Lines Matching defs:nat
142 /* nat */
477 "nat ipftq udp tab");
481 "nat ipftq udpack tab");
485 "nat icmp ipftq tab");
489 "nat icmpack ipftq tab");
493 "nat ip ipftq tab");
496 IPFTQ_INIT(&softn->ipf_nat_pending, 1, "nat pending ipftq tab");
515 MUTEX_INIT(&softn->ipf_nat_new, "ipf nat new mutex");
516 MUTEX_INIT(&softn->ipf_nat_io, "ipf nat io mutex");
985 ipnat_t *nat, *nt, *n;
1015 nat = NULL;
1026 nat = natd;
1050 nat = nt;
1057 nat->in_flags &= IPN_USERFLAGS;
1058 if ((nat->in_redir & NAT_MAPBLK) == 0) {
1059 if (nat->in_osrcatype == FRI_NORMAL ||
1060 nat->in_osrcatype == FRI_NONE)
1061 nat->in_osrcaddr &= nat->in_osrcmsk;
1062 if (nat->in_odstatype == FRI_NORMAL ||
1063 nat->in_odstatype == FRI_NONE)
1064 nat->in_odstaddr &= nat->in_odstmsk;
1065 if ((nat->in_flags & (IPN_SPLIT|IPN_SIPRANGE)) == 0) {
1066 if (nat->in_nsrcatype == FRI_NORMAL)
1067 nat->in_nsrcaddr &= nat->in_nsrcmsk;
1068 if (nat->in_ndstatype == FRI_NORMAL)
1069 nat->in_ndstaddr &= nat->in_ndstmsk;
1073 error = ipf_nat_rule_init(softc, softn, nat);
1079 if (ipf_nat_cmp_rules(nat, n) == 0)
1157 if (nat != nt)
1158 bcopy((char *)nat, (char *)nt, sizeof(*n));
1162 nat = NULL;
1403 if (nat != NULL)
1404 ipf_nat_rule_fini(softc, nat);
1677 /* Return the size of the nat list entry to be copied back to user space. */
1686 nat_t *nat, *n;
1700 nat = ng.ng_ptr;
1701 if (!nat) {
1702 nat = softn->ipf_nat_instances;
1707 if (nat == NULL) {
1725 if (n == nat)
1740 aps = nat->nat_aps;
1779 nat_t *n, *nat;
1801 nat = ipns.ipn_next;
1802 if (nat == NULL) {
1803 nat = softn->ipf_nat_instances;
1804 if (nat == NULL) {
1818 if (n == nat)
1826 ipn->ipn_next = nat->nat_next;
1831 bcopy((char *)nat, &ipn->ipn_nat, sizeof(*nat));
1836 if (nat->nat_ptr != NULL)
1837 bcopy((char *)nat->nat_ptr, (char *)&ipn->ipn_ipnat,
1844 if (nat->nat_fr != NULL)
1845 bcopy((char *)nat->nat_fr, (char *)&ipn->ipn_fr,
1853 aps = nat->nat_aps;
1914 nat_t *n, *nat;
1933 nat = NULL;
1964 KMALLOC(nat, nat_t *);
1965 if (nat == NULL) {
1971 bcopy((char *)&ipnn->ipn_nat, (char *)nat, sizeof(*nat));
1973 switch (nat->nat_v[0])
1990 bzero((char *)nat, offsetof(struct nat, nat_tqe));
1991 nat->nat_tqe.tqe_pnext = NULL;
1992 nat->nat_tqe.tqe_next = NULL;
1993 nat->nat_tqe.tqe_ifq = NULL;
1994 nat->nat_tqe.tqe_parent = nat;
1997 * Restore the rule associated with this nat session
2002 nat->nat_ptr = in;
2036 fin->fin_v = nat->nat_v[0];
2037 fin->fin_p = nat->nat_pr[0];
2038 fin->fin_rev = nat->nat_rev;
2039 fin->fin_ifp = nat->nat_ifps[0];
2040 fin->fin_data[0] = ntohs(nat->nat_ndport);
2041 fin->fin_data[1] = ntohs(nat->nat_nsport);
2043 switch (nat->nat_dir)
2051 fin->fin_v = nat->nat_v[1];
2052 if (nat->nat_v[1] == 4) {
2053 n = ipf_nat_inlookup(fin, nat->nat_flags, fin->fin_p,
2054 nat->nat_ndstip, nat->nat_nsrcip);
2056 } else if (nat->nat_v[1] == 6) {
2057 n = ipf_nat6_inlookup(fin, nat->nat_flags, fin->fin_p,
2058 &nat->nat_ndst6.in6,
2059 &nat->nat_nsrc6.in6);
2080 n = ipf_nat_outlookup(fin, nat->nat_flags, fin->fin_p,
2081 nat->nat_ndstip,
2082 nat->nat_nsrcip);
2085 n = ipf_nat6_outlookup(fin, nat->nat_flags, fin->fin_p,
2086 &nat->nat_ndst6.in6,
2087 &nat->nat_nsrc6.in6);
2111 aps = nat->nat_aps;
2114 nat->nat_aps = aps;
2149 fr = nat->nat_fr;
2151 if ((nat->nat_flags & SI_NEWFR) != 0) {
2153 nat->nat_fr = fr;
2170 MUTEX_INIT(&fr->fr_lock, "nat-filter rule lock");
2206 error = ipf_nat_finalise(fin, nat);
2209 error = ipf_nat6_finalise(fin, nat);
2234 if (nat != NULL) {
2246 KFREE(nat);
2256 /* nat(I) - pointer to NAT structure to delete */
2260 /* Delete a nat entry from the various lists and table. If NAT logging is */
2264 ipf_nat_delete(ipf_main_softc_t *softc, struct nat *nat, int logtype)
2273 ipf_nat_log(softc, softn, nat, logtype);
2279 if (nat->nat_pnext != NULL) {
2282 bkt = nat->nat_hv[0] % softn->ipf_nat_table_sz;
2290 bkt = nat->nat_hv[1] % softn->ipf_nat_table_sz;
2298 *nat->nat_pnext = nat->nat_next;
2299 if (nat->nat_next != NULL) {
2300 nat->nat_next->nat_pnext = nat->nat_pnext;
2301 nat->nat_next = NULL;
2303 nat->nat_pnext = NULL;
2305 *nat->nat_phnext[0] = nat->nat_hnext[0];
2306 if (nat->nat_hnext[0] != NULL) {
2307 nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0];
2308 nat->nat_hnext[0] = NULL;
2310 nat->nat_phnext[0] = NULL;
2312 *nat->nat_phnext[1] = nat->nat_hnext[1];
2313 if (nat->nat_hnext[1] != NULL) {
2314 nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1];
2315 nat->nat_hnext[1] = NULL;
2317 nat->nat_phnext[1] = NULL;
2319 if ((nat->nat_flags & SI_WILDP) != 0) {
2325 if (nat->nat_me != NULL) {
2326 *nat->nat_me = NULL;
2327 nat->nat_me = NULL;
2328 nat->nat_ref--;
2329 ASSERT(nat->nat_ref >= 0);
2332 if (nat->nat_tqe.tqe_ifq != NULL) {
2337 (void) ipf_deletequeueentry(&nat->nat_tqe);
2340 if (nat->nat_sync) {
2341 ipf_sync_del_nat(softc->ipf_sync_soft, nat->nat_sync);
2342 nat->nat_sync = NULL;
2348 MUTEX_ENTER(&nat->nat_lock);
2351 * This happens when a nat'd packet is blocked and we want to throw
2355 if (nat->nat_ref > 2) {
2356 nat->nat_ref -= 2;
2357 MUTEX_EXIT(&nat->nat_lock);
2362 } else if (nat->nat_ref > 1) {
2363 nat->nat_ref--;
2364 MUTEX_EXIT(&nat->nat_lock);
2369 ASSERT(nat->nat_ref >= 0);
2370 MUTEX_EXIT(&nat->nat_lock);
2372 nat->nat_ref = 0;
2380 softn->ipf_nat_stats.ns_proto[nat->nat_pr[0]]--;
2382 if (nat->nat_fr != NULL) {
2383 (void) ipf_derefrule(softc, &nat->nat_fr);
2386 if (nat->nat_hm != NULL) {
2387 ipf_nat_hostmapdel(softc, &nat->nat_hm);
2391 * If there is an active reference from the nat entry to its parent
2395 ipn = nat->nat_ptr;
2396 nat->nat_ptr = NULL;
2403 if (nat->nat_aps != NULL) {
2404 ipf_proxy_free(softc, nat->nat_aps);
2405 nat->nat_aps = NULL;
2408 MUTEX_DESTROY(&nat->nat_lock);
2413 * If there's a fragment table entry too for this nat entry, then
2417 ipf_frag_natforget(softc, (void *)nat);
2419 KFREE(nat);
2440 nat_t *nat;
2456 while ((nat = softn->ipf_nat_instances) != NULL) {
2457 ipf_nat_delete(softc, nat, NL_FLUSH);
2532 nat_t *nat;
2534 for (next = softn->ipf_nat_instances; (nat = next) != NULL;) {
2535 next = nat->nat_next;
2536 if (nat->nat_ptr == np)
2537 ipf_nat_delete(softc, nat, NL_PURGE);
2579 /* nat(I) - pointer to NAT entry */
2589 ipf_nat_newmap(fr_info_t *fin, nat_t *nat, natinfo_t *ni)
2611 flags = nat->nat_flags;
2643 nat->nat_hm = hm;
2813 nat->nat_osrcip = fin->fin_src;
2814 nat->nat_nsrcaddr = htonl(in.s_addr);
2815 nat->nat_odstip = fin->fin_dst;
2816 nat->nat_ndstip = fin->fin_dst;
2817 if (nat->nat_hm == NULL)
2818 nat->nat_hm = ipf_nat_hostmap(softn, np, fin->fin_src,
2819 fin->fin_dst, nat->nat_nsrcip,
2823 nat->nat_osport = sport;
2824 nat->nat_nsport = port; /* sport */
2825 nat->nat_odport = dport;
2826 nat->nat_ndport = dport;
2829 nat->nat_oicmpid = fin->fin_data[1];
2831 nat->nat_nicmpid = port;
2842 /* nat(I) - pointer to NAT entry */
2850 ipf_nat_newrdr(fr_info_t *fin, nat_t *nat, natinfo_t *ni)
2867 flags = nat->nat_flags;
3013 nat->nat_ndstaddr = htonl(in.s_addr);
3014 nat->nat_odstip = fin->fin_dst;
3015 nat->nat_nsrcip = fin->fin_src;
3016 nat->nat_osrcip = fin->fin_src;
3017 if ((nat->nat_hm == NULL) && ((np->in_flags & IPN_STICKY) != 0))
3018 nat->nat_hm = ipf_nat_hostmap(softn, np, fin->fin_src,
3022 nat->nat_odport = dport;
3023 nat->nat_ndport = nport;
3024 nat->nat_osport = sport;
3025 nat->nat_nsport = sport;
3028 nat->nat_oicmpid = fin->fin_data[1];
3030 nat->nat_nicmpid = nport;
3065 nat_t *nat, *natl;
3092 /* Give me a new nat */
3093 KMALLOC(nat, nat_t *);
3094 if (nat == NULL) {
3129 bzero((char *)nat, sizeof(*nat));
3130 nat->nat_flags = flags;
3131 nat->nat_redir = np->in_redir;
3132 nat->nat_dir = direction;
3133 nat->nat_pr[0] = fin->fin_p;
3134 nat->nat_pr[1] = fin->fin_p;
3141 move = ipf_nat_newdivert(fin, nat, &ni);
3144 move = ipf_nat_newrewrite(fin, nat, &ni);
3155 KFREE(nat);
3156 nat = natl;
3160 move = ipf_nat_newmap(fin, nat, &ni);
3168 KFREE(nat);
3169 nat = natl;
3173 move = ipf_nat_newrdr(fin, nat, &ni);
3180 nat->nat_mssclamp = np->in_mssclamp;
3181 nat->nat_me = natsave;
3182 nat->nat_fr = fin->fin_fr;
3183 nat->nat_rev = fin->fin_rev;
3184 nat->nat_ptr = np;
3185 nat->nat_dlocal = np->in_dlocal;
3187 if ((np->in_apr != NULL) && ((nat->nat_flags & NAT_SLAVE) == 0)) {
3188 if (ipf_proxy_new(fin, nat) == -1) {
3194 nat->nat_ifps[0] = np->in_ifps[0];
3196 COPYIFNAME(np->in_v[0], np->in_ifps[0], nat->nat_ifnames[0]);
3199 nat->nat_ifps[1] = np->in_ifps[1];
3201 COPYIFNAME(np->in_v[1], np->in_ifps[1], nat->nat_ifnames[1]);
3204 if (ipf_nat_finalise(fin, nat) == -1) {
3222 nsp->ns_proto[nat->nat_pr[0]]++;
3226 DT2(ns_badnatnew, fr_info_t *, fin, nat_t *, nat);
3228 if ((hm = nat->nat_hm) != NULL)
3230 KFREE(nat);
3231 nat = NULL;
3233 if (nat != NULL && np != NULL)
3236 *natsave = nat;
3237 return nat;
3245 /* nat(I) - pointer to NAT entry */
3253 ipf_nat_finalise(fr_info_t *fin, nat_t *nat)
3263 switch (nat->nat_pr[0])
3266 sum1 = LONG_SUM(ntohs(nat->nat_oicmpid));
3267 sum2 = LONG_SUM(ntohs(nat->nat_nicmpid));
3269 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
3274 sum1 = LONG_SUM(ntohl(nat->nat_osrcaddr) + \
3275 ntohs(nat->nat_osport));
3276 sum2 = LONG_SUM(ntohl(nat->nat_nsrcaddr) + \
3277 ntohs(nat->nat_nsport));
3279 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
3281 sum1 = LONG_SUM(ntohl(nat->nat_odstaddr) + \
3282 ntohs(nat->nat_odport));
3283 sum2 = LONG_SUM(ntohl(nat->nat_ndstaddr) + \
3284 ntohs(nat->nat_ndport));
