patch-2.1.18 linux/net/ipv4/ip_masq.c
Next file: linux/net/ipv4/ip_masq_app.c
Previous file: linux/net/core/firewall.c
Back to the patch index
Back to the overall index
- Lines: 334
- Date:
Fri Dec 27 12:04:49 1996
- Orig file:
v2.1.17/linux/net/ipv4/ip_masq.c
- Orig date:
Thu Dec 12 19:37:25 1996
diff -u --recursive --new-file v2.1.17/linux/net/ipv4/ip_masq.c linux/net/ipv4/ip_masq.c
@@ -16,7 +16,7 @@
* Nigel Metheringham : Checksum checking of masqueraded data
* Nigel Metheringham : Better handling of timeouts of TCP conns
*
- *
+ *
*/
#include <linux/config.h>
@@ -66,7 +66,7 @@
*
* Greater values could lower MASQ_EXPIRATION setting as a way to
* manage 'masq_entries resource'.
- *
+ *
*/
int ip_masq_free_ports[2] = {
@@ -74,15 +74,11 @@
PORT_MASQ_END - PORT_MASQ_BEGIN /* TCP */
};
-static struct symbol_table ip_masq_syms = {
-#include <linux/symtab_begin.h>
- X(ip_masq_new),
- X(ip_masq_set_expire),
- X(ip_masq_free_ports),
- X(ip_masq_expire),
- X(ip_masq_out_get_2),
-#include <linux/symtab_end.h>
-};
+EXPORT_SYMBOL(ip_masq_new);
+EXPORT_SYMBOL(ip_masq_set_expire);
+EXPORT_SYMBOL(ip_masq_free_ports);
+EXPORT_SYMBOL(ip_masq_expire);
+EXPORT_SYMBOL(ip_masq_out_get_2);
/*
* 2 ip_masq hash tables: for input and output pkts lookups.
@@ -323,7 +319,7 @@
masq_proto_name(ms->protocol),
ntohl(ms->saddr),ntohs(ms->sport));
#endif
-
+
save_flags(flags);
cli();
@@ -378,47 +374,47 @@
if (proto == IPPROTO_UDP)
ms->flags |= IP_MASQ_F_NO_DADDR;
-
+
/* get masq address from rif */
ms->maddr = dev->pa_addr;
for (ports_tried = 0; ports_tried < *free_ports_p; ports_tried++){
save_flags(flags);
cli();
-
+
/*
* Try the next available port number
*/
-
+
ms->mport = htons(masq_port++);
if (masq_port==PORT_MASQ_END) masq_port = PORT_MASQ_BEGIN;
-
+
restore_flags(flags);
-
+
/*
* lookup to find out if this port is used.
*/
-
+
mst = ip_masq_getbym(proto, ms->maddr, ms->mport);
if (mst == NULL) {
save_flags(flags);
cli();
-
+
if (*free_ports_p == 0) {
restore_flags(flags);
break;
}
(*free_ports_p)--;
ip_masq_hash(ms);
-
+
restore_flags(flags);
-
+
ip_masq_bind_app(ms);
n_fails = 0;
return ms;
}
}
-
+
if (++n_fails < 5)
printk("ip_masq_new(proto=%s): could not get free masq entry (free=%d).\n",
masq_proto_name(ms->protocol), *free_ports_p);
@@ -451,7 +447,7 @@
if(uh->check==0)
uh->check=0xFFFF;
}
-
+
int ip_fw_masquerade(struct sk_buff **skb_ptr, struct device *dev)
{
struct sk_buff *skb=*skb_ptr;
@@ -489,7 +485,7 @@
/*
* Nope, not found, create a new entry for it
*/
-
+
if (ms==NULL)
{
ms = ip_masq_new(dev, iph->protocol,
@@ -503,7 +499,7 @@
/*
* Change the fragments origin
*/
-
+
size = skb->len - ((unsigned char *)portptr - skb->nh.raw);
/*
* Set iph addr and port from ip_masq obj.
@@ -529,7 +525,7 @@
/*
* Adjust packet accordingly to protocol
*/
-
+
if (iph->protocol==IPPROTO_UDP)
{
timeout = ip_masq_expire->udp_timeout;
@@ -566,7 +562,10 @@
else timeout = ip_masq_expire->tcp_timeout;
skb->csum = csum_partial((void *)(th + 1), size - sizeof(*th), 0);
- tcp_v4_check(th, size, iph->saddr, iph->daddr, skb->csum);
+ th->check = 0;
+ th->check = tcp_v4_check(th, size, iph->saddr, iph->daddr,
+ csum_partial((char *)th, sizeof(*th),
+ skb->csum));
}
ip_masq_set_expire(ms, timeout);
ip_send_check(iph);
@@ -602,7 +601,7 @@
ntohl(iph->saddr), ntohl(iph->daddr));
#endif
- /*
+ /*
* Work through seeing if this is for us.
* These checks are supposed to be in an order that
* means easy things are checked first to speed up
@@ -622,8 +621,8 @@
if ((ciph->protocol != IPPROTO_UDP) && (ciph->protocol != IPPROTO_TCP))
return 0;
- /*
- * Find the ports involved - this packet was
+ /*
+ * Find the ports involved - this packet was
* incoming so the ports are right way round
* (but reversed relative to outer IP header!)
