Property changes on: sys ___________________________________________________________________ Modified: svn:mergeinfo Merged /user/piso/ipfw/sys:r190969,190976,190994,190998,191078 Index: sys/netinet/ip_fw_nat.c =================================================================== --- sys/netinet/ip_fw_nat.c (revision 190929) +++ sys/netinet/ip_fw_nat.c (working copy) @@ -249,18 +249,16 @@ static int ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) { - struct mbuf *mcl; struct ip *ip; /* XXX - libalias duct tape */ int ldt, retval; - char *c; ldt = 0; retval = 0; - if ((mcl = m_megapullup(m, m->m_pkthdr.len)) == + if ((m = m_pullup(m, sizeof(struct ip))) == NULL) goto badnat; - ip = mtod(mcl, struct ip *); + ip = mtod(m, struct ip *); if (args->eh == NULL) { ip->ip_len = htons(ip->ip_len); ip->ip_off = htons(ip->ip_off); @@ -314,32 +312,28 @@ * it can handle delayed checksum and tso) */ - if (mcl->m_pkthdr.rcvif == NULL && - mcl->m_pkthdr.csum_flags & + if (m->m_pkthdr.rcvif == NULL && + m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) ldt = 1; - c = mtod(mcl, char *); if (args->oif == NULL) - retval = LibAliasIn(t->lib, c, - mcl->m_len + M_TRAILINGSPACE(mcl)); + retval = LibAliasIn(t->lib, &m, IP_MAXPACKET); else - retval = LibAliasOut(t->lib, c, - mcl->m_len + M_TRAILINGSPACE(mcl)); + retval = LibAliasOut(t->lib, &m, IP_MAXPACKET); if (retval == PKT_ALIAS_RESPOND) { m->m_flags |= M_SKIP_FIREWALL; retval = PKT_ALIAS_OK; } - if (retval != PKT_ALIAS_OK && - retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) { - /* XXX - should i add some logging? */ - m_free(mcl); + if (retval != PKT_ALIAS_OK) { + m_free(m); badnat: args->m = NULL; return (IP_FW_DENY); } - mcl->m_pkthdr.len = mcl->m_len = - ntohs(ip->ip_len); + m = m_pullup(m, sizeof(struct ip)); + ip = mtod(m, struct ip *); + m->m_pkthdr.len = ntohs(ip->ip_len); /* * XXX - libalias checksum offload @@ -350,6 +344,10 @@ ip->ip_p == IPPROTO_TCP) { struct tcphdr *th; + if ((m = m_pullup(m, (ip->ip_hl << 2) + + sizeof(struct tcphdr))) == NULL) + goto badnat; + ip = mtod(m, struct ip *); th = (struct tcphdr *)(ip + 1); if (th->th_x2) ldt = 1; @@ -369,6 +367,9 @@ switch (ip->ip_p) { case IPPROTO_TCP: + if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct tcphdr))) == NULL) + goto badnat; + ip = mtod(m, struct ip *); th = (struct tcphdr *)(ip + 1); /* * Maybe it was set in @@ -376,13 +377,16 @@ */ th->th_x2 = 0; th->th_sum = cksum; - mcl->m_pkthdr.csum_data = + m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); break; case IPPROTO_UDP: + if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct udphdr))) == NULL) + goto badnat; + ip = mtod(m, struct ip *); uh = (struct udphdr *)(ip + 1); uh->uh_sum = cksum; - mcl->m_pkthdr.csum_data = + m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum); break; } @@ -390,10 +394,10 @@ * No hw checksum offloading: do it * by ourself. */ - if ((mcl->m_pkthdr.csum_flags & + if ((m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) == 0) { - in_delayed_cksum(mcl); - mcl->m_pkthdr.csum_flags &= + in_delayed_cksum(m); + m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } ip->ip_len = htons(ip->ip_len); @@ -404,7 +408,7 @@ ip->ip_off = ntohs(ip->ip_off); } - args->m = mcl; + args->m = m; return (IP_FW_NAT); } Index: sys/netinet/libalias/alias_db.c =================================================================== --- sys/netinet/libalias/alias_db.c (revision 190929) +++ sys/netinet/libalias/alias_db.c (working copy) @@ -2495,7 +2495,15 @@ la = calloc(sizeof *la, 1); if (la == NULL) return (la); +#ifdef _KERNEL + la->buf = malloc(IP_MAXPACKET+1); + if (la->buf == NULL) { + free (la); + return (NULL); + } +#endif + #ifndef _KERNEL /* kernel cleans up on module unload */ if (LIST_EMPTY(&instancehead)) atexit(finishoff); @@ -2568,6 +2576,7 @@ LIBALIAS_LOCK(la); #ifdef _KERNEL AliasSctpTerm(la); + free (la->buf); #endif la->deleteAllLinks = 1; CleanupAliasData(la); Index: sys/netinet/libalias/alias.h =================================================================== --- sys/netinet/libalias/alias.h (revision 190929) +++ sys/netinet/libalias/alias.h (working copy) @@ -81,6 +81,69 @@ */ struct alias_link; +#ifdef _KERNEL +typedef struct mbuf ** pkt_t; + +#define _MTOD(p, foo) (p != NULL) ? mtod(p, foo) : NULL + +#define PULLUP_SIZE(pip, ptr, s) do { \ + *ptr = m_pullup((*ptr), s); \ + (pip) = _MTOD(*ptr, struct ip *); \ +} while (0) + +#define PULLUP_IPHDR(pip, ptr) do { \ + PULLUP_SIZE(pip, ptr, sizeof(struct ip)); \ + if (pip != NULL && ((pip->ip_hl << 2) > sizeof(struct ip))) \ + PULLUP_SIZE(pip, ptr, (pip->ip_hl << 2)); \ +} while (0) + +#define PULLUP_UDPHDR(pip, ptr) do { \ + pip = mtod(*ptr, struct ip *); \ + PULLUP_SIZE(pip, ptr, (pip->ip_hl << 2) + sizeof(struct udphdr)); \ + } while (0) + +#define PULLUP_TCPHDR(pip, ptr) do { \ + struct tcphdr *th; \ + pip = mtod(*ptr, struct ip *); \ + PULLUP_SIZE(pip, ptr, (pip->ip_hl << 2) + sizeof(struct tcphdr)); \ + if (pip != NULL) { \ + th = (struct tcphdr *)&(((char *)pip)[pip->ip_hl << 2]); \ + if ((th->th_off << 2) > sizeof(struct