3286 nat->nat_sumd[0] += (sumd & 0xffff) + (sumd >> 16);
3295 if (nat->nat_dir == NAT_OUTBOUND) {
3296 sum1 = LONG_SUM(ntohl(nat->nat_nsrcaddr));
3297 sum1 += LONG_SUM(ntohl(nat->nat_ndstaddr));
3299 sum1 = LONG_SUM(ntohl(nat->nat_osrcaddr));
3300 sum1 += LONG_SUM(ntohl(nat->nat_odstaddr));
3302 sum1 += nat->nat_pr[1];
3303 nat->nat_sumd[1] = (sum1 & 0xffff) + (sum1 >> 16);
3305 sum1 = LONG_SUM(ntohl(nat->nat_osrcaddr));
3306 sum2 = LONG_SUM(ntohl(nat->nat_nsrcaddr));
3308 nat->nat_ipsumd = (sumd & 0xffff) + (sumd >> 16);
3310 sum1 = LONG_SUM(ntohl(nat->nat_odstaddr));
3311 sum2 = LONG_SUM(ntohl(nat->nat_ndstaddr));
3313 nat->nat_ipsumd += (sumd & 0xffff) + (sumd >> 16);
3315 nat->nat_v[0] = 4;
3316 nat->nat_v[1] = 4;
3318 if ((nat->nat_ifps[0] != NULL) && (nat->nat_ifps[0] != (void *)-1)) {
3319 nat->nat_mtu[0] = GETIFMTU_4(nat->nat_ifps[0]);
3322 if ((nat->nat_ifps[1] != NULL) && (nat->nat_ifps[1] != (void *)-1)) {
3323 nat->nat_mtu[1] = GETIFMTU_4(nat->nat_ifps[1]);
3326 if ((nat->nat_flags & SI_CLONE) == 0)
3327 nat->nat_sync = ipf_sync_new(softc, SMC_NAT, fin, nat);
3329 if (ipf_nat_insert(softc, softn, nat) == 0) {
3331 ipf_nat_log(softc, softn, nat, NL_NEW);
3332 fr = nat->nat_fr;
3345 if (nat->nat_sync != NULL)
3346 ipf_sync_del_nat(softc->ipf_sync_soft, nat->nat_sync);
3356 /* nat(I) - pointer to NAT structure */
3363 ipf_nat_insert(ipf_main_softc_t *softc, ipf_nat_softc_t *softn, nat_t *nat)
3374 if ((nat->nat_flags & (SI_W_SPORT|SI_W_DPORT)) == 0) {
3375 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
3376 sp = nat->nat_osport;
3377 dp = nat->nat_odport;
3378 } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) {
3380 dp = nat->nat_oicmpid;
3385 hv0 = NAT_HASH_FN(nat->nat_osrcaddr, sp, 0xffffffff);
3386 hv0 = NAT_HASH_FN(nat->nat_odstaddr, hv0 + dp, 0xffffffff);
3392 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
3393 sp = nat->nat_nsport;
3394 dp = nat->nat_ndport;
3395 } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) {
3397 dp = nat->nat_nicmpid;
3402 hv1 = NAT_HASH_FN(nat->nat_nsrcaddr, sp, 0xffffffff);
3403 hv1 = NAT_HASH_FN(nat->nat_ndstaddr, hv1 + dp, 0xffffffff);
3409 hv0 = NAT_HASH_FN(nat->nat_osrcaddr, 0, 0xffffffff);
3410 hv0 = NAT_HASH_FN(nat->nat_odstaddr, hv0, 0xffffffff);
3413 hv1 = NAT_HASH_FN(nat->nat_nsrcaddr, 0, 0xffffffff);
3414 hv1 = NAT_HASH_FN(nat->nat_ndstaddr, hv1, 0xffffffff);
3418 if ((nat->nat_dir & NAT_OUTBOUND) == NAT_OUTBOUND) {
3419 nat->nat_hv[0] = hv0;
3420 nat->nat_hv[1] = hv1;
3422 nat->nat_hv[0] = hv1;
3423 nat->nat_hv[1] = hv0;
3426 MUTEX_INIT(&nat->nat_lock, "nat entry lock");
3428 in = nat->nat_ptr;
3429 nat->nat_ref = nat->nat_me ? 2 : 1;
3431 nat->nat_ifnames[0][LIFNAMSIZ - 1] = '\0';
3432 nat->nat_ifps[0] = ipf_resolvenic(softc, nat->nat_ifnames[0], 4);
3434 if (nat->nat_ifnames[1][0] != '\0') {
3435 nat->nat_ifnames[1][LIFNAMSIZ - 1] = '\0';
3436 nat->nat_ifps[1] = ipf_resolvenic(softc,
3437 nat->nat_ifnames[1], 4);
3443 (void) strncpy(nat->nat_ifnames[1],
3444 nat->nat_ifnames[0], LIFNAMSIZ);
3445 nat->nat_ifnames[1][LIFNAMSIZ - 1] = '\0';
3446 nat->nat_ifps[1] = nat->nat_ifps[0];
3449 if ((nat->nat_ifps[0] != NULL) && (nat->nat_ifps[0] != (void *)-1)) {
3450 nat->nat_mtu[0] = GETIFMTU_4(nat->nat_ifps[0]);
3452 if ((nat->nat_ifps[1] != NULL) && (nat->nat_ifps[1] != (void *)-1)) {
3453 nat->nat_mtu[1] = GETIFMTU_4(nat->nat_ifps[1]);
3456 ret = ipf_nat_hashtab_add(softc, softn, nat);
3458 MUTEX_DESTROY(&nat->nat_lock);
3468 /* nat(I) - pointer to NAT structure */
3474 ipf_nat_hashtab_add(ipf_main_softc_t *softc, ipf_nat_softc_t *softn, nat_t *nat)
3480 hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz;
3481 hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz;
3508 nat->nat_next = softn->ipf_nat_instances;
3509 nat->nat_pnext = &softn->ipf_nat_instances;
3511 softn->ipf_nat_instances->nat_pnext = &nat->nat_next;
3512 softn->ipf_nat_instances = nat;
3518 nat->nat_phnext[0] = natp;
3519 nat->nat_hnext[0] = *natp;
3521 (*natp)->nat_phnext[0] = &nat->nat_hnext[0];
3525 *natp = nat;
3532 nat->nat_phnext[1] = natp;
3533 nat->nat_hnext[1] = *natp;
3535 (*natp)->nat_phnext[1] = &nat->nat_hnext[1];
3539 *natp = nat;
3542 ipf_nat_setqueue(softc, softn, nat);
3544 if (nat->nat_dir & NAT_OUTBOUND) {
3561 /* ICMP query nat entry. It is assumed that the packet is already of the */
3574 nat_t *nat;
3657 nat = ipf_nat_inlookup(fin, flags, p,
3661 nat = ipf_nat_outlookup(fin, flags, p,
3666 return nat;
3685 nat = ipf_nat_inlookup(fin, flags, p, oip->ip_dst,
3688 nat = ipf_nat_outlookup(fin, flags, p, oip->ip_dst,
3693 return nat;
3696 nat = ipf_nat_inlookup(fin, 0, p, oip->ip_dst, oip->ip_src);
3698 nat = ipf_nat_outlookup(fin, 0, p, oip->ip_dst, oip->ip_src);
