diff options
Diffstat (limited to 'sys/netinet/libalias/alias_proxy.c')
| -rw-r--r-- | sys/netinet/libalias/alias_proxy.c | 271 |
1 files changed, 134 insertions, 137 deletions
diff --git a/sys/netinet/libalias/alias_proxy.c b/sys/netinet/libalias/alias_proxy.c index 79d9db82914c..e2b0f1009617 100644 --- a/sys/netinet/libalias/alias_proxy.c +++ b/sys/netinet/libalias/alias_proxy.c @@ -76,6 +76,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/libalias/alias_mod.h> #else #include <arpa/inet.h> + #include "alias.h" /* Public API functions for libalias */ #include "alias_local.h" /* Functions used by alias*.c */ #endif @@ -189,7 +190,7 @@ IpPort(char *s, int proto, int *port) if (se == NULL) return (-1); - *port = (u_int) ntohs(se->s_port); + *port = (u_int)ntohs(se->s_port); } #else return (-1); @@ -292,20 +293,19 @@ ProxyEncodeTcpStream(struct alias_link *lnk, struct tcphdr *tc; char addrbuf[INET_ADDRSTRLEN]; -/* Compute pointer to tcp header */ + /* Compute pointer to tcp header */ tc = (struct tcphdr *)ip_next(pip); -/* Don't modify if once already modified */ - + /* Don't modify if once already modified */ if (GetAckModified(lnk)) return; -/* Translate destination address and port to string form */ + /* Translate destination address and port to string form */ snprintf(buffer, sizeof(buffer) - 2, "[DEST %s %d]", inet_ntoa_r(GetProxyAddress(lnk), INET_NTOA_BUF(addrbuf)), - (u_int) ntohs(GetProxyPort(lnk))); + (u_int)ntohs(GetProxyPort(lnk))); -/* Pad string out to a multiple of two in length */ + /* Pad string out to a multiple of two in length */ slen = strlen(buffer); switch (slen % 2) { case 0: @@ -317,11 +317,11 @@ ProxyEncodeTcpStream(struct alias_link *lnk, slen += 1; } -/* Check for packet overflow */ + /* Check for packet overflow */ if ((int)(ntohs(pip->ip_len) + strlen(buffer)) > maxpacketsize) return; -/* Shift existing TCP data and insert destination string */ + /* Shift existing TCP data and insert destination string */ { int dlen; int hlen; @@ -330,8 +330,7 @@ ProxyEncodeTcpStream(struct alias_link *lnk, hlen = (pip->ip_hl + tc->th_off) << 2; dlen = ntohs(pip->ip_len) - hlen; -/* Modify first packet that has data in it */ - + /* Modify first packet that has data in it */ if (dlen == 0) return; @@ -342,18 +341,18 @@ ProxyEncodeTcpStream(struct alias_link *lnk, memcpy(p, buffer, slen); } -/* Save information about modfied sequence number */ + /* Save information about modfied sequence number */ { int delta; SetAckModified(lnk); - tc = (struct tcphdr *)ip_next(pip); + tc = (struct tcphdr *)ip_next(pip); delta = GetDeltaSeqOut(tc->th_seq, lnk); AddSeq(lnk, delta + slen, pip->ip_hl, pip->ip_len, tc->th_seq, tc->th_off); } -/* Update IP header packet length and checksum */ + /* Update IP header packet length and checksum */ { int accumulate; @@ -364,8 +363,8 @@ ProxyEncodeTcpStream(struct alias_link *lnk, ADJUST_CHECKSUM(accumulate, pip->ip_sum); } -/* Update TCP checksum, Use TcpChecksum since so many things have - already changed. */ + /* Update TCP checksum, Use TcpChecksum since so many things have + already changed. */ tc->th_sum = 0; #ifdef _KERNEL @@ -376,8 +375,7 @@ ProxyEncodeTcpStream(struct alias_link *lnk, } static void -ProxyEncodeIpHeader(struct ip *pip, - int maxpacketsize) +ProxyEncodeIpHeader(struct ip *pip, int maxpacketsize) { #define OPTION_LEN_BYTES 8 #define OPTION_LEN_INT16 4 @@ -385,17 +383,17 @@ ProxyEncodeIpHeader(struct ip *pip, _Alignas(_Alignof(u_short)) u_char option[OPTION_LEN_BYTES]; #ifdef LIBALIAS_DEBUG - fprintf(stdout, " ip cksum 1 = %x\n", (u_int) IpChecksum(pip)); - fprintf(stdout, "tcp cksum 1 = %x\n", (u_int) TcpChecksum(pip)); + fprintf(stdout, " ip cksum 1 = %x\n", (u_int)IpChecksum(pip)); + fprintf(stdout, "tcp cksum 1 = %x\n", (u_int)TcpChecksum(pip)); #endif (void)maxpacketsize; -/* Check to see that there is room to add an IP option */ + /* Check to see that there is room to add an IP option */ if (pip->ip_hl > (0x0f - OPTION_LEN_INT32)) return; -/* Build option and copy into packet */ + /* Build option and copy into packet */ { u_char *ptr; struct tcphdr *tc; @@ -407,15 +405,15 @@ ProxyEncodeIpHeader(struct ip *pip, option[0] = 0x64; /* class: 3 (reserved), option 4 */ option[1] = OPTION_LEN_BYTES; - memcpy(&option[2], (u_char *) & pip->ip_dst, 4); + memcpy(&option[2], (u_char *)&pip->ip_dst, 4); tc = (struct tcphdr *)ip_next(pip); - memcpy(&option[6], (u_char *) & tc->th_sport, 2); + memcpy(&option[6], (u_char *)&tc->th_sport, 2); memcpy(ptr, option, 8); } -/* Update checksum, header length and packet length */ + /* Update checksum, header length and packet length */ { int i; int accumulate; @@ -441,8 +439,8 @@ ProxyEncodeIpHeader(struct ip *pip, #undef OPTION_LEN_INT16 #undef OPTION_LEN_INT32 #ifdef LIBALIAS_DEBUG - fprintf(stdout, " ip cksum 2 = %x\n", (u_int) IpChecksum(pip)); - fprintf(stdout, "tcp cksum 2 = %x\n", (u_int) TcpChecksum(pip)); + fprintf(stdout, " ip cksum 2 = %x\n", (u_int)IpChecksum(pip)); + fprintf(stdout, "tcp cksum 2 = %x\n", (u_int)TcpChecksum(pip)); #endif } @@ -457,7 +455,7 @@ ProxyEncodeIpHeader(struct ip *pip, int ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr, - u_short * proxy_server_port, struct in_addr src_addr, + u_short * proxy_server_port, struct in_addr src_addr, struct in_addr dst_addr, u_short dst_port, u_char ip_p) { struct proxy_entry *ptr; @@ -498,12 +496,11 @@ ProxyModify(struct libalias *la, struct alias_link *lnk, int maxpacketsize, int proxy_type) { - LIBALIAS_LOCK_ASSERT(la); (void)la; switch (proxy_type) { - case PROXY_TYPE_ENCODE_IPHDR: + case PROXY_TYPE_ENCODE_IPHDR: ProxyEncodeIpHeader(pip, maxpacketsize); break; @@ -517,9 +514,6 @@ ProxyModify(struct libalias *la, struct alias_link *lnk, Public API functions */ -int -LibAliasProxyRule(struct libalias *la, const char *cmd) -{ /* * This function takes command strings of the form: * @@ -541,6 +535,9 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) * then 0 is used, and group 0 rules are always checked before any * others. */ +int +LibAliasProxyRule(struct libalias *la, const char *cmd) +{ int i, n, len, ret; int cmd_len; int token_count; @@ -563,7 +560,8 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) LIBALIAS_LOCK(la); ret = 0; -/* Copy command line into a buffer */ + + /* Copy command line into a buffer */ cmd += strspn(cmd, " \t"); cmd_len = strlen(cmd); if (cmd_len > (int)(sizeof(buffer) - 1)) { @@ -572,14 +570,14 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) } strcpy(buffer, cmd); -/* Convert to lower case */ + /* Convert to lower case */ len = strlen(buffer); for (i = 0; i < len; i++) buffer[i] = tolower((unsigned char)buffer[i]); -/* Set default proxy type */ + /* Set default proxy type */ -/* Set up default values */ + /* Set up default values */ rule_index = 0; proxy_type = PROXY_TYPE_ENCODE_NONE; proto = IPPROTO_TCP; @@ -594,7 +592,7 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) str_port[0] = 0; str_server_port[0] = 0; -/* Parse command string with state machine */ + /* Parse command string with state machine */ #define STATE_READ_KEYWORD 0 #define STATE_READ_TYPE 1 #define STATE_READ_PORT 2 @@ -652,41 +650,40 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) state = STATE_READ_KEYWORD; break; - case STATE_READ_SERVER: - { - int err; - char *p; - char s[sizeof(buffer)]; + case STATE_READ_SERVER: { + int err; + char *p; + char s[sizeof(buffer)]; + + p = token; + while (*p != ':' && *p != 0) + p++; - p = token; - while (*p != ':' && *p != 0) - p++; - - if (*p != ':') { - err = IpAddr(token, &server_addr); - if (err) { - ret = -1; - goto getout; - } - } else { - *p = ' '; - - n = sscanf(token, "%s %s", s, str_server_port); - if (n != 