Date: Fri, 29 Feb 2008 19:48:09 GMT From: Paolo Pisati <piso@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 136444 for review Message-ID: <200802291948.m1TJm9RJ092444@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=136444 Change 136444 by piso@piso_ferret on 2008/02/28 17:28:35 Toss away the previous modifications to make libalias mbuf safe: as i can't find the nat/samba share bug, the only thing i can do is to restart from a vanilla kernel, and reapply one by one all the patches. Affected files ... .. //depot/projects/soc2005/libalias/lib/msun/src/e_rem_pio2.c#3 edit .. //depot/projects/soc2005/libalias/lib/msun/src/e_rem_pio2f.c#3 edit .. //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#13 edit .. //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#53 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias.c#61 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias.h#15 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_cuseeme.c#17 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_db.c#26 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_dummy.c#16 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_ftp.c#20 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_irc.c#22 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_local.h#28 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_mod.c#28 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_mod.h#25 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_nbt.c#16 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_pptp.c#16 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_proxy.c#24 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_skinny.c#15 edit .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias_smedia.c#20 edit Differences ... ==== //depot/projects/soc2005/libalias/lib/msun/src/e_rem_pio2.c#3 (text+ko) ==== @@ -14,7 +14,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/msun/src/e_rem_pio2.c,v 1.17 2008/02/25 18:28:58 bde Exp $"); +__FBSDID("$FreeBSD: src/lib/msun/src/e_rem_pio2.c,v 1.18 2008/02/28 16:22:36 bde Exp $"); /* __ieee754_rem_pio2(x,y) * @@ -126,7 +126,7 @@ } } } - if(ix<=0x413921fb) { /* |x| ~<= 2^19*(pi/2), medium size */ + if(ix<0x413921fb) { /* |x| ~< 2^20*(pi/2), medium size */ medium: /* Use a specialized rint() to get fn. Assume round-to-nearest. */ STRICT_ASSIGN(double,fn,x*invpio2+0x1.8p52); ==== //depot/projects/soc2005/libalias/lib/msun/src/e_rem_pio2f.c#3 (text+ko) ==== @@ -15,7 +15,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/msun/src/e_rem_pio2f.c,v 1.28 2008/02/25 22:19:17 bde Exp $"); +__FBSDID("$FreeBSD: src/lib/msun/src/e_rem_pio2f.c,v 1.29 2008/02/28 16:22:36 bde Exp $"); /* __ieee754_rem_pio2f(x,y) * @@ -38,8 +38,8 @@ static const double half = 5.00000000000000000000e-01, /* 0x3FE00000, 0x00000000 */ invpio2 = 6.36619772367581382433e-01, /* 0x3FE45F30, 0x6DC9C883 */ -pio2_1 = 1.57079632673412561417e+00, /* 0x3FF921FB, 0x54400000 */ -pio2_1t = 6.07710050650619224932e-11; /* 0x3DD0B461, 0x1A626331 */ +pio2_1 = 1.57079631090164184570e+00, /* 0x3FF921FB, 0x50000000 */ +pio2_1t = 1.58932547735281966916e-08; /* 0x3E5110b4, 0x611A6263 */ #ifdef INLINE_REM_PIO2F extern inline @@ -55,7 +55,7 @@ GET_FLOAT_WORD(hx,x); ix = hx&0x7fffffff; /* 33+53 bit pi is good enough for medium size */ - if(ix<=0x49490f80) { /* |x| ~<= 2^19*(pi/2), medium size */ + if(ix<0x4dc90fdb) { /* |x| ~< 2^28*(pi/2), medium size */ /* Use a specialized rint() to get fn. Assume round-to-nearest. */ STRICT_ASSIGN(double,fn,x*invpio2+0x1.8p52); fn = fn-0x1.8p52; ==== //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#13 (text+ko) ==== @@ -254,6 +254,7 @@ struct mbuf *m; struct ip *ip; int rval, error = 0; + char *c; /* We have no required hooks. */ if (!