3700 return nat;
3728 nat_t *nat;
3740 if ((fin->fin_v != 4) || !(nat = ipf_nat_icmperrorlookup(fin, dir))) {
3838 if (((fin->fin_out == 0) && ((nat->nat_redir & NAT_MAP) != 0)) ||
3839 ((fin->fin_out == 1) && ((nat->nat_redir & NAT_REDIRECT) != 0))) {
3840 a1.s_addr = ntohl(nat->nat_osrcaddr);
3842 a3.s_addr = ntohl(nat->nat_odstaddr);
3848 a1.s_addr = ntohl(nat->nat_ndstaddr);
3850 a3.s_addr = ntohl(nat->nat_nsrcaddr);
3890 sum1 = ntohs(nat->nat_osport);
3892 sum3 = ntohs(nat->nat_odport);
3898 sum1 = ntohs(nat->nat_ndport);
3900 sum3 = ntohs(nat->nat_nsport);
3961 if (orgicmp->icmp_id != nat->nat_osport) {
3976 sum2 = ntohs(nat->nat_oicmpid);
3978 orgicmp->icmp_id = nat->nat_oicmpid;
3983 return nat;
4009 /* Lookup a nat entry based on the mapped destination ip address/port and */
4029 nat_t *nat;
4062 nat = softn->ipf_nat_table[1][hv];
4063 /* TRACE dst, dport, src, sport, hv, nat */
4065 for (; nat; nat = nat->nat_hnext[1]) {
4066 if (nat->nat_ifps[0] != NULL) {
4067 if ((ifp != NULL) && (ifp != nat->nat_ifps[0]))
4071 if (nat->nat_pr[0] != p)
4074 switch (nat->nat_dir)
4078 if (nat->nat_v[0] != 4)
4080 if (nat->nat_osrcaddr != src.s_addr ||
4081 nat->nat_odstaddr != dst)
4083 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4084 if (nat->nat_osport != sport)
4086 if (nat->nat_odport != dport)
4090 if (nat->nat_oicmpid != dport) {
4096 if (nat->nat_dlocal)
4100 if (nat->nat_v[1] != 4)
4102 if (nat->nat_dlocal)
4104 if (nat->nat_dlocal)
4106 if (nat->nat_ndstaddr != src.s_addr ||
4107 nat->nat_nsrcaddr != dst)
4109 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4110 if (nat->nat_ndport != sport)
4112 if (nat->nat_nsport != dport)
4116 if (nat->nat_nicmpid != dport) {
4124 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4125 ipn = nat->nat_ptr;
4126 if ((ipn != NULL) && (nat->nat_aps != NULL))
4127 if (ipf_proxy_match(fin, nat) != 0)
4130 if ((nat->nat_ifps[0] == NULL) && (ifp != NULL)) {
4131 nat->nat_ifps[0] = ifp;
4132 nat->nat_mtu[0] = GETIFMTU_4(ifp);
4134 return nat;
4160 nat = softn->ipf_nat_table[1][hv];
4161 /* TRACE dst, src, hv, nat */
4162 for (; nat; nat = nat->nat_hnext[1]) {
4163 if (nat->nat_ifps[0] != NULL) {
4164 if ((ifp != NULL) && (ifp != nat->nat_ifps[0]))
4168 if (nat->nat_pr[0] != fin->fin_p)
4171 switch (nat->nat_dir & (NAT_INBOUND|NAT_OUTBOUND))
4174 if (nat->nat_v[0] != 4)
4176 if (nat->nat_osrcaddr != src.s_addr ||
4177 nat->nat_odstaddr != dst)
4181 if (nat->nat_v[1] != 4)
4183 if (nat->nat_ndstaddr != src.s_addr ||
4184 nat->nat_nsrcaddr != dst)
4189 nflags = nat->nat_flags;
4193 if (ipf_nat_wildok(nat, (int)sport, (int)dport, nflags,
4198 nat = ipf_nat_clone(fin, nat);
4199 if (nat == NULL)
4207 if (nat->nat_dir == NAT_INBOUND) {
4208 if (nat->nat_osport == 0) {
4209 nat->nat_osport = sport;
4210 nat->nat_nsport = sport;
4212 if (nat->nat_odport == 0) {
4213 nat->nat_odport = dport;
4214 nat->nat_ndport = dport;
4216 } else if (nat->nat_dir == NAT_OUTBOUND) {
4217 if (nat->nat_osport == 0) {
4218 nat->nat_osport = dport;
4219 nat->nat_nsport = dport;
4221 if (nat->nat_odport == 0) {
4222 nat->nat_odport = sport;
4223 nat->nat_ndport = sport;
4226 if ((nat->nat_ifps[0] == NULL) && (ifp != NULL)) {
4227 nat->nat_ifps[0] = ifp;
4228 nat->nat_mtu[0] = GETIFMTU_4(ifp);
4230 nat->nat_flags &= ~(SI_W_DPORT|SI_W_SPORT);
4231 ipf_nat_tabmove(softn, nat);
4238 if (nat == NULL) {
4241 return nat;
4249 /* nat(I) - pointer to NAT structure */
4257 ipf_nat_tabmove(ipf_nat_softc_t *softn, nat_t *nat)
4263 if (nat->nat_flags & SI_CLONE)
4270 if (nat->nat_hnext[0])
4271 nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0];
4272 *nat->nat_phnext[0] = nat->nat_hnext[0];
4273 hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz;
4274 hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz;
4279 if (nat->nat_hnext[1])
4280 nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1];
4281 *nat->nat_phnext[1] = nat->nat_hnext[1];
4288 rhv0 = NAT_HASH_FN(nat->nat_osrcaddr, nat->nat_osport, 0xffffffff);
4289 rhv0 = NAT_HASH_FN(nat->nat_odstaddr, rhv0 + nat->nat_odport,
4291 rhv1 = NAT_HASH_FN(nat->nat_nsrcaddr, nat->nat_nsport, 0xffffffff);
4292 rhv1 = NAT_HASH_FN(nat->nat_ndstaddr, rhv1 + nat->nat_ndport,
4295 if ((nat->nat_dir & NAT_OUTBOUND) == NAT_OUTBOUND) {
4296 nat->nat_hv[0] = rhv0;
4297 nat->nat_hv[1] = rhv1;
4299 nat->nat_hv[0] = rhv1;
4300 nat->nat_hv[1] = rhv0;
4303 hv0 = nat->nat_hv[0] % softn->ipf_nat_table_sz;
4304 hv1 = nat->nat_hv[1] % softn->ipf_nat_table_sz;
4311 (*natp)->nat_phnext[0] = &nat->nat_hnext[0];
4312 nat->nat_phnext[0] = natp;
4313 nat->nat_hnext[0] = *natp;
4314 *natp = nat;
4319 (*natp)->nat_phnext[1] = &nat->nat_hnext[1];
