nat_tcp.c

vxworks下ppp的实现源码

		}
		else
	 	    {
	            do_state_transition = FALSE;
		    }

	sptr_tcp_translation_entry->global_sequence_number = sptr_tcp_packet->tcp_header.sequence_number;

	if (do_state_transition == TRUE)
		{
		if (sptr_tcp_packet->tcp_header.flags.acknowledgment_flag == TRUE)
			{
			tcp_state_transistion_global_rx (NAT_ACK, sptr_tcp_translation_entry);
			}

		if (sptr_tcp_packet->tcp_header.flags.synchronize_flag == TRUE)
			{
			tcp_state_transistion_global_rx (NAT_SYNCH, sptr_tcp_translation_entry);
			}

		if (sptr_tcp_packet->tcp_header.flags.finished_flag == TRUE)
			{
			tcp_state_transistion_global_rx (NAT_FIN, sptr_tcp_translation_entry);
			}

		if (sptr_tcp_packet->tcp_header.flags.reset_flag == TRUE)
			{
			tcp_state_transistion_global_rx (NAT_RESET, sptr_tcp_translation_entry);
			}
			
		if ((sptr_tcp_packet->tcp_header.flags.acknowledgment_flag == FALSE) &&
			(sptr_tcp_packet->tcp_header.flags.synchronize_flag == FALSE) &&
			(sptr_tcp_packet->tcp_header.flags.reset_flag == FALSE) &&
			(sptr_tcp_packet->tcp_header.flags.finished_flag == FALSE))
			{
			tcp_state_transistion_global_rx (NAT_ESTABLISHED, sptr_tcp_translation_entry);
			}
		}

	return (PASS);
}
/**************************************************************************************************
Description:
	This function handles translation of TCP packets received from global port in NAPT mode.
	- First, see if there is a match of the spoofed port.  
	- If yes and this is not a static entry (see NOTE below), go ahead and translate.
	- If no or static entry, check for a match of the tuple of local address & port and 
	  global port in the TCP translation list.
	- If no match is found, check if the destination port can be found in the static port table.
	- If no, look for a match in the IP translation list (i.e. process it as Basic NAT).
	- Fix up the TCP sequence number if necessary.
	- Do the address and port translation on the packet before giving it to the higher layer.

NOTE:
	If static entry is true, it implies the session was started inbound.  It is not enough that 
	the spoofed port match is found since the spoofed port is the global port assigned from the 
	static table.  Hence, the spoofed port may not be uniquely mapped to a single session when
	multiple inbound sessions take place to the same local server.
**************************************************************************************************/	
static enum TEST handle_tcp_translation_global_rx_nats (TCP_PACKET *sptr_tcp_packet)
{
	TCP_TRANSLATION_ENTRY *sptr_tcp_translation_entry;
	USHORT checksum;
	IP_ADDRESS address;
	USHORT local_port_number;
	bool do_state_transition;
	NAT_PORT_STATIC_ENTRY *sptr_port_static_entry;
	NAT_BIND_INFO		bind_info, *bind_id;
	NAT_STATUS			status;
	
	/* if destination address is different from global address, handle as basic NAT */
    if (ntohl(sptr_tcp_packet->ip_header.destination_address) != nat.global_address)
		{
		if (handle_tcp_translation_global_rx_natg (sptr_tcp_packet) == PASS)
			{
			return (PASS);
			}
		else
			{
			return (PASS);	/* pass to network stack untranslated */
			}
		}

	sptr_tcp_translation_entry = match_spoofed_port_with_tcp_entry (
			ntohs (sptr_tcp_packet->tcp_header.destination_port),
			&nat.nats.tcp_translation_list, FALSE);

	if (sptr_tcp_translation_entry == NULL)
		{
		sptr_tcp_translation_entry = match_ports_with_tcp_entry_inbound (
			ntohs (sptr_tcp_packet->tcp_header.source_port),
			ntohs (sptr_tcp_packet->tcp_header.destination_port),
			ntohl (sptr_tcp_packet->ip_header.source_address),
			&nat.nats.tcp_translation_list);

		if (sptr_tcp_translation_entry == NULL)
			{
			if (sptr_tcp_packet->tcp_header.flags.synchronize_flag == TRUE)
				{
				sptr_port_static_entry = match_tcp_port_with_static_entry (ntohs (sptr_tcp_packet->tcp_header.destination_port));

				if (sptr_port_static_entry != NULL)
					{
					memset(&bind_info,0,sizeof(bind_info));
					bind_info.agent_id = 0;		/* agent is NAT */
					bind_info.type = NAT_BIND_NAPT;
					bind_info.direction = NAT_INBOUND;
					bind_info.protocol = IPPROTO_TCP;
					bind_info.static_entry = FALSE;
					bind_info.global_transport = sptr_port_static_entry->global_port_number;

					/* source and destination transport addresses must be in host format */
					bind_info.local_addr = sptr_port_static_entry->local_address;
					bind_info.local_transport = sptr_port_static_entry->local_port_number;
					bind_info.remote_addr = ntohl (sptr_tcp_packet->ip_header.source_address);
					bind_info.remote_transport = ntohs(sptr_tcp_packet->tcp_header.source_port);
	
					status = natSetBind((u_long)&nat, 0, &bind_info);
					if(status != NAT_OK)
						{
						nat_printf (NAT_PRINTF_ERROR, 
							"handle_tcp_translation_global_rx_nats: natSetBind returned %d\n",status);
						return(FAIL);
						}
				
					sptr_tcp_translation_entry = (TCP_TRANSLATION_ENTRY *) bind_info.nat_transport_entry;
					sptr_tcp_translation_entry->spoofed_local_port = bind_info.global_transport;
					sptr_tcp_translation_entry->local_address = sptr_port_static_entry->local_address;
					sptr_tcp_translation_entry->dynamicFromStatic = TRUE;
					}

				}

			/* if no match in port static entries, process as basic NAT to see if a match
			   of address static entries can be found.  This extra check is done in case
			   an IP static address == NAPT global address exists.
			*/
			if (sptr_tcp_translation_entry == NULL)
				{
				if (handle_tcp_translation_global_rx_natg (sptr_tcp_packet) == PASS)
					{
					nat_printf(NAT_PRINTF_TRACE, "TCP packet successfully translated in Basic NAT\n");
					return (PASS);
					}
				else
					{
					nat_printf(NAT_PRINTF_TRACE, "TCP packet passed untranslated to network stack\n");
					return (PASS);
					}
				}
			}
		}

	sptr_tcp_translation_entry->remote_port = ntohs (sptr_tcp_packet->tcp_header.source_port);
	sptr_tcp_translation_entry->remote_address = ntohl (sptr_tcp_packet->ip_header.source_address);

	/* set the remote port and address in the bind entry */
	bind_id = (NAT_BIND_INFO *) sptr_tcp_translation_entry->bind_id;
	bind_id->remote_transport = sptr_tcp_translation_entry->remote_port;
	bind_id->remote_addr = sptr_tcp_translation_entry->remote_address;

	tcp_sequence_number_fixup_global_rx (&sptr_tcp_packet->tcp_header, sptr_tcp_translation_entry);

	if (ntohl(sptr_tcp_packet->tcp_header.sequence_number) >=		/* tk - add ntohl */
			ntohl(sptr_tcp_translation_entry->global_sequence_number))
		{
		do_state_transition = TRUE;
		}
	else if(sptr_tcp_packet->tcp_header.flags.reset_flag == TRUE)
		{
		do_state_transition = TRUE;
		}
		else
		    {
		    do_state_transition = FALSE;
		    }

	sptr_tcp_translation_entry->global_sequence_number = sptr_tcp_packet->tcp_header.sequence_number;

	local_port_number = htons (sptr_tcp_translation_entry->local_port);

	checksum = sptr_tcp_packet->tcp_header.checksum;

	checksum_fixup ((BYTE *) &checksum,
						(BYTE *) &sptr_tcp_packet->tcp_header.destination_port, sizeof (USHORT),
						(BYTE *) &local_port_number, sizeof (USHORT)); 	

	sptr_tcp_packet->tcp_header.destination_port = local_port_number;
	sptr_tcp_packet->tcp_header.checksum = checksum;