(priv->flags & NGNAT_CONNECTED)) { @@ -267,7 +268,7 @@ m = NGI_M(item); - if ((m = m_pullup(m, sizeof(struct ip))) == NULL) { + if ((m = m_megapullup(m, m->m_pkthdr.len)) == NULL) { NGI_M(item) = NULL; /* avoid double free */ NG_FREE_ITEM(item); return (ENOBUFS); @@ -275,49 +276,33 @@ NGI_M(item) = m; + c = mtod(m, char *); ip = mtod(m, struct ip *); KASSERT(m->m_pkthdr.len == ntohs(ip->ip_len), ("ng_nat: ip_len != m_pkthdr.len")); if (hook == priv->in) { - rval = LibAliasIn(priv->lib, &m, 0); + rval = LibAliasIn(priv->lib, c, MCLBYTES); if (rval != PKT_ALIAS_OK && rval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) { - NGI_M(item) = m; NG_FREE_ITEM(item); return (EINVAL); } } else if (hook == priv->out) { - rval = LibAliasOut(priv->lib, &m, 0); + rval = LibAliasOut(priv->lib, c, MCLBYTES); if (rval != PKT_ALIAS_OK) { - NGI_M(item) = m; NG_FREE_ITEM(item); return (EINVAL); } } else panic("ng_nat: unknown hook!\n"); - if ((m = m_pullup(m, sizeof(struct ip))) == NULL) { - NGI_M(item) = NULL; /* avoid double free */ - NG_FREE_ITEM(item); - return (ENOBUFS); - } - ip = mtod(m, struct ip *); - m->m_pkthdr.len = ntohs(ip->ip_len); + m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len); if ((ip->ip_off & htons(IP_OFFMASK)) == 0 && - ip->ip_p == IPPROTO_TCP) { - struct tcphdr *th; - - if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct tcphdr))) - == NULL) { - NGI_M(item) = NULL; /* avoid double free */ - NG_FREE_ITEM(item); - return (ENOBUFS); - } - ip = mtod(m, struct ip *); - th = (struct tcphdr *)((caddr_t)ip + + ip->ip_p == IPPROTO_TCP) { + struct tcphdr *th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2)); /* @@ -357,7 +342,7 @@ ip->ip_len = htons(ip->ip_len); } } - NGI_M(item) = m; + send: if (hook == priv->in) NG_FWD_ITEM_HOOK(error, item, priv->out); ==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#53 (text+ko) ==== @@ -122,7 +122,6 @@ static int fw_verbose; static int verbose_limit; -static int ldebug; static struct callout ipfw_timeout; static uma_zone_t ipfw_dyn_rule_zone; @@ -196,8 +195,6 @@ &fw_verbose, 0, "Log matches to ipfw rules"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &verbose_limit, 0, "Set upper limit of matches of ipfw rules logged"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, libalias_debug, CTLFLAG_RW, - &ldebug, 0, "LibAlias debug code"); /* * Description of dynamic rules. @@ -2242,66 +2239,6 @@ } #endif -int -m_csum(struct mbuf **m, struct libalias *la); - -int -m_csum(struct mbuf **m, struct libalias *la) -{ - struct ip *pip; - //struct tcphdr *th; - int off, len, sum = 0; - //u_short *ptr; - - *m = m_pullup(*m, sizeof(struct ip)); - pip = mtod(*m, struct ip *); - off = pip->ip_hl << 2; - len = ntohs(pip->ip_len); - if (ldebug != 0) - printf("off: %u len: %u\n", off, len); - if (pip->ip_p == IPPROTO_TCP) { - /* - m = m_pullup(m, off + sizeof(struct tcphdr)); - pip = mtod(m, struct ip *); - th = (struct tcphdr *)&(((char *)pip)[off]); - off += th->th_off << 2; - */ - } else if (pip->ip_p == IPPROTO_UDP) { - /* udp hdr is of fixed size - no opts */ - off += 8; - } else { - if (ldebug != 0) - printf("unkown protocol: %u\n", pip->ip_p); - return (-1); - } - if (len == off) - return (0); - if (len < off) { - if (ldebug != 0) - printf("len < off: %u, %u\n", len, off); - return (-1); - } - /* - len -= off; - m_copydata(m, off, len, la->buff); - ptr = (u_short *)la->buff; - sum = 0; - while (len > 1) { - sum += *ptr++; - len -= 2; - } - if (len == 1) { - oddbyte = 0; - ((u_char *) & oddbyte)[0] = *(u_char *) ptr; - ((u_char *) & oddbyte)[1] = 0; - sum += oddbyte; - } - sum = (sum >> 16) + (sum & 0xffff); - sum += (sum >> 16); - */ - return (~sum); -} - /* * The main check routine for the firewall. * @@ -3547,6 +3484,7 @@ #ifdef IPFIREWALL_NAT case O_NAT: { struct cfg_nat *t; + struct mbuf *mcl; /* XXX - libalias duct tape */ int ldt, nat_id; char *c; @@ -3566,17 +3504,15 @@ ((ipfw_insn_nat *)cmd)->nat = t; } - if ((m = m_pullup(m, sizeof(struct ip))) == + if ((mcl = m_megapullup(m, m->m_pkthdr.len)) == NULL) goto badnat; - ip = mtod(m, struct ip *); + ip = mtod(mcl, struct ip *); if (args->eh == NULL) { ip->ip_len = htons(ip->ip_len); ip->ip_off = htons(ip->ip_off); } - if (ldebug != 0) - printf("payload csum: %u\n", - m_csum(&m, t->lib)); + /* * XXX - Libalias checksum offload 'duct tape': * @@ -3625,44 +3561,28 @@ * it can handle delayed checksum and tso) */ - if (m->m_pkthdr.rcvif == NULL && - m->m_pkthdr.csum_flags & + if (mcl->m_pkthdr.rcvif == NULL && + mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) ldt = 1; - /*printf("-----------START HERE-----------" - "---------------------------------\n"); - printf("m->m_len: %u m->m_pkthdr.len: %u\n" - "m->m_next: %p\n", m->m_len, - m->m_pkthdr.len, m->m_next); - */ + c = mtod(mcl, char *); if (oif == NULL) - retval = LibAliasIn(t->lib, &m, 0); + retval = LibAliasIn(t->lib, c, + MCLBYTES); else - retval = LibAliasOut(t->lib, &m, 0); + retval = LibAliasOut(t->lib, c, + MCLBYTES); if (retval != PKT_ALIAS_OK) { /* XXX - should i add some logging? */ - m_free(m); + m_free(mcl); badnat: - printf("badnat "); - if (oif == NULL) - printf("LibAliasIn()"); - else - printf("LibAliasOut()"); - printf("\n"); args->m = NULL; retval = IP_FW_DENY; goto done; } - /*printf("m->m_len: %u m->m_pkthdr.len: %u\n" - "m->m_next: %p\n", m->m_len, - m->m_pkthdr.len, m->m_next);*/ - if ((m = m_pullup(m, sizeof(struct ip))) == - NULL) - goto badnat; - ip = mtod(m, struct ip *); - //printf("ip->ip_id: %u\n", ntohs(ip->ip_id)); - m->m_pkthdr.len = ntohs(ip->ip_len); + mcl->m_pkthdr.len = mcl->m_len = + ntohs(ip->ip_len); /* * XXX - libalias checksum offload @@ -3673,12 +3593,8 @@ ip->ip_p == IPPROTO_TCP) { struct tcphdr *th; - if ((m = m_pullup(m, (ip->ip_hl << 2) + - sizeof(struct tcphdr))) == NULL) - goto badnat; - ip = mtod(m, struct ip *); th = (struct tcphdr *)(ip + 1); - if (th->th_x2) + if (th->th_x2) ldt = 1; } @@ -3697,12 +3613,6 @@ switch (ip->ip_p) { case IPPROTO_TCP: - if ((m = m_pullup(m, - (ip->ip_hl << 2) + - sizeof(struct tcphdr))) == - NULL) - goto badnat; - ip = mtod(m, struct ip *); th = (struct tcphdr *)(ip + 1); /* * Maybe it was set in @@ -3710,56 +3620,38 @@ */ th->th_x2 = 0; th->th_sum = cksum; - m->m_pkthdr.csum_data = + mcl->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); break; case IPPROTO_UDP: - if ((m = m_pullup(m, - (ip->ip_hl << 2) + - sizeof(struct udphdr))) == - NULL) - goto badnat; - ip = mtod(m, struct ip *); uh = (struct udphdr *)(ip + 1); uh->uh_sum = cksum; - m->m_pkthdr.csum_data = + mcl->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum); - break; + break; } /* * No hw checksum offloading: do it * by ourself. */ - if ((m->m_pkthdr.csum_flags & + if ((mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) == 0) { - in_delayed_cksum(m); - m->m_pkthdr.csum_flags &= + in_delayed_cksum(mcl); + mcl->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } ip->ip_len = htons(ip->ip_len); } - if (ldebug != 0) - printf("payload csum: %u\n", - m_csum(&m, t->lib)); - if ((m = m_pullup(m, sizeof(struct ip))) == - NULL) - goto badnat; - ip = mtod(m, struct ip *); if (args->eh == NULL) { ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); } - args->m = m; + args->m = mcl; retval = IP_FW_NAT; - /*printf("m->m_len: %u m->m_pkthdr.len: %u\n" - "m->m_next: %p\n", m->m_len, - m->m_pkthdr.len, m->m_next); - printf("-------------------------------" - "---------------------------------\n");*/ goto done; } #endif ==== //depot/projects/soc2005/libalias/sys/netinet/libalias/alias.c#61 (text+ko) ==== @@ -170,42 +170,48 @@ */ /* Local prototypes */ -static void TcpMonitorIn(struct alias_link *, u_char th_flags); +static void TcpMonitorIn(struct ip *, struct alias_link *); -static void TcpMonitorOut(struct alias_link *, u_char th_flags); +static void TcpMonitorOut(struct ip *, struct alias_link *); static void -TcpMonitorIn(struct alias_link *lnk, u_char th_flags) +TcpMonitorIn(struct ip *pip, struct alias_link *lnk) { + struct tcphdr *tc; + tc = (struct tcphdr *)ip_next(pip); + switch (GetStateIn(lnk)) { case ALIAS_TCP_STATE_NOT_CONNECTED: - if (th_flags & TH_RST) + if (tc->th_flags & TH_RST) SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED); - else if (th_flags & TH_SYN) + else if (tc->th_flags & TH_SYN) SetStateIn(lnk, ALIAS_TCP_STATE_CONNECTED); break; case ALIAS_TCP_STATE_CONNECTED: - if (th_flags & (TH_FIN | TH_RST)) + if (tc->th_flags & (TH_FIN | TH_RST)) SetStateIn(lnk, ALIAS_TCP_STATE_DISCONNECTED); break; } } static void -TcpMonitorOut(struct alias_link *lnk, u_char th_flags) +TcpMonitorOut(struct ip *pip, struct alias_link *lnk) { + struct tcphdr *tc; + tc = (struct tcphdr *)ip_next(pip); + switch (GetStateOut(lnk)) { case ALIAS_TCP_STATE_NOT_CONNECTED: - if (th_flags & TH_RST) + if (tc->th_flags & TH_RST) SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED); - else if (th_flags & TH_SYN) + else if (tc->th_flags & TH_SYN) SetStateOut(lnk, ALIAS_TCP_STATE_CONNECTED); break; case ALIAS_TCP_STATE_CONNECTED: - if (th_flags & (TH_FIN | TH_RST)) + if (tc->th_flags & (TH_FIN | TH_RST)) SetStateOut(lnk, ALIAS_TCP_STATE_DISCONNECTED); break; } @@ -258,32 +264,33 @@ /* Local prototypes */ static int IcmpAliasIn1(struct libalias *, struct ip *); static int IcmpAliasIn2(struct libalias *, struct ip *); -static int IcmpAliasIn(struct libalias *, pkt_t); +static int IcmpAliasIn(struct libalias *, struct ip *); static int IcmpAliasOut1(struct libalias *, struct ip *, int create); static int IcmpAliasOut2(struct libalias *, struct ip *); -static int IcmpAliasOut(struct libalias *, pkt_t, int create); +static int IcmpAliasOut(struct libalias *, struct ip *, int create); static int ProtoAliasIn(struct libalias *, struct ip *); static int ProtoAliasOut(struct libalias *, struct ip *, int create); -static int UdpAliasIn(struct libalias *, pkt_t); -static int UdpAliasOut(struct libalias *, pkt_t, int create); +static int UdpAliasIn(struct libalias *, struct ip *); +static int UdpAliasOut(struct libalias *, struct ip *, int create); -static int TcpAliasIn(struct libalias *, pkt_t); -static int TcpAliasOut(struct libalias *, pkt_t, int, int create); +static int TcpAliasIn(struct libalias *, struct ip *); +static int TcpAliasOut(struct libalias *, struct ip *, int, int create); static int IcmpAliasIn1(struct libalias *la, struct ip *pip) { - struct alias_link *lnk; - struct icmp *ic; + LIBALIAS_LOCK_ASSERT(la); /* De-alias incoming echo and timestamp replies. Alias incoming echo and timestamp requests. */ + struct alias_link *lnk; + struct icmp *ic; ic = (struct icmp *)ip_next(pip); @@ -321,6 +328,8 @@ static int IcmpAliasIn2(struct libalias *la, struct ip *pip) { + + LIBALIAS_LOCK_ASSERT(la); /* Alias incoming ICMP error messages containing IP header and first 64 bits of datagram. @@ -331,7 +340,6 @@ struct tcphdr *tc; struct alias_link *lnk; - LIBALIAS_LOCK_ASSERT(la); ic = (struct icmp *)ip_next(pip); ip = &ic->icmp_ip; @@ -420,10 +428,9 @@ static int -IcmpAliasIn(struct libalias *la, pkt_t ptr) +IcmpAliasIn(struct libalias *la, struct ip *pip) { int iresult; - struct ip *pip; struct icmp *ic; LIBALIAS_LOCK_ASSERT(la); @@ -431,12 +438,9 @@ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); - iresult = PKT_ALIAS_IGNORED; - PULLUP_ICMPHDR(pip, ptr); - if (pip == NULL) - return (iresult); ic = (struct icmp *)ip_next(pip); + iresult = PKT_ALIAS_IGNORED; switch (ic->icmp_type) { case ICMP_ECHOREPLY: case ICMP_TSTAMPREPLY: @@ -448,9 +452,6 @@ case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - PULLUP_ICMPIP64(pip, ptr, ic); - if (pip == NULL) - return (iresult); iresult = IcmpAliasIn2(la, pip); break; case ICMP_ECHO: @@ -609,11 +610,10 @@ static int -IcmpAliasOut(struct libalias *la, pkt_t ptr, int create) +IcmpAliasOut(struct libalias *la, struct ip *pip, int create) { int iresult; struct icmp *ic; - struct ip *pip; LIBALIAS_LOCK_ASSERT(la); (void)create; @@ -622,12 +622,9 @@ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); - iresult = PKT_ALIAS_IGNORED; - PULLUP_ICMPHDR(pip, ptr); - if (pip == NULL) - return (iresult); ic = (struct icmp *)ip_next(pip); + iresult = PKT_ALIAS_IGNORED; switch (ic->icmp_type) { case ICMP_ECHO: case ICMP_TSTAMP: @@ -639,9 +636,6 @@ case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - PULLUP_ICMPIP64(pip, ptr, ic); - if (pip == NULL) - return (iresult); iresult = IcmpAliasOut2(la, pip); break; case ICMP_ECHOREPLY: @@ -721,9 +715,8 @@ static int -UdpAliasIn(struct libalias *la, pkt_t ptr) +UdpAliasIn(struct libalias *la, struct ip *pip) { - struct ip *pip; struct udphdr *ud; struct alias_link *lnk; @@ -732,9 +725,6 @@ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); - PULLUP_UDPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); ud = (struct udphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, @@ -761,11 +751,8 @@ alias_port = ud->uh_dport; ud->uh_dport = GetOriginalPort(lnk); - error = find_handler(IN, UDP, la, ptr, &ad); - PULLUP_IPUDPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); - ud = (struct udphdr *)ip_next(pip); + /* Walk out chain. */ + error = find_handler(IN, UDP, la, pip, &ad); /* If UDP checksum is not zero, then adjust since destination port */ /* is being unaliased and destination address is being altered. */ @@ -793,9 +780,8 @@ } static int -UdpAliasOut(struct libalias *la, pkt_t ptr, int create) +UdpAliasOut(struct libalias *la, struct ip *pip, int create) { - struct ip *pip; struct udphdr *ud; struct alias_link *lnk; int error; @@ -805,9 +791,6 @@ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); - PULLUP_UDPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); ud = (struct udphdr *)ip_next(pip); lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, @@ -829,11 +812,8 @@ alias_address = GetAliasAddress(lnk); alias_port = GetAliasPort(lnk); - error = find_handler(OUT, UDP, la, ptr, &ad); - PULLUP_IPUDPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); - ud = (struct udphdr *)ip_next(pip); + /* Walk out chain. */ + error = find_handler(OUT, UDP, la, pip, &ad); /* If UDP checksum is not zero, adjust since source port is */ /* being aliased and source address is being altered */ @@ -862,16 +842,12 @@ static int -TcpAliasIn(struct libalias *la, pkt_t ptr) +TcpAliasIn(struct libalias *la, struct ip *pip) { - struct ip *pip; struct tcphdr *tc; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - PULLUP_TCPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, @@ -902,11 +878,8 @@ .maxpktsize = 0 }; - error = find_handler(IN, TCP, la, ptr, &ad); - PULLUP_IPTCPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); - tc = (struct tcphdr *)ip_next(pip); + /* Walk out chain. */ + error = find_handler(IN, TCP, la, pip, &ad); alias_address = GetAliasAddress(lnk); original_address = GetOriginalAddress(lnk); @@ -957,7 +930,7 @@ if (GetAckModified(lnk) == 1) { int delta; - delta = GetDeltaAckIn(lnk, tc->th_ack); + delta = GetDeltaAckIn(pip, lnk); if (delta != 0) { accumulate += twowords(&tc->th_ack); tc->th_ack = htonl(ntohl(tc->th_ack) - delta); @@ -981,7 +954,7 @@ ADJUST_CHECKSUM(accumulate, pip->ip_sum); /* Monitor TCP connection state */ - TcpMonitorIn(lnk, tc->th_flags); + TcpMonitorIn(pip, lnk); return (PKT_ALIAS_OK); } @@ -989,28 +962,22 @@ } static int -TcpAliasOut(struct libalias *la, pkt_t ptr, int maxpacketsize, int create) +TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) { int proxy_type, error; - u_short dest_port, src_port; + u_short dest_port; u_short proxy_server_port; struct in_addr dest_address; struct in_addr proxy_server_address; - struct ip *pip; struct tcphdr *tc; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - PULLUP_TCPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); tc = (struct tcphdr *)ip_next(pip); - dest_port = tc->th_dport; - src_port = tc->th_sport; if (create) - proxy_type = ProxyCheck(la, pip, &proxy_server_address, - &proxy_server_port, dest_port); + proxy_type = + ProxyCheck(la, pip, &proxy_server_address, &proxy_server_port); else proxy_type = 0; @@ -1019,6 +986,7 @@ /* If this is a transparent proxy, save original destination, then alter the destination and adjust checksums */ + dest_port = tc->th_dport; dest_address = pip->ip_dst; if (proxy_type != 0) { int accumulate; @@ -1060,11 +1028,7 @@ if (proxy_type != 0) { SetProxyPort(lnk, dest_port); SetProxyAddress(lnk, dest_address); - ProxyModify(la, lnk, ptr, maxpacketsize, proxy_type, - src_port); - PULLUP_IPTCPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); + ProxyModify(la, lnk, pip, maxpacketsize, proxy_type); tc = (struct tcphdr *)ip_next(pip); } /* Get alias address and port */ @@ -1072,13 +1036,10 @@ alias_address = GetAliasAddress(lnk); /* Monitor TCP connection state */ - TcpMonitorOut(lnk, tc->th_flags); + TcpMonitorOut(pip, lnk); - error = find_handler(OUT, TCP, la, ptr, &ad); - PULLUP_IPTCPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); - tc = (struct tcphdr *)ip_next(pip); + /* Walk out chain. */ + error = find_handler(OUT, TCP, la, pip, &ad); /* Adjust TCP checksum since source port is being aliased */ /* and source address is being altered */ @@ -1092,7 +1053,7 @@ if (GetAckModified(lnk) == 1) { int delta; - delta = GetDeltaSeqOut(lnk, tc->th_seq); + delta = GetDeltaSeqOut(pip, lnk); if (delta != 0) { accumulate += twowords(&tc->th_seq); tc->th_seq = htonl(ntohl(tc->th_seq) + delta); @@ -1187,20 +1148,16 @@ int -LibAliasSaveFragment(struct libalias *la, pkt_t ptr) +LibAliasSaveFragment(struct libalias *la, char *ptr) { int iresult; struct alias_link *lnk; struct ip *pip; LIBALIAS_LOCK(la); + pip = (struct ip *)ptr; + lnk = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id); iresult = PKT_ALIAS_ERROR; - PULLUP_IPHDR(pip, ptr); - if (pip == NULL) { - LIBALIAS_UNLOCK(la); - return (iresult); - } - lnk = AddFragmentPtrLink(la, pip->ip_src, pip->ip_id); if (lnk != NULL) { SetFragmentPtr(lnk, ptr); iresult = PKT_ALIAS_OK; @@ -1209,27 +1166,16 @@ return (iresult); } -#ifdef _KERNEL -struct mbuf * -#else -char * -#endif -LibAliasGetFragment(struct libalias *la, pkt_t ptr) + +char * +LibAliasGetFragment(struct libalias *la, char *ptr) { struct alias_link *lnk; -#ifdef _KERNEL - struct mbuf *fptr; -#else char *fptr; -#endif struct ip *pip; LIBALIAS_LOCK(la); - PULLUP_IPHDR(pip, ptr); - if (pip == NULL) { - LIBALIAS_UNLOCK(la); - return (NULL); - } + pip = (struct ip *)ptr; lnk = FindFragmentPtr(la, pip->ip_src, pip->ip_id); if (lnk != NULL) { GetFragmentPtr(lnk, &fptr); @@ -1242,11 +1188,12 @@ return (fptr); } + void -LibAliasFragmentIn(struct libalias *la, pkt_t ptr, /* Points to correctly +LibAliasFragmentIn(struct libalias *la, char *ptr, /* Points to correctly * de-aliased header * fragment */ - pkt_t ptr_fragment /* Points to fragment which must be + char *ptr_fragment /* Points to fragment which must be * de-aliased */ ) { @@ -1254,17 +1201,10 @@ struct ip *fpip; LIBALIAS_LOCK(la); - PULLUP_IPHDR(pip, ptr); - if (pip == NULL) { - LIBALIAS_UNLOCK(la); - return; - } - PULLUP_IPHDR(fpip, ptr_fragment); - if (fpip == NULL) { - LIBALIAS_UNLOCK(la); - return; - } (void)la; + pip = (struct ip *)ptr; + fpip = (struct ip *)ptr_fragment; + DifferentialChecksum(&fpip->ip_sum, &pip->ip_dst, &fpip->ip_dst, 2); fpip->ip_dst = pip->ip_dst; @@ -1273,14 +1213,14 @@ /* Local prototypes */ static int -LibAliasOutLocked(struct libalias *la, pkt_t ptr, +LibAliasOutLocked(struct libalias *la, char *ptr, int maxpacketsize, int create); static int -LibAliasInLocked(struct libalias *la, pkt_t ptr, +LibAliasInLocked(struct libalias *la, char *ptr, int maxpacketsize); int -LibAliasIn(struct libalias *la, pkt_t ptr, int maxpacketsize) +LibAliasIn(struct libalias *la, char *ptr, int maxpacketsize) { int res; @@ -1291,13 +1231,12 @@ } static int -LibAliasInLocked(struct libalias *la, pkt_t ptr, int maxpacketsize) +LibAliasInLocked(struct libalias *la, char *ptr, int maxpacketsize) { struct in_addr alias_addr; struct ip *pip; int iresult; - iresult = PKT_ALIAS_IGNORED; if (la->packetAliasMode & PKT_ALIAS_REVERSE) { la->packetAliasMode &= ~PKT_ALIAS_REVERSE; iresult = LibAliasOutLocked(la, ptr, maxpacketsize, 1); @@ -1306,28 +1245,27 @@ } HouseKeeping(la); ClearCheckNewLink(la); - PULLUP_IPHDR(pip, ptr); - if (pip == NULL) - goto getout; + pip = (struct ip *)ptr; alias_addr = pip->ip_dst; /* Defense against mangled packets */ - if (maxpacketsize != 0) { - if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) - goto getout; + if (ntohs(pip->ip_len) > maxpacketsize + || (pip->ip_hl << 2) > maxpacketsize) { + iresult = PKT_ALIAS_IGNORED; + goto getout; } + iresult = PKT_ALIAS_IGNORED; if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) { switch (pip->ip_p) { case IPPROTO_ICMP: - iresult = IcmpAliasIn(la, ptr); + iresult = IcmpAliasIn(la, pip); break; case IPPROTO_UDP: - iresult = UdpAliasIn(la, ptr); + iresult = UdpAliasIn(la, pip); break; case IPPROTO_TCP: - iresult = TcpAliasIn(la, ptr); + iresult = TcpAliasIn(la, pip); break; case IPPROTO_GRE: { int error; @@ -1341,29 +1279,23 @@ .maxpktsize = 0 }; - error = find_handler(IN, IP, la, ptr, &ad); - PULLUP_IPHDR(pip, ptr); - if (pip == NULL) - return (PKT_ALIAS_IGNORED); + /* Walk out chain. */ + error = find_handler(IN, IP, la, pip, &ad); if (error == 0) iresult = PKT_ALIAS_OK; else >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802291948.m1TJm9RJ092444>