4320 nat->nat_phnext[1] = natp;
4321 nat->nat_hnext[1] = *natp;
4322 *natp = nat;
4338 /* Lookup a nat entry based on the source 'real' ip address/port and */
4358 nat_t *nat;
4386 nat = softn->ipf_nat_table[0][hv];
4388 /* TRACE src, sport, dst, dport, hv, nat */
4390 for (; nat; nat = nat->nat_hnext[0]) {
4391 if (nat->nat_ifps[1] != NULL) {
4392 if ((ifp != NULL) && (ifp != nat->nat_ifps[1]))
4396 if (nat->nat_pr[1] != p)
4399 switch (nat->nat_dir)
4403 if (nat->nat_v[1] != 4)
4405 if (nat->nat_ndstaddr != src.s_addr ||
4406 nat->nat_nsrcaddr != dst.s_addr)
4409 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4410 if (nat->nat_ndport != sport)
4412 if (nat->nat_nsport != dport)
4416 if (nat->nat_nicmpid != dport) {
4423 if (nat->nat_v[0] != 4)
4425 if (nat->nat_osrcaddr != src.s_addr ||
4426 nat->nat_odstaddr != dst.s_addr)
4429 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
4430 if (nat->nat_odport != dport)
4432 if (nat->nat_osport != sport)
4436 if (nat->nat_oicmpid != dport) {
4443 ipn = nat->nat_ptr;
4444 if ((ipn != NULL) && (nat->nat_aps != NULL))
4445 if (ipf_proxy_match(fin, nat) != 0)
4448 if ((nat->nat_ifps[1] == NULL) && (ifp != NULL)) {
4449 nat->nat_ifps[1] = ifp;
4450 nat->nat_mtu[1] = GETIFMTU_4(ifp);
4452 return nat;
4479 nat = softn->ipf_nat_table[0][hv];
4480 for (; nat; nat = nat->nat_hnext[0]) {
4481 if (nat->nat_ifps[1] != NULL) {
4482 if ((ifp != NULL) && (ifp != nat->nat_ifps[1]))
4486 if (nat->nat_pr[1] != fin->fin_p)
4489 switch (nat->nat_dir & (NAT_INBOUND|NAT_OUTBOUND))
4492 if (nat->nat_v[1] != 4)
4494 if (nat->nat_ndstaddr != src.s_addr ||
4495 nat->nat_nsrcaddr != dst.s_addr)
4499 if (nat->nat_v[0] != 4)
4501 if (nat->nat_osrcaddr != src.s_addr ||
4502 nat->nat_odstaddr != dst.s_addr)
4507 if (!(nat->nat_flags & (NAT_TCPUDP|SI_WILDP)))
4510 if (ipf_nat_wildok(nat, (int)sport, (int)dport, nat->nat_flags,
4514 if ((nat->nat_flags & SI_CLONE) != 0) {
4515 nat = ipf_nat_clone(fin, nat);
4516 if (nat == NULL)
4524 if (nat->nat_dir == NAT_OUTBOUND) {
4525 if (nat->nat_osport == 0) {
4526 nat->nat_osport = sport;
4527 nat->nat_nsport = sport;
4529 if (nat->nat_odport == 0) {
4530 nat->nat_odport = dport;
4531 nat->nat_ndport = dport;
4533 } else if (nat->nat_dir == NAT_INBOUND) {
4534 if (nat->nat_osport == 0) {
4535 nat->nat_osport = dport;
4536 nat->nat_nsport = dport;
4538 if (nat->nat_odport == 0) {
4539 nat->nat_odport = sport;
4540 nat->nat_ndport = sport;
4543 if ((nat->nat_ifps[1] == NULL) && (ifp != NULL)) {
4544 nat->nat_ifps[1] = ifp;
4545 nat->nat_mtu[1] = GETIFMTU_4(ifp);
4547 nat->nat_flags &= ~(SI_W_DPORT|SI_W_SPORT);
4548 ipf_nat_tabmove(softn, nat);
4555 if (nat == NULL) {
4558 return nat;
4586 nat_t *nat;
4610 if ((nat = ipf_nat_inlookup(&fi, np->nl_flags, fi.fin_p,
4612 np->nl_inip = nat->nat_odstip;
4613 np->nl_inport = nat->nat_odport;
4620 if ((nat = ipf_nat_outlookup(&fi, np->nl_flags, fi.fin_p,
4626 fin.fin_p = nat->nat_pr[0];
4627 fin.fin_data[0] = ntohs(nat->nat_ndport);
4628 fin.fin_data[1] = ntohs(nat->nat_nsport);
4630 fin.fin_p, nat->nat_ndstip,
4631 nat->nat_nsrcip) != NULL) {
4636 np->nl_realip = nat->nat_odstip;
4637 np->nl_realport = nat->nat_odport;
4641 return nat;
4708 /* nat(I) - pointer to NAT structure */
4717 ipf_nat_update(fr_info_t *fin, nat_t *nat)
4723 ipnat_t *np = nat->nat_ptr;
4725 tqe = &nat->nat_tqe;
4740 if (nat->nat_pr[0] == IPPROTO_TCP && ifq2 == NULL) {
4741 (void) ipf_tcp_age(&nat->nat_tqe, fin, softn->ipf_nat_tcptq,
4745 if (nat->nat_pr[0] == IPPROTO_UDP)
4748 else if (nat->nat_pr[0] == IPPROTO_ICMP ||
4749 nat->nat_pr[0] == IPPROTO_ICMPV6)
4789 nat_t *nat;
4848 (nat = ipf_nat_icmperror(fin, &nflags, NAT_OUTBOUND)))
4850 else if ((fin->fin_flx & FI_FRAG) && (nat = ipf_frag_natknown(fin)))
4852 else if ((nat = ipf_nat_outlookup(fin, nflags|NAT_SEARCH,
4855 nflags = nat->nat_flags;
4860 * If there is no current entry in the nat table for this IP#,
4924 nat = ipf_nat_add(fin, np, NULL, nflags, NAT_OUTBOUND);
4926 if (nat != NULL) {
4938 if (nat != NULL) {
4939 rval = ipf_nat_out(fin, nat, natadd, nflags);
4941 MUTEX_ENTER(&nat->nat_lock);
4942 ipf_nat_update(fin, nat);
4943 nat->nat_bytes[1] += fin->fin_plen;
4944 nat->nat_pkts[1]++;
4945 fin->fin_pktnum = nat->nat_pkts[1];
4946 MUTEX_EXIT(&nat->nat_lock);
4981 /* nat(I) - pointer to NAT structure */
4988 ipf_nat_out(fr_info_t *fin, nat_t *nat, int natadd, u_32_t nflags)
5000 np = nat->nat_ptr;
5003 (void) ipf_frag_natnew(softc, fin, 0, nat);
5017 if (nat->nat_dir == NAT_OUTBOUND) {
5018 s2 = LONG_SUM(ntohl(nat->nat_nsrcaddr));
5020 s2 = LONG_SUM(ntohl(nat->nat_odstaddr));
5026 if (nat->nat_dir == NAT_OUTBOUND) {
5027 s2 = LONG_SUM(ntohl(nat->nat_ndstaddr));
