alias_link *link) /* Close socket, if one has been allocated */ if (link->sockfd != -1) { - sockCount--; + la->sockCount--; close(link->sockfd); } @@ -955,30 +880,30 @@ DeleteLink(struct alias_link *link) switch(link->link_type) { case LINK_ICMP: - icmpLinkCount--; + la->icmpLinkCount--; break; case LINK_UDP: - udpLinkCount--; + la->udpLinkCount--; break; case LINK_TCP: - tcpLinkCount--; + la->tcpLinkCount--; free(link->data.tcp); break; case LINK_PPTP: - pptpLinkCount--; + la->pptpLinkCount--; break; case LINK_FRAGMENT_ID: - fragmentIdLinkCount--; + la->fragmentIdLinkCount--; break; case LINK_FRAGMENT_PTR: - fragmentPtrLinkCount--; + la->fragmentPtrLinkCount--; if (link->data.frag_ptr != NULL) free(link->data.frag_ptr); break; case LINK_ADDR: break; default: - protoLinkCount--; + la->protoLinkCount--; break; } @@ -986,15 +911,15 @@ DeleteLink(struct alias_link *link) free(link); /* Write statistics, if logging enabled */ - if (packetAliasMode & PKT_ALIAS_LOG) + if (la->packetAliasMode & PKT_ALIAS_LOG) { - ShowAliasStats(); + ShowAliasStats(la); } } static struct alias_link * -AddLink(struct in_addr src_addr, +AddLink(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, struct in_addr alias_addr, u_short src_port, @@ -1009,6 +934,7 @@ AddLink(struct in_addr src_addr, if (link != NULL) { /* Basic initialization */ + link->la = la; link->src_addr = src_addr; link->dst_addr = dst_addr; link->alias_addr = alias_addr; @@ -1021,7 +947,7 @@ AddLink(struct in_addr src_addr, link->sockfd = -1; link->flags = 0; link->pflags = 0; - link->timestamp = timeStamp; + link->timestamp = la->timeStamp; /* Expiration time */ switch (link_type) @@ -1058,7 +984,7 @@ AddLink(struct in_addr src_addr, link->flags |= LINK_UNKNOWN_DEST_PORT; /* Determine alias port */ - if (GetNewPort(link, alias_port_param) != 0) + if (GetNewPort(la, link, alias_port_param) != 0) { free(link); return(NULL); @@ -1070,10 +996,10 @@ AddLink(struct in_addr src_addr, struct tcp_dat *aux_tcp; case LINK_ICMP: - icmpLinkCount++; + la->icmpLinkCount++; break; case LINK_UDP: - udpLinkCount++; + la->udpLinkCount++; break; case LINK_TCP: aux_tcp = malloc(sizeof(struct tcp_dat)); @@ -1081,7 +1007,7 @@ AddLink(struct in_addr src_addr, { int i; - tcpLinkCount++; + la->tcpLinkCount++; aux_tcp->state.in = ALIAS_TCP_STATE_NOT_CONNECTED; aux_tcp->state.out = ALIAS_TCP_STATE_NOT_CONNECTED; aux_tcp->state.index = 0; @@ -1102,29 +1028,29 @@ AddLink(struct in_addr src_addr, } break; case LINK_PPTP: - pptpLinkCount++; + la->pptpLinkCount++; break; case LINK_FRAGMENT_ID: - fragmentIdLinkCount++; + la->fragmentIdLinkCount++; break; case LINK_FRAGMENT_PTR: - fragmentPtrLinkCount++; + la->fragmentPtrLinkCount++; break; case LINK_ADDR: break; default: - protoLinkCount++; + la->protoLinkCount++; break; } /* Set up pointers for output lookup table */ start_point = StartPointOut(src_addr, dst_addr, src_port, dst_port, link_type); - LIST_INSERT_HEAD(&linkTableOut[start_point], link, list_out); + LIST_INSERT_HEAD(&la->linkTableOut[start_point], link, list_out); /* Set up pointers for input lookup table */ start_point = StartPointIn(alias_addr, link->alias_port, link_type); - LIST_INSERT_HEAD(&linkTableIn[start_point], link, list_in); + LIST_INSERT_HEAD(&la->linkTableIn[start_point], link, list_in); } else { @@ -1134,9 +1060,9 @@ AddLink(struct in_addr src_addr, #endif } - if (packetAliasMode & PKT_ALIAS_LOG) + if (la->packetAliasMode & PKT_ALIAS_LOG) { - ShowAliasStats(); + ShowAliasStats(la); } return(link); @@ -1153,8 +1079,9 @@ ReLink(struct alias_link *old_link, int link_type) /* port will be automatically */ { /* chosen. If greater than */ struct alias_link *new_link; /* zero, equal to alias port */ + struct libalias *la = old_link->la; - new_link = AddLink(src_addr, dst_addr, alias_addr, + new_link = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, alias_port_param, link_type); #ifndef NO_FW_PUNCH @@ -1169,7 +1096,7 @@ ReLink(struct alias_link *old_link, } static struct alias_link * -_FindLinkOut(struct in_addr src_addr, +_FindLinkOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short dst_port, @@ -1180,7 +1107,7 @@ _FindLinkOut(struct in_addr src_addr, struct alias_link *link; i = StartPointOut(src_addr, dst_addr, src_port, dst_port, link_type); - LIST_FOREACH(link, &linkTableOut[i], list_out) + LIST_FOREACH(link, &la->linkTableOut[i], list_out) { if (link->src_addr.s_addr == src_addr.s_addr && link->server == NULL @@ -1189,7 +1116,7 @@ _FindLinkOut(struct in_addr src_addr, && link->src_port == src_port && link->link_type == link_type) { - link->timestamp = timeStamp; + link->timestamp = la->timeStamp; break; } } @@ -1199,16 +1126,16 @@ _FindLinkOut(struct in_addr src_addr, { if (dst_port != 0 && dst_addr.s_addr != INADDR_ANY) { - link = _FindLinkOut(src_addr, dst_addr, src_port, 0, + link = _FindLinkOut(la, src_addr, dst_addr, src_port, 0, link_type, 0); if (link == NULL) - link = _FindLinkOut(src_addr, nullAddress, src_port, + link = _FindLinkOut(la, src_addr, la->nullAddress, src_port, dst_port, link_type, 0); } if (link == NULL && (dst_port != 0 || dst_addr.s_addr != INADDR_ANY)) { - link = _FindLinkOut(src_addr, nullAddress, src_port, 0, + link = _FindLinkOut(la, src_addr, la->nullAddress, src_port, 0, link_type, 0); } if (link != NULL) @@ -1224,7 +1151,7 @@ _FindLinkOut(struct in_addr src_addr, } static struct alias_link * -FindLinkOut(struct in_addr src_addr, +FindLinkOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short dst_port, @@ -1233,7 +1160,7 @@ FindLinkOut(struct in_addr src_addr, { struct alias_link *link; - link = _FindLinkOut(src_addr, dst_addr, src_port, dst_port, + link = _FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, replace_partial_links); if (link == NULL) @@ -1242,10 +1169,10 @@ FindLinkOut(struct in_addr src_addr, specified as using the default source address (i.e. device interface address) without knowing in advance what that address is. */ - if (aliasAddress.s_addr != INADDR_ANY && - src_addr.s_addr == aliasAddress.s_addr) + if (la->aliasAddress.s_addr != INADDR_ANY && + src_addr.s_addr == la->aliasAddress.s_addr) { - link = _FindLinkOut(nullAddress, dst_addr, src_port, dst_port, + link = _FindLinkOut(la, la->nullAddress, dst_addr, src_port, dst_port, link_type, replace_partial_links); } } @@ -1255,7 +1182,7 @@ FindLinkOut(struct in_addr src_addr, static struct alias_link * -_FindLinkIn(struct in_addr dst_addr, +_FindLinkIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short dst_port, u_short alias_port, @@ -1287,7 +1214,7 @@ _FindLinkIn(struct in_addr dst_addr, /* Search loop */ start_point = StartPointIn(alias_addr, alias_port, link_type); - LIST_FOREACH(link, &linkTableIn[start_point], list_in) + LIST_FOREACH(link, &la->linkTableIn[start_point], list_in) { int flags; @@ -1343,7 +1270,7 @@ _FindLinkIn(struct in_addr dst_addr, if (link_fully_specified != NULL) { - link_fully_specified->timestamp = timeStamp; + link_fully_specified->timestamp = la->timeStamp; link = link_fully_specified; } else if (link_unknown_dst_port != NULL) @@ -1380,7 +1307,7 @@ _FindLinkIn(struct in_addr dst_addr, } static struct alias_link * -FindLinkIn(struct in_addr dst_addr, +FindLinkIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short dst_port, u_short alias_port, @@ -1389,7 +1316,7 @@ FindLinkIn(struct in_addr dst_addr, { struct alias_link *link; - link = _FindLinkIn(dst_addr, alias_addr, dst_port, alias_port, + link = _FindLinkIn(la, dst_addr, alias_addr, dst_port, alias_port, link_type, replace_partial_links); if (link == NULL) @@ -1398,10 +1325,10 @@ FindLinkIn(struct in_addr dst_addr, specified as using the default aliasing address (i.e. device interface address) without knowing in advance what that address is. */ - if (aliasAddress.s_addr != INADDR_ANY && - alias_addr.s_addr == aliasAddress.s_addr) + if (la->aliasAddress.s_addr != INADDR_ANY && + alias_addr.s_addr == la->aliasAddress.s_addr) { - link = _FindLinkIn(dst_addr, nullAddress, dst_port, alias_port, + link = _FindLinkIn(la, dst_addr, la->nullAddress, dst_port, alias_port, link_type, replace_partial_links); } } @@ -1430,22 +1357,22 @@ FindLinkIn(struct in_addr dst_addr, struct alias_link * -FindIcmpIn(struct in_addr dst_addr, +FindIcmpIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short id_alias, int create) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, id_alias, LINK_ICMP, 0); - if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; - target_addr = FindOriginalAddress(alias_addr); - link = AddLink(target_addr, dst_addr, alias_addr, + target_addr = FindOriginalAddress(la, alias_addr); + link = AddLink(la, target_addr, dst_addr, alias_addr, id_alias, NO_DEST_PORT, id_alias, LINK_ICMP); } @@ -1455,22 +1382,22 @@ FindIcmpIn(struct in_addr dst_addr, struct alias_link * -FindIcmpOut(struct in_addr src_addr, +FindIcmpOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short id, int create) { struct alias_link * link; - link = FindLinkOut(src_addr, dst_addr, + link = FindLinkOut(la, src_addr, dst_addr, id, NO_DEST_PORT, LINK_ICMP, 0); if (link == NULL && create) { struct in_addr alias_addr; - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, + alias_addr = FindAliasAddress(la, src_addr); + link = AddLink(la, src_addr, dst_addr, alias_addr, id, NO_DEST_PORT, GET_ALIAS_ID, LINK_ICMP); } @@ -1480,19 +1407,19 @@ FindIcmpOut(struct in_addr src_addr, struct alias_link * -FindFragmentIn1(struct in_addr dst_addr, +FindFragmentIn1(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short ip_id) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID, 0); if (link == NULL) { - link = AddLink(nullAddress, dst_addr, alias_addr, + link = AddLink(la, la->nullAddress, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID); } @@ -1502,53 +1429,53 @@ FindFragmentIn1(struct in_addr dst_addr, struct alias_link * -FindFragmentIn2(struct in_addr dst_addr, /* Doesn't add a link if one */ +FindFragmentIn2(struct libalias *la, struct in_addr dst_addr, /* Doesn't add a link if one */ struct in_addr alias_addr, /* is not found. */ u_short ip_id) { - return FindLinkIn(dst_addr, alias_addr, + return FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, ip_id, LINK_FRAGMENT_ID, 0); } struct alias_link * -AddFragmentPtrLink(struct in_addr dst_addr, +AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr, u_short ip_id) { - return AddLink(nullAddress, dst_addr, nullAddress, + return AddLink(la, la->nullAddress, dst_addr, la->nullAddress, NO_SRC_PORT, NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR); } struct alias_link * -FindFragmentPtr(struct in_addr dst_addr, +FindFragmentPtr(struct libalias *la, struct in_addr dst_addr, u_short ip_id) { - return FindLinkIn(dst_addr, nullAddress, + return FindLinkIn(la, dst_addr, la->nullAddress, NO_DEST_PORT, ip_id, LINK_FRAGMENT_PTR, 0); } struct alias_link * -FindProtoIn(struct in_addr dst_addr, +FindProtoIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_char proto) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, NO_DEST_PORT, 0, proto, 1); - if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; - target_addr = FindOriginalAddress(alias_addr); - link = AddLink(target_addr, dst_addr, alias_addr, + target_addr = FindOriginalAddress(la, alias_addr); + link = AddLink(la, target_addr, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, 0, proto); } @@ -1558,13 +1485,13 @@ FindProtoIn(struct in_addr dst_addr, struct alias_link * -FindProtoOut(struct in_addr src_addr, +FindProtoOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_char proto) { struct alias_link *link; - link = FindLinkOut(src_addr, dst_addr, + link = FindLinkOut(la, src_addr, dst_addr, NO_SRC_PORT, NO_DEST_PORT, proto, 1); @@ -1572,8 +1499,8 @@ FindProtoOut(struct in_addr src_addr, { struct in_addr alias_addr; - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, + alias_addr = FindAliasAddress(la, src_addr); + link = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, 0, proto); } @@ -1583,7 +1510,7 @@ FindProtoOut(struct in_addr src_addr, struct alias_link * -FindUdpTcpIn(struct in_addr dst_addr, +FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_short dst_port, u_short alias_port, @@ -1606,16 +1533,16 @@ FindUdpTcpIn(struct in_addr dst_addr, break; } - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, dst_port, alias_port, link_type, create); - if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && create && !(la->packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; - target_addr = FindOriginalAddress(alias_addr); - link = AddLink(target_addr, dst_addr, alias_addr, + target_addr = FindOriginalAddress(la, alias_addr); + link = AddLink(la, target_addr, dst_addr, alias_addr, alias_port, dst_port, alias_port, link_type); } @@ -1625,7 +1552,7 @@ FindUdpTcpIn(struct in_addr dst_addr, struct alias_link * -FindUdpTcpOut(struct in_addr src_addr, +FindUdpTcpOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short dst_port, @@ -1648,14 +1575,14 @@ FindUdpTcpOut(struct in_addr src_addr, break; } - link = FindLinkOut(src_addr, dst_addr, src_port, dst_port, link_type, create); + link = FindLinkOut(la, src_addr, dst_addr, src_port, dst_port, link_type, create); if (link == NULL && create) { struct in_addr alias_addr; - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, + alias_addr = FindAliasAddress(la, src_addr); + link = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, GET_ALIAS_PORT, link_type); } @@ -1665,14 +1592,14 @@ FindUdpTcpOut(struct in_addr src_addr, struct alias_link * -AddPptp(struct in_addr src_addr, +AddPptp(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, struct in_addr alias_addr, u_int16_t src_call_id) { struct alias_link *link; - link = AddLink(src_addr, dst_addr, alias_addr, + link = AddLink(la, src_addr, dst_addr, alias_addr, src_call_id, 0, GET_ALIAS_PORT, LINK_PPTP); @@ -1681,7 +1608,7 @@ AddPptp(struct in_addr src_addr, struct alias_link * -FindPptpOutByCallId(struct in_addr src_addr, +FindPptpOutByCallId(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_int16_t src_call_id) { @@ -1689,7 +1616,7 @@ FindPptpOutByCallId(struct in_addr src_addr, struct alias_link *link; i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP); - LIST_FOREACH(link, &linkTableOut[i], list_out) + LIST_FOREACH(link, &la->linkTableOut[i], list_out) if (link->link_type == LINK_PPTP && link->src_addr.s_addr == src_addr.s_addr && link->dst_addr.s_addr == dst_addr.s_addr && @@ -1701,7 +1628,7 @@ FindPptpOutByCallId(struct in_addr src_addr, struct alias_link * -FindPptpOutByPeerCallId(struct in_addr src_addr, +FindPptpOutByPeerCallId(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_int16_t dst_call_id) { @@ -1709,7 +1636,7 @@ FindPptpOutByPeerCallId(struct in_addr src_addr, struct alias_link *link; i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP); - LIST_FOREACH(link, &linkTableOut[i], list_out) + LIST_FOREACH(link, &la->linkTableOut[i], list_out) if (link->link_type == LINK_PPTP && link->src_addr.s_addr == src_addr.s_addr && link->dst_addr.s_addr == dst_addr.s_addr && @@ -1721,7 +1648,7 @@ FindPptpOutByPeerCallId(struct in_addr src_addr, struct alias_link * -FindPptpInByCallId(struct in_addr dst_addr, +FindPptpInByCallId(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_int16_t dst_call_id) { @@ -1729,7 +1656,7 @@ FindPptpInByCallId(struct in_addr dst_addr, struct alias_link *link; i = StartPointIn(alias_addr, 0, LINK_PPTP); - LIST_FOREACH(link, &linkTableIn[i], list_in) + LIST_FOREACH(link, &la->linkTableIn[i], list_in) if (link->link_type == LINK_PPTP && link->dst_addr.s_addr == dst_addr.s_addr && link->alias_addr.s_addr == alias_addr.s_addr && @@ -1741,13 +1668,13 @@ FindPptpInByCallId(struct in_addr dst_addr, struct alias_link * -FindPptpInByPeerCallId(struct in_addr dst_addr, +FindPptpInByPeerCallId(struct libalias *la, struct in_addr dst_addr, struct in_addr alias_addr, u_int16_t alias_call_id) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, + link = FindLinkIn(la, dst_addr, alias_addr, 0/* any */, alias_call_id, LINK_PPTP, 0); @@ -1757,7 +1684,7 @@ FindPptpInByPeerCallId(struct in_addr dst_addr, struct alias_link * -FindRtspOut(struct in_addr src_addr, +FindRtspOut(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short alias_port, @@ -1779,14 +1706,14 @@ FindRtspOut(struct in_addr src_addr, break; } - link = FindLinkOut(src_addr, dst_addr, src_port, 0, link_type, 1); + link = FindLinkOut(la, src_addr, dst_addr, src_port, 0, link_type, 1); if (link == NULL) { struct in_addr alias_addr; - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, + alias_addr = FindAliasAddress(la, src_addr); + link = AddLink(la, src_addr, dst_addr, alias_addr, src_port, 0, alias_port, link_type); } @@ -1796,22 +1723,22 @@ FindRtspOut(struct in_addr src_addr, struct in_addr -FindOriginalAddress(struct in_addr alias_addr) +FindOriginalAddress(struct libalias *la, struct in_addr alias_addr) { struct alias_link *link; - link = FindLinkIn(nullAddress, alias_addr, + link = FindLinkIn(la, la->nullAddress, alias_addr, 0, 0, LINK_ADDR, 0); if (link == NULL) { - newDefaultLink = 1; - if (targetAddress.s_addr == INADDR_ANY) + la->newDefaultLink = 1; + if (la->targetAddress.s_addr == INADDR_ANY) return alias_addr; - else if (targetAddress.s_addr == INADDR_NONE) - return (aliasAddress.s_addr != INADDR_ANY) ? - aliasAddress : alias_addr; + else if (la->targetAddress.s_addr == INADDR_NONE) + return (la->aliasAddress.s_addr != INADDR_ANY) ? + la->aliasAddress : alias_addr; else - return targetAddress; + return la->targetAddress; } else { @@ -1822,8 +1749,8 @@ FindOriginalAddress(struct in_addr alias_addr) link->server = link->server->next; return (src_addr); } else if (link->src_addr.s_addr == INADDR_ANY) - return (aliasAddress.s_addr != INADDR_ANY) ? - aliasAddress : alias_addr; + return (la->aliasAddress.s_addr != INADDR_ANY) ? + la->aliasAddress : alias_addr; else return link->src_addr; } @@ -1831,22 +1758,22 @@ FindOriginalAddress(struct in_addr alias_addr) struct in_addr -FindAliasAddress(struct in_addr original_addr) +FindAliasAddress(struct libalias *la, struct in_addr original_addr) { struct alias_link *link; - link = FindLinkOut(original_addr, nullAddress, + link = FindLinkOut(la, original_addr, la->nullAddress, 0, 0, LINK_ADDR, 0); if (link == NULL) { - return (aliasAddress.s_addr != INADDR_ANY) ? - aliasAddress : original_addr; + return (la->aliasAddress.s_addr != INADDR_ANY) ? + la->aliasAddress : original_addr; } else { if (link->alias_addr.s_addr == INADDR_ANY) - return (aliasAddress.s_addr != INADDR_ANY) ? - aliasAddress : original_addr; + return (la->aliasAddress.s_addr != INADDR_ANY) ? + la->aliasAddress : original_addr; else return link->alias_addr; } @@ -1960,7 +1887,7 @@ struct in_addr GetOriginalAddress(struct alias_link *link) { if (link->src_addr.s_addr == INADDR_ANY) - return aliasAddress; + return link->la->aliasAddress; else return(link->src_addr); } @@ -1977,23 +1904,23 @@ struct in_addr GetAliasAddress(struct alias_link *link) { if (link->alias_addr.s_addr == INADDR_ANY) - return aliasAddress; + return link->la->aliasAddress; else return link->alias_addr; } struct in_addr -GetDefaultAliasAddress() +GetDefaultAliasAddress(struct libalias *la) { - return aliasAddress; + return la->aliasAddress; } void -SetDefaultAliasAddress(struct in_addr alias_addr) +SetDefaultAliasAddress(struct libalias *la, struct in_addr alias_addr) { - aliasAddress = alias_addr; + la->aliasAddress = alias_addr; } @@ -2225,9 +2152,9 @@ SetExpire(struct alias_link *link, int expire) } void -ClearCheckNewLink(void) +ClearCheckNewLink(struct libalias *la) { - newDefaultLink = 0; + la->newDefaultLink = 0; } void @@ -2247,11 +2174,12 @@ GetProtocolFlags(struct alias_link *link) void SetDestCallId(struct alias_link *link, u_int16_t cid) { + struct libalias *la = link->la; - deleteAllLinks = 1; + la->deleteAllLinks = 1; link = ReLink(link, link->src_addr, link->dst_addr, link->alias_addr, link->src_port, cid, link->alias_port, link->link_type); - deleteAllLinks = 0; + la->deleteAllLinks = 0; } @@ -2272,7 +2200,7 @@ SetDestCallId(struct alias_link *link, u_int16_t cid) */ void -HouseKeeping(void) +HouseKeeping(struct libalias *la) { int i, n, n100; struct timeval tv; @@ -2284,11 +2212,11 @@ HouseKeeping(void) * waste timeline by making system calls. */ gettimeofday(&tv, &tz); - timeStamp = tv.tv_sec; + la->timeStamp = tv.tv_sec; /* Compute number of spokes (output table link chains) to cover */ - n100 = LINK_TABLE_OUT_SIZE * 100 + houseKeepingResidual; - n100 *= timeStamp - lastCleanupTime; + n100 = LINK_TABLE_OUT_SIZE * 100 + la->houseKeepingResidual; + n100 *= la->timeStamp - la->lastCleanupTime; n100 /= ALIAS_CLEANUP_INTERVAL_SECS; n = n100/100; @@ -2297,19 +2225,19 @@ HouseKeeping(void) if (n > ALIAS_CLEANUP_MAX_SPOKES) { n = ALIAS_CLEANUP_MAX_SPOKES; - lastCleanupTime = timeStamp; - houseKeepingResidual = 0; + la->lastCleanupTime = la->timeStamp; + la->houseKeepingResidual = 0; for (i=0; i<n; i++) - IncrementalCleanup(); + IncrementalCleanup(la); } else if (n > 0) { - lastCleanupTime = timeStamp; - houseKeepingResidual = n100 - 100*n; + la->lastCleanupTime = la->timeStamp; + la->houseKeepingResidual = n100 - 100*n; for (i=0; i<n; i++) - IncrementalCleanup(); + IncrementalCleanup(la); } else if (n < 0) { @@ -2317,21 +2245,21 @@ HouseKeeping(void) fprintf(stderr, "PacketAlias/HouseKeeping(): "); fprintf(stderr, "something unexpected in time values\n"); #endif - lastCleanupTime = timeStamp; - houseKeepingResidual = 0; + la->lastCleanupTime = la->timeStamp; + la->houseKeepingResidual = 0; } } /* Init the log file and enable logging */ static void -InitPacketAliasLog(void) +InitPacketAliasLog(struct libalias *la) { - if ((~packetAliasMode & PKT_ALIAS_LOG) - && (monitorFile = fopen("/var/log/alias.log", "w"))) + if ((~la->packetAliasMode & PKT_ALIAS_LOG) + && (la->monitorFile = fopen("/var/log/alias.log", "w"))) { - packetAliasMode |= PKT_ALIAS_LOG; - fprintf(monitorFile, + la->packetAliasMode |= PKT_ALIAS_LOG; + fprintf(la->monitorFile, "PacketAlias/InitPacketAliasLog: Packet alias logging enabled.