nat_util.c

vxworks下ppp的实现源码

					/* This means a dummy static entry in the translation list;
					   so, ignore it unless caller is asking for it.
					*/
					if (findDummyStatic == TRUE)
						{
						semGive (tcpListLock);
						return (sptr_tcp_translation_entry);
						}
					}
				else
					{
					/* The static entry was created by an external agent (e.g. ALG).
					   In this case, return the entry.
					*/
					nat_printf (NAT_PRINTF_DATA,
						"Found static bind match for TCP port %d\n",
						spoofed_port);
					semGive (tcpListLock);
					return (sptr_tcp_translation_entry);
					}
				}
			else    /* matching dynamic entry found */
				{  
				if (sptr_tcp_translation_entry->dynamicFromStatic == TRUE)
					{    
					/* the dynamic entry was created from static bind, so the spoofed port
					   may not be unique.  Therefore, returns NULL */
					semGive(tcpListLock);
					return (NULL);
					}
				else
					{
					nat_printf (NAT_PRINTF_DATA,
							"Found dynamic bind match for TCP port %d\n",
							spoofed_port);
					semGive(tcpListLock);
					return (sptr_tcp_translation_entry);
					}
				}
			}
		}

	semGive (tcpListLock);

	nat_printf (NAT_PRINTF_TRACE, 
		"No match for spoofed port %d in TCP list\n", spoofed_port);

	return (NULL);
}

/*****************************************************************************
Function:	match_tcp_port_with_static_entry

Description:
Look for TCP entry in the static table with matching port.
*****************************************************************************/
NAT_PORT_STATIC_ENTRY *match_tcp_port_with_static_entry (USHORT port_number)
{
	ULONG index;

	if (nat.static_entries_enabled == FALSE)
		{
		return (NULL);
		}
		
	for (index = 0x0000; index < MAXIMUM_NUMBER_OF_TCP_STATIC_ENTRIES; ++index)
		{
		if (nat.tcp_static_entries[index].global_port_number == port_number)
			{
			nat_printf(NAT_PRINTF_TRACE, 
				"Found match for port %d in TCP static table\n", port_number);
			
			return (&nat.tcp_static_entries[index]);
			}
			
		}

	nat_printf(NAT_PRINTF_TRACE, 
		"No match for port %d in TCP static table\n", port_number);

	return (NULL);
}

/*****************************************************************************
Function:	match_ports_with_udp_entry_outbound

Description:
Look for UDP entry with matching local address, local port, and remote port.
This check is made for outbound packets.
*****************************************************************************/
UDP_TRANSLATION_ENTRY *match_ports_with_udp_entry_outbound (
	USHORT remote_port, 
	USHORT local_port, 
	IP_ADDRESS local_address, 
	UDP_TRANSLATION_HEADER *sptr_udp_translation_list)
{
	UDP_TRANSLATION_ENTRY *sptr_udp_translation_entry;

	semTake (udpListLock, WAIT_FOREVER);

	for (sptr_udp_translation_entry = (UDP_TRANSLATION_ENTRY *) 
		DLL_FIRST ((DL_LIST *) sptr_udp_translation_list);
		sptr_udp_translation_entry != NULL;
		sptr_udp_translation_entry = (UDP_TRANSLATION_ENTRY *) 
			DLL_NEXT ((DL_NODE *) sptr_udp_translation_entry))
		{
			if ((sptr_udp_translation_entry->local_port == local_port) &&
				(sptr_udp_translation_entry->remote_port == remote_port) &&
				(sptr_udp_translation_entry->local_address == local_address))
				{
				nat_printf (NAT_PRINTF_TRACE, 
					"Found match for local addr/port = %08lx:%d, remote port = %d in UDP list\n",
					local_address, local_port, remote_port);

				semGive (udpListLock);

				return (sptr_udp_translation_entry);
				}
				
		}

	nat_printf (NAT_PRINTF_TRACE, 
		"No match for local_addr/port = %08lx:%d, remote port = %d in UDP list\n",
		local_address, local_port, remote_port);

	semGive (udpListLock);

	return (NULL);
}

/*****************************************************************************
Function:	match_ports_with_udp_entry_inbound

Description:
Look for UDP entry with matching remote address, remote port, and local port.
This check is made for inbound packets.
*****************************************************************************/
UDP_TRANSLATION_ENTRY *match_ports_with_udp_entry_inbound (
	USHORT remote_port, 
	USHORT global_port, 
	IP_ADDRESS remote_address, 
	UDP_TRANSLATION_HEADER *sptr_udp_translation_list)
{
	UDP_TRANSLATION_ENTRY *sptr_udp_translation_entry;

	semTake (udpListLock, WAIT_FOREVER);

