Lines Matching defs:nat
257 MUTEX_INIT(&ifs->ifs_nat_udptq.ifq_lock, "nat ipftq udp tab");
263 MUTEX_INIT(&ifs->ifs_nat_icmptq.ifq_lock, "nat icmp ipftq tab");
269 MUTEX_INIT(&ifs->ifs_nat_iptq.ifq_lock, "nat ip ipftq tab");
291 MUTEX_INIT(&ifs->ifs_ipf_nat_new, "ipf nat new mutex");
292 MUTEX_INIT(&ifs->ifs_ipf_natio, "ipf nat io mutex");
607 ipnat_t *nat, *nt, *n = NULL, **np = NULL;
622 nat = NULL; /* XXX gcc -Wuninitialized */
646 nat = &natd;
647 if (nat->in_v == 0) /* For backward compat. */
648 nat->in_v = 4;
649 nat->in_flags &= IPN_USERFLAGS;
650 if ((nat->in_redir & NAT_MAPBLK) == 0) {
651 if ((nat->in_flags & IPN_SPLIT) == 0)
652 nat->in_inip &= nat->in_inmsk;
653 if ((nat->in_flags & IPN_IPRANGE) == 0)
654 nat->in_outip &= nat->in_outmsk;
659 if (bcmp((char *)&nat->in_flags, (char *)&n->in_flags,
661 if (nat->in_redir == NAT_REDIRECT &&
662 nat->in_pnext != n->in_pnext)
739 bcopy((char *)nat, (char *)nt, sizeof(*n));
1185 /* Return the size of the nat list entry to be copied back to user space. */
1194 nat_t *nat, *n;
1202 nat = ng.ng_ptr;
1203 if (!nat) {
1204 nat = ifs->ifs_nat_instances;
1209 if (nat == NULL) {
1224 if (n == nat)
1234 aps = nat->nat_aps;
1265 nat_t *n, *nat;
1279 nat = ipns.ipn_next;
1280 if (nat == NULL) {
1281 nat = ifs->ifs_nat_instances;
1282 if (nat == NULL) {
1294 if (n == nat)
1301 ipn->ipn_next = nat->nat_next;
1306 bcopy((char *)nat, &ipn->ipn_nat, sizeof(*nat));
1311 if (nat->nat_ptr != NULL)
1312 bcopy((char *)nat->nat_ptr, (char *)&ipn->ipn_ipnat,
1319 if (nat->nat_fr != NULL)
1320 bcopy((char *)nat->nat_fr, (char *)&ipn->ipn_fr,
1328 aps = nat->nat_aps;
1361 /* Parameters: nat - pointer to NAT table entry */
1401 void nat_calc_chksum_diffs(nat)
1402 nat_t *nat;
1410 if (nat->nat_v != 4 && nat->nat_v != 6)
1417 switch (nat->nat_dir)
1424 if (nat->nat_v == 4) {
1425 sum_changed = LONG_SUM(ntohl(nat->nat_inip.s_addr));
1426 sum_orig = LONG_SUM(ntohl(nat->nat_outip.s_addr));
1428 sum_changed = LONG_SUM6(&nat->nat_inip6);
1429 sum_orig = LONG_SUM6(&nat->nat_outip6);
1437 if (nat->nat_v == 4) {
1438 sum_changed = LONG_SUM(ntohl(nat->nat_outip.s_addr));
1439 sum_orig = LONG_SUM(ntohl(nat->nat_inip.s_addr));
1441 sum_changed = LONG_SUM6(&nat->nat_outip6);
1442 sum_orig = LONG_SUM6(&nat->nat_inip6);
1460 nat->nat_sumd[1] = (sumd & 0xffff) + (sumd >> 16);
1462 if (nat->nat_flags & (IPN_TCPUDP | IPN_ICMPQUERY)) {
1468 switch (nat->nat_dir)
1471 if (nat->nat_v == 4) {
1473 ntohl(nat->nat_inip.s_addr) +
1474 ntohs(nat->nat_inport));
1476 ntohl(nat->nat_outip.s_addr) +
1477 ntohs(nat->nat_outport));
1479 sum_changed = LONG_SUM6(&nat->nat_inip6) +
1480 ntohs(nat->nat_inport);
1481 sum_orig = LONG_SUM6(&nat->nat_outip6) +
1482 ntohs(nat->nat_outport);
1486 if (nat->nat_v == 4) {
1488 ntohl(nat->nat_outip.s_addr) +
1489 ntohs(nat->nat_outport));
1491 ntohl(nat->nat_inip.s_addr) +
1492 ntohs(nat->nat_inport));
1494 sum_changed = LONG_SUM6(&nat->nat_outip6) +
1495 ntohs(nat->nat_outport);
1496 sum_orig = LONG_SUM6(&nat->nat_inip6) +
1497 ntohs(nat->nat_inport);
1505 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
1507 if (!(nat->nat_flags & IPN_TCPUDP)) {
1512 nat->nat_sumd[1] = nat->nat_sumd[0];
1516 nat->nat_sumd[0] = nat->nat_sumd[1];
1522 if (nat->nat_v == 4) {
1523 if (NAT_HAS_L4_CHANGED(nat)) {
1529 nat->nat_ipsumd = (sumd & 0xffff) + (sumd >> 16);
1535 nat->nat_ipsumd = nat->nat_sumd[0];
1540 if (!(nat->nat_flags & IPN_TCPUDP)) {
1541 nat->nat_sumd[0] = 0;
1542 nat->nat_sumd[1] = 0;
1570 nat_t *n, *nat;
1601 nat = NULL;
1627 KMALLOC(nat, nat_t *);
1628 if (nat == NULL) {
1633 bcopy((char *)&ipnn->ipn_nat, (char *)nat, sizeof(*nat));
1637 bzero((char *)nat, offsetof(struct nat, nat_tqe));
1638 nat->nat_tqe.tqe_pnext = NULL;
1639 nat->nat_tqe.tqe_next = NULL;
1640 nat->nat_tqe.tqe_ifq = NULL;
1641 nat->nat_tqe.tqe_parent = nat;
1644 * Restore the rule associated with this nat session
1649 nat->nat_ptr = in;
1670 if (nat->nat_v != 6)
1671 nat->nat_v = 4;
1673 fin.fin_p = nat->nat_p;
1675 if (nat->nat_dir == NAT_OUTBOUND) {
1676 fin.fin_data[0] = ntohs(nat->nat_oport);
1677 fin.fin_data[1] = ntohs(nat->nat_outport);
1678 fin.fin_ifp = nat->nat_ifps[0];
1683 switch (nat->nat_v)
1686 fin.fin_v = nat->nat_v;
1687 n = nat_inlookup(&fin, nat->nat_flags, fin.fin_p,
1688 nat->nat_oip, nat->nat_outip);
1692 n = nat6_inlookup(&fin, nat->nat_flags, fin.fin_p,
1693 &nat->nat_oip6.in6, &nat->nat_outip6.in6);
1708 } else if (nat->nat_dir == NAT_INBOUND) {
1709 fin.fin_data[0] = ntohs(nat->nat_inport);
1710 fin.fin_data[1] = ntohs(nat->nat_oport);
1711 fin.fin_ifp = nat->nat_ifps[1];
1716 switch (nat->nat_v)
1719 n = nat_outlookup(&fin, nat->nat_flags, fin.fin_p,
1720 nat->nat_inip, nat->nat_oip);
1724 n = nat6_outlookup(&fin, nat->nat_flags, fin.fin_p,
1725 &nat->nat_inip6.in6, &nat->nat_oip6.in6);
1749 aps = nat->nat_aps;
1752 nat->nat_aps = aps;
1784 fr = nat->nat_fr;
1786 if ((nat->nat_flags & SI_NEWFR) != 0) {
1788 nat->nat_fr = fr;
1803 MUTEX_INIT(&fr->fr_lock, "nat-filter rule lock");
1832 nat_calc_chksum_diffs(nat);
1838 nat_calc_chksum_diffs(nat);
1840 switch (nat->nat_v)
1843 error = nat_insert(nat, nat->nat_rev, ifs);
1847 error = nat6_insert(nat, nat->nat_rev, ifs);
1874 if (nat != NULL) {
1886 KFREE(nat);
1895 /* Parameters: nat - pointer to the NAT entry to delete */
1900 /* Delete a nat entry from the various lists and table. If NAT logging is */
1903 int nat_delete(nat, logtype, ifs)
1904 struct nat *nat;
1912 nat_log(nat, logtype, ifs);
1915 * Start by removing the entry from the hash table of nat entries
1918 * It will remain in the "list" of nat entries until all references
1921 if ((nat->nat_phnext[0] != NULL) && (nat->nat_phnext[1] != NULL)) {
1924 ifs->ifs_nat_stats.ns_bucketlen[0][nat->nat_hv[0]]--;
1925 ifs->ifs_nat_stats.ns_bucketlen[1][nat->nat_hv[1]]--;
1927 *nat->nat_phnext[0] = nat->nat_hnext[0];
1928 if (nat->nat_hnext[0] != NULL) {
1929 nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0];
1930 nat->nat_hnext[0] = NULL;
1932 nat->nat_phnext[0] = NULL;
1934 *nat->nat_phnext[1] = nat->nat_hnext[1];
1935 if (nat->nat_hnext[1] != NULL) {
1936 nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1];
1937 nat->nat_hnext[1] = NULL;
1939 nat->nat_phnext[1] = NULL;
1941 if ((nat->nat_flags & SI_WILDP) != 0)
1948 fr_deletequeueentry(&nat->nat_tqe);
1950 if (nat->nat_me != NULL) {
1951 *nat->nat_me = NULL;
1952 nat->nat_me = NULL;
1955 MUTEX_ENTER(&nat->nat_lock);
1956 if (nat->nat_ref > 1) {
1957 nat->nat_ref--;
1958 MUTEX_EXIT(&nat->nat_lock);
1961 return (nat->nat_ref);
1963 MUTEX_EXIT(&nat->nat_lock);
1965 nat->nat_ref = 0;
1975 if (nat->nat_sync)
1976 ipfsync_del(nat->nat_sync);
1980 * Now remove it from master list of nat table entries
1982 if (nat->nat_pnext != NULL) {
1983 *nat->nat_pnext = nat->nat_next;
1984 if (nat->nat_next != NULL) {
1985 nat->nat_next->nat_pnext = nat->nat_pnext;
1986 nat->nat_next = NULL;
1988 nat->nat_pnext = NULL;
1991 if (nat->nat_fr != NULL)
1992 (void)fr_derefrule(&nat->nat_fr, ifs);
1994 if (nat->nat_hm != NULL)
1995 fr_hostmapdel(&nat->nat_hm);
1998 * If there is an active reference from the nat entry to its parent
2002 ipn = nat->nat_ptr;
2014 MUTEX_DESTROY(&nat->nat_lock);
2016 aps_free(nat->nat_aps, ifs);
2020 * If there's a fragment table entry too for this nat entry, then
2024 fr_forgetnat((void *)nat, ifs);
2026 KFREE(nat);
2081 /* nat(I) - pointer to NAT entry */
2090 static INLINE int nat_newmap(fin, nat, ni)
2092 nat_t *nat;
2140 nat->nat_hm = hm;
2301 nat->nat_inip = fin->fin_src;
2302 nat->nat_outip.s_addr = htonl(in.s_addr);
2303 nat->nat_oip = fin->fin_dst;
2304 if (nat->nat_hm == NULL)
2305 nat->nat_hm = nat_hostmap(np, fin->fin_src, fin->fin_dst,
2306 nat->nat_outip, 0, ifs);
2309 nat->nat_inport = sport;
2310 nat->nat_outport = port; /* sport */
2311 nat->nat_oport = dport;
2315 nat->nat_inport = port;
2316 nat->nat_outport = port;
2331 /* nat(I) - pointer to NAT entry */
2338 static INLINE int nat_newrdr(fin, nat, ni)
2340 nat_t *nat;
2478 nat->nat_inip.s_addr = htonl(in.s_addr);
2479 nat->nat_outip = fin->fin_dst;
2480 nat->nat_oip = fin->fin_src;
2487 nat->nat_inport = nport;
2488 nat->nat_outport = dport;
2489 nat->nat_oport = sport;
2493 nat->nat_inport = nport;
2494 nat->nat_outport = nport;
2528 nat_t *nat, *natl;
2558 /* Give me a new nat */
2559 KMALLOC(nat, nat_t *);
2560 if (nat == NULL) {
2598 bzero((char *)nat, sizeof(*nat));
2599 nat->nat_flags = flags;
2600 nat->nat_redir = np->in_redir;
2618 KFREE(nat);
2619 nat = natl;
2623 move = nat_newmap(fin, nat, &ni);
2635 KFREE(nat);
2636 nat = natl;
2640 move = nat_newrdr(fin, nat, &ni);
2657 if (nat_finalise(fin, nat, &ni, tcp, natsave, direction) == -1) {
2661 nat_calc_chksum_diffs(nat);
2669 if ((hm = nat->nat_hm) != NULL)
2671 KFREE(nat);
2672 nat = NULL;
2677 return nat;
2685 /* nat(I) - pointer to NAT entry */
2694 static INLINE int nat_finalise(fin, nat, ni, tcp, natsave, direction)
2696 nat_t *nat;
2708 COPYIFNAME(fin->fin_ifp, nat->nat_ifnames[0], fin->fin_v);
2711 if ((nat->nat_flags & SI_CLONE) == 0)
2712 nat->nat_sync = ipfsync_new(SMC_NAT, fin, nat);
2715 nat->nat_me = natsave;
2716 nat->nat_dir = direction;
2717 nat->nat_ifps[0] = np->in_ifps[0];
2718 nat->nat_ifps[1] = np->in_ifps[1];
2719 nat->nat_ptr = np;
2720 nat->nat_p = fin->fin_p;
2721 nat->nat_v = fin->fin_v;
2722 nat->nat_mssclamp = np->in_mssclamp;
2724 nat->nat_fr = fr;
2727 if (appr_new(fin, nat) == -1)
2730 if (nat_insert(nat, fin->fin_rev, ifs) == 0) {
2732 nat_log(nat, (u_int)np->in_redir, ifs);
2752 /* Parameters: nat(I) - pointer to NAT structure */
2759 int nat_insert(nat, rev, ifs)
2760 nat_t *nat;
2771 if ((nat->nat_flags & (SI_W_SPORT|SI_W_DPORT)) == 0) {
2772 hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
2774 hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1 + nat->nat_oport,
2776 hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
2778 hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2 + nat->nat_oport,
2781 hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, 0, 0xffffffff);
2782 hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1,
2784 hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, 0, 0xffffffff);
2785 hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2,
2794 nat->nat_hv[0] = hv1;
2795 nat->nat_hv[1] = hv2;
2797 MUTEX_INIT(&nat->nat_lock, "nat entry lock");
2799 nat->nat_rev = rev;
2800 nat->nat_ref = 1;
2801 nat->nat_bytes[0] = 0;
2802 nat->nat_pkts[0] = 0;
2803 nat->nat_bytes[1] = 0;
2804 nat->nat_pkts[1] = 0;
2806 nat->nat_ifnames[0][LIFNAMSIZ - 1] = '\0';
2807 nat->nat_ifps[0] = fr_resolvenic(nat->nat_ifnames[0], 4, ifs);
2809 if (nat->nat_ifnames[1][0] !='\0') {
2810 nat->nat_ifnames[1][LIFNAMSIZ - 1] = '\0';
2811 nat->nat_ifps[1] = fr_resolvenic(nat->nat_ifnames[1], 4, ifs);
2813 (void) strncpy(nat->nat_ifnames[1], nat->nat_ifnames[0],
2815 nat->nat_ifnames[1][LIFNAMSIZ - 1] = '\0';
2816 nat->nat_ifps[1] = nat->nat_ifps[0];
2819 nat->nat_next = ifs->ifs_nat_instances;
2820 nat->nat_pnext = &ifs->ifs_nat_instances;
2822 ifs->ifs_nat_instances->nat_pnext = &nat->nat_next;
2823 ifs->ifs_nat_instances = nat;
2827 (*natp)->nat_phnext[0] = &nat->nat_hnext[0];
2828 nat->nat_phnext[0] = natp;
2829 nat->nat_hnext[0] = *natp;
2830 *natp = nat;
2835 (*natp)->nat_phnext[1] = &nat->nat_hnext[1];
2836 nat->nat_phnext[1] = natp;
2837 nat->nat_hnext[1] = *natp;
2838 *natp = nat;
2841 fr_setnatqueue(nat, rev, ifs);
2856 /* ICMP query nat entry. It is assumed that the packet is already of the */
2867 nat_t *nat;
2937 nat = nat_inlookup(fin, flags, p, oip->ip_dst,
2940 nat = nat_outlookup(fin, flags, p, oip->ip_dst,
2944 return nat;
2960 nat = nat_inlookup(fin, flags, p, oip->ip_dst,
2963 nat = nat_outlookup(fin, flags, p, oip->ip_dst,
2968 return nat;
3001 nat_t *nat;
3007 * nat_icmperrorlookup() looks up nat entry associated with the
3012 if ((fin->fin_v != 4) || !(nat = nat_icmperrorlookup(fin, dir)))
3038 if (oip->ip_dst.s_addr == nat->nat_oip.s_addr) {
3040 in = nat->nat_inip;
3044 in = nat->nat_outip;
3097 if ((tcp->th_dport == nat->nat_oport) &&
3098 (tcp->th_sport != nat->nat_inport)) {
3105 psum2 = ntohs(nat->nat_inport);
3106 tcp->th_sport = nat->nat_inport;
3108 } else if ((tcp->th_sport == nat->nat_oport) &&
3109 (tcp->th_dport != nat->nat_outport)) {
3116 psum2 = ntohs(nat->nat_outport);
3117 tcp->th_dport = nat->nat_outport;
3190 if ((nat->nat_dir == NAT_OUTBOUND) &&
3191 (orgicmp->icmp_id != nat->nat_inport) &&
3208 sum2 = ntohs(nat->nat_inport);
3210 orgicmp->icmp_id = nat->nat_inport;
3233 return nat;
3252 /* Lookup a nat entry based on the mapped destination ip address/port and */
3272 nat_t *nat;
3311 nat = ifs->ifs_nat_table[1][hv];
3312 for (; nat; nat = nat->nat_hnext[1]) {
3313 if (nat->nat_v != 4)
3316 if (nat->nat_ifps[0] != NULL) {
3317 if ((ifp != NULL) && (ifp != nat->nat_ifps[0]))
3320 nat->nat_ifps[0] = ifp;
3322 nflags = nat->nat_flags;
3324 if (nat->nat_oip.s_addr == src.s_addr &&
3325 nat->nat_outip.s_addr == dst &&
3327 (sflags == (nat->nat_flags & IPN_TCPUDPICMP)))
3328 || (p == nat->nat_p))) {
3333 if (nat->nat_call[1] != fin->fin_data[0])
3339 if (nat->nat_outport != sport)
3342 if (nat->nat_outport != dport)
3348 if (nat->nat_oport != sport)
3350 if (nat->nat_outport != dport)
3357 ipn = nat->nat_ptr;
3358 if ((ipn != NULL) && (nat->nat_aps != NULL))
3359 if (appr_match(fin, nat) != 0)
3361 return nat;
3385 nat = ifs->ifs_nat_table[1][hv];
3386 for (; nat; nat = nat->nat_hnext[1]) {
3387 if (nat->nat_v != 4)
3390 if (nat->nat_ifps[0] != NULL) {
3391 if ((ifp != NULL) && (ifp != nat->nat_ifps[0]))
3394 nat->nat_ifps[0] = ifp;
3396 if (nat->nat_p != fin->fin_p)
3398 if (nat->nat_oip.s_addr != src.s_addr ||
3399 nat->nat_outip.s_addr != dst)
3402 nflags = nat->nat_flags;
3406 if (nat_wildok(nat, (int)sport, (int)dport, nflags,
3411 nat = fr_natclone(fin, nat);
3412 if (nat == NULL)
3419 nat->nat_oport = sport;
3420 nat->nat_outport = dport;
3421 nat->nat_flags &= ~(SI_W_DPORT|SI_W_SPORT);
3422 nat_tabmove(nat, ifs);
3429 return nat;
3436 /* Parameters: nat(I) - pointer to NAT structure */
3443 static void nat_tabmove(nat, ifs)
3444 nat_t *nat;
3450 if (nat->nat_flags & SI_CLONE)
3456 if (nat->nat_hnext[0])
3457 nat->nat_hnext[0]->nat_phnext[0] = nat->nat_phnext[0];
3458 *nat->nat_phnext[0] = nat->nat_hnext[0];
3459 ifs->ifs_nat_stats.ns_bucketlen[0][nat->nat_hv[0]]--;
3461 if (nat->nat_hnext[1])
3462 nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1];
3463 *nat->nat_phnext[1] = nat->nat_hnext[1];
3464 ifs->ifs_nat_stats.ns_bucketlen[1][nat->nat_hv[1]]--;
3469 hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport, 0xffffffff);
3470 hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + nat->nat_oport,
3472 nat->nat_hv[0] = hv;
3475 (*natp)->nat_phnext[0] = &nat->nat_hnext[0];
3476 nat->nat_phnext[0] = natp;
3477 nat->nat_hnext[0] = *natp;
3478 *natp = nat;
3481 hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport, 0xffffffff);
3482 hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + nat->nat_oport,
3484 nat->nat_hv[1] = hv;
3487 (*natp)->nat_phnext[1] = &nat->nat_hnext[1];
3488 nat->nat_phnext[1] = natp;
3489 nat->nat_hnext[1] = *natp;
3490 *natp = nat;
3506 /* Lookup a nat entry based on the source 'real' ip address/port and */
3527 nat_t *nat;
3562 nat = ifs->ifs_nat_table[0][hv];
3563 for (; nat; nat = nat->nat_hnext[0]) {
3564 if (nat->nat_v != 4)
3567 if (nat->nat_ifps[1] != NULL) {
3568 if ((ifp != NULL) && (ifp != nat->nat_ifps[1]))
3571 nat->nat_ifps[1] = ifp;
3573 nflags = nat->nat_flags;
3575 if (nat->nat_inip.s_addr == srcip &&
3576 nat->nat_oip.s_addr == dst.s_addr &&
3578 || (p == nat->nat_p))) {
3583 if (nat->nat_call[1] != fin->fin_data[0])
3589 if (nat->nat_oport != dport)
3591 if (nat->nat_inport != sport)
3598 ipn = nat->nat_ptr;
3599 if ((ipn != NULL) && (nat->nat_aps != NULL))
3600 if (appr_match(fin, nat) != 0)
3602 return nat;
3626 nat = ifs->ifs_nat_table[0][hv];
3627 for (; nat; nat = nat->nat_hnext[0]) {
3628 if (nat->nat_v != 4)
3631 if (nat->nat_ifps[1] != NULL) {
3632 if ((ifp != NULL) && (ifp != nat->nat_ifps[1]))
3635 nat->nat_ifps[1] = ifp;
3637 if (nat->nat_p != fin->fin_p)
3639 if ((nat->nat_inip.s_addr != srcip) ||
3640 (nat->nat_oip.s_addr != dst.s_addr))
3643 nflags = nat->nat_flags;
3647 if (nat_wildok(nat, (int)sport, (int)dport, nflags,
3652 nat = fr_natclone(fin, nat);
3653 if (nat == NULL)
3660 nat->nat_inport = sport;
3661 nat->nat_oport = dport;
3662 if (nat->nat_outport == 0)
3663 nat->nat_outport = sport;
3664 nat->nat_flags &= ~(SI_W_DPORT|SI_W_SPORT);
3665 nat_tabmove(nat, ifs);
3672 return nat;
3690 nat_t *nat;
3714 if ((nat = nat_inlookup(&fi, np->nl_flags, fi.fin_p,
3716 np->nl_inip = nat->nat_inip;
3717 np->nl_inport = nat->nat_inport;
3724 if ((nat = nat_outlookup(&fi, np->nl_flags, fi.fin_p,
3730 fin.fin_p = nat->nat_p;
3731 fin.fin_data[0] = ntohs(nat->nat_outport);
3732 fin.fin_data[1] = ntohs(nat->nat_oport);
3735 nat->nat_outip,
3736 nat->nat_oip) != NULL) {
3741 np->nl_realip = nat->nat_outip;
3742 np->nl_realport = nat->nat_outport;
3746 return nat;
3807 /* nat(I) - pointer to NAT structure */
3814 void nat_update(fin, nat, np)
3816 nat_t *nat;
3823 tqe = &nat->nat_tqe;
3836 if (nat->nat_p == IPPROTO_TCP && ifq2 == NULL) {
3837 (void) fr_tcp_age(&nat->nat_tqe, fin, ifs->ifs_nat_tqb, 0);
3840 if (nat->nat_p == IPPROTO_UDP)
3842 else if (nat->nat_p == IPPROTO_ICMP)
3881 nat_t *nat;
3930 (nat = nat_icmperror(fin, &nflags, NAT_OUTBOUND)))
3932 else if ((fin->fin_flx & FI_FRAG) && (nat = fr_nat_knownfrag(fin)))
3934 else if ((nat = nat_outlookup(fin, nflags|NAT_SEARCH, (u_int)fin->fin_p,
3936 nflags = nat->nat_flags;
3941 * There is no current entry in the nat table for this packet.
3945 * nat rule, try to create a new nat entry.
3986 nat = nat_new(fin, np, NULL, nflags, NAT_OUTBOUND);
3987 if (nat != NULL) {
4013 if (nat != NULL) {
4014 rval = fr_natout(fin, nat, natadd, nflags);
4016 MUTEX_ENTER(&nat->nat_lock);
4017 nat_update(fin, nat, nat->nat_ptr);
4018 nat->nat_bytes[1] += fin->fin_plen;
4019 nat->nat_pkts[1]++;
4020 fin->fin_pktnum = nat->nat_pkts[1];
4021 MUTEX_EXIT(&nat->nat_lock);
4041 /* nat(I) - pointer to NAT structure */
4047 int fr_natout(fin, nat, natadd, nflags)
4049 nat_t *nat;
4063 return fr_nat6out(fin, nat, natadd, nflags);
4076 np = nat->nat_ptr;
4079 (void) fr_nat_newfrag(fin, 0, nat);
4095 s2 = LONG_SUM(ntohl(nat->nat_outip.s_addr));
4109 if (nat->nat_dir == NAT_OUTBOUND)
4111 nat->nat_ipsumd);
4114 nat->nat_ipsumd);
4120 if ((nat->nat_outport != 0) && (nflags & IPN_TCPUDP)) {
4123 tcp->th_sport = nat->nat_outport;
4124 fin->fin_data[0] = ntohs(nat->nat_outport);
4127 if ((nat->nat_outport != 0) && (nflags & IPN_ICMPQUERY)) {
4129 icmp->icmp_id = nat->nat_outport;
4132 csump = nat_proto(fin, nat, nflags);
4135 fin->fin_ip->ip_src = nat->nat_outip;
4143 sumd = nat->nat_sumd[1];
4145 sumd = nat->nat_sumd[0];
4147 if (nat->nat_dir == NAT_OUTBOUND)
4153 ipfsync_update(SMC_NAT, fin, nat->nat_sync);
4166 i = appr_check(fin, nat);
4204 nat_t *nat;
4256 (nat = nat_icmperror(fin, &nflags, NAT_INBOUND)))
4258 else if ((fin->fin_flx & FI_FRAG) && (nat = fr_nat_knownfrag(fin)))
4260 else if ((nat = nat_inlookup(fin, nflags|NAT_SEARCH, (u_int)fin->fin_p,
4262 nflags = nat->nat_flags;
4267 * There is no current entry in the nat table for this packet.
4271 * nat rule, try to create a new nat entry.
4312 nat = nat_new(fin, np, NULL, nflags, NAT_INBOUND);
4313 if (nat != NULL) {
4340 if (nat != NULL) {
4341 rval = fr_natin(fin, nat, natadd, nflags);
4343 MUTEX_ENTER(&nat->nat_lock);
4344 nat_update(fin, nat, nat->nat_ptr);
4345 nat->nat_bytes[0] += fin->fin_plen;
4346 nat->nat_pkts[0]++;
4347 fin->fin_pktnum = nat->nat_pkts[0];
4348 MUTEX_EXIT(&nat->nat_lock);
4368 /* nat(I) - pointer to NAT structure */
4375 int fr_natin(fin, nat, natadd, nflags)
4377 nat_t *nat;
4390 return fr_nat6in(fin, nat, natadd, nflags);
4402 np = nat->nat_ptr;
4403 fin->fin_fr = nat->nat_fr;
4406 (void) fr_nat_newfrag(fin, 0, nat);
4421 i = appr_check(fin, nat);
4429 ipfsync_update(SMC_NAT, fin, nat->nat_sync);
4432 fin->fin_ip->ip_dst = nat->nat_inip;
4433 fin->fin_fi.fi_daddr = nat->nat_inip.s_addr;
4449 if (nat->nat_dir == NAT_OUTBOUND)
4450 fix_incksum(&fin->fin_ip->ip_sum, nat->nat_ipsumd);
4452 fix_outcksum(&fin->fin_ip->ip_sum, nat->nat_ipsumd);
4456 if ((nat->nat_inport != 0) && (nflags & IPN_TCPUDP)) {
4457 tcp->th_dport = nat->nat_inport;
4458 fin->fin_data[1] = ntohs(nat->nat_inport);
4462 if ((nat->nat_inport != 0) && (nflags & IPN_ICMPQUERY)) {
4465 icmp->icmp_id = nat->nat_inport;
4468 csump = nat_proto(fin, nat, nflags);
4476 if (nat->nat_dir == NAT_OUTBOUND)
4477 fix_incksum(csump, nat->nat_sumd[0]);
4479 fix_outcksum(csump, nat->nat_sumd[0]);
4494 if (nat->nat_dir == NAT_OUTBOUND)
4495 fix_outcksum(csump, nat->nat_sumd[1]);
4497 fix_incksum(csump, nat->nat_sumd[1]);
4515 /* nat(I) - pointer to NAT structure */
4523 u_short *nat_proto(fin, nat, nflags)
4525 nat_t *nat;
4536 fin->fin_rev = (nat->nat_dir == NAT_OUTBOUND);
4538 fin->fin_rev = (nat->nat_dir == NAT_INBOUND);
4552 if ((nat->nat_mssclamp != 0) && (tcp->th_flags & TH_SYN) != 0)
4553 nat_mssclamp(tcp, nat->nat_mssclamp, csump);
4746 nat_t *nat;
4767 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
4769 if (((ifp != NULL) && ifp != (nat->nat_ifps[0])) ||
4770 ((nat->nat_flags & IPN_TCP) != 0))
4772 if ((np = nat->nat_ptr) == NULL)
4781 sum1 = nat->nat_outip.s_addr;
4782 nat->nat_outip = *(struct in_addr *)addr;
4783 sum2 = nat->nat_outip.s_addr;
4792 nat->nat_outip6.in6 = *(struct in6_addr *)addr;
4796 } else if (((ifp == NULL) || (ifp == nat->nat_ifps[0])) &&
4797 !(nat->nat_flags & IPN_TCP) && (np = nat->nat_ptr)) {
4806 sum1 = nat->nat_outip.s_addr;
4807 if (fr_ifpaddr(4, FRI_NORMAL, nat->nat_ifps[0],
4809 nat->nat_outip = in;
4810 sum2 = nat->nat_outip.s_addr;
4820 if (fr_ifpaddr(6, FRI_NORMAL, nat->nat_ifps[0],
4822 nat->nat_outip6.in6 = in6;
4839 sumd += nat->nat_sumd[0];
4840 nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
4841 nat->nat_sumd[1] = nat->nat_sumd[0];
4872 nat_t *nat;
4890 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
4891 nv = (v == 0) ? nat->nat_v : v;
4892 if (nat->nat_v != nv)
4894 if ((ifp == nat->nat_ifps[0]) ||
4895 (nat->nat_ifps[0] == (void *)-1)) {
4896 nat->nat_ifps[0] =
4897 fr_resolvenic(nat->nat_ifnames[0], nv, ifs);
4900 if ((ifp == nat->nat_ifps[1]) ||
4901 (nat->nat_ifps[1] == (void *)-1)) {
4902 nat->nat_ifps[1] =
4903 fr_resolvenic(nat->nat_ifnames[1], nv, ifs);
4924 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
4925 if (nat->nat_v != v)
4927 if (!strncmp(name, nat->nat_ifnames[0],
4928 sizeof(nat->nat_ifnames[0])))
4929 nat->nat_ifps[0] = ifp;
4930 if (!strncmp(name, nat->nat_ifnames[1],
4931 sizeof(nat->nat_ifnames[1])))
4932 nat->nat_ifps[1] = ifp;
4946 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
4947 if (nat->nat_v != v)
4949 if (ifp == nat->nat_ifps[0])
4950 nat->nat_ifps[0] = (void *)-1;
4951 if (ifp == nat->nat_ifps[1])
4952 nat->nat_ifps[1] = (void *)-1;
4986 nat_t *nat;
4991 for (nat = ifs->ifs_nat_instances; nat != NULL; nat = nat->nat_next) {
4992 if (ifp == nat->nat_ifps[0])
4993 nat->nat_ifps[0] = newifp;
4995 if (ifp == nat->nat_ifps[1])
4996 nat->nat_ifps[1] = newifp;
5056 /* Parameters: nat(I) - pointer to NAT structure */
5061 void nat_log(nat, type, ifs)
5062 struct nat *nat;
5076 natl.nlg_inip = nat->nat_inip6;
5077 natl.nlg_outip = nat->nat_outip6;
5078 natl.nlg_origip = nat->nat_oip6;
5079 natl.nlg_bytes[0] = nat->nat_bytes[0];
5080 natl.nlg_bytes[1] = nat->nat_bytes[1];
5081 natl.nlg_pkts[0] = nat->nat_pkts[0];
5082 natl.nlg_pkts[1] = nat->nat_pkts[1];
5083 natl.nlg_origport = nat->nat_oport;
5084 natl.nlg_inport = nat->nat_inport;
5085 natl.nlg_outport = nat->nat_outport;
5086 natl.nlg_p = nat->nat_p;
5089 natl.nlg_v = nat->nat_v;
5091 if (nat->nat_ptr != NULL) {
5094 if (np == nat->nat_ptr) {
5168 /* IF nat_ref == 1 when this function is called, then we have an orphan nat */
5180 nat_t *nat;
5182 nat = *natp;
5185 MUTEX_ENTER(&nat->nat_lock);
5186 if (nat->nat_ref > 1) {
5187 nat->nat_ref--;
5188 MUTEX_EXIT(&nat->nat_lock);
5191 MUTEX_EXIT(&nat->nat_lock);
5194 (void) nat_delete(nat, NL_EXPIRE, ifs);
5204 /* nat(I) - pointer to master NAT structure */
5209 nat_t *fr_natclone(fin, nat)
5211 nat_t *nat;
5237 bcopy((char *)nat, (char *)clone, sizeof(*clone));
5295 /* Parameters: nat(I) - NAT entry */
5304 int nat_wildok(nat, sport, dport, flags, dir)
5305 nat_t *nat;
5317 * "intended" direction of that NAT entry in nat->nat_dir to decide
5321 switch ((dir << 1) | nat->nat_dir)
5324 if (((nat->nat_inport == sport) ||
5326 ((nat->nat_oport == dport) ||
5331 if (((nat->nat_outport == sport) ||
5333 ((nat->nat_oport == dport) ||
5338 if (((nat->nat_oport == sport) ||
5340 ((nat->nat_outport == dport) ||
5345 if (((nat->nat_oport == sport) ||
5347 ((nat->nat_outport == dport) ||
5425 /* Parameters: nat(I)- pointer to NAT structure */
5432 void fr_setnatqueue(nat, rev, ifs)
5433 nat_t *nat;
5439 if (nat->nat_ptr != NULL)
5440 nifq = nat->nat_ptr->in_tqehead[rev];
5445 switch (nat->nat_p)
5454 nifq = ifs->ifs_nat_tqb + nat->nat_tqe.tqe_state[rev];
5462 oifq = nat->nat_tqe.tqe_ifq;
5468 fr_movequeue(&nat->nat_tqe, oifq, nifq, ifs);
5470 fr_queueappend(&nat->nat_tqe, nifq, nat, ifs);
5481 /* Fetch the next nat/ipnat/hostmap structure pointer from the linked list */
5492 nat_t *nat, *nextnat = NULL, zeronat;
5525 nat = t->ipt_data;
5526 if (nat == NULL) {
5529 nextnat = nat->nat_next;
5659 if (nat != NULL)
5660 fr_natderef(&nat, ifs);
5667 nat = nextnat;
5753 nat_t *nat, *natn;
5764 while ((nat = natn) != NULL) {
5765 natn = nat->nat_next;
5766 if (nat_delete(nat, NL_FLUSH, ifs) == 0)
5826 nat_t *nat;
5844 nat = nat_outlookup(fin, nflags, (u_int)fin->fin_p,
5847 nat = nat_inlookup(fin, nflags, (u_int)fin->fin_p,
5851 if (nat != NULL) {
5853 (void) nat_delete(nat, NL_DESTROY, ifs);