\n"); } } @@ -2339,13 +2267,13 @@ InitPacketAliasLog(void) /* Close the log-file and disable logging. */ static void -UninitPacketAliasLog(void) +UninitPacketAliasLog(struct libalias *la) { - if (monitorFile) { - fclose(monitorFile); - monitorFile = NULL; + if (la->monitorFile) { + fclose(la->monitorFile); + la->monitorFile = NULL; } - packetAliasMode &= ~PKT_ALIAS_LOG; + la->packetAliasMode &= ~PKT_ALIAS_LOG; } @@ -2374,7 +2302,7 @@ UninitPacketAliasLog(void) /* Redirection from a specific public addr:port to a private addr:port */ struct alias_link * -PacketAliasRedirectPort(struct in_addr src_addr, u_short src_port, +LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, u_short src_port, struct in_addr dst_addr, u_short dst_port, struct in_addr alias_addr, u_short alias_port, u_char proto) @@ -2398,7 +2326,7 @@ PacketAliasRedirectPort(struct in_addr src_addr, u_short src_port, return NULL; } - link = AddLink(src_addr, dst_addr, alias_addr, + link = AddLink(la, src_addr, dst_addr, alias_addr, src_port, dst_port, alias_port, link_type); @@ -2419,7 +2347,7 @@ PacketAliasRedirectPort(struct in_addr src_addr, u_short src_port, /* Add server to the pool of servers */ int -PacketAliasAddServer(struct alias_link *link, struct in_addr addr, u_short port) +LibAliasAddServer(struct libalias *la, struct alias_link *link, struct in_addr addr, u_short port) { struct server *server; @@ -2450,14 +2378,14 @@ PacketAliasAddServer(struct alias_link *link, struct in_addr addr, u_short port) /* Redirect packets of a given IP protocol from a specific public address to a private address */ struct alias_link * -PacketAliasRedirectProto(struct in_addr src_addr, +LibAliasRedirectProto(struct libalias *la, struct in_addr src_addr, struct in_addr dst_addr, struct in_addr alias_addr, u_char proto) { struct alias_link *link; - link = AddLink(src_addr, dst_addr, alias_addr, + link = AddLink(la, src_addr, dst_addr, alias_addr, NO_SRC_PORT, NO_DEST_PORT, 0, proto); @@ -2478,12 +2406,12 @@ PacketAliasRedirectProto(struct in_addr src_addr, /* Static address translation */ struct alias_link * -PacketAliasRedirectAddr(struct in_addr src_addr, +LibAliasRedirectAddr(struct libalias *la, struct in_addr src_addr, struct in_addr alias_addr) { struct alias_link *link; - link = AddLink(src_addr, nullAddress, alias_addr, + link = AddLink(la, src_addr, la->nullAddress, alias_addr, 0, 0, 0, LINK_ADDR); @@ -2505,7 +2433,7 @@ PacketAliasRedirectAddr(struct in_addr src_addr, /* Mark the aliasing link dynamic */ int -PacketAliasRedirectDynamic(struct alias_link *link) +LibAliasRedirectDynamic(struct libalias *la, struct alias_link *link) { if (link->flags & LINK_PARTIALLY_SPECIFIED) @@ -2518,99 +2446,116 @@ PacketAliasRedirectDynamic(struct alias_link *link) void -PacketAliasRedirectDelete(struct alias_link *link) +LibAliasRedirectDelete(struct libalias *la, struct alias_link *link) { /* This is a dangerous function to put in the API, because an invalid pointer can crash the program. */ - deleteAllLinks = 1; + la->deleteAllLinks = 1; DeleteLink(link); - deleteAllLinks = 0; + la->deleteAllLinks = 0; } void -PacketAliasSetAddress(struct in_addr addr) +LibAliasSetAddress(struct libalias *la, struct in_addr addr) { - if (packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE - && aliasAddress.s_addr != addr.s_addr) - CleanupAliasData(); + if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE + && la->aliasAddress.s_addr != addr.s_addr) + CleanupAliasData(la); - aliasAddress = addr; + la->aliasAddress = addr; } void -PacketAliasSetTarget(struct in_addr target_addr) +LibAliasSetTarget(struct libalias *la, struct in_addr target_addr) { - targetAddress = target_addr; + la->targetAddress = target_addr; } +static void +finishoff(void) +{ -void -PacketAliasInit(void) + while(!LIST_EMPTY(&instancehead)) + LibAliasUninit(LIST_FIRST(&instancehead)); +} + +struct libalias * +LibAliasInit(struct libalias *la) { int i; struct timeval tv; struct timezone tz; - static int firstCall = 1; - if (firstCall == 1) + if (la == NULL) { + la = calloc(sizeof *la, 1); + if (la == NULL) + return (la); + if (LIST_EMPTY(&instancehead)) + atexit(finishoff); + LIST_INSERT_HEAD(&instancehead, la, instancelist); + gettimeofday(&tv, &tz); - timeStamp = tv.tv_sec; - lastCleanupTime = tv.tv_sec; - houseKeepingResidual = 0; + la->timeStamp = tv.tv_sec; + la->lastCleanupTime = tv.tv_sec; + la->houseKeepingResidual = 0; for (i=0; i<LINK_TABLE_OUT_SIZE; i++) - LIST_INIT(&linkTableOut[i]); + LIST_INIT(&la->linkTableOut[i]); for (i=0; i<LINK_TABLE_IN_SIZE; i++) - LIST_INIT(&linkTableIn[i]); + LIST_INIT(&la->linkTableIn[i]); - atexit(PacketAliasUninit); - firstCall = 0; } else { - deleteAllLinks = 1; - CleanupAliasData(); - deleteAllLinks = 0; + la->deleteAllLinks = 1; + CleanupAliasData(la); + la->deleteAllLinks = 0; } - aliasAddress.s_addr = INADDR_ANY; - targetAddress.s_addr = INADDR_ANY; + la->aliasAddress.s_addr = INADDR_ANY; + la->targetAddress.s_addr = INADDR_ANY; - icmpLinkCount = 0; - udpLinkCount = 0; - tcpLinkCount = 0; - pptpLinkCount = 0; - protoLinkCount = 0; - fragmentIdLinkCount = 0; - fragmentPtrLinkCount = 0; - sockCount = 0; + la->icmpLinkCount = 0; + la->udpLinkCount = 0; + la->tcpLinkCount = 0; + la->pptpLinkCount = 0; + la->protoLinkCount = 0; + la->fragmentIdLinkCount = 0; + la->fragmentPtrLinkCount = 0; + la->sockCount = 0; - cleanupIndex =0; + la->cleanupIndex =0; - packetAliasMode = PKT_ALIAS_SAME_PORTS + la->packetAliasMode = PKT_ALIAS_SAME_PORTS | PKT_ALIAS_USE_SOCKETS | PKT_ALIAS_RESET_ON_ADDR_CHANGE; +#ifndef NO_FW_PUNCH + la->fireWallFD = -1; +#endif + return (la); } void -PacketAliasUninit(void) { - deleteAllLinks = 1; - CleanupAliasData(); - deleteAllLinks = 0; - UninitPacketAliasLog(); +LibAliasUninit(struct libalias *la) { + la->deleteAllLinks = 1; + CleanupAliasData(la); + la->deleteAllLinks = 0; + UninitPacketAliasLog(la); #ifndef NO_FW_PUNCH - UninitPunchFW(); + UninitPunchFW(la); #endif + LIST_REMOVE(la, instancelist); + free(la); } - /* Change mode for some operations */ unsigned int -PacketAliasSetMode( +LibAliasSetMode( + struct libalias *la, unsigned int flags, /* Which state to bring flags to */ unsigned int mask /* Mask of which flags to affect (use 0 to do a probe for flag values) */ @@ -2619,34 +2564,34 @@ PacketAliasSetMode( /* Enable logging? */ if (flags & mask & PKT_ALIAS_LOG) { - InitPacketAliasLog(); /* Do the enable */ + InitPacketAliasLog(la); /* Do the enable */ } else /* _Disable_ logging? */ if (~flags & mask & PKT_ALIAS_LOG) { - UninitPacketAliasLog(); + UninitPacketAliasLog(la); } #ifndef NO_FW_PUNCH /* Start punching holes in the firewall? */ if (flags & mask & PKT_ALIAS_PUNCH_FW) { - InitPunchFW(); + InitPunchFW(la); } else /* Stop punching holes in the firewall? */ if (~flags & mask & PKT_ALIAS_PUNCH_FW) { - UninitPunchFW(); + UninitPunchFW(la); } #endif /* Other flags can be set/cleared without special action */ - packetAliasMode = (flags & mask) | (packetAliasMode & ~mask); - return packetAliasMode; + la->packetAliasMode = (flags & mask) | (la->packetAliasMode & ~mask); + return la->packetAliasMode; } int -PacketAliasCheckNewLink(void) +LibAliasCheckNewLink(struct libalias *la) { - return newDefaultLink; + return la->newDefaultLink; } @@ -2739,58 +2684,63 @@ fill_rule(void *buf, int bufsize, int rulenum, } #endif /* IPFW2 */ -static void ClearAllFWHoles(void); +static void ClearAllFWHoles(struct libalias *la); -static int fireWallBaseNum; /* The first firewall entry free for our use */ -static int fireWallNumNums; /* How many entries can we use? */ -static int fireWallActiveNum; /* Which entry did we last use? */ -static char *fireWallField; /* bool array for entries */ -#define fw_setfield(field, num) \ +#define fw_setfield(la, field, num) \ do { \ - (field)[(num) - fireWallBaseNum] = 1; \ + (field)[(num) - la->fireWallBaseNum] = 1; \ } /*lint -save -e717 */ while(0) /*lint -restore */ -#define fw_clrfield(field, num) \ + +#define fw_clrfield(la, field, num) \ do { \ - (field)[(num) - fireWallBaseNum] = 0; \ + (field)[(num) - la->fireWallBaseNum] = 0; \ } /*lint -save -e717 */ while(0) /*lint -restore */ -#define fw_tstfield(field, num) ((field)[(num) - fireWallBaseNum]) + +#define fw_tstfield(la, field, num) ((field)[(num) - la->fireWallBaseNum]) static void -InitPunchFW(void) { - fireWallField = malloc(fireWallNumNums); - if (fireWallField) { - memset(fireWallField, 0, fireWallNumNums); - if (fireWallFD < 0) { - fireWallFD = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); +InitPunchFW(struct libalias *la) +{ + + la->fireWallField = malloc(la->fireWallNumNums); + if (la->fireWallField) { + memset(la->fireWallField, 0, la->fireWallNumNums); + if (la->fireWallFD < 0) { + la->fireWallFD = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); } - ClearAllFWHoles(); - fireWallActiveNum = fireWallBaseNum; + ClearAllFWHoles(la); + la->fireWallActiveNum = la->fireWallBaseNum; } } static void -UninitPunchFW(void) { - ClearAllFWHoles(); - if (fireWallFD >= 0) - close(fireWallFD); - fireWallFD = -1; - if (fireWallField) - free(fireWallField); - fireWallField = NULL; - packetAliasMode &= ~PKT_ALIAS_PUNCH_FW; +UninitPunchFW(struct libalias *la) +{ + ClearAllFWHoles(la); + if (la->fireWallFD >= 0) + close(la->fireWallFD); + la->fireWallFD = -1; + if (la->fireWallField) + free(la->fireWallField); + la->fireWallField = NULL; + la->packetAliasMode &= ~PKT_ALIAS_PUNCH_FW; } /* Make a certain link go through the firewall */ void -PunchFWHole(struct alias_link *link) { +PunchFWHole(struct alias_link *link) +{ + struct libalias *la; int r; /* Result code */ struct ip_fw rule; /* On-the-fly built rule */ int fwhole; /* Where to punch hole */ + la = link->la; + /* Don't do anything unless we are asked to */ - if ( !(packetAliasMode & PKT_ALIAS_PUNCH_FW) || - fireWallFD < 0 || + if ( !(la->packetAliasMode & PKT_ALIAS_PUNCH_FW) || + la->fireWallFD < 0 || link->link_type != LINK_TCP) return; @@ -2799,20 +2749,20 @@ PunchFWHole(struct alias_link *link) { /** Build rule **/ /* Find empty slot */ - for (fwhole = fireWallActiveNum; - fwhole < fireWallBaseNum + fireWallNumNums && - fw_tstfield(fireWallField, fwhole); + for (fwhole = la->fireWallActiveNum; + fwhole < la->fireWallBaseNum + la->fireWallNumNums && + fw_tstfield(la, la->fireWallField, fwhole); fwhole++) ; - if (fwhole == fireWallBaseNum + fireWallNumNums) { - for (fwhole = fireWallBaseNum; - fwhole < fireWallActiveNum && - fw_tstfield(fireWallField, fwhole); + if (fwhole == la->fireWallBaseNum + la->fireWallNumNums) { + for (fwhole = la->fireWallBaseNum; + fwhole < la->fireWallActiveNum && + fw_tstfield(la, la->fireWallField, fwhole); fwhole++) ; - if (fwhole == fireWallActiveNum) { + if (fwhole == la->fireWallActiveNum) { /* No rule point empty - we can't punch more holes. */ - fireWallActiveNum = fireWallBaseNum; + la->fireWallActiveNum = la->fireWallBaseNum; #ifdef DEBUG fprintf(stderr, "libalias: Unable to create firewall hole!