tcphdr)) \ + PULLUP_SIZE(pip, ptr, ((pip->ip_hl + th->th_off) << \ + 2)); \ + } \ +} while (0) + +#define PULLUP_ICMPHDR(pip, ptr) do { \ + pip = mtod(*ptr, struct ip *); \ + PULLUP_SIZE(pip, ptr, (pip->ip_hl << 2) + sizeof(struct icmp)); \ +} while (0) + +#define PULLUP_ICMPIP64HDR(pip, ptr) do { \ + int s; \ + struct icmp *ic; \ + pip = mtod(*ptr, struct ip *); \ + ic = (struct icmp *)&(((char *)pip)[pip->ip_hl << 2]); \ + s = (pip->ip_hl << 2) + sizeof(struct icmp) + \ + (ic->icmp_ip.ip_hl << 2) - sizeof(struct ip) + 8; \ + PULLUP_SIZE(pip, ptr, s); \ +} while (0) + +#define PULLUP_SCTPHDR(pip, ptr) do { \ + pip = mtod(*ptr, struct ip *); \ + PULLUP_SIZE(pip, ptr, (pip->ip_hl << 2) + sizeof(struct sctphdr)); \ +} while (0) +#else +typedef char * pkt_t; + +#define PULLUP_IPHDR(pip, ptr) pip = (struct ip *)ptr +#define PULLUP_UDPHDR(pip, ptr) pip = (struct ip *)ptr +#define PULLUP_TCPHDR(pip, ptr) pip = (struct ip *)ptr +#define PULLUP_ICMPHDR(pip, ptr) pip = (struct ip *)ptr +#define PULLUP_ICMPIP64HDR(pip, ptr) pip = (struct ip *)ptr +#define PULLUP_SCTPHDR(pip, ptr) pip = (struct ip *)ptr +#endif + /* Initialization and control functions. */ struct libalias *LibAliasInit(struct libalias *); void LibAliasSetAddress(struct libalias *, struct in_addr _addr); @@ -91,10 +154,19 @@ void LibAliasUninit(struct libalias *); /* Packet Handling functions. */ +#ifdef _KERNEL +int LibAliasIn (struct libalias *, struct mbuf **_ptr, int _maxpacketsize); +int LibAliasOut(struct libalias *, struct mbuf **_ptr, int _maxpacketsize); +int LibAliasOutTry(struct libalias *, struct mbuf **_ptr, + int _maxpacketsize, int _create); +int LibAliasUnaliasOut(struct libalias *, struct mbuf **_ptr, + int _maxpacketsize); +#else int LibAliasIn (struct libalias *, char *_ptr, int _maxpacketsize); int LibAliasOut(struct libalias *, char *_ptr, int _maxpacketsize); int LibAliasOutTry(struct libalias *, char *_ptr, int _maxpacketsize, int _create); int LibAliasUnaliasOut(struct libalias *, char *_ptr, int _maxpacketsize); +#endif /* Port and address redirection functions. */ @@ -135,9 +207,6 @@ int LibAliasUnLoadAllModule(void); int LibAliasRefreshModules(void); -/* Mbuf helper function. */ -struct mbuf *m_megapullup(struct mbuf *, int); - /* * Mode flags and other constants. */ Index: sys/netinet/libalias/alias_cuseeme.c =================================================================== --- sys/netinet/libalias/alias_cuseeme.c (revision 190929) +++ sys/netinet/libalias/alias_cuseeme.c (working copy) @@ -31,6 +31,8 @@ #ifdef _KERNEL #include +#include +#include #include #include #else @@ -49,6 +51,7 @@ #include #include #else +#include "alias.h" #include "alias_local.h" #include "alias_mod.h" #endif @@ -75,17 +78,31 @@ } static int -protohandlerin(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandlerin(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); AliasHandleCUSeeMeIn(la, pip, *ah->oaddr); return (0); } static int -protohandlerout(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandlerout(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); AliasHandleCUSeeMeOut(la, pip, ah->lnk); return (0); } @@ -96,6 +113,7 @@ .pri = 120, .dir = OUT, .proto = UDP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandlerout }, @@ -103,6 +121,7 @@ .pri = 120, .dir = IN, .proto = UDP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandlerin }, Index: sys/netinet/libalias/alias_ftp.c =================================================================== --- sys/netinet/libalias/alias_ftp.c (revision 190929) +++ sys/netinet/libalias/alias_ftp.c (working copy) @@ -71,6 +71,8 @@ /* Includes */ #ifdef _KERNEL #include +#include +#include #include #include #include @@ -93,6 +95,7 @@ #include #include #else +#include "alias.h" #include "alias_local.h" #include "alias_mod.h" #endif @@ -117,9 +120,16 @@ } static int -protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandler(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); AliasHandleFtpOut(la, pip, ah->lnk, ah->maxpktsize); return (0); } @@ -129,6 +139,7 @@ .pri = 80, .dir = OUT, .proto = TCP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandler }, Index: sys/netinet/libalias/alias_dummy.c =================================================================== --- sys/netinet/libalias/alias_dummy.c (revision 190929) +++ sys/netinet/libalias/alias_dummy.c (working copy) @@ -35,6 +35,8 @@ #ifdef _KERNEL #include +#include +#include #include #include #else @@ -49,9 +51,11 @@ #include #ifdef _KERNEL +#include #include #include #else +#include "alias.h" #include "alias_local.h" #include "alias_mod.h" #endif @@ -86,9 +90,16 @@ */ static int -protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandler(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); AliasHandleDummy(la, pip, ah); return (0); } @@ -106,6 +117,7 @@ .pri = 666, .dir = IN|OUT, .proto = UDP|TCP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandler }, Index: sys/netinet/libalias/alias_local.h =================================================================== --- sys/netinet/libalias/alias_local.h (revision 190929) +++ sys/netinet/libalias/alias_local.h (working copy) @@ -178,6 +178,9 @@ * avoid races in libalias: every public function has to use it. */ struct mtx mutex; + + /* for legacy modules that can't handle mbufs yet */ + caddr_t buf; #endif }; @@ -230,7 +233,9 @@ */ void AliasSctpInit(struct libalias *la); void AliasSctpTerm(struct libalias *la); -int SctpAlias(struct libalias *la, struct ip *ip, int direction); +#ifdef _KERNEL +int SctpAlias(struct libalias *la, struct mbuf **ptr, int direction); +#endif /* * We do not calculate TCP checksums when libalias is a kernel Index: sys/netinet/libalias/alias_smedia.c =================================================================== --- sys/netinet/libalias/alias_smedia.c (revision 190929) +++ sys/netinet/libalias/alias_smedia.c (working copy) @@ -101,6 +101,8 @@ #ifdef _KERNEL #include #include +#include +#include #include #include #else @@ -120,6 +122,7 @@ #include #include #else +#include "alias.h" #include "alias_local.h" #include "alias_mod.h" #endif @@ -150,9 +153,16 @@ } static int -protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandler(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); if (ntohs(*ah->dport) == TFTP_PORT_NUMBER) FindRtspOut(la, pip->ip_src, pip->ip_dst, *ah->sport, *ah->aport, IPPROTO_UDP); @@ -165,6 +175,7 @@ .pri = 100, .dir = OUT, .proto = TCP|UDP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandler }, Index: sys/netinet/libalias/alias_sctp.c =================================================================== --- sys/netinet/libalias/alias_sctp.c (revision 190929) +++ sys/netinet/libalias/alias_sctp.c (working copy) @@ -78,6 +78,7 @@ #include #include #include +#include #include #include #include @@ -100,7 +101,7 @@ * ---------------------------------------------------------------------- */ /* Packet Parsing Functions */ -static int sctp_PktParser(struct libalias *la, int direction, struct ip *pip, +static int sctp_PktParser(struct libalias *la, int direction, pkt_t ptr, struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc); static int GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, uint32_t *g_vtag, int direction); @@ -705,15 +706,16 @@ * - Return the appropriate result to libalias * * @param la Pointer to the relevant libalias instance - * @param pip Pointer to IP packet to process + * @param ptr Pointer to IP packet to process * @param direction SN_TO_LOCAL | SN_TO_GLOBAL * * @return PKT_ALIAS_OK | PKT_ALIAS_IGNORE | PKT_ALIAS_ERROR */ int -SctpAlias(struct libalias *la, struct ip *pip, int direction) +SctpAlias(struct libalias *la, pkt_t ptr, int direction) { int rtnval; + struct ip *pip; struct sctp_nat_msg msg; struct sctp_nat_assoc *assoc = NULL; @@ -725,7 +727,8 @@ sctp_CheckTimers(la); /* Check timers */ /* Parse the packet */ - rtnval = sctp_PktParser(la, direction, pip, &msg, &assoc); //using *char (change to mbuf when get code from paolo) + rtnval = sctp_PktParser(la, direction, ptr, &msg, &assoc); + PULLUP_IPHDR(pip, ptr); switch (rtnval) { case SN_PARSE_OK: break; @@ -1011,17 +1014,17 @@ * * @param la Pointer to the relevant libalias instance * @param direction SN_TO_LOCAL | SN_TO_GLOBAL - * @param pip + * @param ptr * @param sm Pointer to sctp message information * @param passoc Pointer to the association this SCTP Message belongs to * * @return SN_PARSE_OK | SN_PARSE_ERROR_* */ static int -sctp_PktParser(struct libalias *la, int direction, struct ip *pip, +sctp_PktParser(struct libalias *la, int direction, pkt_t ptr, struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc) -//sctp_PktParser(int direction, struct mbuf *ipak, int ip_hdr_len,struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc) { + struct ip *pip; struct sctphdr *sctp_hdr; struct sctp_chunkhdr *chunk_hdr; struct sctp_paramhdr *param_hdr; @@ -1041,7 +1044,7 @@ * Also, I am only interested in the content of INIT and ADDIP chunks */ - // no mbuf stuff from Paolo yet so ... + PULLUP_SCTPHDR(pip, ptr); sm->ip_hdr = pip; /* remove ip header length from the bytes_left */ bytes_left = ntohs(pip->ip_len) - (pip->ip_hl << 2); Index: sys/netinet/libalias/alias_skinny.c =================================================================== --- sys/netinet/libalias/alias_skinny.c (revision 190929) +++ sys/netinet/libalias/alias_skinny.c (working copy) @@ -32,6 +32,8 @@ #ifdef _KERNEL #include +#include +#include #include #include #else @@ -46,9 +48,11 @@ #include #ifdef _KERNEL +#include #include #include #else +#include "alias.h" #include "alias_local.h" #include "alias_mod.h" #endif @@ -69,9 +73,16 @@ } static int -protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandler(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); AliasHandleSkinny(la, pip, ah->lnk); return (0); } @@ -81,6 +92,7 @@ .pri = 110, .dir = IN|OUT, .proto = TCP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandler }, Index: sys/netinet/libalias/alias_irc.c =================================================================== --- sys/netinet/libalias/alias_irc.c (revision 190929) +++ sys/netinet/libalias/alias_irc.c (working copy) @@ -50,6 +50,8 @@ /* Includes */ #ifdef _KERNEL #include +#include +#include #include #include #include @@ -75,6 +77,7 @@ #include #include #else +#include "alias.h" #include "alias_local.h" #include "alias_mod.h" #endif @@ -106,9 +109,16 @@ } static int -protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandler(struct libalias *la, pkt_t ptr, struct alias_data *ah) { + struct ip *pip; +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); newpacket = malloc(PKTSIZE); if (newpacket) { AliasHandleIrcOut(la, pip, ah->lnk, ah->maxpktsize); @@ -122,6 +132,7 @@ .pri = 90, .dir = OUT, .proto = TCP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandler }, Index: sys/netinet/libalias/alias_mod.c =================================================================== --- sys/netinet/libalias/alias_mod.c (revision 190929) +++ sys/netinet/libalias/alias_mod.c (working copy) @@ -30,6 +30,8 @@ #ifdef _KERNEL #include #include +#include +#include #include #include #else @@ -44,9 +46,11 @@ #include #ifdef _KERNEL +#include #include #include #else +#include "alias.h" #include "alias_local.h" #include "alias_mod.h" #endif @@ -219,7 +223,7 @@ } int -find_handler(int8_t dir, int8_t proto, struct libalias *la, __unused struct ip *pip, +find_handler(int8_t dir, int8_t proto, struct libalias *la, pkt_t ptr, struct alias_data *ad) { struct proto_handler *p; @@ -230,7 +234,16 @@ LIST_FOREACH(p, &handler_chain, entries) { if ((p->dir & dir) && (p->proto & proto)) if (p->fingerprint(la, ad) == 0) { - error = p->protohandler(la, pip, ad); +#ifdef _KERNEL + if (p->legacy) { + m_copydata(*ptr, 0, m_length(*ptr, NULL), la->buf); + error = p->protohandler(la, NULL, ad); + m_copyback(*ptr, 0, ntohs(((struct ip *)la->buf)->ip_len), + la->buf); + break; + } +#endif + error = p->protohandler(la, ptr, ad); break; } } Index: sys/netinet/libalias/alias.c =================================================================== --- sys/netinet/libalias/alias.c (revision 190941) +++ sys/netinet/libalias/alias.c (working copy) @@ -268,13 +268,14 @@ /* Local prototypes */ -static int IcmpAliasIn1(struct libalias *, struct ip *); -static int IcmpAliasIn2(struct libalias *, struct ip *); -static int IcmpAliasIn(struct libalias *, struct ip *); +static int IcmpAliasIn1(struct libalias *, struct ip *, struct icmp *); +static int IcmpAliasIn2(struct libalias *, pkt_t); +static int IcmpAliasIn(struct libalias *, pkt_t); -static int IcmpAliasOut1(struct libalias *, struct ip *, int create); -static int IcmpAliasOut2(struct libalias *, struct ip *); -static int IcmpAliasOut(struct libalias *, struct ip *, int create); +static int IcmpAliasOut1(struct libalias *, struct ip *, struct icmp *, + int create); +static int IcmpAliasOut2(struct libalias *, pkt_t); +static int IcmpAliasOut(struct libalias *, pkt_t, int create); static int ProtoAliasIn(struct libalias *la, struct in_addr ip_src, struct in_addr *ip_dst, u_char ip_p, u_short *ip_sum); @@ -282,15 +283,15 @@ struct in_addr ip_dst, u_char ip_p, u_short *ip_sum, int create); -static int UdpAliasIn(struct libalias *, struct ip *); -static int UdpAliasOut(struct libalias *, struct ip *, int, int create); +static int UdpAliasIn(struct libalias *, pkt_t); +static int UdpAliasOut(struct libalias *, pkt_t, int, int create); -static int TcpAliasIn(struct libalias *, struct ip *); -static int TcpAliasOut(struct libalias *, struct ip *, int, int create); +static int TcpAliasIn(struct libalias *, pkt_t); +static int TcpAliasOut(struct libalias *, pkt_t, int, int create); static int -IcmpAliasIn1(struct libalias *la, struct ip *pip) +IcmpAliasIn1(struct libalias *la, struct ip *pip, struct icmp *ic) { LIBALIAS_LOCK_ASSERT(la); @@ -299,10 +300,7 @@ Alias incoming echo and timestamp requests. */ struct alias_link *lnk; - struct icmp *ic; - ic = (struct icmp *)ip_next(pip); - /* Get source address from ICMP data field and restore original data */ lnk = FindIcmpIn(la, pip->ip_src, pip->ip_dst, ic->icmp_id, 1); if (lnk != NULL) { @@ -335,7 +333,7 @@ } static int -IcmpAliasIn2(struct libalias *la, struct ip *pip) +IcmpAliasIn2(struct libalias *la, pkt_t ptr) { LIBALIAS_LOCK_ASSERT(la); @@ -343,18 +341,20 @@ Alias incoming ICMP error messages containing IP header and first 64 bits of datagram. */ - struct ip *ip; + struct ip *ip, *pip; struct icmp *ic, *ic2; struct udphdr *ud; struct tcphdr *tc; struct alias_link *lnk; + PULLUP_ICMPIP64HDR(pip, ptr); ic = (struct icmp *)ip_next(pip); ip = &ic->icmp_ip; ud = (struct udphdr *)ip_next(ip); tc = (struct tcphdr *)ip_next(ip); ic2 = (struct icmp *)ip_next(ip); + lnk = NULL; if (ip->ip_p == IPPROTO_UDP) lnk = FindUdpTcpIn(la, ip->ip_dst, ip->ip_src, @@ -367,10 +367,7 @@ else if (ip->ip_p == IPPROTO_ICMP) { if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) lnk = FindIcmpIn(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); - else - lnk = NULL; - } else - lnk = NULL; + } if (lnk != NULL) { if (ip->ip_p == IPPROTO_UDP || ip->ip_p == IPPROTO_TCP) { @@ -437,9 +434,10 @@ static int -IcmpAliasIn(struct libalias *la, struct ip *pip) +IcmpAliasIn(struct