5029 s2 = LONG_SUM(ntohl(nat->nat_osrcaddr));
5045 switch (nat->nat_dir)
5050 nat->nat_ipsumd, 0);
5056 nat->nat_ipsumd, 0);
5071 switch (nat->nat_dir)
5074 fin->fin_ip->ip_src = nat->nat_nsrcip;
5075 fin->fin_saddr = nat->nat_nsrcaddr;
5076 fin->fin_ip->ip_dst = nat->nat_ndstip;
5077 fin->fin_daddr = nat->nat_ndstaddr;
5081 fin->fin_ip->ip_src = nat->nat_odstip;
5082 fin->fin_saddr = nat->nat_ndstaddr;
5083 fin->fin_ip->ip_dst = nat->nat_osrcip;
5084 fin->fin_daddr = nat->nat_nsrcaddr;
5091 skip = ipf_nat_decap(fin, nat);
5111 MUTEX_ENTER(&nat->nat_lock);
5112 ipf_nat_update(fin, nat);
5113 MUTEX_EXIT(&nat->nat_lock);
5173 if ((nat->nat_nsport != 0) && (nflags & IPN_TCPUDP)) {
5176 switch (nat->nat_dir)
5179 tcp->th_sport = nat->nat_nsport;
5180 fin->fin_data[0] = ntohs(nat->nat_nsport);
5181 tcp->th_dport = nat->nat_ndport;
5182 fin->fin_data[1] = ntohs(nat->nat_ndport);
5186 tcp->th_sport = nat->nat_odport;
5187 fin->fin_data[0] = ntohs(nat->nat_odport);
5188 tcp->th_dport = nat->nat_osport;
5189 fin->fin_data[1] = ntohs(nat->nat_osport);
5194 if ((nat->nat_oicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
5197 switch (nat->nat_dir)
5200 icmp->icmp_id = nat->nat_nicmpid;
5203 icmp->icmp_id = nat->nat_oicmpid;
5208 csump = ipf_nat_proto(fin, nat, nflags);
5215 if (nat->nat_dir == NAT_OUTBOUND)
5217 nat->nat_sumd[0],
5218 nat->nat_sumd[1] +
5222 nat->nat_sumd[0],
5223 nat->nat_sumd[1] +
5228 ipf_sync_update(softc, SMC_NAT, fin, nat->nat_sync);
5240 i = ipf_proxy_check(fin, nat);
5282 nat_t *nat;
5337 (nat = ipf_nat_icmperror(fin, &nflags, NAT_INBOUND)))
5339 else if ((fin->fin_flx & FI_FRAG) && (nat = ipf_frag_natknown(fin)))
5341 else if ((nat = ipf_nat_inlookup(fin, nflags|NAT_SEARCH,
5344 nflags = nat->nat_flags;
5349 * If there is no current entry in the nat table for this IP#,
5415 nat = ipf_nat_add(fin, np, NULL, nflags, NAT_INBOUND);
5417 if (nat != NULL) {
5429 if (nat != NULL) {
5430 rval = ipf_nat_in(fin, nat, natadd, nflags);
5432 MUTEX_ENTER(&nat->nat_lock);
5433 ipf_nat_update(fin, nat);
5434 nat->nat_bytes[0] += fin->fin_plen;
5435 nat->nat_pkts[0]++;
5436 fin->fin_pktnum = nat->nat_pkts[0];
5437 MUTEX_EXIT(&nat->nat_lock);
5472 /* nat(I) - pointer to NAT structure */
5480 ipf_nat_in(fr_info_t *fin, nat_t *nat, int natadd, u_32_t nflags)
5492 np = nat->nat_ptr;
5493 fin->fin_fr = nat->nat_fr;
5497 (void) ipf_frag_natnew(softc, fin, 0, nat);
5510 i = ipf_proxy_check(fin, nat);
5518 ipf_sync_update(softc, SMC_NAT, fin, nat->nat_sync);
5520 ipsumd = nat->nat_ipsumd;
5532 switch (nat->nat_dir)
5536 fin->fin_ip->ip_src = nat->nat_nsrcip;
5537 fin->fin_saddr = nat->nat_nsrcaddr;
5539 sum1 = nat->nat_osrcaddr;
5540 sum2 = nat->nat_nsrcaddr;
5544 fin->fin_ip->ip_dst = nat->nat_ndstip;
5545 fin->fin_daddr = nat->nat_ndstaddr;
5554 fin->fin_ip->ip_src = nat->nat_odstip;
5555 fin->fin_saddr = nat->nat_odstaddr;
5557 sum1 = nat->nat_odstaddr;
5558 sum2 = nat->nat_ndstaddr;
5562 fin->fin_ip->ip_dst = nat->nat_osrcip;
5563 fin->fin_daddr = nat->nat_osrcaddr;
5616 skip = ipf_nat_decap(fin, nat);
5636 ipf_nat_update(fin, nat);
5651 if ((nat->nat_odport != 0) && (nflags & IPN_TCPUDP)) {
5652 switch (nat->nat_dir)
5655 tcp->th_sport = nat->nat_nsport;
5656 fin->fin_data[0] = ntohs(nat->nat_nsport);
5657 tcp->th_dport = nat->nat_ndport;
5658 fin->fin_data[1] = ntohs(nat->nat_ndport);
5662 tcp->th_sport = nat->nat_odport;
5663 fin->fin_data[0] = ntohs(nat->nat_odport);
5664 tcp->th_dport = nat->nat_osport;
5665 fin->fin_data[1] = ntohs(nat->nat_osport);
5671 if ((nat->nat_oicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
5674 switch (nat->nat_dir)
5677 icmp->icmp_id = nat->nat_nicmpid;
5680 icmp->icmp_id = nat->nat_oicmpid;
5685 csump = ipf_nat_proto(fin, nat, nflags);
5692 if (nat->nat_dir == NAT_OUTBOUND)
5693 ipf_fix_incksum(0, csump, nat->nat_sumd[0], 0);
5695 ipf_fix_outcksum(0, csump, nat->nat_sumd[0], 0);
5712 /* nat(I) - pointer to NAT structure */
5721 ipf_nat_proto(fr_info_t *fin, nat_t *nat, u_int nflags)
5730 fin->fin_rev = (nat->nat_dir & NAT_OUTBOUND);
5732 fin->fin_rev = ((nat->nat_dir & NAT_OUTBOUND) == 0);
5747 if ((nat->nat_mssclamp != 0) && (tcp->th_flags & TH_SYN) != 0)
5748 ipf_nat_mssclamp(tcp, nat->nat_mssclamp, fin, csump);
5862 nat_t *nat;
5884 for (nat = softn->ipf_nat_instances; nat; nat = nat->nat_next) {
5885 if ((nat->nat_flags & IPN_TCP) != 0)
5888 n = nat->nat_ptr;
5916 if (((ifp == NULL) || (ifp == nat->nat_ifps[0]) ||
5917 (ifp == nat->nat_ifps[1]))) {
5918 nat->nat_ifps[0] = GETIFP(nat->nat_ifnames[0],
5919 nat->nat_v[0]);
5920 if ((nat->nat_ifps[0] != NULL) &&
5921 (nat->nat_ifps[0] != (void *)-1)) {
5922 nat->nat_mtu[0] = GETIFMTU_4(nat->nat_ifps[0]);
5924 if (nat->nat_ifnames[1][0] != '\0') {
