| version 1.8, 2013/01/05 16:34:43 |
version 1.9, 2013/01/09 13:23:20 |
| Line 226 static void ipf_nat_addrdr(ipf_nat_softc |
|
| Line 226 static void ipf_nat_addrdr(ipf_nat_softc |
|
| static int ipf_nat_builddivertmp(ipf_nat_softc_t *, ipnat_t *); |
static int ipf_nat_builddivertmp(ipf_nat_softc_t *, ipnat_t *); |
| static int ipf_nat_clearlist(ipf_main_softc_t *, ipf_nat_softc_t *); |
static int ipf_nat_clearlist(ipf_main_softc_t *, ipf_nat_softc_t *); |
| static int ipf_nat_cmp_rules(ipnat_t *, ipnat_t *); |
static int ipf_nat_cmp_rules(ipnat_t *, ipnat_t *); |
| static void ipf_nat_compute_hashes(nat_t *nat); |
|
| static int ipf_nat_decap(fr_info_t *, nat_t *); |
static int ipf_nat_decap(fr_info_t *, nat_t *); |
| static void ipf_nat_delrule(ipf_main_softc_t *, ipf_nat_softc_t *, |
static void ipf_nat_delrule(ipf_main_softc_t *, ipf_nat_softc_t *, |
| ipnat_t *, int); |
ipnat_t *, int); |
| Line 2255 ipf_nat_delete(ipf_main_softc_t *softc, |
|
| Line 2254 ipf_nat_delete(ipf_main_softc_t *softc, |
|
| { |
{ |
| ipf_nat_softc_t *softn = softc->ipf_nat_soft; |
ipf_nat_softc_t *softn = softc->ipf_nat_soft; |
| int madeorphan = 0, removed = 0; |
int madeorphan = 0, removed = 0; |
| u_int hv0; |
u_int bkt; |
| u_int hv1; |
|
| nat_stat_side_t *nss; |
nat_stat_side_t *nss; |
| struct ipnat *ipn; |
struct ipnat *ipn; |
| |
|
| if (logtype != 0 && softn->ipf_nat_logging != 0) |
if (logtype != 0 && softn->ipf_nat_logging != 0) |
| ipf_nat_log(softc, softn, nat, logtype); |
ipf_nat_log(softc, softn, nat, logtype); |
| |
|
| /* Get the hash values, swapped as necessary. */ |
|
| hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz; |
|
| hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz; |
|
| |
|
| if (nat->nat_dir == NAT_INBOUND || nat->nat_dir == NAT_DIVERTIN) { |
|
| u_int swap; |
|
| |
|
| swap = hv0; |
|
| hv0 = hv1; |
|
| hv1 = swap; |
|
| } |
|
| |
|
| /* |
/* |
| * Take it as a general indication that all the pointers are set if |
* Take it as a general indication that all the pointers are set if |
| * nat_pnext is set. |
* nat_pnext is set. |
| Line 2282 ipf_nat_delete(ipf_main_softc_t *softc, |
|
| Line 2268 ipf_nat_delete(ipf_main_softc_t *softc, |
|
| if (nat->nat_pnext != NULL) { |
if (nat->nat_pnext != NULL) { |
| removed = 1; |
removed = 1; |
| |
|
| |
bkt = nat->nat_hv[0] % softn->ipf_nat_table_sz; |
| nss = &softn->ipf_nat_stats.ns_side[0]; |
nss = &softn->ipf_nat_stats.ns_side[0]; |
| nss->ns_bucketlen[hv0]--; |
ASSERT(nss->ns_bucketlen[bkt] > 0); |
| if (nss->ns_bucketlen[hv0] == 0) { |
nss->ns_bucketlen[bkt]--; |
| |
if (nss->ns_bucketlen[bkt] == 0) { |
| nss->ns_inuse--; |
nss->ns_inuse--; |
| } |
} |
| |
|
| |
bkt = nat->nat_hv[1] % softn->ipf_nat_table_sz; |
| nss = &softn->ipf_nat_stats.ns_side[1]; |
nss = &softn->ipf_nat_stats.ns_side[1]; |
| nss->ns_bucketlen[hv1]--; |
ASSERT(nss->ns_bucketlen[bkt] > 0); |
| if (nss->ns_bucketlen[hv1] == 0) { |
nss->ns_bucketlen[bkt]--; |
| |
if (nss->ns_bucketlen[bkt] == 0) { |
| nss->ns_inuse--; |
nss->ns_inuse--; |
| } |
} |
| |
|
| Line 3350 ipf_nat_finalise(fr_info_t *fin, nat_t * |
|
| Line 3340 ipf_nat_finalise(fr_info_t *fin, nat_t * |
|
| |
|
| |
|
| /* ------------------------------------------------------------------------ */ |
/* ------------------------------------------------------------------------ */ |
| /* Function: ipf_nat_compute_hashes */ |
/* Function: ipf_nat_insert */ |