	for (sptr_udp_translation_entry = (UDP_TRANSLATION_ENTRY *) 
		DLL_FIRST ((DL_LIST *) sptr_udp_translation_list);
		sptr_udp_translation_entry != NULL;
		sptr_udp_translation_entry = (UDP_TRANSLATION_ENTRY *) 
			DLL_NEXT ((DL_NODE *) sptr_udp_translation_entry))
		{
			if ((sptr_udp_translation_entry->spoofed_local_port == global_port) &&
				(sptr_udp_translation_entry->remote_port == remote_port) &&
				(sptr_udp_translation_entry->remote_address == remote_address))
				{
				nat_printf (NAT_PRINTF_TRACE, 
					"Found match for remote addr/port = %08lx:%d, global_port = %d in UDP list\n",
					remote_address, remote_port, global_port);

				semGive (udpListLock);

				return (sptr_udp_translation_entry);
				}
				
		}

	nat_printf (NAT_PRINTF_TRACE, 
		"No match for remote addr/port = %08lx:%d, global port = %d in UDP list\n",
		remote_address, remote_port, global_port);

	semGive (udpListLock);

	return (NULL);
}

/*****************************************************************************
Function:	match_ports_with_udp_entry_global

Description:
Look for UDP entry with matching local address, local port, and global port
that has the same value as its local port.  This matching routine may be
required by some protocols (e.g. H.323).
This check is made for outbound packets.
*****************************************************************************/
UDP_TRANSLATION_ENTRY *match_ports_with_udp_entry_global (
	USHORT local_port, 
	IP_ADDRESS local_address, 
	UDP_TRANSLATION_HEADER *sptr_udp_translation_list)
{
	UDP_TRANSLATION_ENTRY *sptr_udp_translation_entry;

	semTake (udpListLock, WAIT_FOREVER);

	for (sptr_udp_translation_entry = (UDP_TRANSLATION_ENTRY *) 
		DLL_FIRST ((DL_LIST *) sptr_udp_translation_list);
		sptr_udp_translation_entry != NULL;
		sptr_udp_translation_entry = (UDP_TRANSLATION_ENTRY *) 
			DLL_NEXT ((DL_NODE *) sptr_udp_translation_entry))
		{
			if ((sptr_udp_translation_entry->local_port == local_port) &&
				(sptr_udp_translation_entry->spoofed_local_port == local_port) &&
				(sptr_udp_translation_entry->local_address == local_address))
				{
				nat_printf (NAT_PRINTF_TRACE, 
					"Found match for local address/port = %08lx:%d, global port=%d in UDP list\n",
					local_address, local_port, local_port);

				semGive (udpListLock);

				return (sptr_udp_translation_entry);
				}
				
		}

	nat_printf (NAT_PRINTF_TRACE, 
		"No match for local address/port = %08lx:%d, global port = %d in UDP list\n",
		local_address, local_port, local_port);

	semGive (udpListLock);

	return (NULL);
}


/*****************************************************************************
Function:	match_spoofed_port_with_udp_entry

Description:
Look for UDP entry with matching spoofed port.  There can be up to four types
of UDP entries in the UDP translation list:
1. Dummy static entries created from static table.
2. Real static entries created by external agent (e.g. ALG)
3. Dynamic entries created from a static entry.  In this case, the spoofed
   port may not be unique.
4. Dynamic entries created by outbound session.  Here, the spoofed port is
   unique.

Return the entry pointer only if either the matching spoofed port belongs to
an entry of type 2 or 4 mentioned above.
*****************************************************************************/
UDP_TRANSLATION_ENTRY *match_spoofed_port_with_udp_entry (
	USHORT spoofed_port, 
	UDP_TRANSLATION_HEADER *sptr_udp_translation_list,
	BOOL findDummyStatic)
{
	UDP_TRANSLATION_ENTRY *sptr_udp_translation_entry;
	NAT_BIND_INFO    *bind_id;

	semTake (udpListLock, WAIT_FOREVER);

	for (sptr_udp_translation_entry = (UDP_TRANSLATION_ENTRY *) 
		DLL_FIRST ((DL_LIST *) sptr_udp_translation_list);
		sptr_udp_translation_entry != NULL;
		sptr_udp_translation_entry = (UDP_TRANSLATION_ENTRY *) 
			DLL_NEXT ((DL_NODE *) sptr_udp_translation_entry))
		{
		/* If looking for dummy static entry (to delete), skip dynamic entries. */
		if(findDummyStatic && (sptr_udp_translation_entry->static_entry == FALSE) )
			continue;

		if (sptr_udp_translation_entry->spoofed_local_port == spoofed_port)
			{
			nat_printf (NAT_PRINTF_TRACE, 
					"Found match for spoofed port %d in UDP list\n",
					spoofed_port);

			if (sptr_udp_translation_entry->static_entry == TRUE)
				{
				bind_id = (NAT_BIND_INFO *) sptr_udp_translation_entry->bind_id;
				if (bind_id->agent_id == 0)
					{
					/* This means a dummy static entry in the translation list;
					   so, ignore it unless caller is asking for it.
					*/
					if (findDummyStatic == TRUE)
						{
						semGive (udpListLock);
						return (sptr_udp_translation_entry);
						}
					}
				else
					{
					/* The static entry was created by an external agent (e.g. ALG).
					   In this case, return the entry.
					*/
					nat_printf (NAT_PRINTF_DATA,
							"Found static bind match for UDP port %d\n",
							spoofed_port);
					semGive(udpListLock);
					return (sptr_udp_translation_entry);
					}
				}
			else    /* matching dynamic entry found */
				{ 				
				if (sptr_udp_translation_entry->dynamicFromStatic == TRUE)
					{    
					/* the dynamic entry was created from static bind, so the spoofed port
					   may not be unique.  Therefore, returns NULL */
					semGive(udpListLock);
					return (NULL);
					}
				else
					{
					nat_printf (NAT_PRINTF_DATA,
							"Found dynamic bind match for UDP port %d\n",
							spoofed_port);
					semGive(udpListLock);
					return (sptr_udp_translation_entry);
					}
				}
			}
		}

	nat_printf (NAT_PRINTF_TRACE, 
		"No match for spoofed port %d in UDP list\n", spoofed_port);

	semGive(udpListLock);

	return (NULL);
}
/*****************************************************************************
Function:	match_udp_port_with_static_entry

Description:
Look for UDP entry in the static table with matching port.
*****************************************************************************/
NAT_PORT_STATIC_ENTRY *match_udp_port_with_static_entry (USHORT port_number)
{
	ULONG index;

	if (nat.static_entries_enabled == FALSE)
		{
		return (NULL);
		}
		
	for (index = 0x0000; index < MAXIMUM_NUMBER_OF_UDP_STATIC_ENTRIES; ++index)
		{
		if (nat.udp_static_entries[index].global_port_number == port_number)
			{
			nat_printf(NAT_PRINTF_TRACE, 
				"Found match for port %d in UDP static table\n", port_number);

			return (&nat.udp_static_entries[index]);
			}			
		}

	nat_printf(NAT_PRINTF_TRACE, 
		"No match for port %d in UDP static table\n", port_number);

	return (NULL);
}

/*****************************************************************************
Function:	match_identifier_with_icmp_entry

Description:
Look for matching ICMP identifier in the ICMP list.
*****************************************************************************/
ICMP_TRANSLATION_ENTRY *match_identifier_with_icmp_entry (
							USHORT icmp_identifier, 
							ICMP_TRANSLATION_HEADER *sptr_icmp_translation_list)
{
	ICMP_TRANSLATION_ENTRY *sptr_icmp_translation_entry;

	for (sptr_icmp_translation_entry = (ICMP_TRANSLATION_ENTRY *) DLL_FIRST ((DL_LIST *) sptr_icmp_translation_list);
		sptr_icmp_translation_entry != NULL;
		sptr_icmp_translation_entry = (ICMP_TRANSLATION_ENTRY *) DLL_NEXT ((DL_NODE *) sptr_icmp_translation_entry))
		{
			if (sptr_icmp_translation_entry->icmp_identifier == icmp_identifier)
				{
				nat_printf (NAT_PRINTF_TRACE, 
					"Found match for icmp_identifier = %x in ICMP list\n",
					sptr_icmp_translation_entry->icmp_identifier);

				return (sptr_icmp_translation_entry);
				}
				
		}

	nat_printf (NAT_PRINTF_TRACE, 
		"No match for icmp identifier %x in ICMP list\n",
		icmp_identifier);

	return (NULL);
}

/*****************************************************************************
Function:	match_spoofed_identifier_with_icmp_entry

Description:
Look for matching ICMP spoofed identifier in the ICMP list.
*****************************************************************************/
ICMP_TRANSLATION_ENTRY *match_spoofed_identifier_with_icmp_entry (
							USHORT spoofed_icmp_identifier, 
							ICMP_TRANSLATION_HEADER *sptr_icmp_translation_list)
{
	ICMP_TRANSLATION_ENTRY *sptr_icmp_translation_entry;

	for (sptr_icmp_translation_entry = (ICMP_TRANSLATION_ENTRY *) DLL_FIRST ((DL_LIST *) sptr_icmp_translation_list);
		sptr_icmp_translation_entry != NULL;
		sptr_icmp_translation_entry = (ICMP_TRANSLATION_ENTRY *) DLL_NEXT ((DL_NODE *) sptr_icmp_translation_entry))
		{
		if (sptr_icmp_translation_entry->spoofed_icmp_identifier == spoofed_icmp_identifier)
			{
			nat_printf (NAT_PRINTF_TRACE, "Found match for spoofed icmp identifier = %x\n",
						sptr_icmp_translation_entry->icmp_identifier);

			return (sptr_icmp_translation_entry);
			}
				
		}

	nat_printf (NAT_PRINTF_TRACE, 
		"No match for spoofed icmp identifier %x\n",
		spoofed_icmp_identifier);