*/
@@ -633,10 +632,10 @@
return 0;
/* Ensure the checksum is correct */
- if (ip_compute_csum((unsigned char *) icmph, len))
+ if (ip_compute_csum((unsigned char *) icmph, len))
{
/* Failed checksum! */
- printk(KERN_INFO "MASQ: forward ICMP: failed checksum from %s!\n",
+ printk(KERN_INFO "MASQ: forward ICMP: failed checksum from %s!\n",
in_ntoa(iph->saddr));
return(-1);
}
@@ -657,11 +656,11 @@
/* First change the source IP address, and recalc checksum */
iph->saddr = ms->maddr;
ip_send_check(iph);
-
+
/* Now change the *dest* address in the contained IP */
ciph->daddr = ms->maddr;
ip_send_check(ciph);
-
+
/* the TCP/UDP dest port - cannot redo check */
pptr[1] = ms->mport;
@@ -713,8 +712,8 @@
if ((ciph->protocol != IPPROTO_UDP) && (ciph->protocol != IPPROTO_TCP))
return 0;
- /*
- * Find the ports involved - remember this packet was
+ /*
+ * Find the ports involved - remember this packet was
* *outgoing* so the ports are reversed (and addresses)
*/
pptr = (__u16 *)&(((char *)ciph)[ciph->ihl*4]);
@@ -723,10 +722,10 @@
return 0;
/* Ensure the checksum is correct */
- if (ip_compute_csum((unsigned char *) icmph, len))
+ if (ip_compute_csum((unsigned char *) icmph, len))
{
/* Failed checksum! */
- printk(KERN_INFO "MASQ: reverse ICMP: failed checksum from %s!\n",
+ printk(KERN_INFO "MASQ: reverse ICMP: failed checksum from %s!\n",
in_ntoa(iph->saddr));
return(-1);
}
@@ -747,11 +746,11 @@
/* First change the dest IP address, and recalc checksum */
iph->daddr = ms->saddr;
ip_send_check(iph);
-
+
/* Now change the *source* address in the contained IP */
ciph->saddr = ms->saddr;
ip_send_check(ciph);
-
+
/* the TCP/UDP source port - cannot redo check */
pptr[0] = ms->sport;
@@ -803,7 +802,7 @@
/* No UDP checksum */
break;
- switch (skb->ip_summed)
+ switch (skb->ip_summed)
{
case CHECKSUM_NONE:
skb->csum = csum_partial((char *)portptr, len, 0);
@@ -811,7 +810,7 @@
if (csum_tcpudp_magic(iph->saddr, iph->daddr, len,
iph->protocol, skb->csum))
{
- printk(KERN_INFO "MASQ: failed TCP/UDP checksum from %s!\n",
+ printk(KERN_INFO "MASQ: failed TCP/UDP checksum from %s!\n",
in_ntoa(iph->saddr));
return -1;
}
@@ -898,10 +897,12 @@
len - sizeof(struct tcphdr), 0);
th = (struct tcphdr *) portptr;
th->check = 0;
+ th->check = tcp_v4_check(th, len, iph->saddr,
+ iph->daddr,
+ csum_partial((char *)th,
+ sizeof(*th),
+ skb->csum));
- tcp_v4_check(th, len, iph->saddr, iph->daddr,
- skb->csum);
-
/* Check if TCP FIN or RST */
if (th->fin)
{
@@ -911,7 +912,7 @@
{
ms->flags |= IP_MASQ_F_SAW_RST;
}
-
+
/* Now set the timeouts */
if (ms->flags & IP_MASQ_F_SAW_RST)
{
@@ -948,18 +949,18 @@
char temp[129];
int idx = 0;
int len=0;
-
- if (offset < 128)
+
+ if (offset < 128)
{
sprintf(temp,
"Prc FromIP FPrt ToIP TPrt Masq Init-seq Delta PDelta Expires (free=%d,%d)",
- ip_masq_free_ports[0], ip_masq_free_ports[1]);
+ ip_masq_free_ports[0], ip_masq_free_ports[1]);
len = sprintf(buffer, "%-127s\n", temp);
}
pos = 128;
save_flags(flags);
cli();
-
+
for(idx = 0; idx < IP_MASQ_TAB_SIZE; idx++)
for(ms = ip_masq_m_tab[idx]; ms ; ms = ms->m_link)
{
@@ -997,24 +998,23 @@
return len;
}
-#ifdef CONFIG_PROC_FS
+#ifdef CONFIG_PROC_FS
static struct proc_dir_entry proc_net_ipmsqhst = {
PROC_NET_IPMSQHST, 13, "ip_masquerade",
S_IFREG | S_IRUGO, 1, 0, 0,
0, &proc_net_inode_operations,
ip_msqhst_procinfo
};
-#endif
+#endif
/*
* Initialize ip masquerading
*/
int ip_masq_init(void)
{
- register_symtab (&ip_masq_syms);
-#ifdef CONFIG_PROC_FS
+#ifdef CONFIG_PROC_FS
proc_net_register(&proc_net_ipmsqhst);
-#endif
+#endif
ip_masq_app_init();
return 0;
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen, slshen@lbl.gov