	address = htonl (sptr_tcp_translation_entry->local_address);

	checksum_fixup ((BYTE *) &sptr_tcp_packet->tcp_header.checksum,
						(BYTE *) &sptr_tcp_packet->ip_header.destination_address, sizeof (IP_ADDRESS),
						(BYTE *) &address, sizeof (IP_ADDRESS));

	checksum = sptr_tcp_packet->ip_header.header_checksum;
	
	checksum_fixup ((BYTE *) &checksum,
						(BYTE *) &sptr_tcp_packet->ip_header.destination_address, sizeof (IP_ADDRESS),
						(BYTE *) &address, sizeof (IP_ADDRESS));

	sptr_tcp_packet->ip_header.destination_address = address;
	sptr_tcp_packet->ip_header.header_checksum = checksum;

	if (do_state_transition == TRUE)
		{
		if (sptr_tcp_packet->tcp_header.flags.acknowledgment_flag == TRUE)
			{
			tcp_state_transistion_global_rx (NAT_ACK, sptr_tcp_translation_entry);
			}

		if (sptr_tcp_packet->tcp_header.flags.synchronize_flag == TRUE)
			{
			tcp_state_transistion_global_rx (NAT_SYNCH, sptr_tcp_translation_entry);
			}

		if (sptr_tcp_packet->tcp_header.flags.finished_flag == TRUE)
			{
			tcp_state_transistion_global_rx (NAT_FIN, sptr_tcp_translation_entry);
			}

		if (sptr_tcp_packet->tcp_header.flags.reset_flag == TRUE)
			{
			tcp_state_transistion_global_rx (NAT_RESET, sptr_tcp_translation_entry);
			}
			
		if ((sptr_tcp_packet->tcp_header.flags.acknowledgment_flag == FALSE) &&
			(sptr_tcp_packet->tcp_header.flags.synchronize_flag == FALSE) &&
			(sptr_tcp_packet->tcp_header.flags.reset_flag == FALSE) &&
			(sptr_tcp_packet->tcp_header.flags.finished_flag == FALSE))
			{
			tcp_state_transistion_global_rx (NAT_ESTABLISHED, sptr_tcp_translation_entry);
			}
		}

	return (PASS);
}

/*************************************************************************************
Function:
	To handle address translation of packet received from local port in NAPT mode.

Description:
	Match transport address with existing TCP control block list. If found use this
	control block.
	If not found, look for match in IP control block list.  If match is found here,
	look for match in TCP control block list belonging to matched IP address.  If
	the match is found, process packet as Basic NAT.  Else, process it in NAPT mode.

	Once the transport address gets translated, check the TCP flag and do the TCP
	state transition to reset the connection timers (local and global connections)
	if necessary.
*************************************************************************************/
enum TEST handle_tcp_translation_local_rx_nats (TCP_PACKET *sptr_tcp_packet)
{
	TCP_TRANSLATION_ENTRY	*sptr_tcp_translation_entry;
	NAT_BIND_INFO			bind_info;
	NAT_STATUS				status;
	USHORT					checksum;
	IP_ADDRESS				address;
	USHORT					local_spoofed_port_number;
	bool					do_state_transition;

	sptr_tcp_translation_entry = match_ports_with_tcp_entry_outbound (
			ntohs (sptr_tcp_packet->tcp_header.destination_port),
			ntohs (sptr_tcp_packet->tcp_header.source_port),
			ntohl (sptr_tcp_packet->ip_header.source_address),
			&nat.nats.tcp_translation_list);

	/* tk: 08/07/01
	   This code is added for H.323 protocol to avoid duplicate bind entries.
	   The TCP bind might have been created with its global port == local port.
	   In such case, we can use the existing bind entry.
	*/
	if (sptr_tcp_translation_entry == NULL)
		{
		sptr_tcp_translation_entry = match_ports_with_tcp_entry_global (
			ntohs (sptr_tcp_packet->tcp_header.source_port), 
			ntohl (sptr_tcp_packet->ip_header.source_address), 
			&nat.nats.tcp_translation_list);
		}