nat_filter.c

vxworks下ppp的实现源码

/* nat_filter.c */

/* Copyright 2000-2003 Wind River Systems, Inc. */

/* @format.tab-size 4, @format.use-tabs true, @format.new-line lf */

/*
modification history
--------------------
01e,25apr03,myz  modified nat_filter_rx to take dstAddr instead of IP_PACKET *
01d,23apr03,zhu  updated copyright
01c,21apr03,myz  replaced swap(_long) with the ntohs(l) macros. 
01b,15apr03,zhu  replaced function call with direct access
01a,14mar03,zhu  SPR#85320 NAT/PPPoE interation problem
092302  vvv     replaced references to rw_container with direct linked list
		access to improve performance
100901  tk		Add additional check in nat_filter_rx() not to translate if destination address
				is a broadcast address.
081701	tk		Add new #define SHOW_REJECTED_PACKETS if wants to display addresses of packets
				rejected by NAT.
062701	tk		Undo address/mask pair fix.  It was working as it should.
053001	tk		Fix SPR#68056: Add conditional if statement around nat_printf for improved throughput.
051701	tk		Fix SPR#67125: Pass through list problem in nat_filter_local_rx.  When an address/
				mask pair is entered in the pass thru list, all hosts in the same subnet
				become pass through instead of just the specified host.
050701  tk		Fix ping problems.  NAT didn't respond when its global port address is 
				being pinged from global host in Basic NAT.  In NAPT mode, NAT didn't
				respond to ping when the configured global address is different from
				its global port address.
*/
/*
#define	SHOW_REJECTED_PACKETS	// to show packets rejected by NAT 
*/

#include "nat.h"

/***********************************************************************************
Description:
	Filtering packet received based on destination IP address.
	This function checks if NAT must translate this packet or not.
	In Basic NAT, when destination address is the same as NAT's global interface address,
	do not translate (i.e. pass to the higher layer).
	In NAPT, when destination address is the same as NAT's global interface address, check
	if the configured NAT's global address is the same as its global interface address.
	If no, do not translate.
***********************************************************************************/
enum NAT_FILTER nat_filter_rx (u_long dstAddr, USHORT port_number, enum NAT_PORT_TYPE nat_port_type)
{
	char addr_str[32];
	NAT_PASSTHRU_PAIR *p_pair;
	
	/* filter packet received from global port */
	if (nat_port_type == NAT_GLOBAL_PORT)
		{
		if (nat.port[port_number].default_translate_enabled == TRUE)
			{
			return (NAT_TRANSLATE);
			}

		if (nat.single_global_address_enabled == FALSE)
			{
			if (nat.port[port_number].address == dstAddr)
				{
				return (NAT_DONT_TRANSLATE);
				}
			}
		else
			{
			if (nat.port[port_number].address == dstAddr &&
				nat.port[port_number].address != nat.global_address)
				{
				return (NAT_DONT_TRANSLATE);
				}
			}
		
		if ((nat.global_address & nat.global_address_mask) != 
			(dstAddr & nat.global_address_mask))
			{
#ifdef SHOW_REJECTED_PACKETS
			if (nat.logging_enabled == true || nat.printing_enabled == true)
				{
				struct in_addr iaddr;
				iaddr.s_addr = htonl(dstAddr);
				inet_ntoa_b(iaddr,addr_str);

				nat_printf (NAT_PRINTF_DATA, "nat_filter: Non-global destination address: %s\n"
					,addr_str);
				}
#endif
			if (nat.filter_non_corporate_addresses == TRUE)
				{
				return (NAT_FILTER);
				}

			return (NAT_DONT_TRANSLATE);
			}
		else
			{    /* don't translate if broadcast address */
			/* SPR#85320  NAT/PPPoE interaction problem */
			if ((nat.global_address_mask != 0xffffffff) && 
			((dstAddr & ~nat.global_address_mask) ==
			(0xffffffff & ~nat.global_address_mask)))
				{
				return (NAT_DONT_TRANSLATE);
				}
			}

		if (nat.logging_enabled == true || nat.printing_enabled == true)
			{
			struct in_addr iaddr;

			nat_printf (NAT_PRINTF_TRACE, "nat_filter: Received inbound packet\n");
			iaddr.s_addr = htonl(dstAddr);
			inet_ntoa_b(iaddr,addr_str);

			nat_printf (NAT_PRINTF_DATA, "nat_filter: Address at global port to be translated: %s\n",
					addr_str);
			}

		return (NAT_TRANSLATE);
		}

	/* filter packet received from local port */
    else
        {
	    /* if destination address == NAT's global port address, don't translate */
	    if (dstAddr == nat.global_address)
		    {
		    return (NAT_DONT_TRANSLATE);
		    }

	    /* if the destination address is in the passthru list, don't translate */
	    p_pair = (NAT_PASSTHRU_PAIR *)lstFirst(&nat.passthru_list);

	    while (p_pair)
		    {
		    if ((p_pair->address & p_pair->mask) == (dstAddr & p_pair->mask))
			    {
			    return (NAT_DONT_TRANSLATE);
			    }
		
			    p_pair = (NAT_PASSTHRU_PAIR *)lstNext((NODE*)p_pair);
		    }
	
	    /* otherwise, translate */
	    return (NAT_TRANSLATE);
        }
}