libalias *la, pkt_t ptr) { int iresult; + struct ip *pip; struct icmp *ic; LIBALIAS_LOCK_ASSERT(la); @@ -447,6 +445,7 @@ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); + PULLUP_ICMPHDR(pip, ptr); ic = (struct icmp *)ip_next(pip); iresult = PKT_ALIAS_IGNORED; @@ -454,18 +453,18 @@ case ICMP_ECHOREPLY: case ICMP_TSTAMPREPLY: if (ic->icmp_code == 0) { - iresult = IcmpAliasIn1(la, pip); + iresult = IcmpAliasIn1(la, pip, ic); } break; case ICMP_UNREACH: case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - iresult = IcmpAliasIn2(la, pip); + iresult = IcmpAliasIn2(la, ptr); break; case ICMP_ECHO: case ICMP_TSTAMP: - iresult = IcmpAliasIn1(la, pip); + iresult = IcmpAliasIn1(la, pip, ic); break; } return (iresult); @@ -473,17 +472,15 @@ static int -IcmpAliasOut1(struct libalias *la, struct ip *pip, int create) +IcmpAliasOut1(struct libalias *la, struct ip *pip, struct icmp *ic, int create) { /* Alias outgoing echo and timestamp requests. De-alias outgoing echo and timestamp replies. */ struct alias_link *lnk; - struct icmp *ic; LIBALIAS_LOCK_ASSERT(la); - ic = (struct icmp *)ip_next(pip); /* Save overwritten data for when echo packet returns */ lnk = FindIcmpOut(la, pip->ip_src, pip->ip_dst, ic->icmp_id, create); @@ -518,25 +515,27 @@ static int -IcmpAliasOut2(struct libalias *la, struct ip *pip) +IcmpAliasOut2(struct libalias *la, pkt_t ptr) { /* Alias outgoing ICMP error messages containing IP header and first 64 bits of datagram. */ - struct ip *ip; + struct ip *ip, *pip; struct icmp *ic, *ic2; struct udphdr *ud; struct tcphdr *tc; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + PULLUP_ICMPIP64HDR(pip, ptr); ic = (struct icmp *)ip_next(pip); ip = &ic->icmp_ip; ud = (struct udphdr *)ip_next(ip); tc = (struct tcphdr *)ip_next(ip); ic2 = (struct icmp *)ip_next(ip); + lnk = NULL; if (ip->ip_p == IPPROTO_UDP) lnk = FindUdpTcpOut(la, ip->ip_dst, ip->ip_src, @@ -549,10 +548,7 @@ else if (ip->ip_p == IPPROTO_ICMP) { if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) lnk = FindIcmpOut(la, ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); - else - lnk = NULL; - } else - lnk = NULL; + } if (lnk != NULL) { if (ip->ip_p == IPPROTO_UDP || ip->ip_p == IPPROTO_TCP) { @@ -619,9 +615,10 @@ static int -IcmpAliasOut(struct libalias *la, struct ip *pip, int create) +IcmpAliasOut(struct libalias *la, pkt_t ptr, int create) { int iresult; + struct ip *pip; struct icmp *ic; LIBALIAS_LOCK_ASSERT(la); @@ -631,6 +628,7 @@ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); + PULLUP_ICMPHDR(pip, ptr); ic = (struct icmp *)ip_next(pip); iresult = PKT_ALIAS_IGNORED; @@ -638,18 +636,18 @@ case ICMP_ECHO: case ICMP_TSTAMP: if (ic->icmp_code == 0) { - iresult = IcmpAliasOut1(la, pip, create); + iresult = IcmpAliasOut1(la, pip, ic, create); } break; case ICMP_UNREACH: case ICMP_SOURCEQUENCH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: - iresult = IcmpAliasOut2(la, pip); + iresult = IcmpAliasOut2(la, ptr); break; case ICMP_ECHOREPLY: case ICMP_TSTAMPREPLY: - iresult = IcmpAliasOut1(la, pip, create); + iresult = IcmpAliasOut1(la, pip, ic, create); } return (iresult); } @@ -723,13 +721,15 @@ static int -UdpAliasIn(struct libalias *la, struct ip *pip) +UdpAliasIn(struct libalias *la, pkt_t ptr) { + struct ip *pip; struct udphdr *ud; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + PULLUP_UDPHDR(pip, ptr); ud = (struct udphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, @@ -761,7 +761,9 @@ proxy_port = GetProxyPort(lnk); /* Walk out chain. */ - error = find_handler(IN, UDP, la, pip, &ad); + error = find_handler(IN, UDP, la, ptr, &ad); + PULLUP_UDPHDR(pip, ptr); + ud = (struct udphdr *)ip_next(pip); /* If we cannot figure out the packet, ignore it. */ if (error < 0) return (PKT_ALIAS_IGNORED); @@ -810,8 +812,9 @@ } static int -UdpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) +UdpAliasOut(struct libalias *la, pkt_t ptr, int maxpacketsize, int create) { + struct ip *pip; struct udphdr *ud; struct alias_link *lnk; struct in_addr dest_address; @@ -824,6 +827,7 @@ LIBALIAS_LOCK_ASSERT(la); /* Return if proxy-only mode is enabled and not proxyrule found.*/ + PULLUP_UDPHDR(pip, ptr); ud = (struct udphdr *)ip_next(pip); proxy_type = ProxyCheck(la, &proxy_server_address, &proxy_server_port, pip->ip_src, pip->ip_dst, @@ -884,7 +888,9 @@ alias_port = GetAliasPort(lnk); /* Walk out chain. */ - error = find_handler(OUT, UDP, la, pip, &ad); + error = find_handler(OUT, UDP, la, ptr, &ad); + PULLUP_UDPHDR(pip, ptr); + ud = (struct udphdr *)ip_next(pip); /* If UDP checksum is not zero, adjust since source port is */ /* being aliased and source address is being altered */ @@ -913,12 +919,14 @@ static int -TcpAliasIn(struct libalias *la, struct ip *pip) +TcpAliasIn(struct libalias *la, pkt_t ptr) { + struct ip *pip; struct tcphdr *tc; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + PULLUP_TCPHDR(pip, ptr); tc = (struct tcphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, @@ -950,7 +958,9 @@ }; /* Walk out chain. */ - error = find_handler(IN, TCP, la, pip, &ad); + error = find_handler(IN, TCP, la, ptr, &ad); + PULLUP_TCPHDR(pip, ptr); + tc = (struct tcphdr *)ip_next(pip); alias_address = GetAliasAddress(lnk); original_address = GetOriginalAddress(lnk); @@ -1035,17 +1045,19 @@ } static int -TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create) +TcpAliasOut(struct libalias *la, pkt_t ptr, int maxpacketsize, int create) { int proxy_type, error; u_short dest_port; u_short proxy_server_port; struct in_addr dest_address; struct in_addr proxy_server_address; + struct ip *pip; struct tcphdr *tc; struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); + PULLUP_TCPHDR(pip, ptr); tc = (struct tcphdr *)ip_next(pip); if (create) @@ -1080,8 +1092,6 @@ lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, create); - if (lnk == NULL) - return (PKT_ALIAS_IGNORED); if (lnk != NULL) { u_short alias_port; struct in_addr alias_address; @@ -1114,7 +1124,9 @@ TcpMonitorOut(tc->th_flags, lnk); /* Walk out chain. */ - error = find_handler(OUT, TCP, la, pip, &ad); + error = find_handler(OUT, TCP, la, ptr, &ad); + PULLUP_TCPHDR(pip, ptr); + tc = (struct tcphdr *)ip_next(pip); /* Adjust TCP checksum since source port is being aliased */ /* and source address is being altered */ @@ -1167,13 +1179,13 @@ /* Local prototypes */ static int FragmentIn(struct libalias *la, struct in_addr ip_src, - struct in_addr *ip_dst, u_short ip_id, u_short *ip_sum); + struct in_addr *ip_dst, u_char ip_p, u_short *ip_sum); static int FragmentOut(struct libalias *, struct in_addr *ip_src, u_short *ip_sum); static int FragmentIn(struct libalias *la, struct in_addr ip_src, struct in_addr *ip_dst, - u_short ip_id, u_short *ip_sum) + u_char ip_id, u_short *ip_sum) { struct alias_link *lnk; @@ -1278,7 +1290,6 @@ (void)la; pip = (struct ip *)ptr; fpip = (struct ip *)ptr_fragment; - DifferentialChecksum(&fpip->ip_sum, &pip->ip_dst, &fpip->ip_dst, 2); fpip->ip_dst = pip->ip_dst; @@ -1287,14 +1298,14 @@ /* Local prototypes */ static int -LibAliasOutLocked(struct libalias *la, char *ptr, - int maxpacketsize, int create); +LibAliasOutLocked(struct libalias *la, pkt_t ptr, + int maxpacketsize, int create); static int -LibAliasInLocked(struct libalias *la, char *ptr, - int maxpacketsize); +LibAliasInLocked(struct libalias *la, pkt_t ptr, + int maxpacketsize); int -LibAliasIn(struct libalias *la, char *ptr, int maxpacketsize) +LibAliasIn(struct libalias *la, pkt_t ptr, int maxpacketsize) { int res; @@ -1305,7 +1316,7 @@ } static int -LibAliasInLocked(struct libalias *la, char *ptr, int maxpacketsize) +LibAliasInLocked(struct libalias *la, pkt_t ptr, int maxpacketsize) { struct in_addr alias_addr; struct ip *pip; @@ -1319,7 +1330,7 @@ } HouseKeeping(la); ClearCheckNewLink(la); - pip = (struct ip *)ptr; + PULLUP_IPHDR(pip, ptr); alias_addr = pip->ip_dst; /* Defense against mangled packets */ @@ -1333,17 +1344,17 @@ if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) { switch (pip->ip_p) { case IPPROTO_ICMP: - iresult = IcmpAliasIn(la, pip); + iresult = IcmpAliasIn(la, ptr); break; case IPPROTO_UDP: - iresult = UdpAliasIn(la, pip); + iresult = UdpAliasIn(la, ptr); break; case IPPROTO_TCP: - iresult = TcpAliasIn(la, pip); + iresult = TcpAliasIn(la, ptr); break; #ifdef _KERNEL case IPPROTO_SCTP: - iresult = SctpAlias(la, pip, SN_TO_LOCAL); + iresult = SctpAlias(la, ptr, SN_TO_LOCAL); break; #endif case IPPROTO_GRE: { @@ -1359,7 +1370,8 @@ }; /* Walk out chain. */ - error = find_handler(IN, IP, la, pip, &ad); + error = find_handler(IN, IP, la, ptr, &ad); + PULLUP_IPHDR(pip, ptr); if (error == 0) iresult = PKT_ALIAS_OK; else @@ -1373,6 +1385,7 @@ break; } + PULLUP_IPHDR(pip, ptr); if (ntohs(pip->ip_off) & IP_MF) { struct alias_link *lnk; @@ -1410,7 +1423,7 @@ #define UNREG_ADDR_C_UPPER 0xc0a8ffff int -LibAliasOut(struct libalias *la, char *ptr, int maxpacketsize) +LibAliasOut(struct libalias *la, pkt_t ptr, int maxpacketsize) { int res; @@ -1421,7 +1434,7 @@ } int -LibAliasOutTry(struct libalias *la, char *ptr, int maxpacketsize, int create) +LibAliasOutTry(struct libalias *la, pkt_t ptr, int maxpacketsize, int create) { int res; @@ -1432,7 +1445,7 @@ } static int -LibAliasOutLocked(struct libalias *la, char *ptr, /* valid IP packet */ +LibAliasOutLocked(struct libalias *la, pkt_t ptr, /* valid IP packet */ int maxpacketsize, /* How much the packet data may grow (FTP * and IRC inline changes) */ int create /* Create new entries ? */ @@ -1450,7 +1463,7 @@ } HouseKeeping(la); ClearCheckNewLink(la); - pip = (struct ip *)ptr; + PULLUP_IPHDR(pip, ptr); /* Defense against mangled packets */ if (ntohs(pip->ip_len) > maxpacketsize @@ -1483,17 +1496,17 @@ if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) { switch (pip->ip_p) { case IPPROTO_ICMP: - iresult = IcmpAliasOut(la, pip, create); + iresult = IcmpAliasOut(la, ptr, create); break; case IPPROTO_UDP: - iresult = UdpAliasOut(la, pip, maxpacketsize, create); + iresult = UdpAliasOut(la, ptr, maxpacketsize, create); break; case IPPROTO_TCP: - iresult = TcpAliasOut(la, pip, maxpacketsize, create); + iresult = TcpAliasOut(la, ptr, maxpacketsize, create); break; #ifdef _KERNEL case