\n"); #endif @@ -2820,7 +2770,7 @@ PunchFWHole(struct alias_link *link) { } } /* Start next search at next position */ - fireWallActiveNum = fwhole+1; + la->fireWallActiveNum = fwhole+1; /* * generate two rules of the form @@ -2837,7 +2787,7 @@ PunchFWHole(struct alias_link *link) { O_ACCEPT, IPPROTO_TCP, GetOriginalAddress(link), ntohs(GetOriginalPort(link)), GetDestAddress(link), ntohs(GetDestPort(link)) ); - r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); + r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); if (r) err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)"); @@ -2845,7 +2795,7 @@ PunchFWHole(struct alias_link *link) { O_ACCEPT, IPPROTO_TCP, GetDestAddress(link), ntohs(GetDestPort(link)), GetOriginalAddress(link), ntohs(GetOriginalPort(link)) ); - r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); + r = setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_ADD, rulebuf, i); if (r) err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)"); } @@ -2889,13 +2839,18 @@ PunchFWHole(struct alias_link *link) { #endif /* !IPFW2 */ /* Indicate hole applied */ link->data.tcp->fwhole = fwhole; - fw_setfield(fireWallField, fwhole); + fw_setfield(la, la->fireWallField, fwhole); } /* Remove a hole in a firewall associated with a particular alias link. Calling this too often is harmless. */ static void -ClearFWHole(struct alias_link *link) { +ClearFWHole(struct alias_link *link) +{ + + struct libalias *la; + + la = link->la; if (link->link_type == LINK_TCP) { int fwhole = link->data.tcp->fwhole; /* Where is the firewall hole? */ struct ip_fw rule; @@ -2905,7 +2860,7 @@ ClearFWHole(struct alias_link *link) { memset(&rule, 0, sizeof rule); /* useless for ipfw2 */ #if IPFW2 - while (!setsockopt(fireWallFD, IPPROTO_IP, IP_FW_DEL, + while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &fwhole, sizeof fwhole)) ; #else /* !IPFW2 */ @@ -2914,25 +2869,25 @@ ClearFWHole(struct alias_link *link) { &rule, sizeof rule)) ; #endif /* !IPFW2 */ - fw_clrfield(fireWallField, fwhole); + fw_clrfield(la, la->fireWallField, fwhole); link->data.tcp->fwhole = -1; } } /* Clear out the entire range dedicated to firewall holes. */ static void -ClearAllFWHoles(void) { +ClearAllFWHoles(struct libalias *la) { struct ip_fw rule; /* On-the-fly built rule */ int i; - if (fireWallFD < 0) + if (la->fireWallFD < 0) return; memset(&rule, 0, sizeof rule); - for (i = fireWallBaseNum; i < fireWallBaseNum + fireWallNumNums; i++) { + for (i = la->fireWallBaseNum; i < la->fireWallBaseNum + la->fireWallNumNums; i++) { #if IPFW2 int r = i; - while (!setsockopt(fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, sizeof r)) + while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &r, sizeof r)) ; #else /* !IPFW2 */ rule.fw_number = i; @@ -2940,19 +2895,20 @@ ClearAllFWHoles(void) { ; #endif /* !IPFW2 */ } - memset(fireWallField, 0, fireWallNumNums); + /* XXX: third arg correct here ? /phk */ + memset(la->fireWallField, 0, la->fireWallNumNums); } #endif void -PacketAliasSetFWBase(unsigned int base, unsigned int num) { +LibAliasSetFWBase(struct libalias *la, unsigned int base, unsigned int num) { #ifndef NO_FW_PUNCH - fireWallBaseNum = base; - fireWallNumNums = num; + la->fireWallBaseNum = base; + la->fireWallNumNums = num; #endif } void -PacketAliasSetSkinnyPort(unsigned int port) { - skinnyPort = port; +LibAliasSetSkinnyPort(struct libalias *la, unsigned int port) { + la->skinnyPort = port; } diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c index efc78c7..08693a7 100644 --- a/sys/netinet/libalias/alias_ftp.c +++ b/sys/netinet/libalias/alias_ftp.c @@ -94,17 +94,15 @@ enum ftp_message_type { FTP_UNKNOWN_MESSAGE }; -static int ParseFtpPortCommand(char *, int); -static int ParseFtpEprtCommand(char *, int); -static int ParseFtp227Reply(char *, int); -static int ParseFtp229Reply(char *, int); -static void NewFtpMessage(struct ip *, struct alias_link *, int, int); - -static struct in_addr true_addr; /* in network byte order. */ -static u_short true_port; /* in host byte order. */ +static int ParseFtpPortCommand(struct libalias *la, char *, int); +static int ParseFtpEprtCommand(struct libalias *la, char *, int); +static int ParseFtp227Reply(struct libalias *la, char *, int); +static int ParseFtp229Reply(struct libalias *la, char *, int); +static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int); void AliasHandleFtpOut( +struct libalias *la, struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link, /* The link to go through (aliased port) */ int maxpacketsize /* The maximum size this packet can grow to (including headers) */) @@ -136,24 +134,24 @@ int maxpacketsize /* The maximum size this packet can grow to (including header /* * When aliasing a client, check for the PORT/EPRT command. */ - if (ParseFtpPortCommand(sptr, dlen)) + if (ParseFtpPortCommand(la, sptr, dlen)) ftp_message_type = FTP_PORT_COMMAND; - else if (ParseFtpEprtCommand(sptr, dlen)) + else if (ParseFtpEprtCommand(la, sptr, dlen)) ftp_message_type = FTP_EPRT_COMMAND; } else { /* * When aliasing a server, check for the 227/229 reply. */ - if (ParseFtp227Reply(sptr, dlen)) + if (ParseFtp227Reply(la, sptr, dlen)) ftp_message_type = FTP_227_REPLY; - else if (ParseFtp229Reply(sptr, dlen)) { + else if (ParseFtp229Reply(la, sptr, dlen)) { ftp_message_type = FTP_229_REPLY; - true_addr.s_addr = pip->ip_src.s_addr; + la->true_addr.s_addr = pip->ip_src.s_addr; } } if (ftp_message_type != FTP_UNKNOWN_MESSAGE) - NewFtpMessage(pip, link, maxpacketsize, ftp_message_type); + NewFtpMessage(la, pip, link, maxpacketsize, ftp_message_type); } /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */ @@ -170,7 +168,7 @@ int maxpacketsize /* The maximum size this packet can grow to (including header } static int -ParseFtpPortCommand(char *sptr, int dlen) +ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen) { char ch; int i, state; @@ -228,15 +226,15 @@ ParseFtpPortCommand(char *sptr, int dlen) } if (state == 13) { - true_addr.s_addr = htonl(addr); - true_port = port; + la->true_addr.s_addr = htonl(addr); + la->true_port = port; return 1; } else return 0; } static int -ParseFtpEprtCommand(char *sptr, int dlen) +ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen) { char ch, delim; int i, state; @@ -315,15 +313,15 @@ ParseFtpEprtCommand(char *sptr, int dlen) } if (state == 13) { - true_addr.s_addr = htonl(addr); - true_port = port; + la->true_addr.s_addr = htonl(addr); + la->true_port = port; return 1; } else return 0; } static int -ParseFtp227Reply(char *sptr, int dlen) +ParseFtp227Reply(struct libalias *la, char *sptr, int dlen) { char ch; int i, state; @@ -381,15 +379,15 @@ ParseFtp227Reply(char *sptr, int dlen) } if (state == 13) { - true_port = port; - true_addr.s_addr = htonl(addr); + la->true_port = port; + la->true_addr.s_addr = htonl(addr); return 1; } else return 0; } static int -ParseFtp229Reply(char *sptr, int dlen) +ParseFtp229Reply(struct libalias *la, char *sptr, int dlen) { char ch, delim; int i, state; @@ -452,14 +450,14 @@ ParseFtp229Reply(char *sptr, int dlen) } if (state == 7) { - true_port = port; + la->true_port = port; return 1; } else return 0; } static void -NewFtpMessage(struct ip *pip, +NewFtpMessage(struct libalias *la, struct ip *pip, struct alias_link *link, int maxpacketsize, int ftp_message_type) @@ -467,15 +465,15 @@ NewFtpMessage(struct ip *pip, struct alias_link *ftp_link; /* Security checks. */ - if (pip->ip_src.s_addr != true_addr.s_addr) + if (pip->ip_src.s_addr != la->true_addr.s_addr) return; - if (true_port < IPPORT_RESERVED) + if (la->true_port < IPPORT_RESERVED) return; /* Establish link to address and port found in FTP control message. */ - ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link), - htons(true_port), 0, IPPROTO_TCP, 1); + ftp_link = FindUdpTcpOut(la, la->true_addr, GetDestAddress(link), + htons(la->true_port), 0, IPPROTO_TCP, 1); if (ftp_link != NULL) { diff --git a/sys/netinet/libalias/alias_irc.c b/sys/netinet/libalias/alias_irc.c index 02a2bb2..3b2ff92 100644 --- a/sys/netinet/libalias/alias_irc.c +++ b/sys/netinet/libalias/alias_irc.c @@ -65,7 +65,8 @@ __FBSDID("$FreeBSD$"); void -AliasHandleIrcOut(struct ip *pip, /* IP packet to examine */ +AliasHandleIrcOut(struct libalias *la, + struct ip *pip, /* IP packet to examine */ struct alias_link *link, /* Which link are we on? */ int maxsize /* Maximum size of IP packet including headers */ ) @@ -246,7 +247,7 @@ lFOUND_CTCP: /* Steal the FTP_DATA_PORT - it doesn't really matter, and this would probably allow it through at least _some_ firewalls. */ - dcc_link = FindUdpTcpOut(true_addr, destaddr, + dcc_link = FindUdpTcpOut(la, true_addr, destaddr, true_port, 0, IPPROTO_TCP, 1); DBprintf(("Got a DCC link\n")); diff --git a/sys/netinet/libalias/alias_local.h b/sys/netinet/libalias/alias_local.h index d207f9f..0ed289a 100644 --- a/sys/netinet/libalias/alias_local.h +++ b/sys/netinet/libalias/alias_local.h @@ -46,6 +46,92 @@ #ifndef _ALIAS_LOCAL_H_ #define _ALIAS_LOCAL_H_ +#include <sys/queue.h> + +/* Sizes of input and output link tables */ +#define LINK_TABLE_OUT_SIZE 101 +#define LINK_TABLE_IN_SIZE 4001 + +struct proxy_entry; + +struct libalias { + LIST_ENTRY(libalias) instancelist; + + int packetAliasMode; /* Mode flags */ + /* - documented in alias.h */ + + struct in_addr aliasAddress; /* Address written onto source */ + /* field of IP packet. */ + + struct in_addr targetAddress; /* IP address incoming packets */ + /* are sent to if no aliasing */ + /* link already exists */ + + struct in_addr nullAddress; /* Used as a dummy parameter for */ + /* some function calls */ + + LIST_HEAD(, alias_link) linkTableOut[LINK_TABLE_OUT_SIZE]; + /* Lookup table of pointers to */ + /* chains of link records. Each */ + + LIST_HEAD(, alias_link) linkTableIn[LINK_TABLE_IN_SIZE]; + /* link record is doubly indexed */ + /* into input and output lookup */ + /* tables. */ + + /* Link statistics */ + int icmpLinkCount; + int udpLinkCount; + int tcpLinkCount; + int pptpLinkCount; + int protoLinkCount; + int fragmentIdLinkCount; + int fragmentPtrLinkCount; + int sockCount; + + int cleanupIndex; /* Index to chain of link table */ + /* being inspected for old links */ + + int timeStamp; /* System time in seconds for */ + /* current packet */ + + int lastCleanupTime; /* Last time IncrementalCleanup() */ + /* was called */ + + int houseKeepingResidual; /* used by HouseKeeping() */ + + int deleteAllLinks; /* If equal to zero, DeleteLink() */ + /* will not remove permanent links */ + + FILE *monitorFile; /* File descriptor for link */ + /* statistics monitoring file */ + + int newDefaultLink; /* Indicates if a new aliasing */ + /* link has been created after a */ + /* call to PacketAliasIn/Out(). */ + +#ifndef NO_FW_PUNCH + int fireWallFD; /* File descriptor to be able to */ + /* control