5925 nat->nat_ifps[1] = GETIFP(nat->nat_ifnames[1],
5926 nat->nat_v[1]);
5928 nat->nat_ifps[1] = nat->nat_ifps[0];
5930 if ((nat->nat_ifps[1] != NULL) &&
5931 (nat->nat_ifps[1] != (void *)-1)) {
5932 nat->nat_mtu[1] = GETIFMTU_4(nat->nat_ifps[1]);
5934 ifp2 = nat->nat_ifps[0];
5942 sum1 = NATFSUM(nat, nat->nat_v[1], nat_nsrc6);
5943 if (ipf_ifpaddr(softc, nat->nat_v[0], FRI_NORMAL, ifp2,
5945 if (nat->nat_v[0] == 4)
5946 nat->nat_nsrcip = in.in4;
5948 sum2 = NATFSUM(nat, nat->nat_v[1], nat_nsrc6);
5960 sumd += nat->nat_sumd[0];
5961 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
5962 nat->nat_sumd[1] = nat->nat_sumd[0];
6047 /* nat(I) - pointer to NAT structure */
6053 ipf_nat_log(ipf_main_softc_t *softc, ipf_nat_softc_t *softn, struct nat *nat,
6066 bcopy((char *)&nat->nat_osrc6, (char *)&natl.nl_osrcip,
6068 bcopy((char *)&nat->nat_nsrc6, (char *)&natl.nl_nsrcip,
6070 bcopy((char *)&nat->nat_odst6, (char *)&natl.nl_odstip,
6072 bcopy((char *)&nat->nat_ndst6, (char *)&natl.nl_ndstip,
6075 natl.nl_bytes[0] = nat->nat_bytes[0];
6076 natl.nl_bytes[1] = nat->nat_bytes[1];
6077 natl.nl_pkts[0] = nat->nat_pkts[0];
6078 natl.nl_pkts[1] = nat->nat_pkts[1];
6079 natl.nl_odstport = nat->nat_odport;
6080 natl.nl_osrcport = nat->nat_osport;
6081 natl.nl_nsrcport = nat->nat_nsport;
6082 natl.nl_ndstport = nat->nat_ndport;
6083 natl.nl_p[0] = nat->nat_pr[0];
6084 natl.nl_p[1] = nat->nat_pr[1];
6085 natl.nl_v[0] = nat->nat_v[0];
6086 natl.nl_v[1] = nat->nat_v[1];
6087 natl.nl_type = nat->nat_redir;
6091 bcopy(nat->nat_ifnames[0], natl.nl_ifnames[0],
6092 sizeof(nat->nat_ifnames[0]));
6093 bcopy(nat->nat_ifnames[1], natl.nl_ifnames[1],
6094 sizeof(nat->nat_ifnames[1]));
6097 if (nat->nat_ptr != NULL) {
6100 if (np == nat->nat_ptr) {
6214 /* IF nat_ref == 1 when this function is called, then we have an orphan nat */
6225 nat_t *nat;
6227 nat = *natp;
6230 MUTEX_ENTER(&nat->nat_lock);
6231 if (nat->nat_ref > 1) {
6232 nat->nat_ref--;
6233 ASSERT(nat->nat_ref >= 0);
6234 MUTEX_EXIT(&nat->nat_lock);
6237 MUTEX_EXIT(&nat->nat_lock);
6240 ipf_nat_delete(softc, nat, NL_EXPIRE);
6256 ipf_nat_clone(fr_info_t *fin, nat_t *nat)
6269 bcopy((char *)nat, (char *)clone, sizeof(*clone));
6329 /* Parameters: nat(I) - NAT entry */
6339 ipf_nat_wildok(nat_t *nat, int sport, int dport, int flags, int dir)
6347 * "intended" direction of that NAT entry in nat->nat_dir to decide
6350 switch ((dir << 1) | (nat->nat_dir & (NAT_INBOUND|NAT_OUTBOUND)))
6353 if (((nat->nat_osport == sport) ||
6355 ((nat->nat_odport == dport) ||
6360 if (((nat->nat_osport == dport) ||
6362 ((nat->nat_odport == sport) ||
6367 if (((nat->nat_osport == dport) ||
6369 ((nat->nat_odport == sport) ||
6374 if (((nat->nat_osport == sport) ||
6376 ((nat->nat_odport == dport) ||
6455 /* nat(I)- pointer to NAT structure */
6462 ipf_nat_setqueue(ipf_main_softc_t *softc, ipf_nat_softc_t *softn, nat_t *nat)
6465 int rev = nat->nat_rev;
6467 if (nat->nat_ptr != NULL)
6468 nifq = nat->nat_ptr->in_tqehead[rev];
6473 switch (nat->nat_pr[0])
6483 nat->nat_tqe.tqe_state[rev];
6491 oifq = nat->nat_tqe.tqe_ifq;
6497 ipf_movequeue(softc->ipf_ticks, &nat->nat_tqe, oifq, nifq);
6499 ipf_queueappend(softc->ipf_ticks, &nat->nat_tqe, nifq, nat);
6511 /* Fetch the next nat/ipnat structure pointer from the linked list and */
6522 nat_t *nat, *nextnat = NULL, zeronat;
6572 nat = t->ipt_data;
6573 if (nat == NULL) {
6576 nextnat = nat->nat_next;
6631 if (nat != NULL)
6632 ipf_nat_deref(softc, &nat);
6652 /* Flush nat tables. Three actions currently defined: */
6653 /* which == 0 : flush all nat table entries */
6666 nat_t *nat, **natp;
6683 ((nat = *natp) != NULL); ) {
6684 ipf_nat_delete(softc, nat, NL_FLUSH);
6699 nat = tqn->tqe_parent;
6701 if (nat->nat_pr[0] != IPPROTO_TCP ||
6702 nat->nat_pr[1] != IPPROTO_TCP)
6704 ipf_nat_delete(softc, nat, NL_EXPIRE);
6715 nat = tqn->tqe_parent;
6717 if (nat->nat_pr[0] != IPPROTO_TCP ||
6718 nat->nat_pr[1] != IPPROTO_TCP)
6721 if ((nat->nat_tcpstate[0] >
6723 (nat->nat_tcpstate[1] >
6725 ipf_nat_delete(softc, nat, NL_EXPIRE);
6746 nat = tqn->tqe_parent;
6748 ipf_nat_delete(softc, nat, NL_FLUSH);
6765 ((nat = *natp) != NULL); ) {
6766 if (softc->ipf_ticks - nat->nat_touched > which) {
6767 ipf_nat_delete(softc, nat, NL_FLUSH);
6770 natp = &nat->nat_next;
6875 /* nat(I) - pointer to NAT structure */
6885 ipf_nat_setpending(ipf_main_softc_t *softc, nat_t *nat)
6890 oifq = nat->nat_tqe.tqe_ifq;
6892 ipf_movequeue(softc->ipf_ticks, &nat->nat_tqe, oifq,
6895 ipf_queueappend(softc->ipf_ticks, &nat->nat_tqe,
6896 &softn->ipf_nat_pending, nat);
6898 if (nat->nat_me != NULL) {
6899 *nat->nat_me = NULL;
6900 nat->nat_me = NULL;
6901 nat->nat_ref--;