2) { - ret = -1; - goto getout; - } - - err = IpAddr(s, &server_addr); - if (err) { - ret = -1; - goto getout; - } + if (*p != ':') { + err = IpAddr(token, &server_addr); + if (err) { + ret = -1; + goto getout; + } + } else { + *p = ' '; + + n = sscanf(token, "%s %s", s, str_server_port); + if (n != 2) { + ret = -1; + goto getout; + } + + err = IpAddr(s, &server_addr); + if (err) { + ret = -1; + goto getout; } } + state = STATE_READ_KEYWORD; break; - + } case STATE_READ_RULE: n = sscanf(token, "%d", &rule_index); if (n != 1 || rule_index < 0) { @@ -696,28 +693,27 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) state = STATE_READ_KEYWORD; break; - case STATE_READ_DELETE: - { - int err; - int rule_to_delete; + case STATE_READ_DELETE: { + int err; + int rule_to_delete; - if (token_count != 2) { - ret = -1; - goto getout; - } + if (token_count != 2) { + ret = -1; + goto getout; + } - n = sscanf(token, "%d", &rule_to_delete); - if (n != 1) { - ret = -1; - goto getout; - } - err = RuleNumberDelete(la, rule_to_delete); - if (err) - ret = -1; - else - ret = 0; + n = sscanf(token, "%d", &rule_to_delete); + if (n != 1) { + ret = -1; goto getout; } + err = RuleNumberDelete(la, rule_to_delete); + if (err) + ret = -1; + else + ret = 0; + goto getout; + } case STATE_READ_PROTO: if (strcmp(token, "tcp") == 0) @@ -732,58 +728,58 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) break; case STATE_READ_SRC: - case STATE_READ_DST: - { - int err; - char *p; - struct in_addr mask; - struct in_addr addr; - - p = token; - while (*p != '/' && *p != 0) - p++; - - if (*p != '/') { - IpMask(32, &mask); - err = IpAddr(token, &addr); - if (err) { - ret = -1; - goto getout; - } - } else { - int nbits; - char s[sizeof(buffer)]; - - *p = ' '; - n = sscanf(token, "%s %d", s, &nbits); - if (n != 2) { - ret = -1; - goto getout; - } - - err = IpAddr(s, &addr); - if (err) { - ret = -1; - goto getout; - } - - err = IpMask(nbits, &mask); - if (err) { - ret = -1; - goto getout; - } + case STATE_READ_DST: { + int err; + char *p; + struct in_addr mask; + struct in_addr addr; + + p = token; + while (*p != '/' && *p != 0) + p++; + + if (*p != '/') { + IpMask(32, &mask); + err = IpAddr(token, &addr); + if (err) { + ret = -1; + goto getout; } + } else { + int nbits; + char s[sizeof(buffer)]; - if (state == STATE_READ_SRC) { - src_addr = addr; - src_mask = mask; - } else { - dst_addr = addr; - dst_mask = mask; + *p = ' '; + n = sscanf(token, "%s %d", s, &nbits); + if (n != 2) { + ret = -1; + goto getout; + } + + err = IpAddr(s, &addr); + if (err) { + ret = -1; + goto getout; + } + + err = IpMask(nbits, &mask); + if (err) { + ret = -1; + goto getout; } } + + if (state == STATE_READ_SRC) { + src_addr = addr; + src_mask = mask; + } else { + dst_addr = addr; + dst_mask = mask; + } + state = STATE_READ_KEYWORD; break; + } default: ret = -1; @@ -805,9 +801,10 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) #undef STATE_READ_SRC #undef STATE_READ_DST -/* Convert port strings to numbers. This needs to be done after - the string is parsed, because the prototype might not be designated - before the ports (which might be symbolic entries in /etc/services) */ + /* Convert port strings to numbers. + This needs to be done after the string is parsed, because + the prototype might not be designated before the ports + (which might be symbolic entries in /etc/services) */ if (strlen(str_port) != 0) { int err; @@ -833,13 +830,13 @@ LibAliasProxyRule(struct libalias *la, const char *cmd) server_port = 0; } -/* Check that at least the server address has been defined */ + /* Check that at least the server address has been defined */ if (server_addr.s_addr == 0) { ret = -1; goto getout; } -/* Add to linked list */ + /* Add to linked list */ proxy_entry = malloc(sizeof(struct proxy_entry)); if (proxy_entry == NULL) { ret = -1; |