diff options
-rw-r--r-- | sys/conf/files | 1 | ||||
-rw-r--r-- | sys/conf/options | 1 | ||||
-rw-r--r-- | sys/modules/netgraph/nat/Makefile | 6 | ||||
-rw-r--r-- | sys/netgraph/ng_nat.c | 314 | ||||
-rw-r--r-- | sys/netgraph/ng_nat.h | 37 |
5 files changed, 359 insertions, 0 deletions
diff --git a/sys/conf/files b/sys/conf/files index dfd2b5d..8ad7c01 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1529,6 +1529,7 @@ netgraph/ng_l2tp.c optional netgraph_l2tp netgraph/ng_lmi.c optional netgraph_lmi netgraph/ng_mppc.c optional netgraph_mppc_compression netgraph/ng_mppc.c optional netgraph_mppc_encryption +netgraph/ng_nat.c optional netgraph_nat netgraph/ng_one2many.c optional netgraph_one2many netgraph/ng_parse.c optional netgraph netgraph/ng_ppp.c optional netgraph_ppp diff --git a/sys/conf/options b/sys/conf/options index 11be4e7..1dedaf4 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -411,6 +411,7 @@ NETGRAPH_LMI opt_netgraph.h # MPPC compression requires proprietary files (not included) NETGRAPH_MPPC_COMPRESSION opt_netgraph.h NETGRAPH_MPPC_ENCRYPTION opt_netgraph.h +NETGRAPH_NAT opt_netgraph.h NETGRAPH_NETFLOW opt_netgraph.h NETGRAPH_ONE2MANY opt_netgraph.h NETGRAPH_PPP opt_netgraph.h diff --git a/sys/modules/netgraph/nat/Makefile b/sys/modules/netgraph/nat/Makefile new file mode 100644 index 0000000..f51bbe0 --- /dev/null +++ b/sys/modules/netgraph/nat/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +KMOD= ng_nat +SRCS= ng_nat.c + +.include <bsd.kmod.mk> diff --git a/sys/netgraph/ng_nat.c b/sys/netgraph/ng_nat.c new file mode 100644 index 0000000..b353e2e --- /dev/null +++ b/sys/netgraph/ng_nat.c @@ -0,0 +1,314 @@ +/*- + * Copyright 2005, Gleb Smirnoff <glebius@FreeBSD.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <sys/param.h> +#include <sys/systm.h> +#include <sys/kernel.h> +#include <sys/mbuf.h> +#include <sys/malloc.h> +#include <sys/ctype.h> +#include <sys/errno.h> +#include <sys/syslog.h> + +#include <netinet/in_systm.h> +#include <netinet/in.h> +#include <netinet/ip.h> +#include <netinet/ip_icmp.h> +#include <netinet/tcp.h> +#include <netinet/udp.h> + +#include <netinet/libalias/alias.h> + +#include <netgraph/ng_message.h> +#include <netgraph/ng_parse.h> +#include <netgraph/ng_nat.h> +#include <netgraph/netgraph.h> + +static ng_constructor_t ng_nat_constructor; +static ng_rcvmsg_t ng_nat_rcvmsg; +static ng_shutdown_t ng_nat_shutdown; +static ng_newhook_t ng_nat_newhook; +static ng_rcvdata_t ng_nat_rcvdata; +static ng_disconnect_t ng_nat_disconnect; + +static struct mbuf * m_megapullup(struct mbuf *, int); + +/* List of commands and how to convert arguments to/from ASCII. */ +static const struct ng_cmdlist ng_nat_cmdlist[] = { + { + NGM_NAT_COOKIE, + NGM_NAT_SET_IPADDR, + "setaliasaddr", + &ng_parse_ipaddr_type, + NULL + }, + { 0 } +}; + +/* Netgraph node type descriptor. */ +static struct ng_type typestruct = { + .version = NG_ABI_VERSION, + .name = NG_NAT_NODE_TYPE, + .constructor = ng_nat_constructor, + .rcvmsg = ng_nat_rcvmsg, + .shutdown = ng_nat_shutdown, + .newhook = ng_nat_newhook, + .rcvdata = ng_nat_rcvdata, + .disconnect = ng_nat_disconnect, + .cmdlist = ng_nat_cmdlist, +}; +NETGRAPH_INIT(nat, &typestruct); +MODULE_DEPEND(ng_nat, libalias, 1, 1, 1); + +/* Information we store for each node. */ +struct ng_priv_priv { + node_p node; /* back pointer to node */ + hook_p in; /* hook for demasquerading */ + hook_p out; /* hook for masquerading */ + struct libalias *lib; /* libalias handler */ + uint32_t flags; /* status flags */ +}; +typedef struct ng_priv_priv *priv_p; + +/* Values of flags */ +#define NGNAT_READY 0x1 /* We have everything to work */ +#define NGNAT_ADDR_DEFINED 0x2 /* NGM_NAT_SET_IPADDR happened */ + +static int +ng_nat_constructor(node_p node) +{ + priv_p priv; + + /* Initialize private descriptor. */ + MALLOC(priv, priv_p, sizeof(*priv), M_NETGRAPH, + M_NOWAIT | M_ZERO); + if (priv == NULL) + return (ENOMEM); + + /* Init aliasing engine. */ + priv->lib = LibAliasInit(NULL); + if (priv->lib == NULL) { + FREE(priv, M_NETGRAPH); + return (ENOMEM); + } + + /* Set same ports on. */ + (void )LibAliasSetMode(priv->lib, PKT_ALIAS_SAME_PORTS, + PKT_ALIAS_SAME_PORTS); + + /* Link structs together. */ + NG_NODE_SET_PRIVATE(node, priv); + priv->node = node; + + /* + * libalias is not thread safe, so our node + * must be single threaded. + */ + NG_NODE_FORCE_WRITER(node); + + return (0); +} + +static int +ng_nat_newhook(node_p node, hook_p hook, const char *name) +{ + const priv_p priv = NG_NODE_PRIVATE(node); + + if (strcmp(name, NG_NAT_HOOK_IN) == 0) { + priv->in = hook; + } else if (strcmp(name, NG_NAT_HOOK_OUT) == 0) { + priv->out = hook; + } else + return (EINVAL); + + if (priv->out != NULL && + priv->in != NULL && + priv->flags & NGNAT_ADDR_DEFINED) + priv->flags |= NGNAT_READY; + + return(0); +} + +static int +ng_nat_rcvmsg(node_p node, item_p item, hook_p lasthook) +{ + const priv_p priv = NG_NODE_PRIVATE(node); + struct ng_mesg *resp = NULL; + struct ng_mesg *msg; + int error = 0; + + NGI_GET_MSG(item, msg); + + switch (msg->header.typecookie) { + case NGM_NAT_COOKIE: + switch (msg->header.cmd) { + case NGM_NAT_SET_IPADDR: + { + struct in_addr *const ia = (struct in_addr *)msg->data; + + if (msg->header.arglen < sizeof(*ia)) { + error = EINVAL; + break; + } + + LibAliasSetAddress(priv->lib, *ia); + + priv->flags |= NGNAT_ADDR_DEFINED; + if (priv->out != NULL && + priv->in != NULL) + priv->flags |= NGNAT_READY; + } + break; + default: + error = EINVAL; /* unknown command */ + break; + } + break; + default: + error = EINVAL; /* unknown cookie type */ + break; + } + + NG_RESPOND_MSG(error, node, item, resp); + NG_FREE_MSG(msg); + return (error); +} + +static int +ng_nat_rcvdata(hook_p hook, item_p item ) +{ + const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); + struct mbuf *m; + int plen; + int rval, error = 0; + char *c; + + if (!(priv->flags & NGNAT_READY)) { + NG_FREE_ITEM(item); + return (ENXIO); + } + + m = NGI_M(item); + + if ((m = m_megapullup(m, m->m_pkthdr.len)) == NULL) { + NGI_M(item) = NULL; /* avoid double free */ + NG_FREE_ITEM(item); + return (ENOBUFS); + } + + plen = m->m_pkthdr.len; + + NGI_M(item) = m; + + c = mtod(m, char *); + if (hook == priv->in) { + rval = LibAliasIn(priv->lib, c, plen); + if (rval != PKT_ALIAS_OK) { + printf("in %u\n", rval); + NG_FREE_ITEM(item); + return (EINVAL); + } + NG_FWD_ITEM_HOOK(error, item, priv->out); + } else if (hook == priv->out) { + rval = LibAliasOut(priv->lib, c, plen); + if (rval != PKT_ALIAS_OK) { + printf("out %u\n", rval); + NG_FREE_ITEM(item); + return (EINVAL); + } + NG_FWD_ITEM_HOOK(error, item, priv->in); + } else + panic("ng_nat: unknown hook!\n"); + + return (error); +} + +static int +ng_nat_shutdown(node_p node) +{ + const priv_p priv = NG_NODE_PRIVATE(node); + + NG_NODE_SET_PRIVATE(node, NULL); + NG_NODE_UNREF(node); + LibAliasUninit(priv->lib); + FREE(priv, M_NETGRAPH); + + return (0); +} + +static int +ng_nat_disconnect(hook_p hook) +{ + const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); + + priv->flags &= ~NGNAT_READY; + + if (hook == priv->out) + priv->out = NULL; + if (hook == priv->in) + priv->in = NULL; + + if (priv->out == NULL && priv->in == NULL) + ng_rmnode_self(NG_HOOK_NODE(hook)); + + return (0); +} + +/* + * m_megapullup() function is a big hack. + * + * It allocates an mbuf with cluster and copies the whole + * chain into cluster, so that it is all contigous and the + * whole packet can be accessed via char pointer. + * + * This is required, because libalias doesn't have idea + * about mbufs. + */ +static struct mbuf * +m_megapullup(struct mbuf *m, int len) +{ + struct mbuf *mcl; + caddr_t cp; + + if (len > MCLBYTES) + goto bad; + + if ((mcl = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR)) == NULL) + goto bad; + + cp = mtod(mcl, caddr_t); + m_copydata(m, 0, len, cp); + m_move_pkthdr(mcl, m); + mcl->m_len = mcl->m_pkthdr.len; + m_freem(m); + + return (mcl); +bad: + m_freem(m); + return (NULL); +} diff --git a/sys/netgraph/ng_nat.h b/sys/netgraph/ng_nat.h new file mode 100644 index 0000000..5afcec5 --- /dev/null +++ b/sys/netgraph/ng_nat.h @@ -0,0 +1,37 @@ +/*- + * Copyright 2005, Gleb Smirnoff <glebius@FreeBSD.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#define NG_NAT_NODE_TYPE "nat" +#define NGM_NAT_COOKIE 1107718711 + +#define NG_NAT_HOOK_IN "in" +#define NG_NAT_HOOK_OUT "out" + +enum { + NGM_NAT_SET_IPADDR = 1, +}; |