| /* Parameters: nat(I) - pointer to NAT structure */ |
/* Returns: int - 0 == sucess, -1 == failure */ |
| |
/* Parameters: softc(I) - pointer to soft context main structure */ |
| |
/* softn(I) - pointer to NAT context structure */ |
| |
/* nat(I) - pointer to NAT structure */ |
| /* Write Lock: ipf_nat */ |
/* Write Lock: ipf_nat */ |
| /* */ |
/* */ |
| /* Compute and set the values for nat->nat_hv[0] and nat->nat_hv[1] */ |
/* Insert a NAT entry into the hash tables for searching and add it to the */ |
| |
/* list of active NAT entries. Adjust global counters when complete. */ |
| /* ------------------------------------------------------------------------ */ |
/* ------------------------------------------------------------------------ */ |
| void |
int |
| ipf_nat_compute_hashes(nat_t *nat) |
ipf_nat_insert(ipf_main_softc_t *softc, ipf_nat_softc_t *softn, nat_t *nat) |
| { |
{ |
| u_int hv0, hv1; |
u_int hv0, hv1; |
| u_int sport, dport; |
u_int sp, dp; |
| |
ipnat_t *in; |
| |
int ret; |
| |
|
| |
/* |
| |
* Try and return an error as early as possible, so calculate the hash |
| |
* entry numbers first and then proceed. |
| |
*/ |
| if ((nat->nat_flags & (SI_W_SPORT|SI_W_DPORT)) == 0) { |
if ((nat->nat_flags & (SI_W_SPORT|SI_W_DPORT)) == 0) { |
| if ((nat->nat_flags & IPN_TCPUDP) != 0) { |
if ((nat->nat_flags & IPN_TCPUDP) != 0) { |
| sport = nat->nat_osport; |
sp = nat->nat_osport; |
| dport = nat->nat_odport; |
dp = nat->nat_odport; |
| } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) { |
} else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) { |
| sport = 0; |
sp = 0; |
| dport = nat->nat_oicmpid; |
dp = nat->nat_oicmpid; |
| } else { |
} else { |
| sport = 0; |
sp = 0; |
| dport = 0; |
dp = 0; |
| } |
} |
| hv0 = NAT_HASH_FN(nat->nat_osrcaddr, sport, 0xffffffff); |
hv0 = NAT_HASH_FN(nat->nat_osrcaddr, sp, 0xffffffff); |
| hv0 = NAT_HASH_FN(nat->nat_odstaddr, hv0 + dport, 0xffffffff); |
hv0 = NAT_HASH_FN(nat->nat_odstaddr, hv0 + dp, 0xffffffff); |
| /* |
/* |
| * TRACE nat_osrcaddr, nat_osport, nat_odstaddr, |
* TRACE nat_osrcaddr, nat_osport, nat_odstaddr, |
| * nat_odport, hv0 |
* nat_odport, hv0 |
| */ |
*/ |
| |
|
| if ((nat->nat_flags & IPN_TCPUDP) != 0) { |
if ((nat->nat_flags & IPN_TCPUDP) != 0) { |
| sport = nat->nat_nsport; |
sp = nat->nat_nsport; |
| dport = nat->nat_ndport; |
dp = nat->nat_ndport; |
| } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) { |
} else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) { |
| sport = 0; |
sp = 0; |
| dport = nat->nat_nicmpid; |
dp = nat->nat_nicmpid; |
| } else { |
} else { |
| sport = 0; |
sp = 0; |
| dport = 0; |
dp = 0; |
| } |
} |
| hv1 = NAT_HASH_FN(nat->nat_nsrcaddr, sport, 0xffffffff); |
hv1 = NAT_HASH_FN(nat->nat_nsrcaddr, sp, 0xffffffff); |
| hv1 = NAT_HASH_FN(nat->nat_ndstaddr, hv1 + dport, 0xffffffff); |
hv1 = NAT_HASH_FN(nat->nat_ndstaddr, hv1 + dp, 0xffffffff); |
| /* |
/* |
| * TRACE nat_nsrcaddr, nat_nsport, nat_ndstaddr, |
* TRACE nat_nsrcaddr, nat_nsport, nat_ndstaddr, |
| * nat_ndport, hv1 |
* nat_ndport, hv1 |
| Line 3406 ipf_nat_compute_hashes(nat_t *nat) |
|
| Line 3406 ipf_nat_compute_hashes(nat_t *nat) |
|
| /* TRACE nat_nsrcaddr, nat_ndstaddr, hv1 */ |
/* TRACE nat_nsrcaddr, nat_ndstaddr, hv1 */ |
| } |
} |
| |
|
| nat->nat_hv[0] = hv0; |
if ((nat->nat_dir & NAT_OUTBOUND) == NAT_OUTBOUND) { |
| nat->nat_hv[1] = hv1; |