firewall. Opened by */ + /* PacketAliasSetMode on first */ + /* setting the PKT_ALIAS_PUNCH_FW */ + /* flag. */ + int fireWallBaseNum; /* The first firewall entry free for our use */ + int fireWallNumNums; /* How many entries can we use? */ + int fireWallActiveNum; /* Which entry did we last use? */ + char *fireWallField; /* bool array for entries */ +#endif + + unsigned int skinnyPort; /* TCP port used by the Skinny */ + /* protocol. */ + + struct proxy_entry *proxyList; + + struct in_addr true_addr; /* in network byte order. */ + u_short true_port; /* in host byte order. */ + +}; + /* Macros */ /* @@ -71,10 +157,6 @@ } \ } while (0) -/* Globals */ - -extern int packetAliasMode; -extern unsigned int skinnyPort; /* Prototypes */ @@ -86,58 +168,58 @@ void DifferentialChecksum(u_short *_cksum, u_short *_new, u_short *_old, /* Internal data access */ struct alias_link * - FindIcmpIn(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindIcmpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _id_alias, int _create); struct alias_link * - FindIcmpOut(struct in_addr _src_addr, struct in_addr _dst_addr, + FindIcmpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_short _id, int _create); struct alias_link * - FindFragmentIn1(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindFragmentIn1(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); struct alias_link * - FindFragmentIn2(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindFragmentIn2(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _ip_id); struct alias_link * - AddFragmentPtrLink(struct in_addr _dst_addr, u_short _ip_id); + AddFragmentPtrLink(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); struct alias_link * - FindFragmentPtr(struct in_addr _dst_addr, u_short _ip_id); + FindFragmentPtr(struct libalias *la, struct in_addr _dst_addr, u_short _ip_id); struct alias_link * - FindProtoIn(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindProtoIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_char _proto); struct alias_link * - FindProtoOut(struct in_addr _src_addr, struct in_addr _dst_addr, + FindProtoOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_char _proto); struct alias_link * - FindUdpTcpIn(struct in_addr _dst_addr, struct in_addr _alias_addr, + FindUdpTcpIn(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _dst_port, u_short _alias_port, u_char _proto, int _create); struct alias_link * - FindUdpTcpOut(struct in_addr _src_addr, struct in_addr _dst_addr, + FindUdpTcpOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_short _src_port, u_short _dst_port, u_char _proto, int _create); struct alias_link * - AddPptp(struct in_addr _src_addr, struct in_addr _dst_addr, + AddPptp(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, struct in_addr _alias_addr, u_int16_t _src_call_id); struct alias_link * - FindPptpOutByCallId(struct in_addr _src_addr, + FindPptpOutByCallId(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _src_call_id); struct alias_link * - FindPptpInByCallId(struct in_addr _dst_addr, + FindPptpInByCallId(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_int16_t _dst_call_id); struct alias_link * - FindPptpOutByPeerCallId(struct in_addr _src_addr, + FindPptpOutByPeerCallId(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_int16_t _dst_call_id); struct alias_link * - FindPptpInByPeerCallId(struct in_addr _dst_addr, + FindPptpInByPeerCallId(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_int16_t _alias_call_id); struct alias_link * - FindRtspOut(struct in_addr _src_addr, struct in_addr _dst_addr, + FindRtspOut(struct libalias *la, struct in_addr _src_addr, struct in_addr _dst_addr, u_short _src_port, u_short _alias_port, u_char _proto); struct in_addr - FindOriginalAddress(struct in_addr _alias_addr); + FindOriginalAddress(struct libalias *la, struct in_addr _alias_addr); struct in_addr - FindAliasAddress(struct in_addr _original_addr); + FindAliasAddress(struct libalias *la, struct in_addr _original_addr); /* External data access/modification */ -int FindNewPortGroup(struct in_addr _dst_addr, struct in_addr _alias_addr, +int FindNewPortGroup(struct libalias *la, struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _src_port, u_short _dst_port, u_short _port_count, u_char _proto, u_char _align); void GetFragmentAddr(struct alias_link *_link, struct in_addr *_src_addr); @@ -155,8 +237,8 @@ struct in_addr struct in_addr GetAliasAddress(struct alias_link *_link); struct in_addr - GetDefaultAliasAddress(void); -void SetDefaultAliasAddress(struct in_addr _alias_addr); + GetDefaultAliasAddress(struct libalias *la); +void SetDefaultAliasAddress(struct libalias *la, struct in_addr _alias_addr); u_short GetOriginalPort(struct alias_link *_link); u_short GetAliasPort(struct alias_link *_link); struct in_addr @@ -170,7 +252,7 @@ int GetDeltaAckIn(struct ip *_pip, struct alias_link *_link); int GetDeltaSeqOut(struct ip *_pip, struct alias_link *_link); void AddSeq(struct ip *_pip, struct alias_link *_link, int _delta); void SetExpire(struct alias_link *_link, int _expire); -void ClearCheckNewLink(void); +void ClearCheckNewLink(struct libalias *la); void SetProtocolFlags(struct alias_link *_link, int _pflags); int GetProtocolFlags(struct alias_link *_link); void SetDestCallId(struct alias_link *_link, u_int16_t _cid); @@ -179,47 +261,47 @@ void PunchFWHole(struct alias_link *_link); #endif /* Housekeeping function */ -void HouseKeeping(void); +void HouseKeeping(struct libalias *); /* Tcp specfic routines */ /* lint -save -library Suppress flexelint warnings */ /* FTP routines */ -void AliasHandleFtpOut(struct ip *_pip, struct alias_link *_link, +void AliasHandleFtpOut(struct libalias *la, struct ip *_pip, struct alias_link *_link, int _maxpacketsize); /* IRC routines */ -void AliasHandleIrcOut(struct ip *_pip, struct alias_link *_link, +void AliasHandleIrcOut(struct libalias *la, struct ip *_pip, struct alias_link *_link, int _maxsize); /* RTSP routines */ -void AliasHandleRtspOut(struct ip *_pip, struct alias_link *_link, +void AliasHandleRtspOut(struct libalias *la, struct ip *_pip, struct alias_link *_link, int _maxpacketsize); /* PPTP routines */ -void AliasHandlePptpOut(struct ip *_pip, struct alias_link *_link); -void AliasHandlePptpIn(struct ip *_pip, struct alias_link *_link); -int AliasHandlePptpGreOut(struct ip *_pip); -int AliasHandlePptpGreIn(struct ip *_pip); +void AliasHandlePptpOut(struct libalias *la, struct ip *_pip, struct alias_link *_link); +void AliasHandlePptpIn(struct libalias *la, struct ip *_pip, struct alias_link *_link); +int AliasHandlePptpGreOut(struct libalias *la, struct ip *_pip); +int AliasHandlePptpGreIn(struct libalias *la, struct ip *_pip); /* NetBIOS routines */ -int AliasHandleUdpNbt(struct ip *_pip, struct alias_link *_link, +int AliasHandleUdpNbt(struct libalias *la, struct ip *_pip, struct alias_link *_link, struct in_addr *_alias_address, u_short _alias_port); -int AliasHandleUdpNbtNS(struct ip *_pip, struct alias_link *_link, +int AliasHandleUdpNbtNS(struct libalias *la, struct ip *_pip, struct alias_link *_link, struct in_addr *_alias_address, u_short *_alias_port, struct in_addr *_original_address, u_short *_original_port); /* CUSeeMe routines */ -void AliasHandleCUSeeMeOut(struct ip *_pip, struct alias_link *_link); -void AliasHandleCUSeeMeIn(struct ip *_pip, struct in_addr _original_addr); +void AliasHandleCUSeeMeOut(struct libalias *la, struct ip *_pip, struct alias_link *_link); +void AliasHandleCUSeeMeIn(struct libalias *la, struct ip *_pip, struct in_addr _original_addr); /* Skinny routines */ -void AliasHandleSkinny(struct ip *_pip, struct alias_link *_link); +void AliasHandleSkinny(struct libalias *la, struct ip *_pip, struct alias_link *_link); /* Transparent proxy routines */ -int ProxyCheck(struct ip *_pip, struct in_addr *_proxy_server_addr, +int ProxyCheck(struct libalias *la, struct ip *_pip, struct in_addr *_proxy_server_addr, u_short *_proxy_server_port); -void ProxyModify(struct alias_link *_link, struct ip *_pip, +void ProxyModify(struct libalias *la, struct alias_link *_link, struct ip *_pip, int _maxpacketsize, int _proxy_type); enum alias_tcp_state { diff --git a/sys/netinet/libalias/alias_nbt.c b/sys/netinet/libalias/alias_nbt.c index 508bf51..9ff9cf0 100644 --- a/sys/netinet/libalias/alias_nbt.c +++ b/sys/netinet/libalias/alias_nbt.c @@ -196,6 +196,7 @@ static u_char *AliasHandleName ( u_char *p, char *pmax ) { #define DGM_NEGATIVE_RES 0x16 int AliasHandleUdpNbt( + struct libalias *la, struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link, struct in_addr *alias_address, @@ -612,6 +613,7 @@ AliasHandleResource( } int AliasHandleUdpNbtNS( + struct libalias *la, struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link, struct in_addr *alias_address, diff --git a/sys/netinet/libalias/alias_old.c b/sys/netinet/libalias/alias_old.c new file mode 100644 index 0000000..51e6f32 --- /dev/null +++ b/sys/netinet/libalias/alias_old.c @@ -0,0 +1,205 @@ +/*- + * Copyright (c) 2004 Poul-Henning Kamp <phk@FreeBSD.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <stdlib.h> +#include <sys/types.h> +#include <netinet/in.h> +#include <alias.h> + +/* + * These functions are for backwards compatibility and because apps may + * be linked against shlib versions, they have to be actual functions, + * we cannot inline them. + */ + +static struct libalias *la; + +void +PacketAliasInit(void) +{ + + la = LibAliasInit(la); +} + +void +PacketAliasSetAddress(struct in_addr _addr) +{ + + LibAliasSetAddress(la, _addr); +} + +void +PacketAliasSetFWBase(unsigned int _base, unsigned int _num) +{ + + LibAliasSetFWBase(la, _base, _num); +} + +void +PacketAliasSetSkinnyPort(unsigned int _port) +{ + + LibAliasSetSkinnyPort(la, _port); +} + +unsigned int +PacketAliasSetMode(unsigned int _flags, unsigned int _mask) +{ + + return LibAliasSetMode(la, _flags, _mask); +} + +void +PacketAliasUninit(void) +{ + + LibAliasUninit(la); + la = NULL; +} + +int +PacketAliasIn(char *_ptr, int _maxpacketsize) +{ + return LibAliasIn(la, _ptr, _maxpacketsize); +} + +int +PacketAliasOut(char *_ptr, int _maxpacketsize) +{ + + return LibAliasOut(la, _ptr, _maxpacketsize); +} + +int +PacketUnaliasOut(char *_ptr, int _maxpacketsize) +{ + + return LibAliasUnaliasOut(la, _ptr, _maxpacketsize); +} + +int +PacketAliasAddServer(struct alias_link *_link, + struct in_addr _addr, unsigned short _port) +{ + + return LibAliasAddServer(la, _link, _addr, _port); +} + +struct alias_link * +PacketAliasRedirectAddr(struct in_addr _src_addr, + struct in_addr _alias_addr) +{ + + return LibAliasRedirectAddr(la, _src_addr, _alias_addr); +} + + +int +PacketAliasRedirectDynamic(struct alias_link *_link) +{ + + return LibAliasRedirectDynamic(la, _link); +} + +void +PacketAliasRedirectDelete(struct alias_link *_link) +{ + + LibAliasRedirectDelete(la, _link); +} + +struct alias_link * +PacketAliasRedirectPort(struct in_addr _src_addr, + unsigned short _src_port, struct in_addr _dst_addr, + unsigned short _dst_port, struct in_addr _alias_addr, + unsigned short _alias_port, unsigned char _proto) +{ + + return LibAliasRedirectPort(la, _src_addr, _src_port, _dst_addr, + _dst_port, _alias_addr, _alias_port, _proto); +} + +struct alias_link * +PacketAliasRedirectProto(struct in_addr _src_addr, + struct in_addr _dst_addr, struct in_addr _alias_addr, + unsigned char _proto) +{ + + return LibAliasRedirectProto(la, _src_addr, _dst_addr, _alias_addr, + _proto); +} + +void +PacketAliasFragmentIn(char *_ptr, char *_ptr_fragment) +{ + + LibAliasFragmentIn(la, _ptr, _ptr_fragment); +} + +char * +PacketAliasGetFragment(char *_ptr) +{ + + return LibAliasGetFragment(la, _ptr); +} + +int +PacketAliasSaveFragment(char *_ptr) +{ + return LibAliasSaveFragment(la, _ptr); +} + +int +PacketAliasCheckNewLink(void) +{ + + return LibAliasCheckNewLink(la); +} + +unsigned short +PacketAliasInternetChecksum(unsigned short *_ptr, int _nbytes) +{ + + return LibAliasInternetChecksum(la, _ptr, _nbytes); +} + +void +PacketAliasSetTarget(struct in_addr _target_addr) +{ + + LibAliasSetTarget(la, _target_addr); +} + +/* Transparent proxying routines. */ +int +PacketAliasProxyRule(const char *_cmd) +{ + + return LibAliasProxyRule(la, _cmd); +} diff --git a/sys/netinet/libalias/alias_pptp.c b/sys/netinet/libalias/alias_pptp.c index 2d3d9ac..946ae2f 100644 --- a/sys/netinet/libalias/alias_pptp.c +++ b/sys/netinet/libalias/alias_pptp.c @@ -145,7 +145,8 @@ static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *); void -AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ +AliasHandlePptpOut(struct libalias *la, + struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link) /* The PPTP control link */ { struct alias_link *pptp_link; @@ -165,13 +166,13 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ case PPTP_InCallRequest: case PPTP_InCallReply: /* Establish PPTP link for address and Call ID found in control message. */ - pptp_link = AddPptp(GetOriginalAddress(link), GetDestAddress(link), + pptp_link = AddPptp(la, GetOriginalAddress(link), GetDestAddress(link), GetAliasAddress(link), cptr->cid1); break; case PPTP_CallClearRequest: case PPTP_CallDiscNotify: /* Find PPTP link for address and Call ID found in control message. */ - pptp_link = FindPptpOutByCallId(GetOriginalAddress(link), + pptp_link = FindPptpOutByCallId(la, GetOriginalAddress(link), GetDestAddress(link), cptr->cid1); break; @@ -208,7 +209,8 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ } void -AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */ +AliasHandlePptpIn(struct libalias *la, + struct ip *pip, /* IP packet to examine/patch */ struct alias_link *link) /* The PPTP control link */ { struct alias_link *pptp_link; @@ -234,7 +236,7 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */ pcall_id = &cptr->cid2; break; case PPTP_CallDiscNotify: /* Connection closed. */ - pptp_link = FindPptpInByCallId(GetDestAddress(link), + pptp_link = FindPptpInByCallId(la, GetDestAddress(link), GetAliasAddress(link), cptr->cid1); if (pptp_link != NULL) @@ -245,7 +247,7 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */ } /* Find PPTP link for address and Call ID found in PPTP Control Msg */ - pptp_link = FindPptpInByPeerCallId(GetDestAddress(link), + pptp_link = FindPptpInByPeerCallId(la, GetDestAddress(link), GetAliasAddress(link), *pcall_id); @@ -311,7 +313,7 @@ AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch int -AliasHandlePptpGreOut(struct ip *pip) +AliasHandlePptpGreOut(struct libalias *la, struct ip *pip) { GreHdr *gr; struct alias_link *link; @@ -322,7 +324,7 @@ AliasHandlePptpGreOut(struct ip *pip) if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) return (-1); - link = FindPptpOutByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id); + link = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); if (link != NULL) { struct in_addr alias_addr = GetAliasAddress(link); @@ -339,7 +341,7 @@ AliasHandlePptpGreOut(struct ip *pip) int -AliasHandlePptpGreIn(struct ip *pip) +AliasHandlePptpGreIn(struct libalias *la, struct ip *pip) { GreHdr *gr; struct alias_link *link; @@ -350,7 +352,7 @@ AliasHandlePptpGreIn(struct ip *pip) if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) return (-1); - link = FindPptpInByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id); + link = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); if (link != NULL) { struct in_addr src_addr = GetOriginalAddress(link); diff --git a/sys/netinet/libalias/alias_proxy.c b/sys/netinet/libalias/alias_proxy.c index b9a9798..8eb728a 100644 --- a/sys/netinet/libalias/alias_proxy.c +++ b/sys/netinet/libalias/alias_proxy.c @@ -86,6 +86,7 @@ __FBSDID("$FreeBSD$"); */ struct proxy_entry { + struct libalias *la; #define PROXY_TYPE_ENCODE_NONE 1 #define PROXY_TYPE_ENCODE_TCPSTREAM 2 #define PROXY_TYPE_ENCODE_IPHDR 3 @@ -113,8 +114,6 @@ struct proxy_entry File scope variables */ -static struct proxy_entry *proxyList; - /* Local (static) functions: @@ -138,9 +137,9 @@ static struct proxy_entry *proxyList; static int IpMask(int, struct in_addr *); static int IpAddr(char *, struct in_addr *); static int IpPort(char *, int, int *); -static void RuleAdd(struct proxy_entry *); +static void RuleAdd(struct libalias *la, struct proxy_entry *); static void RuleDelete(struct proxy_entry *); -static int RuleNumberDelete(int); +static int RuleNumberDelete(struct libalias *la, int); static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int); static void ProxyEncodeIpHeader(struct ip *, int); @@ -197,22 +196,23 @@ IpPort(char *s, int proto, int *port) } void -RuleAdd(struct proxy_entry *entry) +RuleAdd(struct libalias *la, struct proxy_entry *entry) { int rule_index; struct proxy_entry *ptr; struct proxy_entry *ptr_last; - if (proxyList == NULL) + if (la->proxyList == NULL) { - proxyList = entry; + la->proxyList = entry; entry->last = NULL; entry->next = NULL; return; } + entry->la = la; rule_index = entry->rule_index; - ptr = proxyList; + ptr = la->proxyList; ptr_last = NULL; while (ptr != NULL) { @@ -220,10 +220,10 @@ RuleAdd(struct proxy_entry *entry) { if (ptr_last == NULL) { - entry->next = proxyList; + entry->next = la->proxyList; entry->last = NULL; - proxyList->last = entry; - proxyList = entry; + la->proxyList->last = entry; + la->proxyList = entry; return; } @@ -245,10 +245,13 @@ RuleAdd(struct proxy_entry *entry) static void RuleDelete(struct proxy_entry *entry) { + struct libalias *la; + + la = entry->la; if (entry->last != NULL) entry->last->next = entry->next; else - proxyList = entry->next; + la->proxyList = entry->next; if (entry->next != NULL) entry->next->last = entry->last; @@ -257,13 +260,13 @@ RuleDelete(struct proxy_entry *entry) } static int -RuleNumberDelete(int rule_index) +RuleNumberDelete(struct libalias *la, int rule_index) { int err; struct proxy_entry *ptr; err = -1; - ptr = proxyList; + ptr = la->proxyList; while (ptr != NULL) { struct proxy_entry *ptr_next; @@ -447,7 +450,7 @@ ProxyEncodeIpHeader(struct ip *pip, */ int -ProxyCheck(struct ip *pip, +ProxyCheck(struct libalias *la, struct ip *pip, struct in_addr *proxy_server_addr, u_short *proxy_server_port) { @@ -461,7 +464,7 @@ ProxyCheck(struct ip *pip, dst_port = ((struct tcphdr *) ((char *) pip + (pip->ip_hl << 2))) ->th_dport; - ptr = proxyList; + ptr = la->proxyList; while (ptr != NULL) { u_short proxy_port; @@ -493,7 +496,7 @@ ProxyCheck(struct ip *pip, } void -ProxyModify(struct alias_link *link, +ProxyModify(struct libalias *la, struct alias_link *link, struct ip *pip, int maxpacketsize, int proxy_type) @@ -516,7 +519,7 @@ ProxyModify(struct alias_link *link, */ int -PacketAliasProxyRule(const char *cmd) +LibAliasProxyRule(struct libalias *la, const char *cmd) { /* * This function takes command strings of the form: @@ -694,7 +697,7 @@ PacketAliasProxyRule(const char *cmd) n = sscanf(token, "%d", &rule_to_delete); if (n != 1) return -1; - err = RuleNumberDelete(rule_to_delete); + err = RuleNumberDelete(la, rule_to_delete); if (err) return -1; return 0; @@ -831,7 +834,7 @@ PacketAliasProxyRule(const char *cmd) proxy_entry->src_mask = src_mask; proxy_entry->dst_mask = dst_mask; - RuleAdd(proxy_entry); + RuleAdd(la, proxy_entry); return 0; } diff --git a/sys/netinet/libalias/alias_skinny.c b/sys/netinet/libalias/alias_skinny.c index 055c05b..d674893 100644 --- a/sys/netinet/libalias/alias_skinny.c +++ b/sys/netinet/libalias/alias_skinny.c @@ -173,7 +173,7 @@ alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip, } static int -alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack, +alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opnrcvch_ack, struct ip * pip, struct tcphdr *tc, struct alias_link *link, u_int32_t *localIpAddr, ConvDirection direction) @@ -186,7 +186,7 @@ alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack, localPort = opnrcvch_ack->port; null_addr.s_addr = INADDR_ANY; - opnrcv_link = FindUdpTcpOut(pip->ip_src, null_addr, + opnrcv_link = FindUdpTcpOut(la, pip->ip_src, null_addr, htons((u_short) opnrcvch_ack->port), 0, IPPROTO_UDP, 1); opnrcvch_ack->ipAddr = (u_int32_t) GetAliasAddress(opnrcv_link).s_addr; @@ -199,7 +199,7 @@ alias_skinny_opnrcvch_ack(struct OpenReceiveChannelAck *opnrcvch_ack, } void -AliasHandleSkinny(struct ip *pip, struct alias_link *link) +AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *link) { int hlen, tlen, dlen; struct tcphdr *tc; @@ -220,9 +220,9 @@ AliasHandleSkinny(struct ip *pip, struct alias_link *link) * handle the scenario where the call manager is on the inside, and * the calling phone is on the global outside. */ - if (ntohs(tc->th_dport) == skinnyPort) { + if (ntohs(tc->th_dport) == la->skinnyPort) { direction = ClientToServer; - } else if (ntohs(tc->th_sport) == skinnyPort) { + } else if (ntohs(tc->th_sport) == la->skinnyPort) { direction = ServerToClient; } else { #ifdef DEBUG @@ -306,7 +306,7 @@ AliasHandleSkinny(struct ip *pip, struct alias_link *link) "PacketAlias/Skinny: Received open rcv channel msg\n"); #endif opnrcvchn_ack = (struct OpenReceiveChannelAck *) & sd->msgId; - alias_skinny_opnrcvch_ack(opnrcvchn_ack, pip, tc, link, &lip, direction); + alias_skinny_opnrcvch_ack(la, opnrcvchn_ack, pip, tc, link, &lip, direction); } break; case START_MEDIATX: diff --git a/sys/netinet/libalias/alias_smedia.c b/sys/netinet/libalias/alias_smedia.c index a3ba7ae..600563ce 100644 --- a/sys/netinet/libalias/alias_smedia.c +++ b/sys/netinet/libalias/alias_smedia.c @@ -137,7 +137,7 @@ search_string(char *data, int dlen, const char *search_str) } static int -alias_rtsp_out(struct ip *pip, +alias_rtsp_out(struct libalias *la, struct ip *pip, struct alias_link *link, char *data, const char *port_str) @@ -221,8 +221,8 @@ alias_rtsp_out(struct ip *pip, /* Find an even numbered port number base that satisfies the contiguous number of ports we need */ null_addr.s_addr = 0; - if (0 == (salias = FindNewPortGroup(null_addr, - FindAliasAddress(pip->ip_src), + if (0 == (salias = FindNewPortGroup(la, null_addr, + FindAliasAddress(la, pip->ip_src), sport, 0, RTSP_PORT_GROUP, IPPROTO_UDP, 1))) { @@ -235,7 +235,7 @@ alias_rtsp_out(struct ip *pip, base_alias = ntohs(salias); for (j = 0; j < RTSP_PORT_GROUP; j++) { /* Establish link to port found in RTSP packet */ - rtsp_link = FindRtspOut(GetOriginalAddress(link), null_addr, + rtsp_link = FindRtspOut(la, GetOriginalAddress(link), null_addr, htons(base_port + j), htons(base_alias + j), IPPROTO_UDP); if (rtsp_link != NULL) { @@ -319,7 +319,7 @@ alias_rtsp_out(struct ip *pip, /* Support the protocol used by early versions of RealPlayer */ static int -alias_pna_out(struct ip *pip, +alias_pna_out(struct libalias *la, struct ip *pip, struct alias_link *link, char *data, int dlen) @@ -343,7 +343,7 @@ alias_pna_out(struct ip *pip, } if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) { memcpy(&port, work, 2); - pna_links = FindUdpTcpOut(pip->ip_src, GetDestAddress(link), + pna_links = FindUdpTcpOut(la, pip->ip_src, GetDestAddress(link), port, 0, IPPROTO_UDP, 1); if (pna_links != NULL) { #ifndef NO_FW_PUNCH @@ -366,7 +366,7 @@ alias_pna_out(struct ip *pip, } void -AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize) +AliasHandleRtspOut(struct libalias *la, struct ip *pip, struct alias_link *link, int maxpacketsize) { int hlen, tlen, dlen; struct tcphdr *tc; @@ -390,13 +390,13 @@ AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize) if (dlen >= strlen(setup)) { if (memcmp(data, setup, strlen(setup)) == 0) { - alias_rtsp_out(pip, link, data, client_port_str); + alias_rtsp_out(la, pip, link, data, client_port_str); return; } } if (dlen >= strlen(pna)) { if (memcmp(data, pna, strlen(pna)) == 0) { - alias_pna_out(pip, link, data, dlen); + alias_pna_out(la, pip, link, data, dlen); } } @@ -424,7 +424,7 @@ AliasHandleRtspOut(struct ip *pip, struct alias_link *link, int maxpacketsize) if ((dlen - i) >= strlen(okstr)) { if (memcmp(&data[i], okstr, strlen(okstr)) == 0) - alias_rtsp_out(pip, link, data, server_port_str); + alias_rtsp_out(la, pip, link, data, server_port_str); } } diff --git a/sys/netinet/libalias/alias_util.c b/sys/netinet/libalias/alias_util.c index d6b40a2..1bba075 100644 --- a/sys/netinet/libalias/alias_util.c +++ b/sys/netinet/libalias/alias_util.c @@ -50,6 +50,7 @@ then these routines will give a result of zero (useful for testing purposes); */ +#include <stdio.h> #include <sys/types.h> #include <netinet/in_systm.h> #include <netinet/in.h> @@ -60,7 +61,7 @@ purposes); #include "alias_local.h" u_short -PacketAliasInternetChecksum(u_short *ptr, int nbytes) +LibAliasInternetChecksum(struct libalias *la, u_short *ptr, int nbytes) { int sum, oddbyte; diff --git a/sys/netinet/libalias/libalias.3 b/sys/netinet/libalias/libalias.3 index e5ef09e..fc58e9a 100644 --- a/sys/netinet/libalias/libalias.3 +++ b/sys/netinet/libalias/libalias.3 @@ -67,24 +67,26 @@ of the kernel, without any access to private kernel data structure, but the source code can also be ported to a kernel environment. .Sh INITIALIZATION AND CONTROL One special function, -.Fn PacketAliasInit , -must always be called before any packet handling may be performed. +.Fn LibAliasInit , +must always be called before any packet handling may be performed and +the returned instance pointer passed to all the other functions. Normally, the -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress function is called afterwards, to set the default aliasing address. In addition, the operating mode of the packet aliasing engine can be customized by calling -.Fn PacketAliasSetMode . +.Fn LibAliasSetMode . .Pp -.Ft void -.Fn PacketAliasInit void +.Ft "struct libalias *" +.Fn LibAliasInit "struct libalias *" .Bd -ragged -offset indent -This function has no arguments or return value and is used to initialize +This function is used to initialize internal data structures. +When called first time a NULL pointer should be passed as argument. The following mode bits are always set after calling -.Fn PacketAliasInit . +.Fn LibAliasInit . See the description of -.Fn PacketAliasSetMode +.Fn LibAliasSetMode below for the meaning of these mode bits. .Pp .Bl -item -offset indent -compact @@ -99,19 +101,19 @@ below for the meaning of these mode bits. This function will always return the packet aliasing engine to the same initial state. The -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress function is normally called afterwards, and any desired changes from the default mode bits listed above require a call to -.Fn PacketAliasSetMode . +.Fn LibAliasSetMode . .Pp It is mandatory that this function be called at the beginning of a program prior to any packet handling. .Ed .Pp .Ft void -.Fn PacketAliasUninit void +.Fn LibAliasUninit "struct libalias *" .Bd -ragged -offset indent -This function has no arguments or return value and is used to clear any +This function has no return value and is used to clear any resources attached to internal data structures. .Pp This functions should be called when a program stops using the aliasing @@ -120,18 +122,17 @@ To provide backwards compatibility and extra security, it is added to the .Xr atexit 3 chain by -.Fn PacketAliasInit . -Calling it multiple times is harmless. +.Fn LibAliasInit . .Ed .Pp .Ft void -.Fn PacketAliasSetAddress "struct in_addr addr" +.Fn LibAliasSetAddress "struct libalias *" "struct in_addr addr" .Bd -ragged -offset indent This function sets the source address to which outgoing packets from the local area network are aliased. All outgoing packets are re-mapped to this address unless overridden by a static address mapping established by -.Fn PacketAliasRedirectAddr . +.Fn LibAliasRedirectAddr . If this function is not called, and no static rules match, an outgoing packet retains its source address. .Pp @@ -153,7 +154,7 @@ It is mandatory that this function be called prior to any packet handling. .Ed .Pp .Ft unsigned int -.Fn PacketAliasSetMode "unsigned int flags" "unsigned int mask" +.Fn LibAliasSetMode "struct libalias *" "unsigned int flags" "unsigned int mask" .Bd -ragged -offset indent This function sets or clears mode bits according to the value of @@ -174,7 +175,7 @@ Mainly useful for debugging when the log file is viewed continuously with .It Dv PKT_ALIAS_DENY_INCOMING If this mode bit is set, all incoming packets associated with new TCP connections or new UDP transactions will be marked for being ignored -.Fn ( PacketAliasIn +.Fn ( LibAliasIn returns .Dv PKT_ALIAS_IGNORED code) @@ -214,7 +215,7 @@ The registered subnet is fully accessible to the outside world, so traffic from it does not need to be passed through the packet aliasing engine. .It Dv PKT_ALIAS_RESET_ON_ADDR_CHANGE When this mode bit is set and -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is called to change the aliasing address, the internal link table of the packet aliasing engine will be cleared. This operating mode is useful for @@ -238,7 +239,7 @@ To cater to unexpected death of a program using changing the state of the flag will clear the entire firewall range allocated for holes. This will also happen on the initial call to -.Fn PacketAliasSetFWBase . +.Fn LibAliasSetFWBase . This call must happen prior to setting this flag. .It Dv PKT_ALIAS_REVERSE This option makes @@ -252,13 +253,13 @@ This option tells to obey transparent proxy rules only. Normal packet aliasing is not performed. See -.Fn PacketAliasProxyRule +.Fn LibAliasProxyRule below for details. .El .Ed .Pp .Ft void -.Fn PacketAliasSetFWBase "unsigned int base" "unsigned int num" +.Fn LibAliasSetFWBase "struct libalias *" "unsigned int base" "unsigned int num" .Bd -ragged -offset indent Set firewall range allocated for punching firewall holes (with the .Dv PKT_ALIAS_PUNCH_FW @@ -267,7 +268,7 @@ The range will be cleared for all rules on initialization. .Ed .Pp .Ft void -.Fn PacketAliasSkinnyPort "unsigned int port" +.Fn LibAliasSkinnyPort "struct libalias *" "unsigned int port" .Bd -ragged -offset indent Set the TCP port used by the Skinny Station protocol. Skinny is used by Cisco IP phones to communicate with @@ -282,18 +283,18 @@ The calling program is responsible for receiving and sending packets via network interfaces. .Pp Along with -.Fn PacketAliasInit +.Fn LibAliasInit and -.Fn PacketAliasSetAddress , +.Fn LibAliasSetAddress , the two packet handling functions, -.Fn PacketAliasIn +.Fn LibAliasIn and -.Fn PacketAliasOut , +.Fn LibAliasOut , comprise minimal set of functions needed for a basic IP masquerading implementation. .Pp .Ft int -.Fn PacketAliasIn "char *buffer" "int maxpacketsize" +.Fn LibAliasIn "struct libalias *" "char *buffer" "int maxpacketsize" .Bd -ragged -offset indent An incoming packet coming from a remote machine to the local network is de-aliased by this function. @@ -315,26 +316,26 @@ type is not handled or if incoming packets for new connections are being ignored (if .Dv PKT_ALIAS_DENY_INCOMING mode bit was set by -.Fn PacketAliasSetMode ) . +.Fn LibAliasSetMode ) . .It Dv PKT_ALIAS_UNRESOLVED_FRAGMENT This is returned when a fragment cannot be resolved because the header fragment has not been sent yet. In this situation, fragments must be saved with -.Fn PacketAliasSaveFragment +.Fn LibAliasSaveFragment until a header fragment is found. .It Dv PKT_ALIAS_FOUND_HEADER_FRAGMENT The packet aliasing process was successful, and a header fragment was found. This is a signal to retrieve any unresolved fragments with -.Fn PacketAliasGetFragment +.Fn LibAliasGetFragment and de-alias them with -.Fn PacketAliasFragmentIn . +.Fn LibAliasFragmentIn . .It Dv PKT_ALIAS_ERROR An internal error within the packet aliasing engine occurred. .El .Ed .Pp .Ft int -.Fn PacketAliasOut "char *buffer" "int maxpacketsize" +.Fn LibAliasOut "struct libalias *" "char *buffer" "int maxpacketsize" .Bd -ragged -offset indent An outgoing packet coming from the local network to a remote machine is aliased by this function. @@ -369,7 +370,8 @@ Individual ports can be re-mapped or static network address translations can be designated. .Pp .Ft struct alias_link * -.Fo PacketAliasRedirectPort +.Fo LibAliasRedirectPort +.Fa "struct libalias *" .Fa "struct in_addr local_addr" .Fa "u_short local_port" .Fa "struct in_addr remote_addr" @@ -396,12 +398,12 @@ or .Fa alias_addr is zero, this indicates that the packet aliasing address as established by -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is to be used. Even if -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is called to change the address after -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort is called, a zero reference will track this change. .Pp If the link is further set up to operate for a load sharing, then @@ -409,7 +411,7 @@ If the link is further set up to operate for a load sharing, then and .Fa local_port are ignored, and are selected dynamically from the server pool, as described in -.Fn PacketAliasAddServer +.Fn LibAliasAddServer