IPPROTO_SCTP: - iresult = SctpAlias(la, pip, SN_TO_GLOBAL); + iresult = SctpAlias(la, ptr, SN_TO_GLOBAL); break; #endif case IPPROTO_GRE: { @@ -1508,7 +1521,8 @@ .maxpktsize = 0 }; /* Walk out chain. */ - error = find_handler(OUT, IP, la, pip, &ad); + error = find_handler(OUT, IP, la, ptr, &ad); + PULLUP_IPHDR(pip, ptr); if (error == 0) iresult = PKT_ALIAS_OK; else @@ -1531,7 +1545,7 @@ } int -LibAliasUnaliasOut(struct libalias *la, char *ptr, /* valid IP packet */ +LibAliasUnaliasOut(struct libalias *la, pkt_t ptr, /* valid IP packet */ int maxpacketsize /* for error checking */ ) { @@ -1540,32 +1554,38 @@ struct udphdr *ud; struct tcphdr *tc; struct alias_link *lnk; - int iresult = PKT_ALIAS_IGNORED; + int iresult; LIBALIAS_LOCK(la); - pip = (struct ip *)ptr; + iresult = PKT_ALIAS_IGNORED; + ic = NULL; + ud = NULL; + tc = NULL; + PULLUP_IPHDR(pip, ptr); /* Defense against mangled packets */ if (ntohs(pip->ip_len) > maxpacketsize || (pip->ip_hl << 2) > maxpacketsize) goto getout; - ud = (struct udphdr *)ip_next(pip); - tc = (struct tcphdr *)ip_next(pip); - ic = (struct icmp *)ip_next(pip); - /* Find a link */ - if (pip->ip_p == IPPROTO_UDP) + if (pip->ip_p == IPPROTO_UDP) { + PULLUP_UDPHDR(pip, ptr); + ud = (struct udphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, ud->uh_dport, ud->uh_sport, IPPROTO_UDP, 0); - else if (pip->ip_p == IPPROTO_TCP) + } else if (pip->ip_p == IPPROTO_TCP) { + PULLUP_TCPHDR(pip, ptr); + tc = (struct tcphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_dst, pip->ip_src, tc->th_dport, tc->th_sport, IPPROTO_TCP, 0); - else if (pip->ip_p == IPPROTO_ICMP) + } else if (pip->ip_p == IPPROTO_ICMP) { + PULLUP_ICMPHDR(pip, ptr); + ic = (struct icmp *)ip_next(pip); lnk = FindIcmpIn(la, pip->ip_dst, pip->ip_src, ic->icmp_id, 0); - else + } else lnk = NULL; /* Change it from an aliased packet to an unaliased packet */ @@ -1732,60 +1752,3 @@ } #endif - -#ifdef _KERNEL -/* - * m_megapullup() - this function is a big hack. - * Thankfully, it's only used in ng_nat and ipfw+nat. - * - * It allocates an mbuf with cluster and copies the specified part of the chain - * into cluster, so that it is all contiguous and can be accessed via a plain - * (char *) pointer. This is required, because libalias doesn't know how to - * handle mbuf chains. - * - * On success, m_megapullup returns an mbuf (possibly with cluster) containing - * the input packet, on failure NULL. The input packet is always consumed. - */ -struct mbuf * -m_megapullup(struct mbuf *m, int len) { - struct mbuf *mcl; - - if (len > m->m_pkthdr.len) - goto bad; - - /* Do not reallocate packet if it is sequentional, - * writable and has some extra space for expansion. - * XXX: Constant 100bytes is completely empirical. */ -#define RESERVE 100 - if (m->m_next == NULL && M_WRITABLE(m) && M_TRAILINGSPACE(m) >= RESERVE) - return (m); - - if (len <= MCLBYTES - RESERVE) { - mcl = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); - } else if (len < MJUM16BYTES) { - int size; - if (len <= MJUMPAGESIZE - RESERVE) { - size = MJUMPAGESIZE; - } else if (len <= MJUM9BYTES - RESERVE) { - size = MJUM9BYTES; - } else { - size = MJUM16BYTES; - }; - mcl = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, size); - } else { - goto bad; - } - if (mcl == NULL) - goto bad; - - m_move_pkthdr(mcl, m); - m_copydata(m, 0, len, mtod(mcl, caddr_t)); - mcl->m_len = mcl->m_pkthdr.len = len; - m_freem(m); - - return (mcl); -bad: - m_freem(m); - return (NULL); -} -#endif Index: sys/netinet/libalias/alias_pptp.c =================================================================== --- sys/netinet/libalias/alias_pptp.c (revision 190929) +++ sys/netinet/libalias/alias_pptp.c (working copy) @@ -42,6 +42,8 @@ /* Includes */ #ifdef _KERNEL #include +#include +#include #include #include #include @@ -98,25 +100,46 @@ } static int -protohandlerin(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandlerin(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); AliasHandlePptpIn(la, pip, ah->lnk); return (0); } static int -protohandlerout(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandlerout(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); AliasHandlePptpOut(la, pip, ah->lnk); return (0); } static int -protohandlergrein(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandlergrein(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY || AliasHandlePptpGreIn(la, pip) == 0) return (0); @@ -124,9 +147,16 @@ } static int -protohandlergreout(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandlergreout(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); if (AliasHandlePptpGreOut(la, pip) == 0) return (0); return (-1); @@ -138,6 +168,7 @@ .pri = 200, .dir = IN, .proto = TCP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandlerin }, @@ -145,6 +176,7 @@ .pri = 210, .dir = OUT, .proto = TCP, + .legacy = 1, .fingerprint = &fingerprint, .protohandler = &protohandlerout }, @@ -157,6 +189,7 @@ .pri = INT_MAX, .dir = IN, .proto = IP, + .legacy = 1, .fingerprint = &fingerprintgre, .protohandler = &protohandlergrein }, @@ -164,6 +197,7 @@ .pri = INT_MAX, .dir = OUT, .proto = IP, + .legacy = 1, .fingerprint = &fingerprintgre, .protohandler = &protohandlergreout }, Index: sys/netinet/libalias/alias_nbt.c =================================================================== --- sys/netinet/libalias/alias_nbt.c (revision 190938) +++ sys/netinet/libalias/alias_nbt.c (working copy) @@ -44,6 +44,8 @@ #ifdef _KERNEL #include #include +#include +#include #include #include #else @@ -59,9 +61,11 @@ #include #ifdef _KERNEL +#include #include #include #else +#include "alias.h" #include "alias_local.h" #include "alias_mod.h" #endif @@ -71,11 +75,12 @@ static int AliasHandleUdpNbt(struct libalias *, struct ip *, struct alias_link *, - struct in_addr *, u_short); + struct in_addr *, u_short); static int AliasHandleUdpNbtNS(struct libalias *, struct ip *, struct alias_link *, - struct in_addr *, u_short *, struct in_addr *, u_short *); + struct in_addr *, u_short *, struct in_addr *, u_short *); + static int fingerprint1(struct libalias *la, struct alias_data *ah) { @@ -90,9 +95,16 @@ } static int -protohandler1(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandler1(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); return (AliasHandleUdpNbt(la, pip, ah->lnk, ah->aaddr, *ah->aport)); } @@ -110,18 +122,32 @@ } static int -protohandler2in(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandler2in(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); AliasHandleUdpNbtNS(la, pip, ah->lnk, ah->aaddr, ah->aport, - ah->oaddr, ah->dport); + ah->oaddr, ah->dport); return (0); } static int -protohandler2out(struct libalias *la, struct ip *pip, struct alias_data *ah) +protohandler2out(struct libalias *la, pkt_t ptr, struct alias_data *ah) { - + struct ip *pip; + +#ifdef _KERNEL + if (ptr == NULL) + pip = (struct ip *)la->buf; + else +#endif + PULLUP_IPHDR(pip, ptr); return (AliasHandleUdpNbtNS(la, pip, ah->lnk, &pip->ip_src, ah->sport, ah->aaddr, ah->aport)); } @@ -132,6 +158,7 @@ .pri = 130, .dir = IN|OUT, .proto = UDP, + .legacy = 1, .fingerprint = &fingerprint1, .protohandler = &protohandler1 }, @@ -139,6 +166,7 @@ .pri = 140, .dir = IN, .proto = UDP, + .legacy = 1, .fingerprint = &fingerprint2, .protohandler = &protohandler2in }, @@ -146,6 +174,7 @@ .pri = 140, .dir = OUT, .proto = UDP, + .legacy = 1, .fingerprint = &fingerprint2, .protohandler = &protohandler2out }, Index: sys/netinet/libalias/alias_mod.h =================================================================== --- sys/netinet/libalias/alias_mod.h (revision 190929) +++ sys/netinet/libalias/alias_mod.h (working copy) @@ -80,10 +80,11 @@ u_int pri; /* Handler priority. */ int16_t dir; /* Flow direction. */ uint8_t proto; /* Working protocol. */ + uint8_t legacy; /* Does it handle mbuf or not? */ int (*fingerprint)(struct libalias *, /* Fingerprint * function. */ struct alias_data *); int (*protohandler)(struct libalias *, /* Aliasing * function. */ - struct ip *, struct alias_data *); + pkt_t, struct alias_data *); LIST_ENTRY(proto_handler) entries; }; @@ -114,7 +115,7 @@ int LibAliasDetachHandlers(struct proto_handler *); int detach_handler(struct proto_handler *); int find_handler(int8_t, int8_t, struct libalias *, - struct ip *, struct alias_data *); + pkt_t, struct alias_data *); struct proto_handler *first_handler(void); /* Functions used with dll module. */ Index: sys/netgraph/ng_nat.c =================================================================== --- sys/netgraph/ng_nat.c (revision 190929) +++ sys/netgraph/ng_nat.c (working copy) @@ -675,7 +675,6 @@ struct mbuf *m; struct ip *ip; int rval, error = 0; - char *c; /* We have no required hooks. */ if (!(priv->flags & NGNAT_CONNECTED)) { @@ -689,7 +688,8 @@ m = NGI_M(item); - if ((m = m_megapullup(m, m->m_pkthdr.len)) == NULL) { + m = m_pullup(m, sizeof(struct ip)); + if (m == NULL) { NGI_M(item) = NULL; /* avoid double free */ NG_FREE_ITEM(item); return (ENOBUFS); @@ -697,21 +697,19 @@ NGI_M(item) = m; - c = mtod(m, char *); ip = mtod(m, struct ip *); KASSERT(m->m_pkthdr.len == ntohs(ip->ip_len), ("ng_nat: ip_len != m_pkthdr.len")); if (hook == priv->in) { - rval = LibAliasIn(priv->lib, c, m->m_len + M_TRAILINGSPACE(m)); - if (rval != PKT_ALIAS_OK && - rval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) { + rval = LibAliasIn(priv->lib, &m, IP_MAXPACKET); + if (rval != PKT_ALIAS_OK) { NG_FREE_ITEM(item); return (EINVAL); } } else if (hook == priv->out) { - rval = LibAliasOut(priv->lib, c, m->m_len + M_TRAILINGSPACE(m)); + rval = LibAliasOut(priv->lib, &m, IP_MAXPACKET); if (rval != PKT_ALIAS_OK) { NG_FREE_ITEM(item); return (EINVAL); @@ -719,8 +717,17 @@ } else panic("ng_nat: unknown hook!\n"); - m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len); + if ((m = m_pullup(m, sizeof(struct ip))) == NULL) { + NGI_M(item) = NULL; /* avoid double free */ + NG_FREE_ITEM(item); + return (ENOBUFS); + } + NGI_M(item) = m; + + ip = mtod(m, struct ip *); + m->m_pkthdr.len = ntohs(ip->ip_len); + if ((ip->ip_off & htons(IP_OFFMASK)) == 0 && ip->ip_p == IPPROTO_TCP) { struct tcphdr *th = (struct tcphdr *)((caddr_t)ip +