nat->nat_hv[0] = hv0; |
| } |
nat->nat_hv[1] = hv1; |
| |
} else { |
| |
nat->nat_hv[0] = hv1; |
| /* ------------------------------------------------------------------------ */ |
nat->nat_hv[1] = hv0; |
| /* Function: ipf_nat_insert */ |
} |
| /* Returns: int - 0 == sucess, -1 == failure */ |
|
| /* Parameters: softc(I) - pointer to soft context main structure */ |
|
| /* softn(I) - pointer to NAT context structure */ |
|
| /* nat(I) - pointer to NAT structure */ |
|
| /* Write Lock: ipf_nat */ |
|
| /* */ |
|
| /* Insert a NAT entry into the hash tables for searching and add it to the */ |
|
| /* list of active NAT entries. Adjust global counters when complete. */ |
|
| /* ------------------------------------------------------------------------ */ |
|
| int |
|
| ipf_nat_insert(ipf_main_softc_t *softc, ipf_nat_softc_t *softn, nat_t *nat) |
|
| { |
|
| ipnat_t *in; |
|
| int ret; |
|
| |
|
| /* |
|
| * Try and return an error as early as possible, so calculate the hash |
|
| * entry numbers first and then proceed. |
|
| */ |
|
| ipf_nat_compute_hashes(nat); |
|
| |
|
| MUTEX_INIT(&nat->nat_lock, "nat entry lock"); |
MUTEX_INIT(&nat->nat_lock, "nat entry lock"); |
| |
|
| Line 3473 ipf_nat_insert(ipf_main_softc_t *softc, |
|
| Line 3453 ipf_nat_insert(ipf_main_softc_t *softc, |
|
| |
|
| /* ------------------------------------------------------------------------ */ |
/* ------------------------------------------------------------------------ */ |
| /* Function: ipf_nat_hashtab_add */ |
/* Function: ipf_nat_hashtab_add */ |
| |
/* Returns: int - 0 == sucess, -1 == failure */ |
| /* Parameters: softc(I) - pointer to soft context main structure */ |
/* Parameters: softc(I) - pointer to soft context main structure */ |
| /* softn(I) - pointer to NAT context structure */ |
/* softn(I) - pointer to NAT context structure */ |
| /* nat(I) - pointer to NAT structure */ |
/* nat(I) - pointer to NAT structure */ |
| |
/* Write Lock: ipf_nat */ |
| /* */ |
/* */ |
| /* Handle the insertion of a NAT entry into the table/list. */ |
/* Handle the insertion of a NAT entry into the table/list. */ |
| /* ------------------------------------------------------------------------ */ |
/* ------------------------------------------------------------------------ */ |
| Line 3489 ipf_nat_hashtab_add(ipf_main_softc_t *so |
|
| Line 3471 ipf_nat_hashtab_add(ipf_main_softc_t *so |
|
| hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz; |
hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz; |
| hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz; |
hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz; |
| |
|
| if (nat->nat_dir == NAT_INBOUND || nat->nat_dir == NAT_DIVERTIN) { |
|
| u_int swap; |
|
| |
|
| swap = hv0; |
|
| hv0 = hv1; |
|
| hv1 = swap; |
|
| } |
|
| |
|
| if (softn->ipf_nat_stats.ns_side[0].ns_bucketlen[hv0] >= |
if (softn->ipf_nat_stats.ns_side[0].ns_bucketlen[hv0] >= |
| softn->ipf_nat_maxbucket) { |
softn->ipf_nat_maxbucket) { |
| DT1(ns_bucket_max_0, int, |
DT1(ns_bucket_max_0, int, |
| Line 4298 ipf_nat_tabmove(ipf_nat_softc_t *softn, |
|
| Line 4272 ipf_nat_tabmove(ipf_nat_softc_t *softn, |
|
| nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0]; |
nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0]; |
| *nat->nat_phnext[0] = nat->nat_hnext[0]; |
*nat->nat_phnext[0] = nat->nat_hnext[0]; |
| hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz; |
hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz; |
| |
hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz; |
| |
|
| |
ASSERT(nsp->ns_side[0].ns_bucketlen[hv0] > 0); |
| nsp->ns_side[0].ns_bucketlen[hv0]--; |
nsp->ns_side[0].ns_bucketlen[hv0]--; |
| |
|
| if (nat->nat_hnext[1]) |
if (nat->nat_hnext[1]) |
| nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1]; |
nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1]; |
| *nat->nat_phnext[1] = nat->nat_hnext[1]; |
*nat->nat_phnext[1] = nat->nat_hnext[1]; |
| hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz; |
ASSERT(nsp->ns_side[1].ns_bucketlen[hv1] > 0); |
| nsp->ns_side[1].ns_bucketlen[hv1]--; |
nsp->ns_side[1].ns_bucketlen[hv1]--; |
| |
|
| /* |
/* |
| Line 4316 ipf_nat_tabmove(ipf_nat_softc_t *softn, |
|
| Line 4293 ipf_nat_tabmove(ipf_nat_softc_t *softn, |
|
| rhv1 = NAT_HASH_FN(nat->nat_ndstaddr, rhv1 + nat->nat_ndport, |
rhv1 = NAT_HASH_FN(nat->nat_ndstaddr, rhv1 + nat->nat_ndport, |
| 0xffffffff); |
0xffffffff); |
| |
|
| hv0 = rhv0 % softn->ipf_nat_table_sz; |
if ((nat->nat_dir & NAT_OUTBOUND) == NAT_OUTBOUND) { |
| hv1 = rhv1 % softn->ipf_nat_table_sz; |
nat->nat_hv[0] = rhv0; |
| |
nat->nat_hv[1] = rhv1; |
| if (nat->nat_dir == NAT_INBOUND || nat->nat_dir == NAT_DIVERTIN) { |
} else { |
| u_int swap; |
nat->nat_hv[0] = rhv1; |
| |
nat->nat_hv[1] = rhv0; |
| swap = hv0; |
|
| hv0 = hv1; |
|
| hv1 = swap; |
|
| } |
} |
| |
|
| |
hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz; |
| |
hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz; |
| |
|
| /* TRACE nat_osrcaddr, nat_osport, nat_odstaddr, nat_odport, hv0 */ |
/* TRACE nat_osrcaddr, nat_osport, nat_odstaddr, nat_odport, hv0 */ |
| /* TRACE nat_nsrcaddr, nat_nsport, nat_ndstaddr, nat_ndport, hv1 */ |
/* TRACE nat_nsrcaddr, nat_nsport, nat_ndstaddr, nat_ndport, hv1 */ |
| |
|
| nat->nat_hv[0] = rhv0; |
|
| natp = &softn->ipf_nat_table[0][hv0]; |
natp = &softn->ipf_nat_table[0][hv0]; |
| if (*natp) |
if (*natp) |
| (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; |
(*natp)->nat_phnext[0] = &nat->nat_hnext[0]; |
| Line 4339 ipf_nat_tabmove(ipf_nat_softc_t *softn, |
|
| Line 4315 ipf_nat_tabmove(ipf_nat_softc_t *softn, |
|
| *natp = nat; |
*natp = nat; |
| nsp->ns_side[0].ns_bucketlen[hv0]++; |
nsp->ns_side[0].ns_bucketlen[hv0]++; |
| |
|
| nat->nat_hv[1] = rhv1; |
|
| natp = &softn->ipf_nat_table[1][hv1]; |
natp = &softn->ipf_nat_table[1][hv1]; |
| if (*natp) |
if (*natp) |
| (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; |
(*natp)->nat_phnext[1] = &nat->nat_hnext[1]; |
| Line 8015 ipf_nat_rehash(ipf_main_softc_t *softc, |
|
| Line 7990 ipf_nat_rehash(ipf_main_softc_t *softc, |
|
| softn->ipf_nat_stats.ns_side[0].ns_inuse = 0; |
softn->ipf_nat_stats.ns_side[0].ns_inuse = 0; |
| softn->ipf_nat_stats.ns_side[1].ns_inuse = 0; |
softn->ipf_nat_stats.ns_side[1].ns_inuse = 0; |
| |
|
| /* XXX(gadams): Still need to deal with hv0/hv1 swapping! */ |
|
| |
|
| for (nat = softn->ipf_nat_instances; nat != NULL; nat = nat->nat_next) { |
for (nat = softn->ipf_nat_instances; nat != NULL; nat = nat->nat_next) { |
| nat->nat_hnext[0] = NULL; |
nat->nat_hnext[0] = NULL; |
| nat->nat_phnext[0] = NULL; |
nat->nat_phnext[0] = NULL; |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_nat.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / external / bsd / ipf / netinet