diff options
Diffstat (limited to 'contrib/ipfilter/ip_nat.c')
-rw-r--r-- | contrib/ipfilter/ip_nat.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/contrib/ipfilter/ip_nat.c b/contrib/ipfilter/ip_nat.c index e1774b3..0b6c07f 100644 --- a/contrib/ipfilter/ip_nat.c +++ b/contrib/ipfilter/ip_nat.c @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.0.2.44.2.3 1997/11/12 10:53:29 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.0.2.44.2.7 1997/12/02 13:54:27 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) @@ -317,6 +317,7 @@ int mode; break; } ret = nat_flushtable(); + (void) ap_unload(); IWCOPY((caddr_t)&ret, data, sizeof(ret)); break; case SIOCCNATL : @@ -513,18 +514,14 @@ struct in_addr *inp; /* * Create a new NAT table entry. */ -#ifdef __STDC__ -nat_t *nat_new(ipnat_t *np, ip_t *ip, fr_info_t *fin, u_short flags, int direction) -#else nat_t *nat_new(np, ip, fin, flags, direction) ipnat_t *np; ip_t *ip; fr_info_t *fin; u_short flags; int direction; -#endif { - register u_long sum1, sum2, sumd; + register u_long sum1, sum2, sumd, l; u_short port = 0, sport = 0, dport = 0, nport = 0; struct in_addr in; tcphdr_t *tcp = NULL; @@ -554,13 +551,22 @@ int direction; * If it's an outbound packet which doesn't match any existing * record, then create a new port */ + l = 0; do { + l++; port = 0; in.s_addr = np->in_nip; if (!in.s_addr && (np->in_outmsk == 0xffffffff)) { - if (nat_ifpaddr(nat, fin->fin_ifp, &in) == -1) + if ((l > 1) || + nat_ifpaddr(nat, fin->fin_ifp, &in) == -1) { + KFREE(nat); return NULL; + } } else if (!in.s_addr && !np->in_outmsk) { + if (l > 1) { + KFREE(nat); + return NULL; + } in.s_addr = ntohl(ip->ip_src.s_addr); if (nflags & IPN_TCPUDP) port = sport; @@ -609,7 +615,7 @@ int direction; * internal port. */ in.s_addr = ntohl(np->in_inip); - if (!(nport = htons(np->in_pnext))) + if (!(nport = np->in_pnext)) nport = dport; nat->nat_inip.s_addr = htonl(in.s_addr); @@ -1083,7 +1089,7 @@ fr_info_t *fin; (void) ap_check(ip, tcp, fin, nat); nat_stats.ns_mapped[1]++; MUTEX_EXIT(&ipf_nat); - return 1; + return -2; } MUTEX_EXIT(&ipf_nat); return 0; @@ -1212,7 +1218,7 @@ fr_info_t *fin; } nat_stats.ns_mapped[0]++; MUTEX_EXIT(&ipf_nat); - return 1; + return -2; } MUTEX_EXIT(&ipf_nat); return 0; @@ -1257,6 +1263,9 @@ void ip_natexpire() nat_delete(nat); nat_stats.ns_expire++; } + + ap_expire(); + MUTEX_EXIT(&ipf_nat); SPL_X(s); } |