below. .Pp If @@ -422,12 +424,12 @@ port number. Almost always, the remote port specification will be zero, but non-zero remote addresses can sometimes be useful for firewalling. If two calls to -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort overlap in their address/port specifications, then the most recent call will have precedence. .Pp This function returns a pointer which can subsequently be used by -.Fn PacketAliasRedirectDelete . +.Fn LibAliasRedirectDelete . If .Dv NULL is returned, then the function call did not complete successfully. @@ -443,7 +445,8 @@ data type. .Ed .Pp .Ft struct alias_link * -.Fo PacketAliasRedirectAddr +.Fo LibAliasRedirectAddr +.Fa "struct libalias *" .Fa "struct in_addr local_addr" .Fa "struct in_addr alias_addr" .Fc @@ -462,22 +465,22 @@ If or .Fa alias_addr is zero, this indicates that the packet aliasing address as established by -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is to be used. Even if -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is called to change the address after -.Fn PacketAliasRedirectAddr +.Fn LibAliasRedirectAddr is called, a zero reference will track this change. .Pp If the link is further set up to operate for a load sharing, then .Fa local_addr is ignored, and is selected dynamically from the server pool, as described in -.Fn PacketAliasAddServer +.Fn LibAliasAddServer below. .Pp If subsequent calls to -.Fn PacketAliasRedirectAddr +.Fn LibAliasRedirectAddr use the same aliasing address, all new incoming traffic to this aliasing address will be redirected to the local address made in the last function call. @@ -485,11 +488,11 @@ New traffic generated by any of the local machines, designated in the several function calls, will be aliased to the same address. Consider the following example: .Bd -literal -offset indent -PacketAliasRedirectAddr(inet_aton("192.168.0.2"), +LibAliasRedirectAddr(inet_aton("192.168.0.2"), inet_aton("141.221.254.101")); -PacketAliasRedirectAddr(inet_aton("192.168.0.3"), +LibAliasRedirectAddr(inet_aton("192.168.0.3"), inet_aton("141.221.254.101")); -PacketAliasRedirectAddr(inet_aton("192.168.0.4"), +LibAliasRedirectAddr(inet_aton("192.168.0.4"), inet_aton("141.221.254.101")); .Ed .Pp @@ -502,19 +505,20 @@ from 192.168.0.2, 192.168.0.3 and 192.168.0.4 will appear to come from Any incoming connections to 141.221.254.101 will be directed to 192.168.0.4. .Pp Any calls to -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort will have precedence over address mappings designated by -.Fn PacketAliasRedirectAddr . +.Fn LibAliasRedirectAddr . .Pp This function returns a pointer which can subsequently be used by -.Fn PacketAliasRedirectDelete . +.Fn LibAliasRedirectDelete . If .Dv NULL is returned, then the function call did not complete successfully. .Ed .Pp .Ft int -.Fo PacketAliasAddServer +.Fo LibAliasAddServer +.Fa "struct libalias *" .Fa "struct alias_link *link" .Fa "struct in_addr addr" .Fa "u_short port" @@ -541,17 +545,17 @@ the host. First, the .Fa link is created by either -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort or -.Fn PacketAliasRedirectAddr . +.Fn LibAliasRedirectAddr . Then, -.Fn PacketAliasAddServer +.Fn LibAliasAddServer is called multiple times to add entries to the .Fa link Ns 's server pool. .Pp For links created with -.Fn PacketAliasRedirectAddr , +.Fn LibAliasRedirectAddr , the .Fa port argument is ignored and could have any value, e.g. htons(~0). @@ -560,10 +564,10 @@ This function returns 0 on success, \-1 otherwise. .Ed .Pp .Ft int -.Fn PacketAliasRedirectDynamic "struct alias_link *link" +.Fn LibAliasRedirectDynamic "struct libalias *" "struct alias_link *link" .Bd -ragged -offset indent This function marks the specified static redirect rule entered by -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort as dynamic. This can be used to e.g. dynamically redirect a single TCP connection, after which the rule is removed. @@ -579,23 +583,23 @@ This function returns 0 on success, \-1 otherwise. .Ed .Pp .Ft void -.Fn PacketAliasRedirectDelete "struct alias_link *link" +.Fn LibAliasRedirectDelete "struct libalias *" "struct alias_link *link" .Bd -ragged -offset indent This function will delete a specific static redirect rule entered by -.Fn PacketAliasRedirectPort +.Fn LibAliasRedirectPort or -.Fn PacketAliasRedirectAddr . +.Fn LibAliasRedirectAddr . The parameter .Fa link is the pointer returned by either of the redirection functions. If an invalid pointer is passed to -.Fn PacketAliasRedirectDelete , +.Fn LibAliasRedirectDelete , then a program crash or unpredictable operation could result, so it is necessary to be careful using this function. .Ed .Pp .Ft int -.Fn PacketAliasProxyRule "const char *cmd" +.Fn LibAliasProxyRule "struct libalias *" "const char *cmd" .Bd -ragged -offset indent The passed .Fa cmd @@ -640,14 +644,14 @@ specification is mandatory unless the command is being used. .It Cm rule Ar index Normally, each call to -.Fn PacketAliasProxyRule +.Fn LibAliasProxyRule inserts the next rule at the start of a linear list of rules. If an .Ar index is specified, the new rule will be checked after all rules with lower indices. Calls to -.Fn PacketAliasProxyRule +.Fn LibAliasProxyRule that do not specify a rule are assigned rule 0. .It Cm delete Ar index This token and its argument MUST NOT be used with any other tokens. @@ -688,7 +692,8 @@ access, or to restrict access to certain external machines. .Ed .Pp .Ft struct alias_link * -.Fo PacketAliasRedirectProto +.Fo LibAliasRedirectProto +.Fa "struct libalias *" .Fa "struct in_addr local_addr" .Fa "struct in_addr remote_addr" .Fa "struct in_addr alias_addr" @@ -706,12 +711,12 @@ or .Fa alias_addr is zero, this indicates that the packet aliasing address as established by -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is to be used. Even if -.Fn PacketAliasSetAddress +.Fn LibAliasSetAddress is called to change the address after -.Fn PacketAliasRedirectProto +.Fn LibAliasRedirectProto is called, a zero reference will track this change. .Pp If @@ -720,12 +725,12 @@ is zero, this indicates to redirect packets from any remote address. Non-zero remote addresses can sometimes be useful for firewalling. .Pp If two calls to -.Fn PacketAliasRedirectProto +.Fn LibAliasRedirectProto overlap in their address specifications, then the most recent call will have precedence. .Pp This function returns a pointer which can subsequently be used by -.Fn PacketAliasRedirectDelete . +.Fn LibAliasRedirectDelete . If .Dv NULL is returned, then the function call did not complete successfully. @@ -734,11 +739,11 @@ is returned, then the function call did not complete successfully. The functions in this section are used to deal with incoming fragments. .Pp Outgoing fragments are handled within -.Fn PacketAliasOut +.Fn LibAliasOut by changing the address according to any applicable mapping set by -.Fn PacketAliasRedirectAddr , +.Fn LibAliasRedirectAddr , or the default aliasing address set by -.Fn PacketAliasSetAddress . +.Fn LibAliasSetAddress . .Pp Incoming fragments are handled in one of two ways. If the header of a fragmented IP packet has already been seen, then all @@ -748,10 +753,10 @@ Fragments which arrive before the header are saved and then retrieved once the header fragment has been resolved. .Pp .Ft int -.Fn PacketAliasSaveFragment "char *ptr" +.Fn LibAliasSaveFragment "struct libalias *" "char *ptr" .Bd -ragged -offset indent When -.Fn PacketAliasIn +.Fn LibAliasIn returns .Dv PKT_ALIAS_UNRESOLVED_FRAGMENT , this function can be used to save the pointer to the unresolved fragment. @@ -773,33 +778,33 @@ if there was an error. .Ed .Pp .Ft char * -.Fn PacketAliasGetFragment "char *buffer" +.Fn LibAliasGetFragment "struct libalias *" "char *buffer" .Bd -ragged -offset indent This function can be used to retrieve fragment pointers saved by -.Fn PacketAliasSaveFragment . +.Fn LibAliasSaveFragment . The IP header fragment pointed to by .Fa buffer is the header fragment indicated when -.Fn PacketAliasIn +.Fn LibAliasIn returns .Dv PKT_ALIAS_FOUND_HEADER_FRAGMENT . Once a fragment pointer is retrieved, it becomes the calling program's responsibility to free the dynamically allocated memory for the fragment. .Pp The -.Fn PacketAliasGetFragment +.Fn LibAliasGetFragment function can be called sequentially until there are no more fragments available, at which time it returns .Dv NULL . .Ed .Pp .Ft void -.Fn PacketAliasFragmentIn "char *header" "char *fragment" +.Fn LibAliasFragmentIn "struct libalias *" "char *header" "char *fragment" .Bd -ragged -offset indent When a fragment is retrieved with -.Fn PacketAliasGetFragment , +.Fn LibAliasGetFragment , it can then be de-aliased with a call to -.Fn PacketAliasFragmentIn . +.Fn LibAliasFragmentIn . The .Fa header argument is the pointer to a header fragment used as a template, and @@ -808,17 +813,17 @@ is the pointer to the packet to be de-aliased. .Ed .Sh MISCELLANEOUS FUNCTIONS .Ft void -.Fn PacketAliasSetTarget "struct in_addr addr" +.Fn LibAliasSetTarget "struct libalias *" "struct in_addr addr" .Bd -ragged -offset indent When an incoming packet not associated with any pre-existing aliasing link arrives at the host machine, it will be sent to the address indicated by a call to -.Fn PacketAliasSetTarget . +.Fn LibAliasSetTarget . .Pp If this function is called with an .Dv INADDR_NONE address argument, then all new incoming packets go to the address set by -.Fn PacketAliasSetAddress . +.Fn LibAliasSetAddress . .Pp If this function is not called, or is called with an .Dv INADDR_ANY @@ -829,17 +834,17 @@ can route packets to the machine in question. .Ed .Pp .Ft int -.Fn PacketAliasCheckNewLink void +.Fn LibAliasCheckNewLink void .Bd -ragged -offset indent This function returns a non-zero value when a new aliasing link is created. In circumstances where incoming traffic is being sequentially sent to different local servers, this function can be used to trigger when -.Fn PacketAliasSetTarget +.Fn LibAliasSetTarget is called to change the default target address. .Ed .Pp .Ft u_short -.Fn PacketAliasInternetChecksum "u_short *buffer" "int nbytes" +.Fn LibAliasInternetChecksum "struct libalias *" "u_short *buffer" "int nbytes" .Bd -ragged -offset indent This is a utility function that does not seem to be available elsewhere and is included as a convenience. @@ -856,12 +861,12 @@ The 16-bit checksum field should be zeroed before computing the checksum. Checksums can also be verified by operating on a block of data including its checksum. If the checksum is valid, -.Fn PacketAliasInternetChecksum +.Fn LibAliasInternetChecksum will return zero. .Ed .Pp .Ft int -.Fn PacketUnaliasOut "char *buffer" "int maxpacketsize" +.Fn LibAliasUnaliasOut "struct libalias *" "char *buffer" "int maxpacketsize" .Bd -ragged -offset indent An outgoing packet, which has already been aliased, has its private address/port information restored by this function. |