6902 ASSERT(nat->nat_ref >= 0);
6912 /* nat(I) - pointer to NAT entry */
6926 ipf_nat_newrewrite(fr_info_t *fin, nat_t *nat, natinfo_t *nai)
6941 flags = nat->nat_flags;
6944 nat->nat_hm = NULL;
7112 nat->nat_osrcip = fin->fin_src;
7113 nat->nat_odstip = fin->fin_dst;
7114 nat->nat_nsrcip = frnat.fin_src;
7115 nat->nat_ndstip = frnat.fin_dst;
7118 nat->nat_osport = htons(fin->fin_data[0]);
7119 nat->nat_odport = htons(fin->fin_data[1]);
7120 nat->nat_nsport = htons(frnat.fin_data[0]);
7121 nat->nat_ndport = htons(frnat.fin_data[1]);
7123 nat->nat_oicmpid = fin->fin_data[1];
7124 nat->nat_nicmpid = frnat.fin_data[1];
7135 /* nat(I) - pointer to NAT entry */
7146 ipf_nat_newdivert(fr_info_t *fin, nat_t *nat, natinfo_t *nai)
7158 nat->nat_pr[0] = 0;
7159 nat->nat_osrcaddr = fin->fin_saddr;
7160 nat->nat_odstaddr = fin->fin_daddr;
7163 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
7164 nat->nat_osport = htons(fin->fin_data[0]);
7165 nat->nat_odport = htons(fin->fin_data[1]);
7166 } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) {
7167 nat->nat_oicmpid = fin->fin_data[1];
7194 nat->nat_nsrcaddr = frnat.fin_saddr;
7195 nat->nat_ndstaddr = frnat.fin_daddr;
7196 if ((nat->nat_flags & IPN_TCPUDP) != 0) {
7197 nat->nat_nsport = htons(frnat.fin_data[0]);
7198 nat->nat_ndport = htons(frnat.fin_data[1]);
7199 } else if ((nat->nat_flags & IPN_ICMPQUERY) != 0) {
7200 nat->nat_nicmpid = frnat.fin_data[1];
7203 nat->nat_pr[fin->fin_out] = fin->fin_p;
7204 nat->nat_pr[1 - fin->fin_out] = p;
7207 nat->nat_dir = NAT_DIVERTIN;
7209 nat->nat_dir = NAT_DIVERTOUT;
7283 /* nat(I) - pointer to current NAT session */
7295 ipf_nat_decap(fr_info_t *fin, nat_t *nat)
7315 if (nat->nat_dir & NAT_OUTBOUND) {
7319 sum2 = ntohl(nat->nat_osrcaddr);
7321 fin->fin_ip->ip_dst = nat->nat_osrcip;
7322 fin->fin_daddr = nat->nat_osrcaddr;
7334 switch (nat->nat_dir)
7584 /* nat(I) - pointer to current NAT session */
7591 nat_t *nat, *natnext;
7600 for (nat = softn->ipf_nat_instances; nat != NULL; nat = natnext) {
7601 natnext = nat->nat_next;
7602 if (ipf_nat_matcharray(nat, array, softc->ipf_ticks) == 0) {
7603 ipf_nat_delete(softc, nat, NL_FLUSH);
7621 /* nat(I) - pointer to current NAT session */
7625 ipf_nat_matcharray(nat_t *nat, int *array, u_long ticks)
7643 if (p != 0 && p != nat->nat_pr[1])
7650 e |= (nat->nat_pr[1] == x[i + 3]);
7655 if (nat->nat_v[0] == 4) {
7657 e |= ((nat->nat_osrcaddr & x[i + 4]) ==
7661 if (nat->nat_v[1] == 4) {
7663 e |= ((nat->nat_nsrcaddr & x[i + 4]) ==
7670 if (nat->nat_v[0] == 4) {
7672 e |= ((nat->nat_odstaddr & x[i + 4]) ==
7676 if (nat->nat_v[1] == 4) {
7678 e |= ((nat->nat_ndstaddr & x[i + 4]) ==
7686 if (nat->nat_v[0] == 4) {
7687 e |= ((nat->nat_osrcaddr & x[i + 4]) ==
7690 if (nat->nat_v[1] == 4) {
7691 e |= ((nat->nat_nsrcaddr & x[i + 4]) ==
7694 if (nat->nat_v[0] == 4) {
7695 e |= ((nat->nat_odstaddr & x[i + 4]) ==
7698 if (nat->nat_v[1] == 4) {
7699 e |= ((nat->nat_ndstaddr & x[i + 4]) ==
7707 if (nat->nat_v[0] == 6) {
7709 e |= IP6_MASKEQ(&nat->nat_osrc6,
7713 if (nat->nat_v[1] == 6) {
7715 e |= IP6_MASKEQ(&nat->nat_nsrc6,
7722 if (nat->nat_v[0] == 6) {
7724 e |= IP6_MASKEQ(&nat->nat_odst6,
7729 if (nat->nat_v[1] == 6) {
7731 e |= IP6_MASKEQ(&nat->nat_ndst6,
7740 if (nat->nat_v[0] == 6) {
7741 e |= IP6_MASKEQ(&nat->nat_osrc6,
7745 if (nat->nat_v[0] == 6) {
7746 e |= IP6_MASKEQ(&nat->nat_odst6,
7750 if (nat->nat_v[1] == 6) {
7751 e |= IP6_MASKEQ(&nat->nat_nsrc6,
7755 if (nat->nat_v[1] == 6) {
7756 e |= IP6_MASKEQ(&nat->nat_ndst6,
7767 e |= (nat->nat_nsport == x[i + 3]) ||
7768 (nat->nat_ndport == x[i + 3]);
7775 e |= (nat->nat_nsport == x[i + 3]);
7782 e |= (nat->nat_ndport == x[i + 3]);
7788 e |= (nat->nat_tcpstate[0] == x[i + 3]) ||
7789 (nat->nat_tcpstate[1] == x[i + 3]);
7794 e |= (ticks - nat->nat_touched > x[3]);
7814 /* This function handles ioctl requests for tables of nat information. */
7907 nat_t **newtab[2], *nat, **natp;
8004 for (nat = softn->ipf_nat_instances; nat != NULL; nat = nat->nat_next) {
8005 nat->nat_hnext[0] = NULL;
8006 nat->nat_phnext[0] = NULL;
8007 hv = nat->nat_hv[0] % softn->ipf_nat_table_sz;
8011 (*natp)->nat_phnext[0] = &nat->nat_hnext[0];
8015 nat->nat_phnext[0] = natp;
8016 nat->nat_hnext[0] = *natp;
8017 *natp = nat;
8020 nat->nat_hnext[1] = NULL;
8021 nat->nat_phnext[1] = NULL;
8022 hv = nat->nat_hv[1] % softn->ipf_nat_table_sz;
8026 (*natp)->nat_phnext[1] = &nat->nat_hnext[1];
8030 nat->nat_phnext[1] = natp;
8031 nat->nat_hnext[1] = *natp;
8032 *natp = nat;
8231 nat_t *nat;
8249 nat = ipf_nat_outlookup(fin, nflags, (u_int)fin->fin_p,
8252 nat = ipf_nat_inlookup(fin, nflags, (u_int)fin->fin_p,
8256 if (nat != NULL) {
8258 ipf_nat_delete(softc, nat, NL_DESTROY);