📄 nat_icmp_datagram.c
字号:
{ return (PASS); } address = htonl (sptr_icmp_translation_entry->local_address); checksum = sptr_icmp_packet->ip_header.header_checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &sptr_icmp_packet->ip_header.destination_address, sizeof (IP_ADDRESS), (BYTE *) &address, sizeof (IP_ADDRESS)); sptr_icmp_packet->ip_header.destination_address = address; sptr_icmp_packet->ip_header.header_checksum = checksum; return (PASS);}/***************************************************************************/static enum TEST handle_icmp_embedded_tcp_translation_local_rx_datagram_nats (ICMP_PACKET *sptr_icmp_packet){ NAT_IP_TCP_HEADER nested_tcp_header; IP_ADDRESS address; TCP_TRANSLATION_ENTRY *sptr_tcp_translation_entry; NAT_ICMP_EMBEDDED_HEADER *sptr_icmp_embedded_header; USHORT checksum; USHORT local_spoofed_port_number; nested_tcp_header = *(NAT_IP_TCP_HEADER *) &sptr_icmp_packet->header.option.unreachable_message.ip_data; sptr_icmp_embedded_header = (NAT_ICMP_EMBEDDED_HEADER *) &sptr_icmp_packet->header.option.unreachable_message.ip_data; sptr_tcp_translation_entry = match_ports_with_tcp_entry_outbound ( ntohs (nested_tcp_header.tcp_header.source_port), ntohs (nested_tcp_header.tcp_header.destination_port), ntohl (nested_tcp_header.ip_header.destination_address), &nat.nats.tcp_translation_list); if (sptr_tcp_translation_entry == NULL) { /* no way to determine who to send the ICMP message to*/ return (FAIL); } address = htonl (nat.global_address); local_spoofed_port_number = htons (sptr_tcp_translation_entry->spoofed_local_port); tcp_sequence_number_fixup_local_rx (&nested_tcp_header.tcp_header, sptr_tcp_translation_entry); checksum = nested_tcp_header.tcp_header.checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &nested_tcp_header.tcp_header.destination_port, sizeof (USHORT), (BYTE *) &local_spoofed_port_number, sizeof (USHORT)); nested_tcp_header.tcp_header.destination_port = local_spoofed_port_number; nested_tcp_header.tcp_header.checksum = checksum; checksum = nested_tcp_header.ip_header.header_checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &nested_tcp_header.ip_header.destination_address, sizeof (IP_ADDRESS), (BYTE *) &address, sizeof (IP_ADDRESS)); nested_tcp_header.ip_header.destination_address = address; nested_tcp_header.ip_header.header_checksum = checksum; checksum = sptr_icmp_packet->header.checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &sptr_icmp_packet->header.option.unreachable_message.ip_data, sizeof (NAT_ICMP_EMBEDDED_HEADER), (BYTE *) &nested_tcp_header, sizeof (NAT_ICMP_EMBEDDED_HEADER)); *sptr_icmp_embedded_header = *(NAT_ICMP_EMBEDDED_HEADER *) &nested_tcp_header; sptr_icmp_packet->header.checksum = checksum; checksum = sptr_icmp_packet->ip_header.header_checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &sptr_icmp_packet->ip_header.source_address, sizeof (IP_ADDRESS), (BYTE *) &address, sizeof (IP_ADDRESS)); sptr_icmp_packet->ip_header.source_address = address; sptr_icmp_packet->ip_header.header_checksum = checksum; return (PASS);}/***************************************************************************/static enum TEST handle_icmp_embedded_udp_translation_local_rx_datagram_nats (ICMP_PACKET *sptr_icmp_packet){ NAT_IP_UDP_HEADER nested_udp_header; NAT_ICMP_EMBEDDED_HEADER *sptr_icmp_embedded_header; UDP_TRANSLATION_ENTRY *sptr_udp_translation_entry; IP_ADDRESS address; USHORT checksum; USHORT local_spoofed_port_number; nested_udp_header = *(NAT_IP_UDP_HEADER *) &sptr_icmp_packet->header.option.unreachable_message.ip_data; sptr_icmp_embedded_header = (NAT_ICMP_EMBEDDED_HEADER *) &sptr_icmp_packet->header.option.unreachable_message.ip_data; sptr_udp_translation_entry = match_ports_with_udp_entry_outbound ( ntohs (nested_udp_header.udp_header.source_port), ntohs (nested_udp_header.udp_header.destination_port), ntohl (nested_udp_header.ip_header.destination_address), &nat.nats.udp_translation_list); if (sptr_udp_translation_entry == NULL) { /* no way to determine who to send the ICMP message to*/ return (FAIL); } address = htonl (nat.global_address); local_spoofed_port_number = htons (sptr_udp_translation_entry->spoofed_local_port); checksum = nested_udp_header.udp_header.checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &nested_udp_header.udp_header.destination_port, sizeof (USHORT), (BYTE *) &local_spoofed_port_number, sizeof (USHORT)); nested_udp_header.udp_header.destination_port = local_spoofed_port_number; nested_udp_header.udp_header.checksum = checksum; checksum = nested_udp_header.ip_header.header_checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &nested_udp_header.ip_header.destination_address, sizeof (IP_ADDRESS), (BYTE *) &address, sizeof (IP_ADDRESS)); nested_udp_header.ip_header.destination_address = address; nested_udp_header.ip_header.header_checksum = checksum; checksum = sptr_icmp_packet->header.checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &sptr_icmp_packet->header.option.unreachable_message.ip_data, sizeof (NAT_ICMP_EMBEDDED_HEADER), (BYTE *) &nested_udp_header, sizeof (NAT_ICMP_EMBEDDED_HEADER)); *sptr_icmp_embedded_header = *(NAT_ICMP_EMBEDDED_HEADER *) &nested_udp_header; sptr_icmp_packet->header.checksum = checksum; checksum = sptr_icmp_packet->ip_header.header_checksum; checksum_fixup ((BYTE *) &checksum, (BYTE *) &sptr_icmp_packet->ip_header.source_address, sizeof (IP_ADDRESS), (BYTE *) &address, sizeof (IP_ADDRESS)); sptr_icmp_packet->ip_header.source_address = address; sptr_icmp_packet->ip_header.header_checksum = checksum; return (PASS);}/**********************************************************************************************Description: Handle packet received from local port in Basic NAT**********************************************************************************************/static enum TEST handle_icmp_translation_local_rx_datagram_natg (ICMP_PACKET *sptr_icmp_packet){ ICMP_DATA changed_data; ICMP_DATA unchanged_data; IP_PACKET nested_ip_packet; IP_TRANSLATION_ENTRY *sptr_ip_translation_entry; nested_ip_packet.header = sptr_icmp_packet->header.option.unreachable_message.ip_data; nat_printf (NAT_PRINTF_TRACE, "ICMP received local: translate embedded IP header\n"); unchanged_data.ip_data.addresses.source_address = nested_ip_packet.header.source_address; unchanged_data.ip_data.addresses.destination_address = nested_ip_packet.header.destination_address; unchanged_data.ip_data.ip_checksum = nested_ip_packet.header.header_checksum; changed_data.ip_data.addresses.source_address = nested_ip_packet.header.source_address; sptr_ip_translation_entry = match_sa_with_local_address ( ntohl (unchanged_data.ip_data.addresses.destination_address), &nat.natg.ip_translation_list); if (sptr_ip_translation_entry == NULL) { nat_printf (NAT_PRINTF_TRACE, "ICMP received local: Can't match embedded destination IP address in ICMP datagram.\n"); return (FAIL); } changed_data.ip_data.addresses.destination_address = htonl (sptr_ip_translation_entry->sa_global_address); changed_data.ip_data.ip_checksum = nested_ip_packet.header.header_checksum; /* adjust embedded IP checksum */ checksum_fixup ((BYTE *) &changed_data.ip_data.ip_checksum, (BYTE *) &unchanged_data.ip_data.addresses.destination_address, (USHORT) sizeof (IP_ADDRESS), (BYTE *) &changed_data.ip_data.addresses.destination_address, (USHORT )sizeof (IP_ADDRESS)); nested_ip_packet.header.destination_address = changed_data.ip_data.addresses.destination_address; nested_ip_packet.header.header_checksum = changed_data.ip_data.ip_checksum; changed_data.icmp_checksum = sptr_icmp_packet->header.checksum; /* adjust ICMP header checksum, first with change in embedded IP address */ checksum_fixup ((BYTE *) &changed_data.icmp_checksum, (BYTE *) &sptr_icmp_packet->header.option.unreachable_message.ip_data.destination_address, sizeof (ULONG), (BYTE *) &nested_ip_packet.header.destination_address, sizeof (ULONG)); sptr_icmp_packet->header.option.unreachable_message.ip_data.destination_address = changed_data.ip_data.addresses.destination_address; /* adjust ICMP header checksum, then with change in embedded IP checksum */ checksum_fixup ((BYTE *) &changed_data.icmp_checksum, (BYTE *) &sptr_icmp_packet->header.option.unreachable_message.ip_data.header_checksum, sizeof (USHORT), (BYTE *) &nested_ip_packet.header.header_checksum, sizeof (USHORT)); sptr_icmp_packet->header.option.unreachable_message.ip_data.source_address = changed_data.ip_data.addresses.source_address; sptr_icmp_packet->header.option.unreachable_message.ip_data.destination_address = changed_data.ip_data.addresses.destination_address; sptr_icmp_packet->header.option.unreachable_message.ip_data.header_checksum = changed_data.ip_data.ip_checksum; sptr_icmp_packet->header.checksum = changed_data.icmp_checksum; nat_printf (NAT_PRINTF_TRACE, "ICMP received local: translate IP header of ICMP packet\n"); /* this function also adjusts IP header's checksum */ if (handle_ip_translation_local_rx_natg ((IP_PACKET *) sptr_icmp_packet) == NULL) { return (FAIL); } return (PASS);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -