2 * Copyright 2001, QNX Software Systems Ltd. All Rights Reserved
4 * This source code has been published by QNX Software Systems Ltd. (QSSL).
5 * However, any use, reproduction, modification, distribution or transfer of
6 * this software, or any software which includes or is based upon any of this
7 * code, is only permitted under the terms of the QNX Open Community License
8 * version 1.0 (see licensing.qnx.com for details) or as otherwise expressly
9 * authorized by a written license agreement from QSSL. For more information,
10 * please email licensing@qnx.com.
12 * For more details, see QNX_OCL.txt provided with this distribution.
14 * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_h323_pxy.c,v 1.2.2.2 2002/08/31 16:24:52 darrenr Exp $
21 * ported to ipfilter 3.4.20 by Michael Grant mg-ipf@grant.org
24 #if __FreeBSD_version >= 220000 && defined(_KERNEL)
25 # include <sys/fcntl.h>
26 # include <sys/filio.h>
28 # include <sys/ioctl.h>
31 #define IPF_H323_PROXY
33 int ippr_h323_init __P((void));
34 int ippr_h323_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
35 void ippr_h323_del __P((ap_session_t *));
36 int ippr_h323_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
37 int ippr_h323_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
39 int ippr_h245_init __P((void));
40 int ippr_h245_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
41 int ippr_h245_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
42 int ippr_h245_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
44 static frentry_t h323_fr;
45 #if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
46 extern KRWLOCK_T ipf_nat;
49 static int find_port __P((int, u_char *, int datlen, int *, u_short *));
52 static int find_port(ipaddr, data, datlen, off, port)
68 netaddr = ntohl(ipaddr);
70 for (offset = 0; offset <= datlen - 6; offset++, dp++) {
71 addr = (dp[0] << 24) | (dp[1] << 16) | (dp[2] << 8) | dp[3];
74 *port = (*(dp + 4) << 8) | *(dp + 5);
79 return (offset > datlen - 6) ? -1 : 0;
83 * Initialize local structures.
87 bzero((char *)&h323_fr, sizeof(h323_fr));
89 h323_fr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
95 int ippr_h323_new(fin, ip, aps, nat)
101 aps->aps_data = NULL;
108 void ippr_h323_del(aps)
115 for (i = 0, ipn = aps->aps_data;
116 i < (aps->aps_psiz / sizeof(ipnat_t));
117 i++, ipn = (ipnat_t *)((char *)ipn + sizeof(*ipn)))
120 * Check the comment in ippr_h323_in() function,
121 * just above nat_ioctl() call.
122 * We are lucky here because this function is not
123 * called with ipf_nat locked.
125 if (nat_ioctl((caddr_t)ipn, SIOCRMNAT, NAT_SYSSPACE|
126 NAT_LOCKHELD|FWRITE) == -1) {
130 KFREES(aps->aps_data, aps->aps_psiz);
131 /* avoid double free */
132 aps->aps_data = NULL;
139 int ippr_h323_out(fin, ip, aps, nat)
149 int ippr_h323_in(fin, ip, aps, nat)
155 int ipaddr, off, datlen;
160 tcp = (tcphdr_t *)fin->fin_dp;
161 ipaddr = ip->ip_src.s_addr;
163 data = (unsigned char *)tcp + (tcp->th_off << 2);
164 datlen = fin->fin_dlen - (tcp->th_off << 2);
165 if (find_port(ipaddr, data, datlen, &off, &port) == 0) {
169 /* setup a nat rule to set a h245 proxy on tcp-port "port"
171 * map <if> <inter_ip>/<mask> -> <gate_ip>/<mask> proxy port <port> <port>/tcp
173 KMALLOCS(newarray, char *, aps->aps_psiz + sizeof(*ipn));
174 if (newarray == NULL) {
177 ipn = (ipnat_t *)&newarray[aps->aps_psiz];
178 bcopy(nat->nat_ptr, ipn, sizeof(ipnat_t));
179 strncpy(ipn->in_plabel, "h245", APR_LABELLEN);
181 ipn->in_inip = nat->nat_inip.s_addr;
182 ipn->in_inmsk = 0xffffffff;
183 ipn->in_dport = htons(port);
185 * we got a problem here. we need to call nat_ioctl() to add
186 * the h245 proxy rule, but since we already hold (READ locked)
187 * the nat table rwlock (ipf_nat), if we go into nat_ioctl(),
188 * it will try to WRITE lock it. This will causing dead lock
191 * The quick & dirty solution here is release the read lock,
192 * call nat_ioctl() and re-lock it.
193 * A (maybe better) solution is do a UPGRADE(), and instead
194 * of calling nat_ioctl(), we add the nat rule ourself.
196 RWLOCK_EXIT(&ipf_nat);
197 if (nat_ioctl((caddr_t)ipn, SIOCADNAT,
198 NAT_SYSSPACE|FWRITE) == -1) {
199 READ_ENTER(&ipf_nat);
202 READ_ENTER(&ipf_nat);
203 if (aps->aps_data != NULL && aps->aps_psiz > 0) {
204 bcopy(aps->aps_data, newarray, aps->aps_psiz);
205 KFREES(aps->aps_data, aps->aps_psiz);
207 aps->aps_data = newarray;
208 aps->aps_psiz += sizeof(*ipn);
220 int ippr_h245_new(fin, ip, aps, nat)
226 aps->aps_data = NULL;
232 int ippr_h245_out(fin, ip, aps, nat)
238 int ipaddr, off, datlen;
243 tcp = (tcphdr_t *)fin->fin_dp;
244 ipaddr = nat->nat_inip.s_addr;
245 data = (unsigned char *)tcp + (tcp->th_off << 2);
246 datlen = ip->ip_len - fin->fin_hlen - (tcp->th_off << 2);
247 if (find_port(ipaddr, data, datlen, &off, &port) == 0) {
251 /* port = htons(port); */
252 ipn = nat_outlookup(fin->fin_ifp, IPN_UDP, IPPROTO_UDP,
253 ip->ip_src, ip->ip_dst, 1);
258 bcopy(ip, &newip, sizeof(newip));
259 newip.ip_len = fin->fin_hlen + sizeof(udp);
260 newip.ip_p = IPPROTO_UDP;
261 newip.ip_src = nat->nat_inip;
263 bzero(&udp, sizeof(udp));
266 bcopy(fin, &fi, sizeof(fi));
267 fi.fin_fi.fi_p = IPPROTO_UDP;
268 fi.fin_data[0] = port;
270 fi.fin_dp = (char *)&udp;
272 ipn = nat_new(&fi, &newip, nat->nat_ptr, NULL,
273 IPN_UDP|FI_W_DPORT, NAT_OUTBOUND);
275 ipn->nat_ptr->in_hits++;
277 nat_log(ipn, (u_int)(nat->nat_ptr->in_redir));
279 bcopy((u_char*)&ip->ip_src.s_addr,
281 bcopy((u_char*)&ipn->nat_outport,
290 int ippr_h245_in(fin, ip, aps, nat)
uqs's projects / games.git / blob